{ "project": "Veza Frontend", "audit_date": "2026-01-22", "status": "CRITICAL_CLEANUP_REQUIRED", "remediation_roadmap": [ { "phase": "1. Foundation & Configuration Stabilization", "priority": "CRITICAL", "tasks": [ { "id": "CONF-001", "title": "Simplify and Standardize Vite Configuration", "description": "The current vite.config.ts relies on fragile regex replacements and manual chunking patches. This must be refactored to use standard Vite/Rollup plugins and configurations to ensure long-term stability and maintainability.", "status": "PENDING", "complexity": "HIGH", "impact": "HIGH" }, { "id": "CONF-002", "title": "Clean up package.json dependencies", "description": "Audit and remove unused dependencies. Ensure all devDependencies are correctly categorized. Verify peer dependencies for UI libraries.", "status": "PENDING", "complexity": "LOW", "impact": "MEDIUM" }, { "id": "CONF-003", "title": "Enforce Strict TypeScript Configuration", "description": "Enable 'noUncheckedIndexedAccess' incrementally to prevent runtime crashes from undefined array/object access. Fix resulting type errors.", "status": "PENDING", "complexity": "HIGH", "impact": "HIGH" }, { "id": "ARCH-001", "title": "Refactor Application Entry Point (main.tsx)", "description": "Move side-effect imports, hacks (fixInputFocus, etc.), and heavy initialization logic (Sentry, MSW) into dedicated service initializers or providers to clean up main.tsx.", "status": "PENDING", "complexity": "MEDIUM", "impact": "MEDIUM" } ] }, { "phase": "2. Security Hardening", "priority": "HIGH", "tasks": [ { "id": "SEC-001", "title": "Implement Strict CSP with Nonces", "description": "Replace 'unsafe-inline' and 'unsafe-eval' with a robust Content Security Policy using nonces for scripts and styles. Ensure this works in both Dev and Prod.", "status": "PENDING", "complexity": "HIGH", "impact": "CRITICAL" }, { "id": "SEC-002", "title": "Secure Token Storage", "description": "Move JWT storage from localStorage to an in-memory store with silent refresh (or HTTP-only cookies if backend supports it) to mitigate XSS risks.", "status": "PENDING", "complexity": "HIGH", "impact": "CRITICAL" }, { "id": "SEC-003", "title": "Sanitize Chat and HTML Inputs", "description": "Review and harden 'dangerouslySetInnerHTML' usages in ChatMessages.tsx. Implement strict sanitization (e.g., DOMPurify) before rendering any user content.", "status": "PENDING", "complexity": "MEDIUM", "impact": "HIGH" } ] }, { "phase": "3. Architecture & Code Quality", "priority": "MEDIUM", "tasks": [ { "id": "CODE-001", "title": "Eliminate 'any' Types", "description": "Systematically replace usage of 'any' in api.ts, csp.ts, and stores with proper strict types or generics.", "status": "PENDING", "complexity": "MEDIUM", "impact": "MEDIUM" }, { "id": "CODE-002", "title": "Standardize Component initialization in App.tsx", "description": "Refactor App.tsx to use a single 'VerificationProvider' or 'AppInitializer' component instead of multiple scattered useEffect hooks for auth checks, theme, and i18n.", "status": "PENDING", "complexity": "MEDIUM", "impact": "MEDIUM" }, { "id": "CODE-003", "title": "Console Clean-up", "description": "Remove console.log/error/warn specific to debugging in production code. Replace with the structured 'logger' utility which respects environment configs.", "status": "PENDING", "complexity": "LOW", "impact": "LOW" } ] }, { "phase": "4. UI/UX Professionalization", "priority": "MEDIUM", "tasks": [ { "id": "UI-001", "title": "Standardize Error Feedback", "description": "Ensure all API and Form errors trigger a visible Toast notification, not just a console error.", "status": "PENDING", "complexity": "MEDIUM", "impact": "HIGH" }, { "id": "UI-002", "title": "Remove Hacky Styling Fixes", "description": "Investigate root causes for 'fix-input-focus.css' and 'fix-login-form.css' and resolve them in the core components/Tailwind config instead of patching them.", "status": "PENDING", "complexity": "MEDIUM", "impact": "MEDIUM" }, { "id": "UI-003", "title": "Implement Missing Features (TODOs)", "description": "Address explicit TODOs in UI code (e.g., 'Button to create new conversation', 'Edit track'). Implement or hide unfinished features.", "status": "PENDING", "complexity": "VARIABLE", "impact": "MEDIUM" } ] } ] }