📋 Daily Codebase Review - 2026-02-09

[claude]

Executive Summary

This daily codebase review covers the Sobers recovery app codebase. The codebase demonstrates strong architecture patterns, comprehensive testing, and solid security practices. Several items from previous reviews remain open and should be prioritized.

Health Score: B+

Justification: The codebase shows excellent organization with Expo Router, Context-based state management, and comprehensive type safety. Test coverage appears healthy with 90+ test files. Key areas for improvement include: fixing skipped tests, addressing the Math.random() security issue for invite codes, and cleaning up setTimeout without cleanup patterns.

---

Top 5 Priority Items

1. [SECURITY] Replace Math.random() with crypto.getRandomValues() for invite code generation (app/(app)/(tabs)/profile/index.tsx:169) - Issue security: Replace Math.random() with crypto.getRandomValues() for invite codes #320 already exists
2. [BUG] Fix useFrameworkReady hook missing dependency array causing effect to run on every render (hooks/useFrameworkReady.ts:10-12) - Issue 🐛 useFrameworkReady hook missing dependency array causes effect to run on every render #308 already exists
3. [TESTING] Fix skipped MeetingsScreen tests (__tests__/app/program/meetings.test.tsx:106) - Issues test: Fix skipped MeetingsScreen tests in meetings.test.tsx #354, 🧪 Fix skipped MeetingsScreen tests #360 exist
4. [PERFORMANCE] Add setTimeout cleanup in meetings screen (app/(app)/(tabs)/program/meetings.tsx:111,119) - Issue perf: Fix unsafe setTimeout without cleanup in SettingsContent and meetings screen #363 exists
5. [DOCUMENTATION] README shows 80% test coverage but jest.config.js requires 85% - Issues docs: Update README test coverage percentage from 80% to 85% #355, docs: Update README test coverage from 80% to 85% #364 exist

---

Detailed Findings by Category

1. Code Health & Technical Debt

TODO/FIXME Comments

• __tests__/app/program/meetings.test.tsx:105 - TODO to fix mock setup for MeetingsScreen tests

Skipped Tests

• __tests__/app/program/meetings.test.tsx:106 - describe.skip('MeetingsScreen', ...) - entire test suite skipped
• __tests__/app/program-layout.test.tsx:174 - it.skip('navigates to literature...') - individual test skipped

Large Files Needing Refactoring

• components/settings/SettingsContent.tsx - ~2,088 lines (Issue refactor: Split SettingsContent.tsx into focused components #315, refactor: Split SettingsContent.tsx (2,088 lines) into focused modules #346 exist for splitting this)
• contexts/AuthContext.tsx - ~620 lines (manageable but could benefit from extraction)

2. Security Audit

Insecure Random Number Generation

• File: app/(app)/(tabs)/profile/index.tsx:169
• Issue: Uses Math.random().toString(36).substring(2, 10).toUpperCase() for invite codes
• Risk: Math.random() is not cryptographically secure, making invite codes predictable
• Status: Issue security: Replace Math.random() with crypto.getRandomValues() for invite codes #320 already tracks this

Sentry Configuration

• Privacy hooks are properly configured in lib/sentry-privacy.ts for PII stripping
• sendDefaultPii status should be verified - Issue security: Disable sendDefaultPii in Sentry configuration #348 tracks this

Positive Security Findings

• Environment variables properly use EXPO_PUBLIC_ prefix for client exposure
• Supabase Row-Level Security (RLS) is documented and used
• PII stripping is implemented in both analytics (lib/analytics-utils.ts) and error tracking (lib/sentry-privacy.ts)
• No hardcoded secrets found in source code (test files use mock tokens appropriately)

3. Test Coverage Gaps

Missing Component Tests

Components in components/program/ with missing tests:

• LogMeetingSheet.tsx - No test file found (Issue test: Add tests for LogMeetingSheet, DayDetailSheet, and MeetingListItem components #357 exists)
• DayDetailSheet.tsx - No test file found (Issue test: Add tests for LogMeetingSheet, DayDetailSheet, and MeetingListItem components #357 exists)
• MeetingListItem.tsx - No test file found (Issue test: Add tests for LogMeetingSheet, DayDetailSheet, and MeetingListItem components #357 exists)

Skipped Test Suites

• MeetingsScreen entire suite is skipped due to mock issues

4. Documentation Freshness

README.md Issues

• States "80% coverage" but jest.config.js specifies 85% threshold (Issues docs: Update README test coverage percentage from 80% to 85% #355, docs: Update README test coverage from 80% to 85% #364, docs: Update CLAUDE.md test coverage threshold from 80% to 85% #367 exist)
• Project structure shows profile.tsx but actual structure has profile/index.tsx

CLAUDE.md

• States "80% coverage required" but jest.config.js requires 85% (Issue docs: Update CLAUDE.md test coverage threshold from 80% to 85% #333, docs: Update CLAUDE.md test coverage threshold from 80% to 85% #367 exist)
• Otherwise accurate and comprehensive

5. Dependency Health

Based on package.json review:

• All major dependencies are on current stable versions
• Expo 54, React Native 0.81, React 19 - all current
• No obvious deprecated packages

Note: pnpm outdated check was not executable in this environment, but manual inspection shows modern dependencies.

