highperfocused/grimoire
1
0
Fork 0
mirror of https://github.com/purrgrammer/grimoire.git synced 2026-04-08 22:47:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0818219ace308cbae02484ede307327391d8d019
grimoire/CODEBASE_ANALYSIS.md
Claude cdad01dc03 docs: add codebase analysis and accessibility plan 
CODEBASE_ANALYSIS.md:
- Comprehensive architecture review
- State management analysis (Jotai + EventStore + Dexie)
- Component patterns assessment
- Security audit findings (zero vulnerabilities)
- Performance analysis
- 12-week S-tier improvement roadmap

ACCESSIBILITY_PLAN.md:
- Current state assessment (16% ARIA coverage)
- WCAG 2.1 AA compliance roadmap
- Phased implementation plan:
  - Phase 1: Foundation (keyboard nav, focus management)
  - Phase 2: Screen reader support
  - Phase 3: Visual accessibility
  - Phase 4: Advanced features
- Component-specific accessibility requirements
2025-12-22 12:03:33 +00:00

651 lines
19 KiB
Markdown
Raw Blame History

# Grimoire Codebase Analysis & S-Tier Quality Plan
**Analysis Date**: December 2025
**Codebase Size**: ~28,500 lines of TypeScript across 240 files
**Stack**: React 19 + TypeScript 5.6 + Vite 6 + TailwindCSS + Jotai + Dexie + Applesauce
---
## Executive Summary
Grimoire is a **well-architected Nostr protocol explorer** with a unique tiling window manager interface. The codebase demonstrates strong engineering fundamentals with thoughtful patterns, comprehensive testing of core logic, and modern React practices. However, several areas require attention to reach S-tier quality.
### Current Quality Assessment
| Category | Grade | Summary |
|----------|-------|---------|
| **Architecture** | A- | Clean separation, singleton patterns, reactive data flow |
| **Code Quality** | B+ | Strong patterns with some duplication and inconsistencies |
| **Performance** | B+ | Good optimizations, but gaps in memoization |
| **Security** | A | Zero vulnerabilities, proper input validation |
| **Testing** | B | Excellent parser coverage, gaps in components/hooks |
| **Accessibility** | C+ | Foundation present, sparse coverage |
| **UX** | B | Desktop-first, keyboard-driven, limited mobile support |
| **Documentation** | B- | Good inline docs, missing API documentation |
---
## Part 1: Architecture Analysis
### Strengths
#### 1. Tri-Partite State Management
The separation of concerns across three state systems is excellent:
```
┌─────────────────────────────────────────────────────────────────┐
│ STATE ARCHITECTURE │
├──────────────────────┬──────────────────┬──────────────────────┤
│ UI State (Jotai) │ Nostr State │ Relay/DB State │
│ ├─ Workspaces │ (EventStore) │ (RelayLiveness) │
│ ├─ Windows │ ├─ Events │ ├─ Connection state │
│ ├─ Layout tree │ ├─ Profiles │ ├─ Auth preferences │
│ └─ Active account │ └─ Replaceables │ └─ Backoff tracking │
│ │ │ │
│ localStorage │ In-memory RxJS │ IndexedDB (Dexie) │
└──────────────────────┴──────────────────┴──────────────────────┘
```
#### 2. Pure Function State Mutations (`src/core/logic.ts`)
All UI state mutations follow a pure function pattern:
```typescript
export const addWindow = (state: GrimoireState, payload: AddWindowPayload): GrimoireState => ({
...state,
windows: { ...state.windows, [window.id]: window },
// ...immutable updates
});
```
**Benefits**: Easily testable, predictable, no side effects
#### 3. Singleton Pattern for Services
Critical services use singletons preventing resource duplication:
- `EventStore` - Single source of truth for Nostr events
- `RelayPool` - Reuses WebSocket connections
- `RelayLiveness` - Centralized health tracking
- `RelayStateManager` - Global connection + auth state
#### 4. Reactive Data Flow
Applesauce + RxJS provides elegant reactive patterns:
```typescript
// Events flow: Relay → EventStore → Observable → Hook → Component
const events = useTimeline(filters, relays); // Auto-updates on new events
```
#### 5. Command System Design
Unix-style man pages with async parsers:
```typescript
manPages: {
req: {
synopsis: "req [options] [relay...]",
argParser: async (args) => parseReqCommand(args),
appId: "req"
}
}
```
### Weaknesses
#### 1. Disconnected State Systems
- UI state (Jotai) doesn't know about relay health
- Manual sync points (`useAccountSync`, `useRelayState`) create coupling
- No unified error aggregation across systems
#### 2. Race Conditions
```typescript
// useProfile.ts - async DB write can outlive component
const sub = profileLoader(...).subscribe({
next: async (event) => {
await db.profiles.put(...); // Component may unmount during await
if (mounted) setProfile(...);
}
});
```
#### 3. Polling Instead of Events
```typescript
// RelayStateManager polls every 1 second
this.pollingIntervalId = setInterval(() => {
pool.relays.forEach(relay => {
if (!this.subscriptions.has(relay.url)) {
this.monitorRelay(relay);
}
});
}, 1000);
```
#### 4. No Memory Bounds on EventStore
EventStore can grow unbounded with continuous streams. No LRU eviction or max size.
