Skip to content

cleanup, bugfix, and hardening: remove ai artifacts, fix auth circular dep, key prefix mismatch, recursive retry, require() calls, error types, key logging.#95

Open
Mohammad-Faiz-Cloud-Engineer wants to merge 4 commits into
rmyndharis:mainfrom
Mohammad-Faiz-Cloud-Engineer:main
Open

Conversation

@Mohammad-Faiz-Cloud-Engineer
Copy link
Copy Markdown

@Mohammad-Faiz-Cloud-Engineer Mohammad-Faiz-Cloud-Engineer commented May 19, 2026

walked through the whole project and cleaned up a bunch of stuff that was
left over from ai generation. em dashes, box drawing chars, emojis in
console output, translation strings, docs, shell scripts. replaced them
with regular text equivalents. also toned down some of the overly
marketing-heavy language in the documentation.

what was done:

  • replaced em/en dashes (—, –) with regular hyphens
  • removed emojis from console logs, i18n strings, readme files, docs
  • swapped unicode glyphs in openwa.sh for plain [INFO] [OK] [WARN] [ERR]
  • removed emoji prefixes from message body fields (location, contact)
  • removed decorative unicode bullets from infrastructure dashboard
  • cleaned up markdown docs that had emojis in headings and tables
  • replaced ai buzzwords in docs with neutral language

backend and dashboard both compile clean. no functional changes.

also fixed two bugs found during audit:

  • /auth/validate was missing @public() decorator, making the validate
    endpoint require a valid api key to call (circular dependency).
  • api-key.entity.ts keyPrefix column was varchar(8) but the service
    stores 12-character prefixes. bumped to varchar(12).

additional production hardening:

  • added ignoreDeprecations: "6.0" to tsconfig to silence baseUrl
    deprecation warning (will break in ts 7.0 otherwise).
  • converted deliverWebhook recursive retry to a proper loop to
    eliminate stack overflow risk on high retry counts.
  • replaced top-level require() calls in app.module and webhook.module
    with proper static esm imports. same conditional logic, no eval.
  • changed generic Error throws in engine adapter stubs to
    BadRequestException so callers get 400 instead of 500.
  • api key is now only printed on first boot; subsequent restarts show
    "(check dashboard or .api-key file)" instead of the raw key.
  • added a comment warning not to use NODE_ENV=development in production
    (hardcoded admin key).
  • removed unused existsSync/readFileSync imports from auth.service.
  • added tests, coverage, and CI badges to readme badge row.

@Mohammad-Faiz-Cloud-Engineer
Remove all the emojies and also remove all the Ai behavior
9f9feb9
@Mohammad-Faiz-Cloud-Engineer
Bug Fixed
14f353a
@Mohammad-Faiz-Cloud-Engineer
Fixed
0f1c789 
additional production hardening:
- added ignoreDeprecations: "6.0" to tsconfig to silence baseUrl
  deprecation warning (will break in ts 7.0 otherwise).
- converted deliverWebhook recursive retry to a proper loop to
  eliminate stack overflow risk on high retry counts.
- replaced top-level require() calls in app.module and webhook.module
  with proper static esm imports. same conditional logic, no eval.
- changed generic Error throws in engine adapter stubs to
  BadRequestException so callers get 400 instead of 500.
- api key is now only printed on first boot; subsequent restarts show
  "(check dashboard or .api-key file)" instead of the raw key.
- added a comment warning not to use NODE_ENV=development in production
  (hardcoded admin key).
- removed unused existsSync/readFileSync imports from auth.service.
@Mohammad-Faiz-Cloud-Engineer
Update README.md
9ed035a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Mohammad-Faiz-Cloud-Engineer