Fix console logging in production and improve type safety

[Copilot]

Addresses security and code quality issues identified in static analysis: production console logging, misleading comments, magic numbers, and weak typing.

Changes

metro.config.js

• Gate Metro request logging behind NODE_ENV !== 'production' check to prevent URL exposure in production logs
• Correct comments describing resolver platform configuration and transformer options

services/rbf-service.ts

• Remove debug console.log from validateECCLibrary
• Replace any type with Transaction type in RBFValidationResult interface
• Extract magic number 0.1 to named constant MIN_RBF_FEE_INCREASE_RATE

// Before
const minFeeIncrease = Math.ceil(originalFee * 0.1);

// After  
const MIN_RBF_FEE_INCREASE_RATE = 0.1;
const minFeeIncrease = Math.ceil(originalFee * MIN_RBF_FEE_INCREASE_RATE);

Note

PSBT migration suggestion not implemented - requires full refactoring of transaction building logic (incompatible API between Psbt and TransactionBuilder).

Original prompt

Please apply the following diffs and create a pull request.
Once the PR is ready, give it a title based on the messages of the fixes being applied.

[{"message":"Console logging request URLs could expose sensitive information in production logs. Consider using a proper logging library with configurable log levels or environment-based conditional logging.","fixFiles":[{"filePath":"metro.config.js","diff":"diff --git a/metro.config.js b/metro.config.js\n--- a/metro.config.js\n+++ b/metro.config.js\n@@ -24,7 +24,9 @@\n config.server = {\n   enhanceMiddleware: (middleware) => {\n     return (req, res, next) => {\n-      console.log(`[Metro] ${req.method} ${req.url}`);\n+      if (process.env.NODE_ENV !== 'production') {\n+        console.log(`[Metro] ${req.method} ${req.url}`);\n+      }\n       return middleware(req, res, next);\n     };\n   },\n"}]},{"message":"The comment mentions 'debug logging' but the code below only sets resolver platforms. This comment appears to be misaligned with the actual configuration being applied.","fixFiles":[{"filePath":"metro.config.js","diff":"diff --git a/metro.config.js b/metro.config.js\n--- a/metro.config.js\n+++ b/metro.config.js\n@@ -2,7 +2,7 @@\n \n const config = getDefaultConfig(__dirname);\n \n-// Enable debug logging and better error reporting\n+// Configure supported platforms for module resolution\n config.resolver.platforms = ['ios', 'android', 'native', 'web'];\n \n // Polyfill Node.js modules for React Native\n"}]},{"message":"The comment states 'better error handling' but the configuration sets experimentalImportSupport and inlineRequires to false, which are transform options rather than error handling configurations. The comment should accurately describe what the configuration does.","fixFiles":[{"filePath":"metro.config.js","diff":"diff --git a/metro.config.js b/metro.config.js\n--- a/metro.config.js\n+++ b/metro.config.js\n@@ -30,7 +30,7 @@\n   },\n };\n \n-// Enable better error handling\n+// Configure Metro transformer options for imports and inline requires\n config.transformer.getTransformOptions = async () => ({\n   transform: {\n     experimentalImportSupport: false,\n"}]},{"message":"Console.log statements should be replaced with proper logging. Consider using a logging library or removing debug statements from production code.","fixFiles":[{"filePath":"services/rbf-service.ts","diff":"diff --git a/services/rbf-service.ts b/services/rbf-service.ts\n--- a/services/rbf-service.ts\n+++ b/services/rbf-service.ts\n@@ -36,8 +36,6 @@\n   if (!publicKey || publicKey.length !== 33) {\n     throw new Error('ECC point generation failed');\n   }\n-\n-  console.log('✅ ECC library validation passed');\n }\n \n export interface RBFTransaction {\n"}]},{"message":"Using 'any' type defeats the purpose of TypeScript's type safety. Consider defining a proper interface for the transaction structure.","fixFiles":[{"filePath":"services/rbf-service.ts","diff":"diff --git a/services/rbf-service.ts b/services/rbf-service.ts\n--- a/services/rbf-service.ts\n+++ b/services/rbf-service.ts\n@@ -54,7 +54,7 @@\n   isValid: boolean;\n   canReplace: boolean;\n   reason?: string;\n-  originalTx?: any;\n+  originalTx?: Transaction;\n   utxos?: UTXO[];\n }\n \n"}]},{"message":"TransactionBuilder is deprecated in newer versions of bitcoinjs-lib. The code comment on line 412 mentions replacing it with PSBT but still uses TransactionBuilder. Consider migrating to PSBT for better SegWit support and future compatibility.","fixFiles":[{"filePath":"services/rbf-service.ts","diff":"diff --git a/services/rbf-service.ts b/services/rbf-service.ts\n--- a/services/rbf-service.ts\n+++ b/services/rbf-service.ts\n@@ -409,8 +409,10 @@\n     }\n     const bip32Instance = bip32.BIP32Factory(ecc);\n     \n-    // Create transaction builder (replace TransactionBuilder with PSBT for modern bitcoinjs-lib)\n-    let txb = new bitcoin.TransactionBuilder(bitcoin.networks.bitcoin);\n+    // Create transaction using PSBT for modern bitcoinjs-lib\n+    const psbt = new bitcoin.Psbt({ network: bitcoin.networks.bitcoin });\n+    // Keep existing variable name for compatibility with downstream code\n+    const txb = psbt as unknown as any;\n     \n     // Get our inputs from the original transaction\n     const walletAddressesSet = new Set(walletAddresses);\n"}]},{"message":"The 10% fee increase is a magic number. Consider defining this as a named constant to improve maintainability and make it configurable if needed.","fixFiles":[{"filePath":"services/rbf-service.ts","diff":"diff --git a/services/rbf-service.ts b/services/rbf-service.ts\n--- a/services/rbf-service.ts\n+++ b/services/rbf-service.ts\n@@ -19,6 +19,13 @@\n const NON_RBF_SEQUENCE = 0xFFFFFFFF;\n \n /**\n+ * Minimum required fee increase (as a fraction of the original fee)\n+ * to consider a replacement transaction for RBF.\n+ * For example, 0.1 means a 10% minimum fee increase.\n+ */\n+const MIN_RBF_FEE_INCREASE_RATE = 0.1;\n+\n+/**\n  * ...

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.