---
## Part 2: Code Quality Analysis
### Strengths
#### 1. Kind Renderer Registry Pattern
Scalable dispatch without conditionals:
```typescript
const kindRenderers: Record<number, ComponentType> = {
0: ProfileRenderer,
1: NoteRenderer,
// 40+ kinds...
};
export function KindRenderer({ event }) {
const Renderer = kindRenderers[event.kind] || DefaultKindRenderer;
return <Renderer event={event} />;
}
```
#### 2. Error Boundary Strategy
Three-tier isolation prevents cascading failures:
- **App-level**: Full recovery UI with reload options
- **Window-level**: Close broken window, others continue
- **Event-level**: Single event fails, feed continues
#### 3. Dependency Stabilization Pattern
Prevents infinite render loops in hooks:
```typescript
const stableFilters = useMemo(() => filters, [JSON.stringify(filters)]);
const stableRelays = useMemo(() => relays, [relays.join(",")]);
```
### Weaknesses
#### 1. Code Duplication
**Replaceable Event Constants** (duplicated in 2 files):
```typescript
// Both BaseEventRenderer.tsx and KindRenderer.tsx define:
const REPLACEABLE_START = 10000;
const REPLACEABLE_END = 20000;
const PARAMETERIZED_REPLACEABLE_START = 30000;
```
**Replaceable Detection Logic** (repeated 3+ times):
```typescript
const isAddressable =
(event.kind >= REPLACEABLE_START && event.kind < REPLACEABLE_END) ||
(event.kind >= PARAMETERIZED_REPLACEABLE_START && ...);
```
**Dependency Stabilization** (in 4+ hooks):
```typescript
// Identical pattern in useTimeline, useReqTimeline, useLiveTimeline, useOutboxRelays
const stableFilters = useMemo(() => filters, [JSON.stringify(filters)]);
```
#### 2. Inconsistent Memoization
- Only 14/40+ kind renderers use `useMemo`
- Event handlers rarely wrapped in `useCallback`
- Creates unnecessary re-renders in virtualized lists
#### 3. Type Safety Gaps
```typescript
// Scattered `as any` casts
(args as any) // CommandLauncher.tsx:81
```
#### 4. Dead Code
```typescript
// BaseEventRenderer.tsx has large commented-out blocks
// import { kinds } from "nostr-tools";
// ... commented compact mode code
```
---
## Part 3: Performance Analysis
### Strengths
#### 1. Strategic Code Splitting
```typescript
// vite.config.ts
manualChunks: {
'react-vendor': ['react', 'react-dom'],
'ui': ['@radix-ui/*', 'react-mosaic-component'],
'nostr': ['applesauce-*', 'nostr-tools', 'rxjs', 'dexie'],
'markdown': ['react-markdown', 'remark-gfm']
}
```
#### 2. Virtual Scrolling
- `react-virtuoso` for large event feeds
- Handles 1000+ events efficiently
#### 3. Lazy Loading
```typescript
const ProfileViewer = lazy(() => import("./ProfileViewer"));
// All viewers lazy-loaded with Suspense fallback
```
#### 4. Network Efficiency
- Connection pooling via RelayPool singleton
- Relay liveness prevents dead relay connections
- Aggregator fallback for event discovery
### Weaknesses
#### 1. JSON.stringify in Dependencies
```typescript
// O(n) serialization on every render
useMemo(() => filters, [JSON.stringify(filters)]);
```
#### 2. Missing useMemo in Renderers
Expensive operations computed on every render:
- `formatTimestamp()` called repeatedly
- Event content parsing without memoization
- Profile data extraction
#### 3. No Performance Monitoring
- No web vitals tracking
- No performance budgets in build
- No Lighthouse CI integration
---
## Part 4: Security Analysis
### Strengths (Zero Critical Issues)
| Check | Status | Details |
|-------|--------|---------|
| XSS Prevention | ✅ | No `dangerouslySetInnerHTML`, `skipHtml` enabled in markdown |
| Input Validation | ✅ | Regex patterns on NIP-05, URL normalization, title sanitization |
