refactor(auth-ui): waste & duplication reduction (audit phases 1–5)#88
Closed
yahyafakhroji wants to merge 10 commits into
Closed
refactor(auth-ui): waste & duplication reduction (audit phases 1–5)#88yahyafakhroji wants to merge 10 commits into
yahyafakhroji wants to merge 10 commits into
Conversation
…edupe slugify (audit phase 2)
🧪 Test Summary
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Codebase-wide waste / duplication / inefficiency reduction, driven by a multi-agent audit (47 findings → 45 verified, 2 false positives rejected) and executed in 5 dependency-ordered phases, each its own commit(s) and independently verified.
Outcome: −363 LOC of production code removed/deduplicated, +18 characterization tests (1310 → 1328), no coverage lost, no behavioral changes.
Phases
ff8763eeserver/edge/index.ts,server/infra/index.ts), staleen.js,withCsrf/getHints/setupI18n/capSessions, deadtoSession.challengesbranch, unused deps (ioredis, 2× otel direct), resource-barrel trimad61317bloaderCsrf×18,LastUsedBadge×3,withPasswordMatch×4,slugifydedupe,useLoginContext×7, login-loaderPromise.all9e2cb340readCeremonyParams,redirectToLogin,BrandLogo,IdpButtonList/OrDivider,threadParams,authorizeHandbackTarget/ssoErrorRedirect,AuthFormFields×9b41d164c,b4fde974sessionEntryFromSession(10 creation sites),createRateLimitfactory +lastHopIp190d1d01,2230d78f,2dd7e9bd,fd293b2a,cea23a47nextStepFromSession, enumeration-safe register, webauthn enrollment cfg factory,timestampToIsoBehavior preservation
These are refactors only — no functional changes. The riskier merges (Phase 5) were done TDD-first: characterization tests pinning the current behavior (incl. the subtle divergences) were written and confirmed green on the un-refactored code before each merge. Divergences deliberately preserved, e.g.:
completeEmailLinkSignupkeepsid: session.idbut token/timestamps from the post-updateverifiedobject.nextStepFromSessiontakes the divergent values (freshmfaInitSkippedAt, rawloginName) as caller-resolved inputs;session.serviceleft bespoke (its overrides are not session-derived).signup.requestedvssignup.created); rate-limit named exports + IP fallbacks ('unknown'vs'') unchanged;tsToIso('')empty-string passthrough preserved.Verification
tscclean · 1328/1328 tests · prod build ✓.Test plan
bunx tsc --noEmitbun run test:unit(1328 passing)bun run build