Implement comprehensive code quality improvements and fixes

Co-authored-by: 0xrinegade <[email protected]>

Author: Copilot

.github/workflows/build-android.yml

@@ -45,8 +45,20 @@ jobs:
 
     - name: Initialize Capacitor (if not exists)
       run: |
-        if [ ! -d "android" ] && [ ! -f "capacitor.config.json" ] && [ ! -f "capacitor.config.ts" ]; then
+        # Check if Capacitor is already configured by looking for config file
+        CAPACITOR_CONFIG=""
+        if [ -f "capacitor.config.json" ]; then
+          CAPACITOR_CONFIG="capacitor.config.json"
+        elif [ -f "capacitor.config.ts" ]; then
+          CAPACITOR_CONFIG="capacitor.config.ts"
+        fi
+        
+        # Initialize only if no config exists AND no android directory
+        if [ -z "$CAPACITOR_CONFIG" ] && [ ! -d "android" ]; then
+          echo "No Capacitor configuration found, initializing..."
           npx cap init "SVMSeek Wallet" "com.svmseek.wallet" --web-dir=build
+        else
+          echo "Capacitor already configured with: ${CAPACITOR_CONFIG:-android directory}"
         fi
         
     - name: Add Android platform (if not exists)  
@@ -103,10 +115,16 @@ jobs:
       if: github.ref == 'refs/heads/main' && github.event_name == 'push'
       working-directory: ./android
       run: |
-        if [ ! -z "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" ]; then
+        # Use environment variable instead of direct secret interpolation in shell
+        if [ ! -z "$ANDROID_KEYSTORE_BASE64" ]; then
           echo "Setting up production keystore..."
-          echo "${{ secrets.ANDROID_KEYSTORE_BASE64 }}" | base64 -d > release.keystore
-          echo "Production keystore created"
+          # Decode safely with error handling
+          if echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > release.keystore 2>/dev/null; then
+            echo "Production keystore created successfully"
+          else
+            echo "ERROR: Failed to decode keystore base64 data"
+            exit 1
+          fi
         else
           echo "No production keystore secrets found, skipping production build"
         fi
@@ -177,13 +195,11 @@ jobs:
             fi
             
             # 5. Check APK size is reasonable (not empty or suspiciously small)
-            APK_SIZE=$(stat -f%z "$APK_FILE" 2>/dev/null || stat -c%s "$APK_FILE" 2>/dev/null || echo "0")
-            MIN_SIZE=$((1024 * 1024))  # 1MB minimum
-            if [ "$APK_SIZE" -lt "$MIN_SIZE" ]; then
-              echo "ERROR: APK size ($APK_SIZE bytes) is suspiciously small"
+            echo "Validating APK size..."
+            if ! ./scripts/check-apk-size.sh "$APK_FILE" 1; then
+              echo "ERROR: APK size validation failed"
               exit 1
             fi
-            echo "✓ APK size validation passed: $(( APK_SIZE / 1024 / 1024 ))MB"
             
             # 6. Verify APK contains expected Android components
             REQUIRED_FILES="AndroidManifest.xml classes.dex resources.arsc"

playwright.config.ts

@@ -70,6 +70,7 @@ export default defineConfig({
     command: 'yarn start',
     url: 'http://localhost:3000',
     reuseExistingServer: !process.env.CI,
-    timeout: 120 * 1000,
+    timeout: parseInt(process.env.PLAYWRIGHT_SERVER_TIMEOUT || '240') * 1000, // Default 240 seconds, configurable
+    retries: process.env.CI ? 3 : 1, // Add retries for flaky network scenarios
   },
 });

