Comprehensive Audit Fixes and Stability Improvements

[HasithaErandika]

Summary

This PR implements a series of critical bug fixes, performance optimizations, and UX improvements identified during a full codebase audit of the EquiHire-Core platform. The primary focus was on hardening the candidate interview experience, eliminating redundant network traffic, and resolving logic errors in the recruitment pipeline.

Type of change

• Bugfix
• Refactor
• Performance Optimization
• New feature
• Breaking change
• Documentation

Checklist

• I have read the contributing guidelines.
• Code builds locally and passes linting.
• All new and existing tests pass.
• No sensitive data, passwords, or keys are included.
• Security considerations (XSS surface reduction) addressed.

What changed

🔴 Critical & Functional Fixes (P0)

• Fixed Interview Timer Reset: Resolved an issue in react-frontend/src/pages/candidate/Interview.tsx where the countdown timer reset on every keystroke. Implemented a useRef stable-reference pattern for the submitPayload callback to prevent the useEffect from re-triggering during active typing.
• Prevented Duplicate Submissions: Added disabled={isSubmitted} logic to the "Finish & Submit" button to prevent rapid-click race conditions that created duplicate evaluation records in the backend.

🟠 Logic & Pipeline Adjustments (P1)

• Optimized Candidate Decision Flows: Eliminated redundant dual API calls in useCandidates.ts for accept/reject actions. The UI now derives state from the initial fetch result rather than refetching the same dataset immediately.
• Dead Code Removal: Removed the unused and misleading hook-level handleApplyDecision which hardcoded 'accepted' status.
• Pipeline Clarity: Renamed the "Shortlisted" stage to "Accepted" in the CandidatePipeline component to align with backend status values and user actions.

🟡 Performance Improvements (P2)

• Parallelized Question Count Fetches: Replaced sequential N+1 API calls in useQuestions.ts with Promise.all, significantly reducing dashboard load times when multiple jobs are present.
• Streamlined Dashboard Initialization: Parallelized fetchTemplates and refreshJobs calls in useJobs.ts, saving ~200ms-400ms on initial load.

🔵 UX & Security (P3)

• Improved CV Interaction: Added a loading state (isRevealingCv) to the CV reveal button and replaced blocking window.alert calls with inline error messaging.
• Strengthened Security: Removed dead invite_token storage in sessionStorage within InviteHandler.tsx, reducing the potential XSS attack surface.
• Better Submission Feedback: Refactored the interview submission flow to only show the "Success" screen after the API confirmation, adding a loading overlay to prevent the UI from "flickering" into a success state prematurely.

How to verify / QA steps

1. Timer Stability: Open a candidate interview and type continuously. Verify the timer continues counting down without resetting.
2. Double Submission: Click "Finish & Submit" multiple times rapidly. Verify only one network request is dispatched and the button disables immediately.
3. Pipeline Labels: Check the Recruiter Dashboard and verify that "Accepting" a candidate moves them to an "Accepted" column (no longer labeled "Shortlisted").
4. Loading States: Trigger a CV reveal and ensure the button shows a loading state; simulate an API failure to verify the inline error message replaces the native alert.

Security considerations

• Token Cleanup: Removed an unnecessary magic-link token from sessionStorage post-validation, adhering to the principle of least privilege/data persistence.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
equihire	Ready	Preview, Comment	Apr 13, 2026 2:57am