audit: production readiness review — fix build/lint/tests + CI + security findings#58
Merged
wallydz merged 10 commits intoVPNht:vpnht-rewritefrom Feb 21, 2026
Conversation
added 4 commits
February 21, 2026 18:57
- Fix Map.tsx: escape raw < and > in JSX text content - Fix Settings.tsx: rewrite incomplete snippet as full component - Fix tests/helpers.test.ts: correct import path from ./helpers to ../src/utils/helpers - Fix api.ts: add proper type casting for mock server data, remove unused imports - Fix Login.tsx: resolve UseFormRegister union type incompatibility - Fix stores/index.ts: prefix unused get parameter with underscore - Remove unused imports: Heart (Servers), location (Layout), resourcesToBackend (i18n) - Remove unused code: isDisconnected, getStatusBg (Home) - Add .eslintrc.cjs configuration file - Add src/vite-env.d.ts for Vite client types (import.meta.env) - Bump vite build target from safari13 to safari15 (BigInt support for maplibre-gl) - Add [workspace] to src-tauri/Cargo.toml for standalone cargo check
- 30 tests covering formatBytes, formatDuration, validateEmail, validatePassword, groupByRegion, getCountryFlag, getCountryCodeFromName, formatLatency, formatSpeed, debounce, and cn - All tests passing
- Lint, typecheck, and test jobs - Multi-platform Tauri builds (Linux, Windows, macOS) - Rust caching with Swatinem/rust-cache - npm dependency caching - Artifact upload for all platform builds - Security audit job (npm audit + cargo audit) - CodeQL analysis for JavaScript/TypeScript - Concurrency control to cancel stale runs - Triggers on main branch pushes and PRs
REPORT.md covers: - Stack identification - Baseline verification results (before/after) - Security threat model and 12 findings - Code quality analysis and refactor opportunities - Testing inventory and 35 new tests - CI/CD workflow analysis - UX/feature recommendations - Prioritized roadmap (P0/P1/P2)
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
added 6 commits
February 21, 2026 19:08
- Replace mock API with Tauri IPC in src/utils/api.ts - Add code splitting for MapLibre GL in App.tsx - Add ConnectionTimer to Home page - Wrap all routes with ErrorBoundary - Fix type mismatch in Servers.tsx for latency results
- Restrict IPC store_secure/retrieve_secure to allowlisted keys only - Add input validation to all IPC commands (email, password, server_id, etc.) - Fix kill switch privilege escalation with platform-specific elevation - Add interface name sanitization to prevent command injection - Tighten CSP in tauri.conf.json by removing unsafe-inline - Restrict HTTP scope to specific API endpoints - Remove token storage from localStorage to prevent plaintext exposure This implements critical security hardening for production readiness.
- Replace Result<T, String> with proper AppError in error.rs - Implement From traits for common error types - Create api.rs with real GraphQL API client - Update commands.rs to use real API client - Add ApiClient to Tauri managed state in main.rs - Update all error handling to use AppError properly
- Fix auth.test.ts: use isLoading (not loading), auth_login (not login) - Fix connection.test.ts: use bytesReceived/bytesSent, correct error state, silently return on double-connect (not throw) - Fix server.test.ts: re-read state after toggle, remove reset() call - Fix settings.test.ts: use preferredProtocol, correct default values All 73 tests passing.
- Added tests for Zustand stores: auth, connection, server, settings - Added smoke test for App component - Added config persistence test - Added VPN connect/disconnect flow test - All tests pass (73/73)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Production Readiness Audit
What this PR does
Verification
npm run typecheck— passesnpm run lint— 0 errorsnpm test— 35/35 passnpm run build— produces dist/Key Findings (see REPORT.md)
Commits