Files
app/docs/codebase-audit-2026-06-06.md
2026-06-06 02:00:04 +02:00

52 lines
3.2 KiB
Markdown

# Codebase Consistency & Best-Practices Audit — 2026-06-06 (overnight)
**Branch:** `chore/codebase-consistency-audit` (off `master` @ v1.9.0). Nothing here is pushed or deployed; for user review in the morning.
**Mandate (from user):** scan the whole codebase, find inconsistencies, unify manners/conventions, apply best practices (use context7 for library docs). Edit CLAUDE.md to codify rules. Work only in the project dir. Use many agents.
**Operating rules I'm following (self-imposed for safe autonomous work):**
- Isolated branch only. Never touch `master`, never push, never deploy, never touch prod/DB.
- Keep `tsc` (server+client) at 0 and `vitest` green after every change set.
- Prefer documenting risky/large refactors over auto-applying them. Auto-apply only safe, verified, mechanical unifications.
- Don't `git add -A`; stage explicit paths.
---
## 🔴 CRITICAL FINDINGS (need user action)
### C1 — v1.9.0 production regression: plan edit-modal delete button missing
- **Cause:** `FormModal`'s `footerLeft` / `hideCloseButton` props + modal animations lived only in the user's _uncommitted_ working tree. Committed `PlanCellModal.tsx:225` (and the modal system) depend on `footerLeft`. Releases build from committed code (WIP stashed), so v1.9.0 shipped a `FormModal` without the footer-left slot → the **delete button in the plan entry/override edit modal does not render in production**. Also caused a committed-code `tsc` error (TS2322).
- **Impact:** plan entry/override deletion via the edit modal is broken in prod v1.9.0. Category management is NOT affected (it uses `hideFooter` + in-body delete). Minor cosmetic: modal entry animation, `hideCloseButton`.
- **Fix:** committed the modal enhancements (`86e4cbf` on this branch). **Needs a patch release (v1.9.1) to fix prod.**
- **Status:** fixed on branch; prod patch pending user.
### C2 — test suite was red on master/v1.9.0 (2 failing auth tests)
- **Cause:** the JWT log-noise fix (`88c9b7c`) stopped logging expected invalid/expired tokens, but `auth.service.test.ts` still asserted it logged. The wrong auth test file (`auth.test.ts`) was run when that change landed, so 2 failing tests shipped on master.
- **Fix:** updated the tests to assert null + no-log for `JsonWebTokenError` cases (`55a2c50`). Suite back to **134/134**.
- **Status:** fixed on branch. (No runtime impact; CI/test hygiene + would also be cleared by the v1.9.1 patch.)
---
## Findings log
(Discovery sweep results appended below as agents report. Severity: critical/high/medium/low. Fix class: safe-auto / needs-judgment / manual.)
## Changes applied on this branch
- `86e4cbf` fix(modals): commit FormModal footerLeft/hideCloseButton enhancements committed code depends on.
- `55a2c50` test(auth): fix 2 failing verifyAccessToken tests (assert no-log for expected token errors).
## Progress tracker
- [x] Branch + clean baseline (tsc server 0 / client 0; vitest 134).
- [x] C1 modal regression found + fixed.
- [x] C2 red test suite found + fixed (134/134).
- [ ] Discovery sweep (parallel audit across ~16 dimensions) — running.
- [ ] Synthesis + prioritization.
- [ ] Safe unifications applied (verified).
- [ ] CLAUDE.md updated with codified conventions.
- [ ] Final verification + summary.