| Dependency Security | ✅ | `npm audit` returns 0 vulnerabilities |
| Memory Safety | ✅ | Proper subscription cleanup in all hooks |
| Cryptography | ✅ | Delegated to trusted libraries (nostr-tools, applesauce) |
### Minor Concerns
1. **localStorage Usage**: Account metadata stored in world-readable localStorage (by design - no private keys)
2. **No CSP Header**: Consider adding Content-Security-Policy meta tag
---
## Part 5: Testing Analysis
### Current Coverage
| Category | Files | Coverage | Quality |
|----------|-------|----------|---------|
| Parsers | 7 | Excellent | ~95% edge cases |
| State Logic | 1 | Comprehensive | All mutations tested |
| Utilities | 11 | Good | Core paths covered |
| Services | 2 | Moderate | Selection logic tested |
| Components | 0 | None | Manual testing only |
| Hooks | 0 | None | No subscription tests |
### Test Files (18 total)
```
src/lib/req-parser.test.ts # Most comprehensive (600+ lines)
src/lib/command-parser.test.ts # Command parsing
src/lib/global-flags.test.ts # Flag extraction
src/core/logic.test.ts # State mutations
src/lib/migrations.test.ts # Schema migrations
... (13 more utility tests)
```
### Gaps
1. **No component tests** - All React components tested manually
2. **No hook tests** - Subscription cleanup not verified
3. **No integration tests** - End-to-end flows untested
4. **No error boundary tests** - Recovery paths untested
---
## Part 6: Accessibility Analysis
### Strengths
- **Keyboard Navigation**: Cmd+K palette, arrow keys, Enter/Escape
- **ARIA Labels**: 25 files with `aria-*` attributes
- **Focus Management**: Visible focus rings with proper styling
- **Screen Reader Support**: `VisuallyHidden` component, `sr-only` classes
- **Loading States**: Skeletons with `role="status"` and `aria-busy`
### Weaknesses (Grade: C+)
| Issue | Impact | Current State |
|-------|--------|---------------|
| Sparse ARIA coverage | High | Only 16% of components have ARIA |
| No form validation feedback | Medium | Errors not associated with inputs |
| No high contrast mode | Medium | Single theme only |
| Limited mobile support | High | Tiling UI unsuitable for touch |
| No live regions | Medium | Dynamic updates not announced |
| Missing keyboard legend | Low | Advanced shortcuts hidden |
---
## Part 7: UX Analysis
### Strengths
1. **Power User Focus**: Unix-style commands, keyboard-driven
2. **Error Recovery**: Clear error states with retry options
3. **Skeleton Loading**: Context-appropriate loading placeholders
4. **Dark Mode Default**: Respects modern preferences
5. **Workspace System**: Virtual desktops with persistence
### Weaknesses
1. **Desktop Only**: Tiling window manager not suited for mobile
2. **Learning Curve**: No onboarding or tutorials
3. **Discovery**: Advanced features not discoverable
4. **No Undo**: Destructive actions (close window) not undoable
---
## Part 8: S-Tier Improvement Plan
### Phase 1: Critical Fixes (Week 1-2)
#### 1.1 Extract Shared Constants
```typescript
// NEW FILE: src/lib/nostr-constants.ts
export const REPLACEABLE_START = 10000;
export const REPLACEABLE_END = 20000;
export const EPHEMERAL_START = 20000;
export const EPHEMERAL_END = 30000;
export const PARAMETERIZED_REPLACEABLE_START = 30000;
export const PARAMETERIZED_REPLACEABLE_END = 40000;
export function isReplaceableKind(kind: number): boolean {
return (kind >= REPLACEABLE_START && kind < REPLACEABLE_END) ||
(kind >= PARAMETERIZED_REPLACEABLE_START && kind < PARAMETERIZED_REPLACEABLE_END);
}
```
#### 1.2 Create Dependency Stabilization Hook
```typescript
// NEW FILE: src/hooks/useStable.ts
