Files
app/docs/codebase-audit-2026-06-06.md
2026-06-06 02:00:04 +02:00

3.2 KiB

Codebase Consistency & Best-Practices Audit — 2026-06-06 (overnight)

Branch: chore/codebase-consistency-audit (off master @ v1.9.0). Nothing here is pushed or deployed; for user review in the morning.

Mandate (from user): scan the whole codebase, find inconsistencies, unify manners/conventions, apply best practices (use context7 for library docs). Edit CLAUDE.md to codify rules. Work only in the project dir. Use many agents.

Operating rules I'm following (self-imposed for safe autonomous work):

  • Isolated branch only. Never touch master, never push, never deploy, never touch prod/DB.
  • Keep tsc (server+client) at 0 and vitest green after every change set.
  • Prefer documenting risky/large refactors over auto-applying them. Auto-apply only safe, verified, mechanical unifications.
  • Don't git add -A; stage explicit paths.

🔴 CRITICAL FINDINGS (need user action)

C1 — v1.9.0 production regression: plan edit-modal delete button missing

  • Cause: FormModal's footerLeft / hideCloseButton props + modal animations lived only in the user's uncommitted working tree. Committed PlanCellModal.tsx:225 (and the modal system) depend on footerLeft. Releases build from committed code (WIP stashed), so v1.9.0 shipped a FormModal without the footer-left slot → the delete button in the plan entry/override edit modal does not render in production. Also caused a committed-code tsc error (TS2322).
  • Impact: plan entry/override deletion via the edit modal is broken in prod v1.9.0. Category management is NOT affected (it uses hideFooter + in-body delete). Minor cosmetic: modal entry animation, hideCloseButton.
  • Fix: committed the modal enhancements (86e4cbf on this branch). Needs a patch release (v1.9.1) to fix prod.
  • Status: fixed on branch; prod patch pending user.

C2 — test suite was red on master/v1.9.0 (2 failing auth tests)

  • Cause: the JWT log-noise fix (88c9b7c) stopped logging expected invalid/expired tokens, but auth.service.test.ts still asserted it logged. The wrong auth test file (auth.test.ts) was run when that change landed, so 2 failing tests shipped on master.
  • Fix: updated the tests to assert null + no-log for JsonWebTokenError cases (55a2c50). Suite back to 134/134.
  • Status: fixed on branch. (No runtime impact; CI/test hygiene + would also be cleared by the v1.9.1 patch.)

Findings log

(Discovery sweep results appended below as agents report. Severity: critical/high/medium/low. Fix class: safe-auto / needs-judgment / manual.)

Changes applied on this branch

  • 86e4cbf fix(modals): commit FormModal footerLeft/hideCloseButton enhancements committed code depends on.
  • 55a2c50 test(auth): fix 2 failing verifyAccessToken tests (assert no-log for expected token errors).

Progress tracker

  • Branch + clean baseline (tsc server 0 / client 0; vitest 134).
  • C1 modal regression found + fixed.
  • C2 red test suite found + fixed (134/134).
  • Discovery sweep (parallel audit across ~16 dimensions) — running.
  • Synthesis + prioritization.
  • Safe unifications applied (verified).
  • CLAUDE.md updated with codified conventions.
  • Final verification + summary.