Feature/analytics and csp

[SunDevil311]

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Description

Added

• Introduced unified environment detection utility (src/lib/utils/env.js) with full JSDoc typing.

  • Normalizes process.env and import.meta.env usage across SSR (Node) and client contexts.
  • Safely handles browser environments where process is undefined.
  • Provides standardized flags for:
    • isDev, isProd, isAudit, isCI, and isTest
  • Enables consistent environment checks across analytics, CSP, and runtime logic.

• Added hybrid environment + host-based analytics guard in src/lib/stores/posthog.js.

  • Automatically disables PostHog tracking in audit mode or when hostname matches *.audit.netwk.pro.
  • Prevents analytics initialization during development and test contexts.
  • Uses the shared detectEnvironment() utility for centralized logic.
  • Improves runtime logging for environment-specific behavior.

Changed

• Updated hooks.server.js to include a dedicated audit environment block for Content Security Policy (CSP).

  • Hardened audit CSP by removing all analytics-related sources (posthog.com, posthog-assets.com).
  • Redirects CSP violation reporting to the mock endpoint (/api/mock-csp) in audit mode.
  • Preserves full HSTS and other production security headers for audit deployments.
  • Added clear separation between test, audit, and prod security policies.
  • Improved console debugging for environment detection (NODE_ENV, ENV_MODE).

• Refined environment resolution logic to ensure accurate mode detection in both local builds and Vercel deployments.

  • Ensures vite --mode audit and PUBLIC_ENV_MODE=audit behave consistently.
  • Enables audit deployments to simulate production behavior without telemetry or external reporting.

• Refactored Branch Guard workflow (.github/workflows/branch-guard.yml) for improved accuracy and reduced noise.

  • Adjusted detection logic to ignore merge commits, Dependabot updates, and automated actions.
  • Ensures workflow warnings are shown only for true direct commits to protected branches (master, main).
  • Simplified step output and summary formatting for clearer reporting in the Actions log and job summary.
  • Maintains lightweight permissions (contents: read) and executes entirely without repository writes.
  • Improves reliability of branch protection monitoring without affecting CI or merge operations.

Fixed

• Resolved client-side crash in browser environments caused by process.env being undefined.
  • Implemented defensive checks in env.js for process availability.
  • Eliminated reference errors during client-side initialization of analytics.

Developer Notes

• When deploying audit builds, ensure Vercel environment variables include:

ENV_MODE=audit
PUBLIC_ENV_MODE=audit

This enables analytics filtering and CSP hardening for the audit environment.

• Audit deployments retain full HTTPS and security headers but omit telemetry and external CSP reporting.

Checklist

• I have read and followed the guidelines in the CONTRIBUTING document.
• I've checked for existing Pull Requests for the same update/change.
• My code follows the project’s coding style.
• My code has been linted locally before submission.
• All new and existing tests pass.

 

• I have updated the documentation accordingly.
• I have added tests to cover my changes, if applicable. (Optional, especially for new contributors)

Pull requests are part of a collaborative process — we welcome contributions and review each one carefully. For all but the smallest changes, you can expect maintainers to request improvements or clarifications.

Please check back after opening your PR and be responsive to feedback so we can get your contribution merged quickly.

Thanks for helping improve Network Pro Strategies!

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
audit	Ready	Preview	Comment	Nov 3, 2025 5:35am
web	Ready	Preview	Comment	Nov 3, 2025 5:35am

[SunDevil311]

Changes look good.

[SunDevil311]

Changes look good.

[github-actions]

⚠️ Lighthouse Budget Issues Detected

• First Contentful Paint (score: 0.88)
• Largest Contentful Paint (score: 0.85)
• Speed Index (score: 0.99)
• Total Blocking Time (score: 0.21)
• Max Potential First Input Delay (score: 0)
• Time to Interactive (score: 0.85)
• Minimize main-thread work (score: 0)
• Reduce JavaScript execution time (score: 0)
• Largest Contentful Paint element (score: 0)
• Links rely on color to be distinguishable. (score: 0)
• Serve static assets with an efficient cache policy (score: 0.5)
• Reduce unused CSS (score: 0)
• Reduce unused JavaScript (score: 0.5)
• Avoid serving legacy JavaScript to modern browsers (score: 0.5)
• Use efficient cache lifetimes (score: 0.5)
• Optimize DOM size (score: 0)
• Duplicated JavaScript (score: 0.5)
• Legacy JavaScript (score: 0.5)
• Network dependency tree (score: 0)
• Render blocking requests (score: 0.5)

View the full report in the workflow artifacts or in .lighthouseci/report.html.

[SunDevil311]

All changes look good. Merging pending successful completion of tests.