Strengthening the Engineering #4222
Conversation
- Update queryClient test to expect 5-minute staleTime. - Fix customAxios i18n test to use localStorage language override. - Remove obliterate assertions from automation/slack producer tests and assert stable jobId values instead.
Replace import * as LucideIcons from lucide-react with named imports in the four remaining source files. Add a central iconMap utility that only imports the ~58 icons actually referenced by TabBar/DashboardTabs, so the 615 kB lucide namespace chunk is eliminated. The StyleGuide icon catalog now also imports its common icons explicitly. - src/presentation/utils/iconMap.ts: new tree-shakeable icon registry - TabBar/DashboardTabs/NewControlPane: resolve icons via iconMap - IconsSection: explicit named imports for COMMON_ICONS
1. Test Fixes for P0 ChangesAfter the P0 performance commits, the following tests needed to be updated to match the new behavior. All were fixed and committed. 1.1
|
| Asset | Before | After |
|---|---|---|
lucide-react namespace chunk |
~615 kB | eliminated |
| Individual icon chunks | — | tiny per-icon chunks (< 1 kB each) or inlined |
StyleGuide chunk |
larger | only explicit catalog icons |
3. Validation
| Check | Command | Result |
|---|---|---|
| Clients type check | npx tsc --noEmit |
✅ Passed |
| Servers type check | npx tsc --noEmit |
✅ Passed |
| Clients production build | npm run build-dev |
✅ Passed |
| Client unit tests | npx vitest run |
✅ 5,126 passed / 5,126 |
| Server unit tests | npm run test:unit |
✅ 3,331 passed / 3,331 |
4. Known Lint Gap
npm run lint in Clients currently fails because the eslint package itself is not installed — only @eslint/js, eslint-plugin-react-*, and typescript-eslint are present. I did not add or remove dependencies without explicit approval. Fixing this is a one-line dependency change if desired.
5. Commit Log
All commits pushed to origin/mo-368-jul-2-quality-enhancement.
| # | Hash | Message | Files |
|---|---|---|---|
| 1 | 0a0949a38 |
test: update tests for P0 performance changes |
queryClient.test.ts, customAxios.test.ts, automationProducer.spec.ts, slackProducer.spec.ts |
| 2 | 5dabcef11 |
perf(client): tree-shake lucide-react by replacing namespace imports |
iconMap.ts, TabBar/index.tsx, DashboardTabs/index.tsx, NewControlPane.tsx, IconsSection.tsx |
6. Next Steps
- Fix client lint by installing the correct
eslintversion (requires dependency change approval). - Refactor
useDashboardMetricsto React Query /useQueriesto eliminate the ~18 parallel-request dashboard storm. - Split
VerifyWiseContextinto focused contexts. - Lazy-load the dashboard body.
- Extend
manualChunksfor further vendor splitting.
1. What was completed1.1 Refactored
|
Strengthening the Engineering
Please ensure all items are checked off before requesting a review:
npm run generate:swagger).authenticateJWTand the generated spec declaresbearerAuthsecurity.npm run check:api-driftand committed the regeneratedswagger.yamlandendpoints.ts.1. What Was Implemented
This report covers only the P0 code changes that were committed and pushed. The full audit findings (68 issues) are documented separately in
C:\Workspace\verifywise\agent.md.1.1 Frontend (Clients)
1.1.1 Raised TanStack Query
staleTimeFile:
Clients/src/application/config/queryClient.tsWhy: The 2-second default treated cached data as stale almost immediately, causing refetches on every component mount. Five minutes is a safe default for read-heavy governance data; volatile endpoints can still override locally.
1.1.2 Removed Full Translation Dictionary from
customAxios.tsFile:
Clients/src/infrastructure/api/customAxios.tsWhat changed:
import { translations, type Lang } from "../../i18n/translations"import { getLanguage } from "../../i18n/domTranslator"getLanguage()helperERROR_TRANSLATIONSmap containing only the two alert strings used by Axios:"Error""An error occurred. Please try again later"Why: The full 1.9 MB translation dictionary was imported into infrastructure code and pulled into the
customAxioschunk on the critical path. Replacing it with a tiny map eliminates the bundle bloat while keeping non-English error-toast support for those specific messages.Measured impact:
customAxioschunk1.1.3 Removed Duplicate Redux Providers
File:
Clients/src/App.tsxWhat changed: Removed the inner
<Provider store={store}>and<PersistGate persistor={persistor}>wrappers. The providers inmain.tsxnow handle store provision and rehydration exactly once.Why: Both
main.tsxandApp.tsxwrapped the app in Redux providers. This causedPersistGaterehydration to run twice per boot and every Redux dispatch to propagate through two nested provider subtrees — wasted work and a source of subtle state-reconciliation bugs.1.2 Backend (Servers)
1.2.1 Tuned Sequelize Connection Pool
File:
Servers/database/db.tsWhat changed: Added explicit pool and timeout configuration with environment-variable overrides:
Why: Sequelize defaults (max 5 connections, no statement timeout) are unsafe under production load. Explicit pool sizing prevents pool saturation, and timeouts prevent runaway queries from hanging requests indefinitely.
