diff --git a/__LOCAL_LLMs/docs/DASHBOARD_REVIEW.md b/__LOCAL_LLMs/docs/DASHBOARD_REVIEW.md index 17a28629..ce75abb9 100644 --- a/__LOCAL_LLMs/docs/DASHBOARD_REVIEW.md +++ b/__LOCAL_LLMs/docs/DASHBOARD_REVIEW.md @@ -60,7 +60,7 @@ ## 2. Code Quality -- [ ] **CQ1. Monolithic 1,079-line single component** — `page.tsx` +- [x] **CQ1. Monolithic 1,079-line single component** — `page.tsx` All interfaces, utilities, sub-components, and 900+ lines of JSX in one file. Extract to: - `components/` — StatusDot, ProgressBar, ToastContainer, PromptModal, OllamaModelsPanel, SystemPanel, WhisperPanel, BrewPanel - `lib/types.ts` — interfaces (OllamaModel, SystemData, etc.) @@ -70,10 +70,10 @@ - [ ] **CQ2. Pervasive inline styles instead of CSS/Tailwind classes** — `page.tsx` (100+ occurrences) Every `style={{ color: 'var(--text-tertiary)' }}` should be a utility class. Options: custom Tailwind theme mapping, or CSS utility classes in `globals.css` (e.g., `.text-muted`). -- [ ] **CQ3. OLLAMA_URL duplicated** — `api/ollama/route.ts:3` + `api/ollama/stream/route.ts:3` +- [x] **CQ3. OLLAMA_URL duplicated** — `api/ollama/route.ts:3` + `api/ollama/stream/route.ts:3` Same `process.env.OLLAMA_URL || 'http://localhost:11434'` in two files. Extract to `lib/ollama-config.ts`. -- [ ] **CQ4. No React Error Boundary** — `page.tsx` +- [x] **CQ4. No React Error Boundary** — `page.tsx` Unexpected API response shape crashes the entire dashboard. Add an `error.tsx` (Next.js App Router convention) for graceful recovery. - [ ] **CQ5. No loading skeleton / shimmer UI** @@ -157,10 +157,10 @@ ## 5. Security & Hardening -- [ ] **S1. No input validation on model names** — `api/ollama/route.ts:50-51` +- [x] **S1. No input validation on model names** — `api/ollama/route.ts:50-51` `model` from request body passed directly to Ollama. Add regex validation: `^[a-zA-Z0-9._:/-]{1,256}$`. -- [ ] **S2. Shell command interpolation pattern** — `api/system/route.ts:67` +- [x] **S2. Shell command interpolation pattern** — `api/system/route.ts:67` `execAsync(\`brew list --versions ${pkg}\`)`— safe today (hardcoded targets) but fragile. Use`execFile('brew', ['list', '--versions', pkg])` for safety. - [ ] **S3. No CORS or auth** _(acceptable for local-only)_ @@ -195,14 +195,14 @@ ### Sprint 3 — Component Refactor _(est. 2–3 hrs)_ -| # | ID | Task | Effort | Commit | -| --- | --------- | --------------------------------------- | ------ | ------ | -| 14 | - [ ] CQ1 | Extract components into separate files | 90 min | | -| 15 | - [ ] CQ4 | Add error.tsx Error Boundary | 15 min | | -| 16 | - [ ] CQ3 | Shared ollama-config.ts | 10 min | | -| 17 | - [ ] CQ2 | Consolidate inline styles → CSS classes | 45 min | | -| 18 | - [ ] S1 | Add model name input validation | 10 min | | -| 19 | - [ ] S2 | Replace exec → execFile for brew | 10 min | | +| # | ID | Task | Effort | Commit | +| --- | --------- | --------------------------------------- | ------ | --------- | +| 14 | - [x] CQ1 | Extract components into separate files | 90 min | `75a3cd0` | +| 15 | - [x] CQ4 | Add error.tsx Error Boundary | 15 min | `75a3cd0` | +| 16 | - [x] CQ3 | Shared ollama-config.ts | 10 min | `75a3cd0` | +| 17 | - [ ] CQ2 | Consolidate inline styles → CSS classes | 45 min | deferred | +| 18 | - [x] S1 | Add model name input validation | 10 min | `75a3cd0` | +| 19 | - [x] S2 | Replace exec → execFile for brew | 10 min | `75a3cd0` | ### Sprint 4 — UX Enhancements _(est. 3–4 hrs)_ @@ -244,9 +244,10 @@ _Commits will be added here as work progresses._ | # | Date | Commit | Sprint | Items Completed | -| --- | ------ | --------- | -------- | ------------------------------------ | +| --- | ------ | --------- | -------- | ------------------------------------ | --- | | 1 | Feb 19 | `2da67c2` | Sprint 1 | B1, B3, B4, B5, B6, B9, B10, B11, P4 | | 2 | Feb 19 | `2d9475b` | Sprint 2 | B2, B7, B8, F1, F6 | +| 3 | Feb 19 | `75a3cd0` | Sprint 3 | CQ1, CQ3, CQ4, S1, S2 | | ---