# Codebase Consistency & Best-Practices Audit — 2026-06-06 (overnight) **Branch:** `chore/codebase-consistency-audit` (off `master` @ v1.9.0). Nothing here is pushed or deployed; for user review in the morning. **Mandate (from user):** scan the whole codebase, find inconsistencies, unify manners/conventions, apply best practices (use context7 for library docs). Edit CLAUDE.md to codify rules. Work only in the project dir. Use many agents. **Operating rules I'm following (self-imposed for safe autonomous work):** - Isolated branch only. Never touch `master`, never push, never deploy, never touch prod/DB. - Keep `tsc` (server+client) at 0 and `vitest` green after every change set. - Prefer documenting risky/large refactors over auto-applying them. Auto-apply only safe, verified, mechanical unifications. - Don't `git add -A`; stage explicit paths. --- ## 🔴 CRITICAL FINDINGS (need user action) ### C1 — v1.9.0 production regression: plan edit-modal delete button missing - **Cause:** `FormModal`'s `footerLeft` / `hideCloseButton` props + modal animations lived only in the user's _uncommitted_ working tree. Committed `PlanCellModal.tsx:225` (and the modal system) depend on `footerLeft`. Releases build from committed code (WIP stashed), so v1.9.0 shipped a `FormModal` without the footer-left slot → the **delete button in the plan entry/override edit modal does not render in production**. Also caused a committed-code `tsc` error (TS2322). - **Impact:** plan entry/override deletion via the edit modal is broken in prod v1.9.0. Category management is NOT affected (it uses `hideFooter` + in-body delete). Minor cosmetic: modal entry animation, `hideCloseButton`. - **Fix:** committed the modal enhancements (`86e4cbf` on this branch). **Needs a patch release (v1.9.1) to fix prod.** - **Status:** fixed on branch; prod patch pending user. ### C2 — test suite was red on master/v1.9.0 (2 failing auth tests) - **Cause:** the JWT log-noise fix (`88c9b7c`) stopped logging expected invalid/expired tokens, but `auth.service.test.ts` still asserted it logged. The wrong auth test file (`auth.test.ts`) was run when that change landed, so 2 failing tests shipped on master. - **Fix:** updated the tests to assert null + no-log for `JsonWebTokenError` cases (`55a2c50`). Suite back to **134/134**. - **Status:** fixed on branch. (No runtime impact; CI/test hygiene + would also be cleared by the v1.9.1 patch.) --- ## Findings log (Discovery sweep results appended below as agents report. Severity: critical/high/medium/low. Fix class: safe-auto / needs-judgment / manual.) ## Changes applied on this branch - `86e4cbf` fix(modals): commit FormModal footerLeft/hideCloseButton enhancements committed code depends on. - `55a2c50` test(auth): fix 2 failing verifyAccessToken tests (assert no-log for expected token errors). ## Progress tracker - [x] Branch + clean baseline (tsc server 0 / client 0; vitest 134). - [x] C1 modal regression found + fixed. - [x] C2 red test suite found + fixed (134/134). - [ ] Discovery sweep (parallel audit across ~16 dimensions) — running. - [ ] Synthesis + prioritization. - [ ] Safe unifications applied (verified). - [ ] CLAUDE.md updated with codified conventions. - [ ] Final verification + summary.