fix: PERF-03 remove decorative mock encryption pipeline from assessment#137
Merged
Conversation
Audit /m:audit --perf found the production assessment answer path running
four MOCK services on every tap (mockComplianceEngine, mockEncryptionService,
mockAuditLogger, mockPerformanceMonitor), including an artificial
`await setTimeout(10ms)` and several console.log calls — eating into the
300ms assessment budget. The mock also falsely claimed `AES-256-GCM` while
storing `encrypted_${JSON.stringify(data)}` (a compliance smell).
The mocks were decorative: real AES-256 encryption, consent, audit logging,
and crisis detection (inline PHQ-9 Q9 + score-based thresholds) all run
downstream in assessmentStore.answerQuestion -> SecureStorageService. The
mock output fed only a never-read local metadata/totalEncryptionTime counter.
- Delete the four mock objects, the artificial delay, and the console.logs.
- Simplify handleAnswerSelection to call onAnswer(response) unconditionally
and before anything that can throw (removes a latent consent-throw that
could have suppressed a Q9 crisis alert), keep the a11y announcement and
the 300ms perf guard.
- Simplify the onAnswer/ResponseMetadata contract: onAnswer(response) only;
drop the unused EncryptionResult/ResponseMetadata interfaces, the metadata
arg, and the write-only encryptionStatus state. answers Map stores the
response directly. Honest header comment (no in-component encryption claim).
Specialist passes: crisis + compliance (both APPROVE-WITH-CONSTRAINTS) —
verified crisis detection/banner/button are entirely store-sourced and
untouched; no real consent/audit/encryption control lived only in the mock.
Tests: updated EnhancedAssessmentQuestion contract test to the single-arg
onAnswer (still pins delegation + no component-fired Alert + store-sourced
banner). Validated: typecheck, lint:baseline (net -6 errors), test:clinical
(94), test:crisis-detection (82), test:unit (395) all green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Audit-derived (
/m:audit development --perf, finding PERF-03). No Notion work item.The production assessment answer path ran four mock services on every tap (
mockComplianceEngine,mockEncryptionService,mockAuditLogger,mockPerformanceMonitor) — including an artificialawait setTimeout(10ms)+ severalconsole.logs, eating into the 300ms assessment budget. The mock also falsely claimedAES-256-GCMwhile storingencrypted_${JSON.stringify(data)}(a compliance smell).The mocks were decorative: real AES-256 encryption, consent, audit logging, and crisis detection (inline PHQ-9 Q9 + score-based thresholds) all run downstream in
assessmentStore.answerQuestion→SecureStorageService. The mock output fed only a never-read local metadata/totalEncryptionTimecounter.console.logs.handleAnswerSelectionto callonAnswer(response)unconditionally and before anything that can throw (removes a latent consent-throw that could have suppressed a Q9 crisis alert); keep the a11y announcement + 300ms perf guard.onAnswer/ResponseMetadatacontract; drop unused interfaces, the metadata arg, and write-onlyencryptionStatusstate. Honest header (no in-component encryption claim).Specialist passes: crisis + compliance (both APPROVE-WITH-CONSTRAINTS) — crisis detection/banner/button entirely store-sourced and untouched; no real consent/audit/encryption control lived only in the mock.
Safety gate: Maestro
e2e:safety:{q9,phq9,gad7}all pass against the seeded no-dev-client build (Q9 single-alert, PHQ-9≥20, GAD-7≥15 → crisis banner). Plustest:clinical(94),test:crisis-detection(82) green.🤖 Generated with Claude Code