Skip to content

Code review: refactoring hot-spots report and spec#92

Open
IanMayo wants to merge 3 commits into
mainfrom
claude/speckit-code-review-8dd0zw
Open

Code review: refactoring hot-spots report and spec#92
IanMayo wants to merge 3 commits into
mainfrom
claude/speckit-code-review-8dd0zw

Conversation

@IanMayo

@IanMayo IanMayo commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Summary

Conducts the requested code review of large/complex modules and produces a prioritized report of refactoring recommendations, plus a Spec Kit feature spec derived from it.

Findings cover all five requested hot-spot criteria:

  • UI and business logic too tightly intertwined
  • Business logic several layers deep
  • Child components that could be refactored out
  • UI elements that could become Lit components
  • Files over 400 lines

Deliverables (specs/012-code-review/)

  • code-review-report.md — the primary deliverable: prioritized findings (HIGH/MEDIUM/LOW) with concrete file/line references and extraction recommendations, plus cross-cutting themes and a lowest-risk → highest-payoff sequencing.
  • spec.md — feature spec turning the report into independently shippable refactoring slices (ready for /speckit.plan).
  • checklists/requirements.md — spec quality checklist (all items pass).

Headline findings

Severity Hot-spot
HIGH qd-login.ts (983) — component is the entire auth/PIN/migration pipeline; ~100-line duplicated retry method
HIGH quiz-table.ts (807) — persistence + DOM + instructor overlay fused; innerHTML XSS risk on student data
HIGH indexeddb.ts (759) — one class doing connection, migration, encryption, backups, audit log; ~150 lines of boilerplate
HIGH analysis-table.ts (637) — pure logic + inline-CSS rendering embedded in DOM enhancer
HIGH bootstrap.ts (490) — "god bootstrap"; security-sensitive answer-reveal logic duplicated with event-coordinator.ts
MEDIUM qd-migration-dialog.ts (519), session.ts (443), event-coordinator.ts (339), qd-instructor.ts (380), qd-pin-reset-dialog.ts (389)

Most impactful cross-cutting fixes: the quiz-overlay XSS, the duplicated instructor answer-reveal logic, duplicated SHA-256 password hashing, and config reads that bypass the existing readDOMConfig() service.

Notes

  • Documentation/analysis only — no source code changed.
  • Line references are point-in-time and should be re-verified before any edit.

🤖 Generated with Claude Code

https://claude.ai/code/session_01TvXAFvUpR6jxvQYTofu4eG

Generated by Claude Code

@claude
Add code review report and spec for refactoring hot-spots
4cb716f 
Conduct a code review of large/complex modules and produce a prioritized
report of refactoring recommendations covering: tight UI/business-logic
coupling, deeply nested logic, extractable child components, Lit-component
candidates, and files over 400 lines.

Deliverables under specs/012-code-review/:
- code-review-report.md: prioritized hot-spot findings with file/line refs
- spec.md: refactoring feature spec derived from the report
- checklists/requirements.md: spec quality checklist

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TvXAFvUpR6jxvQYTofu4eG
@github-actions

github-actions Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🚀 PR Preview Deployment

✅ Your changes are being built and deployed to a preview environment.

📋 Live PR Preview Links:

ℹ️ About PR Previews:

  • Preview deploys automatically when you push commits to this PR
  • Preview URL is unique to this PR (Code review: refactoring hot-spots report and spec #92)
  • Preview will be automatically deleted when this PR is closed/merged
  • Build ignores test failures (only requires successful compilation)

📦 Production Demo (main branch):

🧪 Testing Locally:

npm install
npm run build
# Open demo/quiz-index.html in your browser (use file:// or http-server)

This comment will be automatically updated when you push new commits.

github-actions Bot added a commit that referenced this pull request Jun 17, 2026
@github-actions
Deploy preview for PR #92
0a02a6d
@claude
Fix pre-existing Prettier formatting in qd-scores-modal story
fe6ab6e 
Unblocks the repo-wide format:check, which was failing on this file
(already broken on main) independently of this PR's documentation changes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TvXAFvUpR6jxvQYTofu4eG
github-actions Bot added a commit that referenced this pull request Jun 17, 2026
@github-actions
Deploy preview for PR #92
df8c862
@claude
Add implementation plan and design artifacts for hot-spot refactor
f51e9bd 
Phase 0/1 planning output for the code-review refactoring feature:
- plan.md: technical context, constitution check (PASS), module map
- research.md: 7 refactoring-strategy decisions (D1-D7)
- data-model.md: no persisted changes; module responsibility map
- contracts/module-boundaries.md: internal interfaces for extracted units
- quickstart.md: TDD per-slice workflow and 5-wave sequencing

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TvXAFvUpR6jxvQYTofu4eG
github-actions Bot added a commit that referenced this pull request Jun 17, 2026
@github-actions
Deploy preview for PR #92
1226eca
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@IanMayo @claude