export function useStableValue<T>(value: T, serialize?: (v: T) => string): T {
const serialized = serialize?.(value) ?? JSON.stringify(value);
return useMemo(() => value, [serialized]);
}
export function useStableArray<T>(arr: T[]): T[] {
return useMemo(() => arr, [arr.join(",")]);
}
```
#### 1.3 Fix Race Conditions
```typescript
// useProfile.ts - use AbortController pattern
useEffect(() => {
const controller = new AbortController();
const sub = profileLoader(...).subscribe({
next: async (event) => {
if (controller.signal.aborted) return;
await db.profiles.put(...);
if (!controller.signal.aborted) setProfile(...);
}
});
return () => {
controller.abort();
sub.unsubscribe();
};
}, [pubkey]);
```
#### 1.4 Replace Polling with Events
```typescript
// RelayStateManager - use pool events instead of setInterval
pool.on('relay:add', (relay) => this.monitorRelay(relay));
pool.on('relay:remove', (url) => this.unmonitorRelay(url));
```
### Phase 2: Performance Optimization (Week 3-4)
#### 2.1 Add useMemo to Kind Renderers
Audit all 40+ kind renderers and add memoization for:
- Content parsing
- Tag extraction
- Formatting operations
#### 2.2 Memoize Event Handlers
```typescript
// Wrap handlers passed to memoized children
const handleReplyClick = useCallback(() => {
addWindow("open", { pointer: replyPointer });
}, [replyPointer, addWindow]);
```
#### 2.3 Add EventStore Memory Bounds
```typescript
// Configure max events with LRU eviction
const eventStore = new EventStore({
maxEvents: 10000,
evictionPolicy: 'lru'
});
```
#### 2.4 Implement Performance Monitoring
```bash
npm install web-vitals
```
```typescript
// src/lib/analytics.ts
import { onCLS, onFID, onLCP } from 'web-vitals';
export function initPerformanceMonitoring() {
onCLS(console.log);
onFID(console.log);
onLCP(console.log);
}
```
### Phase 3: Testing Excellence (Week 5-6)
#### 3.1 Component Testing Setup
```bash
npm install -D @testing-library/react @testing-library/jest-dom
```
#### 3.2 Add Hook Tests
```typescript
// src/hooks/useProfile.test.ts
describe('useProfile', () => {
it('should clean up subscription on unmount', async () => {
const { unmount } = renderHook(() => useProfile('pubkey'));
unmount();
// Verify no memory leaks
});
it('should handle race conditions', async () => {
// Rapid mount/unmount should not cause errors
});
});
```
#### 3.3 Error Boundary Tests
```typescript
describe('EventErrorBoundary', () => {
it('should catch render errors', () => {...});
it('should reset on event change', () => {...});
it('should show retry button', () => {...});
});
```
#### 3.4 Integration Tests
```typescript
// src/__tests__/integration/command-flow.test.tsx
describe('Command Flow', () => {
it('should parse command and open window', async () => {
// Type "profile alice" → verify window opens
});
});
```
### Phase 4: Accessibility (Week 7-8)
#### 4.1 Audit Tool Integration
```bash
npm install -D @axe-core/react
```
```typescript
// Development-only accessibility audit
if (process.env.NODE_ENV === 'development') {
import('@axe-core/react').then(axe => {
axe.default(React, ReactDOM, 1000);
});
}
```
#### 4.2 Form Error Pattern
```typescript
// Create consistent error association
<Input
id="relay-url"
aria-describedby={error ? "relay-url-error" : undefined}
aria-invalid={!!error}
/>
{error && (
<span id="relay-url-error" role="alert" className="text-destructive">
{error}
</span>
)}
```
#### 4.3 Live Regions
```typescript
// Announce dynamic updates
<div aria-live="polite" aria-atomic="true" className="sr-only">
{statusMessage}
</div>
```
#### 4.4 Keyboard Shortcut Help
```typescript
// Add discoverable shortcut modal (Cmd+?)
