fix/refactor: Resolve ESLint errors, fix Ballerina PII bug, and overhaul CI pipeline

[HasithaErandika]

Summary

This PR wraps a session of quality and reliability work across the full stack:

• Frontend — eliminates all 15 ESLint errors (no-explicit-any, react-hooks/set-state-in-effect) and the downstream TypeScript type errors they caused in useCandidates.
• Backend — fixes a logic inversion bug in maskPii/unmaskPii that caused 3 Ballerina unit tests to fail silently, and corrects a stale test assertion ("JSON profile" → "JSON object").
• CI — restructures the GitHub Actions workflow to separate offline unit tests from network-dependent integration tests, adds a TypeScript type-check step to the frontend job, and ensures bal test never hangs or fails due to a missing live server in CI.
• Docker & Docs — improves Docker Compose/Dockerfile configuration and overhauls project documentation.

No new APIs or data-model changes are introduced. This is a pure quality/reliability uplift.

---

Type of change

• Bugfix
• New feature
• Breaking change
• Refactor
• Documentation
• Tests
• CI / infra

---

Checklist

• I have read the contributing guidelines.
• Linked any related issue(s) (e.g., Fixes #123).
• Code builds locally and passes linting.
• All new and existing tests pass.
• I added tests that cover my changes (if applicable).
• I updated relevant documentation (README, docs, inline comments).
• No sensitive data, passwords, or keys are included.

---

What changed

ed07433 — fix: close marking criteria edit modal before confirmation dialog

• react-frontend/src/…/MarkingCriteria.tsx — modal close/confirm sequencing fixed.
• Added project audit tracking file.

a8af390 — feat: update and improve Docker configuration

• ballerina-gateway/Dockerfile — multi-stage build cleanup and layer optimisation.
• ballerina-gateway/docker-compose.yml — service definitions updated.
• Root docker-compose.yml — full-stack compose updated to match.

cd7aaf0 — test: add AI grading unit tests, fix security test port, refactor violation summary

• ballerina-gateway/tests/ai_grading_test.bal — full suite of pure-unit tests covering parseScore, buildGradingPrompt, buildCvParsePrompt, score constants, and audit-action constants (all tagged groups: ["ai-grading", "unit"]).
• ballerina-gateway/tests/hf_gate_test.bal — gate threshold/label tests and PII redaction contract tests.
• ballerina-gateway/tests/security_test.bal — corrected listener port from stale value to 9092.
• ballerina-gateway/modules/services/grading_service.bal — trailing-comma bug in summarizeViolations fixed.

ac56bfc — docs: overhaul project documentation

• README.md — updated architecture overview, installation steps, and environment variable reference.
• doc/README.md — updated to match current module structure.
• doc/api-endpoints.md — corrected endpoint list to match live API.
• doc/getting-started.md — step-by-step guide rewritten for the current stack.

207dd93 — refactor: improve frontend type safety and component state management

• src/types/api.ts — replaced 6× any on TranscriptResponse optional fields with string | Array<Record<string, string>> unions.
• src/hooks/useCandidates.ts — handler return types narrowed from Promise<unknown> to Promise<{ emailSent?: boolean }>.
• src/components/dashboard/TranscriptModal.tsx — removed synchronous setState from effect body; replaced 6× any in .map() callbacks with Record<string, string> | string.
• src/pages/dashboard/views/CandidateTranscript.tsx — same setState-in-effect fix; dropped unused setError setter.
• src/pages/dashboard/views/Candidates.tsx — let result: any narrowed to { emailSent?: boolean } | undefined.

3782cf0 — refactor: categorise Ballerina tests with groups and update CI pipeline

• Bug fix: modules/utils/redaction_util.bal — maskPii and unmaskPii had their map-traversal logic completely inverted relative to the piiMap convention (key = placeholder, value = original PII). maskPii now correctly replaces original PII (value) with the placeholder token (key); unmaskPii restores the original PII from the placeholder.
• tests/utils_test.bal — stale assertion "JSON profile" → "JSON object" (phrase never existed in the prompt); all 4 tests tagged groups: ["unit"].
• tests/services_test.bal — all 6 tests tagged groups: ["unit"].
• tests/connection_test.bal — all 7 tests tagged groups: ["integration"] (live external APIs).
• tests/security_test.bal — all 3 tests tagged groups: ["integration"] (requires running gateway on localhost:9092).
• tests/api_test.bal — both tests tagged groups: ["integration"] (requires running gateway).
• .github/workflows/ci.yml:
  • Frontend: added npx tsc --noEmit type-check step; added VITE_API_BASE_URL env var so the Vite production build succeeds in CI.
  • Backend: bal test → bal test --groups unit so integration tests never block the CI gate.
  • Comments added explaining the --groups unit convention and actions/upload-artifact path semantics.

---

How to verify / QA steps

Frontend

cd react-frontend
npm ci
npm run lint          # expect: 0 errors, 0 warnings
npx tsc --noEmit      # expect: clean exit
npm run test          # expect: pass with no tests (vitest passWithNoTests)
npm run build         # expect: successful Vite production bundle

Backend (unit tests only — no credentials or live services needed)

cd ballerina-gateway
cp Config.toml.example Config.toml   # placeholder values are sufficient
bal test --groups unit                # expect: 42 passing, 0 failing, 0 skipped

Backend (integration tests — requires real credentials + running services)

# Use tests/Config.toml (real credentials already present)
bal test --groups integration         # expect: all connection checks pass
bal test                              # full suite

Docker

docker-compose up --build             # full-stack compose at repo root

---

Screenshots / Recordings

No UI changes in this PR.

---

Rollout / Migration plan

• Will this require a DB migration? [x] No

No schema changes. No data migrations. Safe to deploy directly on top of any existing instance.

---

Backwards compatibility & Breaking changes

• Does this change break existing behavior? [x] No

All changes are internal (type annotations, test grouping, CI steps, bug fixes in utility functions). The maskPii/unmaskPii logic fix corrects the function bodies to match their documented contracts — no callers in production code were using the incorrect behaviour.

---

Security considerations

• redaction_util.bal bug fix ensures PII is correctly masked before being sent to the HuggingFace gate and correctly revealed only on recruiter-authorised reveal calls. The previous inversion was a correctness defect, not an active security vulnerability (the functions were not yet wired into the live grading pipeline for PII flow), but the fix tightens the privacy guarantee.
• Config.toml.example contains only placeholder strings. Real credentials remain in tests/Config.toml (existing practice — not changed by this PR).

---

Release notes (one-liner)

Fix Ballerina PII masking bug, eliminate all frontend ESLint/TypeScript errors, and restructure CI to run fast offline unit tests only — keeping the pipeline reliable without live service credentials.

---

Related PRs / References

• n/a

---

Suggested reviewers

• @HasithaErandika (author / self-review)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
equihire	Ready	Preview, Comment	Apr 22, 2026 4:06pm