Members Portal Migration (Node 11 → Node 22 LTS)
Executive Summary
The Members Portal runs on Node 11, which has been end-of-life since April 2019. It uses abandoned dependencies — kue (last updated 2017) and request (deprecated 2020) — and has committed .env credentials in git history. This is the system where 200K+ customers manage their event tickets, coaching sessions, and product access.
The migration targets Node 22 LTS (not 20 — Node 20 enters Maintenance Oct 2025, Node 22 gives 18 more months of active support). The approach is incremental: rotate credentials first, then replace dependencies one by one, then upgrade the runtime. Never all at once.
The Stripe SDK upgrade from v6 to v17 requires special care: v12 is the API version pinning boundary. Pre-v12 does NOT pin API version, meaning any Stripe rollover silently changes runtime behavior. The upgrade path is v6 → v12 → v17, with verification at each step.
What Needs to Happen
- Phase 0: Rotate
.envcredentials NOW — Pre-UPW, zero code risk. Closes the attack vector before any code changes touch the portal. - Phase 1: CI/CD + smoke tests — Safety net before any migration work. GitHub Actions pipeline with lint, test, and staging deploy.
- Phase 2: Dependency migrations —
request→ nativefetch()(stable in Node 22), then Stripe SDK v6 → v12 → v17 incrementally, thenkue→ BullMQ. - Phase 3: Node version upgrade — With parallel CI validation. Node 11 → Node 22 LTS with all dependencies already migrated.
- Phase 4: Knowledge transfer — Bus factor reduction. Josh Fuller designated as named backup for the Members Portal.
Kue → BullMQ migration strategy: Run parallel queues with a feature flag. Never cold-cutover a job queue — one missed job is one lost payment.
Claude Code acceleration: Dependency migration (kue → BullMQ, request → fetch, Stripe SDK upgrade) is ideal for AI-assisted code transformation. Claude Code can generate migration scaffolding, write adapter layers, and produce test coverage for each dependency swap. Estimated savings: 2-3 weeks from the original 4-6 week timeline.
Completion Criteria
- All committed
.envcredentials rotated and git history purged requestlibrary fully replaced with nativefetch()- Stripe SDK upgraded from v6 to v17 with API version pinning verified at v12 boundary
kuereplaced with BullMQ — same queue system as order-ingestion (stack standardization)- Members Portal running on Node 22 LTS in staging with all smoke tests passing
- Production deploy completed with zero customer-facing incidents
- Josh Fuller can independently deploy and operate the Members Portal
- CI/CD pipeline active with automated test gates blocking merge
Initiative Attributes
Tools Required
| Tool | Purpose | Cost |
|---|---|---|
| BullMQ | Replaces kue — modern Redis-backed job queue, same as order-ingestion (stack standardization) | Free (OSS) |
| Node 22 LTS | Target runtime — native fetch(), 18 months active support remaining | Free |
| Stripe SDK v17 | Current Stripe SDK with API version pinning — prevents silent behavior changes on Stripe rollover | Free |
| GitHub Actions | CI/CD pipeline for automated testing and staging deploys | Free (included) |
| git-filter-repo | Git history purge for committed credentials | Free (OSS) |
Related Risks
| ID | Risk | Severity | Probability | Mitigation |
|---|---|---|---|---|
| RF2 | Federico contractor departure (Nearsure) | HIGH | UNKNOWN | D8 captures knowledge. Josh Fuller as named backup. H4 Integration Engineer as backstop. Review Nearsure contract notice period this week. |