scripts/check-apk-size.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+# Cross-platform APK size validation script
+# Supports different stat command formats across various runners
+
+set -e
+
+APK_FILE="$1"
+MIN_SIZE_MB="${2:-1}"  # Default 1MB minimum
+
+if [ -z "$APK_FILE" ]; then
+    echo "Usage: $0 <apk-file> [min-size-mb]"
+    exit 1
+fi
+
+if [ ! -f "$APK_FILE" ]; then
+    echo "ERROR: APK file not found: $APK_FILE"
+    exit 1
+fi
+
+# Function to get file size in bytes - works across different systems
+get_file_size() {
+    local file="$1"
+    local size=0
+    
+    # Try different stat command formats
+    if command -v stat >/dev/null 2>&1; then
+        # macOS/BSD format
+        if size=$(stat -f%z "$file" 2>/dev/null); then
+            echo "$size"
+            return 0
+        fi
+        
+        # Linux/GNU format
+        if size=$(stat -c%s "$file" 2>/dev/null); then
+            echo "$size"
+            return 0
+        fi
+    fi
+    
+    # Fallback: use ls command (less reliable but widely available)
+    if command -v ls >/dev/null 2>&1; then
+        size=$(ls -l "$file" | awk '{print $5}')
+        if [ "$size" -gt 0 ] 2>/dev/null; then
+            echo "$size"
+            return 0
+        fi
+    fi
+    
+    # Final fallback: use wc -c
+    if command -v wc >/dev/null 2>&1; then
+        size=$(wc -c < "$file" 2>/dev/null || echo "0")
+        echo "$size"
+        return 0
+    fi
+    
+    echo "0"
+    return 1
+}
+
+# Get APK size
+APK_SIZE=$(get_file_size "$APK_FILE")
+MIN_SIZE=$((MIN_SIZE_MB * 1024 * 1024))
+
+echo "Checking APK size for: $APK_FILE"
+echo "APK size: $APK_SIZE bytes ($(( APK_SIZE / 1024 / 1024 ))MB)"
+echo "Minimum required: $MIN_SIZE bytes (${MIN_SIZE_MB}MB)"
+
+if [ "$APK_SIZE" -lt "$MIN_SIZE" ]; then
+    echo "ERROR: APK size ($APK_SIZE bytes) is below minimum threshold (${MIN_SIZE_MB}MB)"
+    echo "This may indicate build issues or corrupted APK"
+    exit 1
+fi
+
+if [ "$APK_SIZE" -eq 0 ]; then
+    echo "ERROR: APK file is empty or could not determine size"
+    exit 1
+fi
+
+echo "✓ APK size validation passed"
+exit 0

src/App.tsx

@@ -228,12 +228,15 @@ const Pages = () => {
         />
 
         {/* popup if connecting from dex UI */}
+        {/* TODO: Migrate to React Router v6 - Replace Redirect with Navigate component */}
         {window.opener && !!wallet && <Redirect from="/" to="/connect_popup" />}
 
         {/* if wallet exists - for case when we'll have unlocked wallet */}
+        {/* TODO: Migrate to React Router v6 - Replace Redirect with Navigate component */}
         {!!wallet && <Redirect from="/" to="/wallet" />}
 
         {/* if have mnemonic in localstorage - login, otherwise - restore/import/create */}
+        {/* TODO: Migrate to React Router v6 - Replace Redirect with Navigate component */}
         {hasLockedMnemonicAndSeed ? (
           <Redirect from="/" to="/welcome_back" />
         ) : (

src/components/OnboardingTutorial.tsx

@@ -58,6 +58,28 @@ const StepIcon = styled.div`
   margin: 0 auto 1rem;
   color: white;
   font-size: 24px;
+  
+  /* Improved accessibility for small devices */
+  @media (max-width: 480px) {
+    width: 48px;
+    height: 48px;
+    font-size: 20px;
+  }
+  
+  /* Ensure sufficient contrast and touch target size */
+  min-height: 44px;
+  min-width: 44px;
+  
+  /* High contrast mode support */
+  @media (prefers-contrast: high) {
+    background: #000;
+    border: 2px solid #fff;
+  }
+  
+  /* Reduced motion support */
+  @media (prefers-reduced-motion: reduce) {
+    transition: none;
+  }
 `;
 
 const NavigationButtons = styled(Box)`

src/components/WebBrowser/WalletProvider.tsx

@@ -36,6 +36,8 @@ export const WalletProviderContext: React.FC<WalletProviderContextProps> = ({ ch
   const wallet = useWallet();
   const [connecting, setConnecting] = useState(false);
 
