Tracking: phase 1.1 review findings (reliability, security, operability gaps)

[jerry7991]

Tracking issue for the review of the phase_v1.1_project_skeleton branch. Each bullet links to a dedicated issue.

🚨 Deploy-breakers (fix first)

• Fix case-sensitive require: nebula_queue/Dispatcher fails on Linux
• Redis pool size reconfigured after pool is built — concurrency setting has no effect

🔴 Reliability / correctness

• Job loss on worker crash: BRPOP removes job before perform completes (no reliable fetch)
• Implement retry logic: max_retries is configured but never read
• Graceful shutdown: worker join has no timeout; stuck perform blocks SIGTERM
• Harden job payload parsing: kwarg-mismatch silently drops jobs
• job_name DSL: keeping the old class-name registration is a footgun

🟠 Security

• Remove ERB evaluation from YAML config loader (RCE risk)
• Redis connection: add TLS, auth, Sentinel, and Cluster support

🟡 Operability

• Replace puts / warn with a configurable Logger
• Add a test suite (RSpec or Minitest) with CI on Linux + Redis

Current scorecard

[Correctness: 4] [Completeness: 2] [Scalability: 3] [Security: 3] [Maintainability: 3]
Overall: 3.0/10 — 🔴 Not ready

Target: all dimensions ≥ 7/10 before the gem is promoted out of skeleton status.