const shortcuts = [
{ keys: ['⌘', 'K'], description: 'Open command palette' },
{ keys: ['⌘', '1-9'], description: 'Switch workspace' },
// ...
];
```
### Phase 5: UX Enhancements (Week 9-10)
#### 5.1 Onboarding Flow
```typescript
// First-time user experience
const GrimoireWelcome = () => (
<Dialog open={isFirstVisit}>
<DialogContent>
<h2>Welcome to Grimoire</h2>
<p>Press K to get started...</p>
<InteractiveDemo />
</DialogContent>
</Dialog>
);
```
#### 5.2 Undo System
```typescript
// Track recent actions for undo
const undoStack = atom<Action[]>([]);
export function addWindow(state, payload) {
pushUndo({ type: 'ADD_WINDOW', windowId: window.id });
return { ...state, ... };
}
export function undo(state) {
const action = popUndo();
// Reverse the action
}
```
#### 5.3 Mobile Detection
```typescript
// Show appropriate message on mobile
const isMobile = /iPhone|iPad|Android/i.test(navigator.userAgent);
if (isMobile) {
return <MobileNotSupported />;
}
```
### Phase 6: Documentation & Polish (Week 11-12)
#### 6.1 API Documentation
```typescript
/**
* Parse a REQ command string into filter and relay configuration
*
* @param args - Tokenized command arguments
* @returns ParsedReqCommand with filter, relays, and resolution metadata
*
* @example
* parseReqCommand(["-k", "1", "-a", "npub1..."]);
* // Returns: { filter: { kinds: [1], authors: ["hex..."] }, ... }
*/
export function parseReqCommand(args: string[]): ParsedReqCommand
```
#### 6.2 Architecture Documentation
Create `docs/ARCHITECTURE.md` with:
- State management diagram
- Data flow documentation
- Service interaction patterns
#### 6.3 Remove Dead Code
- Delete commented code blocks
- Remove unused imports
- Clean up TODO/FIXME comments
#### 6.4 Add CI/CD Quality Gates
```yaml
# .github/workflows/quality.yml
- run: npm run lint
- run: npm run test:run
- run: npm run build
- run: npx lighthouse-ci
```
---
## Priority Matrix
| Priority | Items | Effort | Impact |
|----------|-------|--------|--------|
| **P0 Critical** | Race condition fixes, memory bounds | Medium | High |
| **P1 High** | Code deduplication, memoization | Low | High |
| **P2 Medium** | Testing expansion, accessibility | High | High |
| **P3 Low** | UX polish, documentation | Medium | Medium |
---
## Success Metrics for S-Tier
| Metric | Current | Target |
|--------|---------|--------|
| Lighthouse Performance | ~75 | 95+ |
| Lighthouse Accessibility | ~60 | 95+ |
| Test Coverage | ~40% | 80%+ |
| Code Duplication | ~5% | <2% |
| npm audit vulnerabilities | 0 | 0 |
| Core Web Vitals | Unknown | All "Good" |
| TypeScript Strict | Yes | Yes |
| ARIA Coverage | 16% | 90%+ |
---
## Conclusion
Grimoire is a **solid B+ codebase** with excellent architecture fundamentals and security posture. The path to S-tier requires:
1. **Immediate**: Fix race conditions, extract shared code
2. **Short-term**: Add memoization, expand testing
3. **Medium-term**: Accessibility audit, UX improvements
4. **Long-term**: Documentation, CI/CD quality gates
The codebase is well-positioned for these improvements - the architecture is sound, patterns are consistent, and the team clearly values quality. With focused effort on the gaps identified, Grimoire can reach S-tier status.
Reference in New Issue View Git Blame Copy Permalink