Skip to content

AUDIT_PROMPT.md

Latest commit

 

History

History
332 lines (271 loc) · 12 KB

AUDIT_PROMPT.md

File metadata and controls

332 lines (271 loc) · 12 KB

WEBMINER.JS AUDIT TASK

TASK DESCRIPTION:

Systematically audit and fix issues in webminer.js (single-file vanilla JavaScript implementation), creating individual commits with descriptive messages for each resolved issue.

CONTEXT:

You are auditing webminer.js - an ethical, consent-first browser-based Monero miner. This is a production JavaScript file (~2469 lines, 88KB) that must:

  • Remain a single, self-contained file (no external dependencies)
  • Use vanilla ES6+ JavaScript only (no frameworks, no transpilation)
  • Prioritize readability and maintainability over performance
  • Maintain consent-first architecture (mining CANNOT start without user permission)
  • Support modern browsers: Chrome 70+, Firefox 65+, Safari 14+, Edge 79+

Critical Architecture Patterns:

  • IIFE wrapper for global isolation: (function(global) { ... })(window)
  • Object literal pattern for utility modules: PerformanceMonitor, MiningConsent, MobileOptimizer
  • ES6 class pattern for main API: class WebMiner { ... }
  • Web Worker generation via Blob URLs with embedded WebAssembly
  • Strict const/let usage (NEVER var)

Non-Negotiable Requirements:

  • Consent check at WebMiner.start() CANNOT be bypassed
  • File must remain deployable as single .js file
  • All code must be browser-compatible (no Node.js-only APIs except in build tools)
  • No eval() usage (CSP compatible)

INSTRUCTIONS:

For each issue identified in AUDIT.md or during review:

1. Validation Phase

  • Locate the issue in webminer.js using line numbers/function names
  • Read surrounding context (20-30 lines) to understand code flow
  • Verify the issue exists by tracing execution path through browser runtime
  • Document trigger conditions: User actions, device states, timing scenarios
  • Check browser compatibility: Does this affect all browsers or specific ones?

2. Analysis Phase

  • Identify root cause through code inspection and browser DevTools simulation
  • Map affected components:
    • Does this impact consent system? (MiningConsent module)
    • Does this affect mining logic? (WebMiner class, worker generation)
    • Does this impact UX? (UI dialogs, indicators, notifications)
    • Does this break mobile optimizations? (MobileOptimizer, PerformanceMonitor)
  • Determine minimal fix scope: Smallest change that resolves issue
  • Assess readability impact: Will fix maintain code clarity?

3. Implementation Phase

  • Apply simplest fix that resolves the root cause
  • Preserve architectural patterns:
    • Keep object literal structure for modules
    • Maintain ES6 class conventions
    • Preserve IIFE wrapper integrity
  • Add defensive coding:
    • Null/undefined checks for user input and API responses
    • Bounds validation for arrays and DOM queries
    • Graceful fallbacks for unsupported browser APIs
  • Maintain single-file integrity: No external imports/requires
  • Follow style conventions:
    • JSDoc comments for all public methods
    • Descriptive variable names (no single-letter except loop counters)
    • Consistent indentation (4 spaces)

4. Verification Phase

  • Browser DevTools simulation: Trace execution with fix in place
  • Test consent flow: Ensure mining still requires explicit permission
  • Check edge cases:
    • User declines consent
    • Browser APIs unavailable (Navigator Battery, connection info)
    • Web Worker creation fails
    • Network disconnection during mining
  • Verify no regressions: Related features still work correctly
  • Confirm file size impact: Target ≤100KB for development build

5. Readability Review

  • Code clarity: Is the fix immediately understandable?
  • Comment quality: Do comments explain why not what?
  • Naming consistency: Do variable/function names follow existing patterns?
  • Maintainability: Can another developer modify this easily?

6. Commit Phase

  • Stage only webminer.js (and webminer.min.js if rebuilding)
  • Commit message format: "Fix: [concise description] (#ISSUE-ID)"
  • Imperative mood: "Fix consent bypass" not "Fixed consent bypass"
  • Character limit: ≤72 characters for first line
  • Commit body (optional): Brief explanation of root cause and solution

7. Documentation Phase

  • Update AUDIT.md:
    • Change status to "✅ Resolved"
    • Add commit hash reference
    • Note timestamp of resolution
  • Add inline JSDoc comments if fix involves public methods: 
    /**
 * Description of what the method does
 * 
 * @param {Type} paramName - Parameter description
 * @returns {Type} Return value description
 */
  • Document new issues discovered during fix process
  • Note browser-specific quirks if applicable

8. Confirmation Gate

Before proceeding to next issue, present:

  • Root cause identified: Clear explanation of what caused the bug
  • Changes implemented: Specific code modifications made
  • Verification performed: How fix was validated (DevTools trace, edge cases tested)
  • Readability assessment: How fix maintains code clarity
  • File integrity confirmed: Single-file architecture preserved

⏸️ Wait for explicit user confirmation before proceeding to next issue.

BROWSER-BASED VALIDATION METHODS:

Since webminer.js runs in browsers, use these verification approaches:

Code Path Analysis

  • Manual tracing: Follow execution flow through functions
  • Console.log debugging: Add temporary logging to trace values
  • Browser DevTools: Use Sources panel to set breakpoints and step through

Defensive Programming Patterns

// Null/undefined checks
if (!element) return false;
if (typeof config.throttle !== 'number') config.throttle = 0.25;

// API availability checks
if ('getBattery' in navigator) {
    // Use Battery API
} else {
    // Graceful fallback
}

// DOM query safety
const indicator = document.getElementById('webminer-indicator');
if (indicator) indicator.remove();

Browser Compatibility Validation

  • Feature detection: Check API availability before use
  • Progressive enhancement: Core features work without cutting-edge APIs
  • Graceful degradation: Fallbacks for older browsers

Performance Impact Assessment

  • File size check: Ensure development build ≤100KB, minified ≤60KB
  • Memory profiling: Use DevTools Memory tab to check for leaks
  • CPU monitoring: Verify throttle settings are respected

FORMATTING REQUIREMENTS:

Commit Messages

Fix: Prevent null pointer in consent dialog (#WM-001)

Dialog creation was failing when MiningConsent.state
was undefined. Added initialization check before accessing
nested properties.