+  // Performance optimization: Memoize callback functions to prevent unnecessary re-renders
+  // Dependency array [wallet] is intentionally minimal to ensure callbacks update when wallet changes
   const connect = useCallback(async () => {
     if (!wallet?.publicKey) {
       throw new Error('No wallet available');
@@ -47,12 +49,12 @@ export const WalletProviderContext: React.FC<WalletProviderContextProps> = ({ ch
     } finally {
       setConnecting(false);
     }
-  }, [wallet]);
+  }, [wallet]); // Dependency: wallet - callback updates when wallet instance changes
 
   const disconnect = useCallback(async () => {
     // In a real implementation, this would disconnect the wallet
     console.log('Wallet disconnect requested');
-  }, []);
+  }, []); // No dependencies - function is static
 
   const signTransaction = useCallback(async (transaction: Transaction) => {
     if (!wallet) {
@@ -66,7 +68,7 @@ export const WalletProviderContext: React.FC<WalletProviderContextProps> = ({ ch
     // 4. Return the signed transaction
 
     throw new Error('Transaction signing requires user approval - not implemented in iframe context');
-  }, [wallet]);
+  }, [wallet]); // Dependency: wallet - callback needs current wallet instance
 
   const signAllTransactions = useCallback(async (transactions: Transaction[]) => {
     if (!wallet) {
@@ -75,7 +77,7 @@ export const WalletProviderContext: React.FC<WalletProviderContextProps> = ({ ch
 
     // Similar to signTransaction but for multiple transactions
     throw new Error('Batch transaction signing requires user approval - not implemented in iframe context');
-  }, [wallet]);
+  }, [wallet]); // Dependency: wallet - callback needs current wallet instance
 
   const signMessage = useCallback(async (message: Uint8Array) => {
     if (!wallet) {
@@ -84,7 +86,7 @@ export const WalletProviderContext: React.FC<WalletProviderContextProps> = ({ ch
 
     // In a real implementation, this would sign arbitrary messages
     throw new Error('Message signing requires user approval - not implemented in iframe context');
-  }, [wallet]);
+  }, [wallet]); // Dependency: wallet - callback needs current wallet instance
 
   const value: WalletContextState = {
     isConnected: !!wallet?.publicKey,

src/pages/RestoreWallet/index.tsx

@@ -67,6 +67,7 @@ export const RestorePage = () => {
         <title>Restore SVMSeek Wallet by seed phrase</title>
       </Helmet>
       <FakeInputs />
+      {/* TODO: Migrate to React Router v6 - Replace Redirect with Navigate component */}
       {redirectToWallet && <Redirect to="/wallet" />}
       {/* <Logo /> */}
       {/* margin={showDerivation ? '0 0 4rem 0' : '0 0 8rem 0'} */}

src/services/WalletInjectionService.ts

@@ -37,6 +37,16 @@ export class WalletInjectionService {
     try {
       this.iframe = iframe;
 
+      // Enhanced security: Check iframe source origin
+      const iframeSrc = iframe.src;
+      if (iframeSrc && !this.isAllowedOrigin(iframeSrc)) {
+        console.warn('Wallet injection blocked for untrusted origin:', iframeSrc);
+        return {
+          success: false,
+          error: 'Wallet injection blocked for security reasons: untrusted origin'
+        };
+      }
+      
       // Wait for iframe to load
       await this.waitForIframeLoad(iframe);
 
@@ -76,6 +86,48 @@ export class WalletInjectionService {
     }
   }
 
+  /**
+   * Check if the origin is allowed for wallet injection
+   * Implements same-origin policy with allowlist for trusted domains
+   */
+  private isAllowedOrigin(url: string): boolean {
+    try {
+      const urlObj = new URL(url);
+      const origin = urlObj.origin;
+      const hostname = urlObj.hostname;
+      
+      // Allow same origin (localhost, 127.0.0.1 for development)
+      if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '0.0.0.0') {
+        return true;
+      }
+      
+      // Allow SVMSeek domains
+      const allowedDomains = [
+        'svmseek.com',
+        'www.svmseek.com',
+        'app.svmseek.com',
+        'wallet.svmseek.com'
+      ];
+      
+      // Check exact domain match
+      if (allowedDomains.includes(hostname)) {
+        return true;
+      }
+      
+      // Check subdomain pattern for svmseek.com
+      if (hostname.endsWith('.svmseek.com')) {
+        return true;
+      }
+      
+      // Block all other origins for security
+      console.warn('Blocked wallet injection for untrusted origin:', origin);
+      return false;
+    } catch (error) {
+      console.error('Failed to parse URL for origin check:', url, error);
+      return false;
+    }
+  }
+
   /**
    * Handle messages from the iframe
    */