[Audit] blitz: /json pre-computes totals at startup, serves cached response

[jerrythetruckdriver]

Violation

Framework: blitz (Zig)
File: frameworks/blitz/src/main.zig
Endpoint: /json

What it does

The handleJson() handler (line ~63) returns a pre-computed global variable:

fn handleJson(_: *blitz.Request, res: *blitz.Response) void {
    _ = res.rawResponse(dataset_json_resp);
}

dataset_json_resp is built once at startup in loadDataset() (line ~322), which iterates all items, computes total = @round(price * quantity * 100.0) / 100.0, serializes the full JSON response (including HTTP headers), and stores it as a static byte slice.

No per-request computation happens. The entire response — JSON body, item totals, count, and HTTP headers — is pre-built at startup and served verbatim.

What the spec requires

On each GET /json: iterate all 50 items, compute total = price × quantity for each

The totals must be computed per-request, not pre-computed and cached. This is explicitly listed as cheating:

Pre-computing and caching responses that should be computed per-request

Suggested fix

Store the raw dataset items at startup, then compute totals and serialize JSON in handleJson() on each request. Example pattern (pseudocode):

fn handleJson(req: *blitz.Request, res: *blitz.Response) void {
    // iterate dataset items, compute total per item
    // serialize to JSON
    // return via res.json(...)
}

This matches how other frameworks handle it (e.g., node, express, gin all compute per-request).