Code Comments

// GOOD: Explains WHY
// Check battery state before starting intensive operations
// to prevent draining mobile devices
if (battery.level < 0.2 && !battery.charging) return;

// BAD: Explains WHAT (code already shows this)
// Check if battery level is less than 0.2
if (battery.level < 0.2) return;

AUDIT.md Updates

### WM-001: Null Pointer in Consent Dialog
**Status**: ✅ Resolved (2025-10-05, commit abc123f)
**Root Cause**: Uninitialized state object
**Fix**: Added initialization guard in MiningConsent.init()
**Verified**: Tested with consent accept/decline flows

QUALITY CRITERIA:

Before requesting confirmation, ensure:

Root cause clarity: You can explain the bug in plain English
Minimal fix scope: No unnecessary changes beyond the fix
Consent system integrity: User permission still required for mining
Single-file architecture: No external dependencies introduced
Browser compatibility: Works in Chrome 70+, Firefox 65+, Safari 14+, Edge 79+
Readability maintained: Code remains clear and maintainable
Vanilla JavaScript: No framework dependencies or transpilation required
No new bugs: Fix doesn't introduce regressions
Documentation complete: AUDIT.md updated, inline comments added
File size acceptable: Development build ≤100KB

EXAMPLE WORKFLOW:

### Issue: Memory Leak in Performance Monitoring (#WM-042)

**1. Validation Phase**
- Located: PerformanceMonitor.startPerformanceMonitoring() (line 163)
- Issue: setInterval never cleared when mining stops
- Trigger: Start mining, stop mining, repeat 10x → memory grows continuously
- Browser: All browsers affected

**2. Analysis Phase**
- Root cause: intervals.monitoring stored but never cleared in stop()
- Affected components: PerformanceMonitor.stop(), WebMiner.stop()
- Minimal fix: Add clearInterval() call in PerformanceMonitor.stop()
- Readability: Improves clarity by making cleanup explicit

**3. Implementation Phase**
```javascript
// In PerformanceMonitor.stop() - line 533
stop() {
    // Clear all monitoring intervals to prevent memory leaks
    Object.values(this.intervals).forEach(interval => {
        if (interval) clearInterval(interval);
    });
    
    this.intervals = {
        monitoring: null,
        battery: null,
        thermal: null
    };
}

4. Verification Phase

  • DevTools Memory profiler: No growth after 20 start/stop cycles
  • Edge cases tested: Stop before start, multiple rapid stops
  • Related features: Battery monitoring, thermal monitoring still work
  • File size: 88KB (no change)

5. Readability Review

  • Comment clarifies why intervals are cleared (prevent leaks)
  • Object.values() pattern consistent with existing codebase
  • Explicit null assignment shows intent to reset state

6. Commit

git add webminer.js
git commit -m "Fix: Clear performance monitoring intervals on stop (#WM-042)"

7. Documentation

  • Updated AUDIT.md status to "✅ Resolved"
  • Added JSDoc comment explaining cleanup responsibility
  • No new issues discovered

8. Confirmation Summary

  • ✅ Root cause: setInterval never cleared, causing memory leak
  • ✅ Changes: Added clearInterval() loop in PerformanceMonitor.stop()
  • ✅ Verification: Memory profiler shows no leaks after fix
  • ✅ Readability: Code intent is clear with explanatory comment
  • ✅ File integrity: Single-file architecture preserved, size unchanged

Ready for review.


---

## WEBMINER.JS SPECIFIC PATTERNS TO PRESERVE:

### Consent System Pattern (NON-NEGOTIABLE)
```javascript
// This pattern MUST remain intact
async start() {
    // Mining CANNOT bypass this check
    if (!MiningConsent.state.hasConsent) {
        const hasConsent = await MiningConsent.requestPermission();
        if (!hasConsent) return false;
    }
    this.startMiningWorker();
}

Object Literal Module Pattern

const ModuleName = {
    state: { /* properties */ },
    
    init() { /* initialization */ },
    
    method() { /* functionality */ }
};

Web Worker Generation Pattern

const workerCode = `/* worker code as template string */`;
const blob = new Blob([workerCode], { type: 'application/javascript' });
const workerUrl = URL.createObjectURL(blob);
this.worker = new Worker(workerUrl);

Browser API Feature Detection Pattern

if ('getBattery' in navigator) {
    // Use modern API
} else {
    // Graceful fallback or skip feature
}

SPECIFIC ISSUES FROM AUDIT.MD TO ADDRESS:

When working through AUDIT.md findings, pay special attention to:

  1. Documentation Mismatches: README/API docs claiming features that don't exist in code
  2. Missing Configuration Options: Constructor not accepting documented parameters
  3. Throttle Configuration Inconsistencies: Multiple throttle-related config keys causing confusion
  4. Performance Monitor Lifecycle: Cleanup of intervals and event listeners
  5. Mining Indicator Updates: Proper state synchronization between worker and UI
  6. Browser API Fallbacks: Graceful degradation when modern APIs unavailable

Focus on readability, ethical implementation, and single-file integrity above all else.