chore: harden v3.0.1 — dedupe library filters, +19 tests, fix AA contrast#21
Merged
Conversation
…rast Audit follow-through (the highest-leverage items). - Extract applyFilters() into a pure library-filters.js. render() and getVisibleRows() were ~50 lines of copy-pasted filter/sort logic that had diverged — the export path filtered by the NL-filter ids but dropped the AI ranking order. Both now call one tested function. (Adversarial read showed this was smaller than the audit feared: same row set, only the NL order differed — now fixed.) - Tests for the untested, security-relevant pure logic: computeScore (weighted rubric average + null/range guards), oauth-pkce (base64url + the real S256 challenge), and applyFilters itself (incl. an NL-order regression test). +19 tests (713 → 732). - Fix the 5 themes whose --text-muted failed WCAG AA — incl. the DEFAULT midnight (4.15:1) and worst rosepine (3.42:1). Hue-preserving lightness bumps; all 13 themes now >=4.5:1 (verified by computed contrast ratio).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The audit's highest-leverage follow-through items, in one pass.
1. Dedupe the library filter pipeline (the "active bug")
render()andgetVisibleRows()were ~50 lines of copy-pasted filter/sort logic. Extracted into a pure, testedlibrary-filters.js → applyFilters()that both now call.2. Tests for untested, security-relevant pure logic (+19, 713 → 732)
computeScore(evaluations.js) — weighted rubric average, null/empty/out-of-range guards, missing-weight default.oauth-pkce—base64url(padding/URL-safety) and thatcreatePkcePairemits a real S256 challenge =base64url(SHA-256(verifier)), correct sizes, and randomness.applyFilters— every branch, incl. the NL-order regression.3. Fix WCAG-AA contrast on 5 themes
--text-mutedfailed AA (< 4.5:1) on 5 of 13 themes — including the defaultmidnight(4.15:1) and worstrosepine(3.42:1). Hue-preserving lightness bumps; all 13 now ≥ 4.5:1, verified by a computed-ratio script (the other 8 were already passing and untouched).Test plan
npx vitest run— 732 passing (was 713)node --checkonlibrary.js+library-filters.js--text-mutednow pass AANote
Extension-only (no
website/change → no deploy). CI lands green (732 tests).🤖 Generated with Claude Code