Hidden Assumptions in prefect
12 assumptions this code never checks · 6 critical · spanning Domain, Environment, Resource, Shape, Ordering, Temporal, Contract
Every codebase relies on things it never checks. Most of them are routine. CodeSea looked at prefecthq/prefect and picked out the few most likely to cause trouble. The full list is just below.
Most of what this code assumes is routine. These 3 are the ones most likely to cause trouble here. The rest are minor; they're under "Show everything".
Vue app fails to mount, entire UI doesn't render, white screen of death
route registration fails at runtime, navigation breaks with cryptic errors
router creates invalid routes, navigation fails or redirects to wrong paths
Show everything (9 more)
assumes VITE_AMPLITUDE_API_KEY environment variable format is valid for Amplitude SDK without validation
If this fails: Amplitude initialization silently fails or crashes with invalid API key format, analytics data lost
ui-v2/src/analytics/index.ts:initAmplitude
assumes sessionStorage is available and writable in the browser environment
If this fails: tracking fails in incognito mode or browsers with disabled storage, duplicate events sent
ui-v2/src/analytics/index.ts:trackWebAppLoaded
assumes plugin installation order (router, PrefectDesign, PrefectUILibrary) doesn't matter for component dependencies
If this fails: Vue components fail to resolve dependencies, runtime errors when accessing plugin features
ui/src/main.ts:start
assumes all mapper functions in designMaps object have compatible signatures with spread operator
If this fails: object spread fails with non-enumerable properties, mapping functions unavailable at runtime
ui/src/maps/index.ts:maps
assumes DBT_ environment variables are properly formatted for Pydantic field types (Path, etc.)
If this fails: Pydantic validation fails with cryptic type errors, dbt integration breaks during initialization
src/integrations/prefect-dbt/prefect_dbt/core/settings.py:PrefectDbtSettings
assumes current working directory and standard dbt profile locations are readable and accessible
If this fails: profiles_dir lookup fails in containerized or restricted environments, dbt commands fail to find configuration
src/integrations/prefect-dbt/prefect_dbt/core/settings.py:find_profiles_dir
assumes session storage persists for the lifetime of a single browser session without clearing
If this fails: web app loaded events get tracked multiple times per session if storage is cleared, analytics data inflated
ui-v2/src/analytics/index.ts:SESSION_STORAGE_KEY
assumes route.query.redirect is a safe URL string when passed to component props
If this fails: open redirect vulnerability if redirect parameter contains malicious URLs, security breach
ui/src/router/index.ts:props
assumes color mode utilities can access and modify DOM/localStorage without permission errors
If this fails: color mode initialization fails silently, users stuck with default theme regardless of preferences
ui/src/main.ts:initColorMode
See the full structural analysis of prefect: the pipeline, data models, and system behavior that put these assumptions in context.
Full analysis of prefecthq/prefect →Compare prefect
Frequently Asked Questions
What does prefect assume that could break in production?
The one most likely to cause trouble: assumes HTML element with id 'app' exists in the DOM for Vue.js to mount to If this fails, Vue app fails to mount, entire UI doesn't render, white screen of death
How many hidden assumptions does prefect have?
CodeSea found 12 assumptions prefect relies on but never validates, 6 of them critical, spanning Domain, Environment, Resource, Shape, Ordering, Temporal, Contract. Most are routine — the analysis flags the two or three most likely to actually bite.
What is a hidden assumption?
Something the code depends on but never checks: a data shape, an ordering, an environment condition, a scale limit, or a contract with another service. It holds until the world it runs in changes, then fails silently.