Audit remediation: agentic, i18n FR/PT 100%, UX/a11y, design system, web4, fixes#91
Merged
Conversation
…gn, fixes Implementacion de la auditoria (docs/audit-2026-05-27): - Agentic Fases 1-3 (8/9): .well-known discovery, amplify Link/linkset headers, WebMCPProvider - i18n: FR/PT a 100% cobertura; rebrand Web3 -> web4 (hero + SEO aditivo) - Sprint 0 P0: ErrorBoundary, lang dinamico, modales a11y, swap NaN-guard, App muertos - Bugs: TokenMetrics (crash/SPOF/precision BigInt), Safe polling 2s->30s, RQ v5 gcTime, debounce swap - Design system: primary verde->violeta, tokens, 3 negros->1, emojis->iconos - UX/a11y: nav simetrica, /aplicar standalone, validacion forms, WalletContext (probar en dev) - dark: roto -> tokens de marca; deps fantasma removidas; paginas huerfanas limpiadas Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ed a web4 - TokenMetricsService: sin fallback directo a io.dexscreener.com (sin headers CORS desde el browser -> generaba errores CORS). Queda corsproxy + timeout + null graceful. - i18n en/es/fr/pt: footer tagline "Web3 Collective" -> web4; linea "backed by ... Web3 community" -> web4. (Nombres de eventos historicos y keywords SEO intactos.) Verificado: build OK; historia "Where we stand today" renderiza completa en dev. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Amplify reescribe paths sin extension a index.html (shadowea los .well-known canonicos). Las copias .json se sirven OK (json esta excluido del rewrite SPA); customRules reescribe el path canonico RFC -> su .json. Arregla api-catalog, oauth-protected-resource y openid-configuration. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…eck de OAuth Copia de openid-configuration servida como .json + customRule del path canonico. Completa OAuth Authorization Server metadata que el scanner busca aparte de openid-configuration. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Audit remediation 2026-05-27 (docs/audit-2026-05-27)
Consolida 4 commits del audit en
develop. Frontend del DAO.Cambios
.well-known(api-catalog, oauth-protected-resource, openid-configuration, oauth-authorization-server, mcp/server-card, agent-skills) + WebMCP + Link headers. Score isitagentready 67 -> 71 (lo restante necesita infra: edge/Cloudflare, OAuth server real, DNS).langdinamico, modales a11y, swap NaN-guard, App muertos borrados.gcTime, debounce swap, debug logs gateados.dark:roto -> tokens de marca (5 paginas)./aplicarstandalone, validacion de forms, link a/status, WalletContext.mongodb/openai) removidas; paginas huerfanas limpiadas.Verificado
IMPORTANTE - probar en dev ANTES de mergear
WalletContext es refactor de flujo core (solo verificado a nivel compilacion). Probar: conectar wallet, navegar bounties->snapshot sin reconectar, votar en Snapshot, desconectar.
Relacionado
Backend (
uvd-backend): cambios de seguridad/calidad ya aplicados amain+terraform apply(CORS, uuid->hash, DEBUG vars).