6. Performance Opportunities

setTimeout Without Cleanup

• app/(app)/(tabs)/program/meetings.tsx:111,119 - Two setTimeout calls without cleanup in useCallback
• components/settings/SettingsContent.tsx:607 - setTimeout without cleanup
• Issue: Memory leak potential if component unmounts during timeout
• Status: Issue perf: Fix unsafe setTimeout without cleanup in SettingsContent and meetings screen #363 exists

Missing Memoization

• components/navigation/TabBarBackground.tsx - Simple component, may not need memoization
• components/navigation/SettingsButton.tsx - Receives callbacks, could benefit from React.memo

Positive Findings

• Most components properly use useMemo for expensive computations
• useCallback is widely used for event handlers
• Many components are properly memoized in components/ directory (30 files use memoization patterns)

7. Consistency Check

useFrameworkReady Hook Issue

• File: hooks/useFrameworkReady.ts:10-12
• Issue: useEffect has no dependency array, causing effect to run on every render
• Status: Issue 🐛 useFrameworkReady hook missing dependency array causes effect to run on every render #308 already tracks this

Code Style Observations

• Consistent use of @/ path aliases
• Consistent use of logger instead of console.log (with appropriate exceptions in lib/sentry.ts and lib/logger.ts)
• Consistent file organization pattern across components

---

Previously Reported Issues (Still Open)

The following issues from previous reviews remain open and should be prioritized:

Issue	Title	Priority
#320	Replace Math.random() with crypto.getRandomValues() for invite codes	HIGH
#308	useFrameworkReady hook missing dependency array	MEDIUM
#354, #360	Fix skipped MeetingsScreen tests	MEDIUM
#363	Fix unsafe setTimeout without cleanup	MEDIUM
#357	Add tests for LogMeetingSheet, DayDetailSheet, MeetingListItem	MEDIUM
#346, #315	Refactor SettingsContent.tsx (2,088 lines)	LOW
#333, #355, #364, #367	Update documentation test coverage from 80% to 85%	LOW

---

Recommendations

1. Immediate Actions:

   • Close duplicate documentation issues (docs: Update CLAUDE.md test coverage threshold from 80% to 85% #333, docs: Update README test coverage percentage from 80% to 85% #355, docs: Update README test coverage from 80% to 85% #364, docs: Update CLAUDE.md test coverage threshold from 80% to 85% #367, docs: Update README project structure to reflect current architecture #370) and consolidate into one
   • Fix useFrameworkReady hook (add [] dependency array) - simple fix
   • Review and close old Daily Codebase Review issues that are no longer actionable

2. Short-term (This Sprint):

   • Fix Math.random() security issue (security: Replace Math.random() with crypto.getRandomValues() for invite codes #320)
   • Fix setTimeout cleanup issues (perf: Fix unsafe setTimeout without cleanup in SettingsContent and meetings screen #363)
   • Add missing component tests (test: Add tests for LogMeetingSheet, DayDetailSheet, and MeetingListItem components #357)

3. Medium-term:

   • Fix skipped MeetingsScreen tests (test: Fix skipped MeetingsScreen tests in meetings.test.tsx #354, 🧪 Fix skipped MeetingsScreen tests #360)
   • Consider splitting SettingsContent.tsx (refactor: Split SettingsContent.tsx (2,088 lines) into focused modules #346)

---

Files Reviewed

• package.json - Dependencies and scripts
• CLAUDE.md - Project guidelines
• README.md - Project documentation
• hooks/useFrameworkReady.ts - Framework ready hook
• app/(app)/(tabs)/profile/index.tsx - Profile screen with invite code generation
• app/(app)/(tabs)/program/meetings.tsx - Meetings screen
• components/settings/SettingsContent.tsx - Large settings component
• __tests__/app/program/meetings.test.tsx - Skipped tests
• Various component files for memoization check

---

This review was automatically generated by the Daily Codebase Review workflow.
Next review scheduled for: 2026-02-10

🤖 Generated with Claude Code

[coderabbitai]

🔗 Related PRs

#165 - refactor: rename app from Sobriety Waypoint to Sobers [merged]
#187 - Release 1.1.0 [merged]
#217 - Release v1.2.0 [merged]
#221 - test: increase test coverage across multiple components [merged]
#334 - Release: Analytics migration, 12-Step content toggle, and dependency updates [merged]

---

📝 Issue Planner

_{Check the box below or use the @coderabbitai plan command to generate an implementation plan and prompts that you can use with your favorite coding assistant.}

• Create Plan

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!