1.2.2 Added
trust proxyand Global API Rate LimiterFile:
Servers/app.tsWhat changed:
app.set("trust proxy", Number(process.env.TRUST_PROXY_HOPS ?? 1));generalApiLimiterapp.use("/api", generalApiLimiter);Why:
trust proxy, Express ignoresX-Forwarded-For, soreq.ipbecomes the load balancer IP. Rate limiting then treats all traffic as one client and can globally block the app once any limit is hit.1.2.3 Backed Rate Limiters with Redis
File:
Servers/middleware/rateLimit.middleware.tsWhat changed:
RedisRateLimitStoreclass implementing theexpress-rate-limitStoreinterface.rl:fileopsrl:apirl:authrl:refreshrl:aidettotalHits: 0) if Redis is unreachable, so a Redis outage does not hard-block the API.Why: The default in-memory
MemoryStoredoes not share counters across server instances. In a horizontally scaled deployment, a client could exceed limits by rotating across pods. Redis-backed counters fix this without adding a new dependency.1.2.4 Added Performance Indexes Migration
File:
Servers/database/migrations/20260702143000-add-performance-indexes.jsWhat changed: Created a reversible migration adding six indexes:
Why: These indexes target the highest-cardinality query paths found in the audit: file version history, full-text search, policy due-soon lists, AI detection findings by scan, and filtered audit-ledger queries.
1.2.5 Removed Queue
obliterateand Added Stable Job IDsFiles:
Servers/services/slack/slackProducer.tsServers/services/automations/automationProducer.tsServers/jobs/producer.tsWhat changed:
await automationQueue.obliterate({ force: true })from vendor-review and report schedulers.await notificationQueue.obliterate({ force: true })from the Slack scheduler.jobIdvalues to every repeatablequeue.add()call.Why:
obliteratewiped the entire queue on every server start. Multiple schedulers calling it caused later schedulers to delete jobs added by earlier ones, making scheduled-job state non-deterministic and causing jobs to disappear after restarts. StablejobIds makequeue.add()idempotent — BullMQ updates the existing repeatable job instead of creating duplicates.2. Validation
npx tsc --noEmit -p tsconfig.app.jsonnpx tsc --noEmitnpm run build2.1 Bundle Impact
The most significant measurable improvement:
customAxios.jscustomAxios.jsgzipped3. Commit Log
All commits pushed to
origin/mo-368-jul-2-quality-enhancement.51c39d228perf(clients): raise TanStack Query staleTime from 2s to 5minClients/src/application/config/queryClient.ts36813665cperf(clients): remove full translation dictionary import from customAxiosClients/src/infrastructure/api/customAxios.ts74a069b66perf(clients): remove duplicate Redux Provider and PersistGate from AppClients/src/App.tsxcab7f4ff8perf(servers): add explicit Sequelize connection pool and timeout configServers/database/db.ts496b9d49cperf(servers): add trust proxy and global API rate limiterServers/app.ts268d084d0perf(servers): back rate limiters with Redis for horizontal scalingServers/middleware/rateLimit.middleware.ts49cfe649aperf(servers): add performance indexes for files, policies, AI findings, audit ledgerServers/database/migrations/20260702143000-add-performance-indexes.jse4593759bperf(servers): remove queue obliterate and add stable jobId to slack schedulerServers/services/slack/slackProducer.tsca8fb6c9eperf(servers): remove queue obliterate and add stable jobIds to automation schedulerServers/services/automations/automationProducer.ts30af852aedocs(servers): remove obsolete 'MUST be last' queue obliterate commentServers/jobs/producer.ts0d50dc534fix(servers): satisfy Store interface in Redis rate limit storeServers/middleware/rateLimit.middleware.ts4. What Was Not Implemented (and Why)
BYTEAto object storagetranslations.tsby languagedomTranslator,useTranslation, and all consumers. CustomAxios fix already removed the critical-path bloat.VerifyWiseContext