- Date: 2026-02-19
- Goal: Address Security, Maintainability & Simplicity findings from code review
- Task 1: API key auth on proxy routes — created
_lib/auth.ts, applied to all 4 routes, updated frontend fetch calls - Task 2: Org-scoping in agent provisioning —
findFirstAgent(orgId)now queries by orgId - Task 3: Allowlist agent-update fields — only
walletId,name,description,systemPrompt,modelforwarded - Task 4: Conditional state clearing — only calls clear-state when walletId actually changes
- Task 5: Fix dead ternary — simplified to
const maxIterations = MAX_ITERATIONS_DEFAULT - Task 6: Remove OpenAI fallback — deleted ~110 lines of YAGNI fallback code + SOLAGENT_SYSTEM_PROMPT
- Task 7: Error logging in auth provisioning — replaced
.catch(() => {})with logged.catch(err => console.warn(...)) - Task 8: Extract response-processing helper — created
extractFailedTools,buildToolCalls,transitionConfirmedCards,appendAssistantMessage,executeAgent - Task 9: Extract shared utilities — created
lib/format.ts,lib/use-copy-to-clipboard.ts,tools/constants.ts - Task 10: Trim seed data — reduced from 4 agents/3 wallets/3 policies/5 txs to 1/1/1/2
- Task 11: Minor simplifications — removed
onboardedstate, inlined wrappers, removed SolAgentError import, added base58 validation - Phase 4: Build succeeds, lint clean, browser test passes (frontend verified)
apps/dashboard/src/app/api/_lib/auth.ts— shared API key auth helperapps/dashboard/src/lib/format.ts— sharedtruncateAddressapps/dashboard/src/lib/use-copy-to-clipboard.ts— shared clipboard hookservices/agent-runtime/src/tools/constants.ts— sharedFAILED_STATUSES
apps/dashboard/src/app/api/agent-execute/route.ts— auth guard, removed OpenAI fallback (~110 LOC removed)apps/dashboard/src/app/api/agent-provision/route.ts— auth guard, org-scoped findFirstAgentapps/dashboard/src/app/api/agent-update/route.ts— auth guard, field allowlistapps/dashboard/src/app/api/agent-clear-state/route.ts— auth guardapps/dashboard/src/app/dashboard/page.tsx— extracted helpers, removed duplicate logic (~40 LOC saved)apps/dashboard/src/lib/auth.tsx— conditional state clearing, error logging, auth headersapps/dashboard/src/components/onboarding-wizard.tsx— shared utils, inlined handlersapps/dashboard/src/components/wallets/wallet-balance-card.tsx— shared utilsapps/dashboard/src/components/chat/confirmation-card.tsx— shared truncateAddressapps/dashboard/src/app/dashboard/settings/page.tsx— shared useCopyToClipboardservices/agent-runtime/src/framework/base.adapter.ts— fixed dead ternaryservices/agent-runtime/src/tools/transfer.tool.ts— shared FAILED_STATUSES, consistent Errorservices/agent-runtime/src/tools/swap.tool.ts— shared FAILED_STATUSESservices/agent-runtime/src/services/execution.service.ts— base58 validation for walletPublicKeypackages/db/src/seed.ts— trimmed to single-agent architecture
apps/dashboard/src/components/policies/policy-list.tsx— fixed TS never type errorapps/dashboard/src/components/ui/full-screen-scroll-fx.tsx— fixed 3 ref callback TS errorsapps/dashboard/src/components/wallets/wallet-list.tsx— fixed filter type, added auth header
| Error | Attempt | Resolution |
|---|---|---|
| policy-list.tsx TS never type | 1 | Cast via (rule as { type: string }).type |
| full-screen-scroll-fx.tsx ref callbacks | 1 | Added explicit types and void return |
| wallet-list.tsx filter type | 1 | Used filter(Boolean) as Wallet[] |
| useRef needs initial value | 1 | Added undefined as initial arg |
| EADDRINUSE port 3000 | 1 | Used port 3002 instead |