135 lines
No EOL
6.4 KiB
JSON
135 lines
No EOL
6.4 KiB
JSON
{
|
|
"project": "Veza Frontend",
|
|
"audit_date": "2026-01-22",
|
|
"status": "CRITICAL_CLEANUP_REQUIRED",
|
|
"remediation_roadmap": [
|
|
{
|
|
"phase": "1. Foundation & Configuration Stabilization",
|
|
"priority": "CRITICAL",
|
|
"tasks": [
|
|
{
|
|
"id": "CONF-001",
|
|
"title": "Simplify and Standardize Vite Configuration",
|
|
"description": "The current vite.config.ts relies on fragile regex replacements and manual chunking patches. This must be refactored to use standard Vite/Rollup plugins and configurations to ensure long-term stability and maintainability.",
|
|
"status": "PENDING",
|
|
"complexity": "HIGH",
|
|
"impact": "HIGH"
|
|
},
|
|
{
|
|
"id": "CONF-002",
|
|
"title": "Clean up package.json dependencies",
|
|
"description": "Audit and remove unused dependencies. Ensure all devDependencies are correctly categorized. Verify peer dependencies for UI libraries.",
|
|
"status": "PENDING",
|
|
"complexity": "LOW",
|
|
"impact": "MEDIUM"
|
|
},
|
|
{
|
|
"id": "CONF-003",
|
|
"title": "Enforce Strict TypeScript Configuration",
|
|
"description": "Enable 'noUncheckedIndexedAccess' incrementally to prevent runtime crashes from undefined array/object access. Fix resulting type errors.",
|
|
"status": "PENDING",
|
|
"complexity": "HIGH",
|
|
"impact": "HIGH"
|
|
},
|
|
{
|
|
"id": "ARCH-001",
|
|
"title": "Refactor Application Entry Point (main.tsx)",
|
|
"description": "Move side-effect imports, hacks (fixInputFocus, etc.), and heavy initialization logic (Sentry, MSW) into dedicated service initializers or providers to clean up main.tsx.",
|
|
"status": "PENDING",
|
|
"complexity": "MEDIUM",
|
|
"impact": "MEDIUM"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"phase": "2. Security Hardening",
|
|
"priority": "HIGH",
|
|
"tasks": [
|
|
{
|
|
"id": "SEC-001",
|
|
"title": "Implement Strict CSP with Nonces",
|
|
"description": "Replace 'unsafe-inline' and 'unsafe-eval' with a robust Content Security Policy using nonces for scripts and styles. Ensure this works in both Dev and Prod.",
|
|
"status": "PENDING",
|
|
"complexity": "HIGH",
|
|
"impact": "CRITICAL"
|
|
},
|
|
{
|
|
"id": "SEC-002",
|
|
"title": "Secure Token Storage",
|
|
"description": "Move JWT storage from localStorage to an in-memory store with silent refresh (or HTTP-only cookies if backend supports it) to mitigate XSS risks.",
|
|
"status": "PENDING",
|
|
"complexity": "HIGH",
|
|
"impact": "CRITICAL"
|
|
},
|
|
{
|
|
"id": "SEC-003",
|
|
"title": "Sanitize Chat and HTML Inputs",
|
|
"description": "Review and harden 'dangerouslySetInnerHTML' usages in ChatMessages.tsx. Implement strict sanitization (e.g., DOMPurify) before rendering any user content.",
|
|
"status": "PENDING",
|
|
"complexity": "MEDIUM",
|
|
"impact": "HIGH"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"phase": "3. Architecture & Code Quality",
|
|
"priority": "MEDIUM",
|
|
"tasks": [
|
|
{
|
|
"id": "CODE-001",
|
|
"title": "Eliminate 'any' Types",
|
|
"description": "Systematically replace usage of 'any' in api.ts, csp.ts, and stores with proper strict types or generics.",
|
|
"status": "PENDING",
|
|
"complexity": "MEDIUM",
|
|
"impact": "MEDIUM"
|
|
},
|
|
{
|
|
"id": "CODE-002",
|
|
"title": "Standardize Component initialization in App.tsx",
|
|
"description": "Refactor App.tsx to use a single 'VerificationProvider' or 'AppInitializer' component instead of multiple scattered useEffect hooks for auth checks, theme, and i18n.",
|
|
"status": "PENDING",
|
|
"complexity": "MEDIUM",
|
|
"impact": "MEDIUM"
|
|
},
|
|
{
|
|
"id": "CODE-003",
|
|
"title": "Console Clean-up",
|
|
"description": "Remove console.log/error/warn specific to debugging in production code. Replace with the structured 'logger' utility which respects environment configs.",
|
|
"status": "PENDING",
|
|
"complexity": "LOW",
|
|
"impact": "LOW"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"phase": "4. UI/UX Professionalization",
|
|
"priority": "MEDIUM",
|
|
"tasks": [
|
|
{
|
|
"id": "UI-001",
|
|
"title": "Standardize Error Feedback",
|
|
"description": "Ensure all API and Form errors trigger a visible Toast notification, not just a console error.",
|
|
"status": "PENDING",
|
|
"complexity": "MEDIUM",
|
|
"impact": "HIGH"
|
|
},
|
|
{
|
|
"id": "UI-002",
|
|
"title": "Remove Hacky Styling Fixes",
|
|
"description": "Investigate root causes for 'fix-input-focus.css' and 'fix-login-form.css' and resolve them in the core components/Tailwind config instead of patching them.",
|
|
"status": "PENDING",
|
|
"complexity": "MEDIUM",
|
|
"impact": "MEDIUM"
|
|
},
|
|
{
|
|
"id": "UI-003",
|
|
"title": "Implement Missing Features (TODOs)",
|
|
"description": "Address explicit TODOs in UI code (e.g., 'Button to create new conversation', 'Edit track'). Implement or hide unfinished features.",
|
|
"status": "PENDING",
|
|
"complexity": "VARIABLE",
|
|
"impact": "MEDIUM"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
} |