Toqi Documentation

Appearance

Project Codebase Review

Project: Toqi - AI Chat Mobile App
Stack: React Native 0.81.5, Expo SDK 54, TypeScript, Firebase Auth, React Query, Zustand
Review Date: January 2, 2026

1. Executive Summary

Overall Health

  • Strengths: Well-structured feature-first architecture with clear separation of concerns. Strong TypeScript configuration with strict mode enabled. Good state management pattern combining React Query for server state and Zustand for UI state. Excellent documentation with comprehensive guides.
  • Moderate Concerns: No test files exist despite Jest being configured. Excessive console.log statements (246+ across 33 files) that should be removed for production. CI/CD pipeline lacks test execution.
  • Technical Debt: Some code duplication in service patterns. Missing error boundaries. No performance monitoring or crash reporting integration visible.

Key Risks

  1. Zero Test Coverage: No unit, integration, or E2E tests exist—high risk for regressions
  2. Excessive Logging: 246+ console.log statements expose potential security-sensitive info and impact performance
  3. No Error Boundaries: App crashes could result in complete failure without graceful degradation
  4. Missing Observability: No crash reporting (Sentry), analytics events are minimal, no performance monitoring
  5. WebSocket Token Exposure: Auth tokens are passed in WebSocket URLs (visible in logs)

Quick Wins (High Impact, Low Effort)

  1. Add a production-grade logging utility that strips logs in release builds
  2. Implement React Error Boundaries at screen and navigation levels
  3. Add at least smoke tests for critical auth flows
  4. Remove or conditionalize console.log statements
  5. Add Sentry or similar crash reporting

2. High-Level Architecture

Architecture Pattern

Feature-First Modular Monolith with clear separation:

src/
├── app/           # App shell, providers, navigation
├── features/      # Domain-specific modules (auth, chat, agenda, etc.)
├── shared/        # Cross-cutting concerns (services, UI, theme)
└── hooks/         # App-wide hooks

Key Layers

  • Presentation: React Native components with react-navigation
  • State Management: React Query (server state) + Zustand (UI state) + AsyncStorage (persistence)
  • Services: Singleton service classes for API, auth, notifications, etc.
  • External: Firebase Auth (REST API), WebSocket for real-time chat, Composio for OAuth integrations

Main Data Flows

  1. Authentication: Firebase REST API → AuthService singleton → AuthContext → Navigation guards
  2. Chat: WebSocket → ChatService → useChatStore (Zustand) → FlashList rendering
  3. API Calls: apiClient (axios) → React Query hooks → Components
  4. Third-party OAuth: Composio backend → Deep links → Settings screen

3. Detailed Findings by Area

3.1 Security

Strengths:

  • No hardcoded API keys or secrets in source code
  • Firebase configuration loaded from environment variables at build time
  • Token refresh logic with expiration handling in authService.ts
  • Secure WebSocket upgrade (ws:// → wss://) for remote connections
  • Proper token-based authentication with Bearer tokens
  • Proactive session management with auto-refresh before expiration

Issues / Risks:

  • WebSocket URL Logging: Token is included in WebSocket URL, and URL is logged (line 321, chatService.ts)—should sanitize before logging
  • Token in Query Params: Auth token passed via WebSocket query parameters is less secure than headers
  • No Rate Limiting: Client-side rate limiting not implemented for API calls
  • Sensitive Data in AsyncStorage: Auth data stored in AsyncStorage without encryption

Recommendations:

  1. Use WebSocket subprotocol for auth instead of query params
  2. Implement client-side request throttling for sensitive operations
  3. Consider react-native-keychain for secure credential storage
  4. Add certificate pinning for production API endpoints
  5. Sanitize all URLs before logging (remove tokens)

3.2 Performance

Strengths:

  • FlashList used for chat messages (optimized virtualized list)
  • React Query with 5-minute gcTime and 1-minute staleTime for efficient caching
  • Message pagination by date with lazy loading on scroll
  • Exponential backoff for WebSocket reconnection
  • AsyncStorage persistence for offline support
  • Proper use of useMemo and useCallback for expensive operations
  • Background/foreground state handling for WebSocket cleanup

Issues / Risks:

  • Large Theme File: tokens.ts is 748 lines—impacts bundle size and maintainability
  • No Code Splitting: All screens loaded upfront (common in React Native, but lazy loading possible)
  • Network Polling: 5-second interval for network state check (chatService.ts:196)
  • Module-Level State: globalWsInitialized flag pattern could cause issues with Fast Refresh

Recommendations:

  1. Consider splitting theme tokens into separate files per feature
  2. Implement React.lazy for less-critical screens (Settings, Memories)
  3. Replace network polling with NetInfo subscription API
  4. Add performance monitoring (e.g., react-native-performance)
  5. Profile and optimize initial bundle load time

3.3 Maintainability

Strengths:

  • Consistent feature-first folder structure across all domains
  • TypeScript strict mode with comprehensive compiler options
  • Clear separation: screens, components, hooks, services, stores, types
  • Well-documented JSDoc comments in service files
  • Centralized configuration in src/config.ts
  • Path aliases configured (@/features/*, @/shared/*)

Issues / Risks:

  • Theme File Complexity: 748-line tokens.ts with duplicated light/dark definitions
  • Service Singleton Pattern: While consistent, makes testing harder without DI
  • Some Large Components: ChatScreen.tsx (692 lines), SettingsScreen.tsx (760 lines)
  • Inconsistent Error Handling: Mix of try/catch patterns across services

Recommendations:

  1. Extract theme tokens into composable pieces (base tokens, semantic tokens, component tokens)
  2. Consider dependency injection pattern for services to improve testability
  3. Break down large screens into smaller, focused components
  4. Establish consistent error handling utility/pattern
  5. Add JSDoc for all public functions

3.4 Scalability

Strengths:

  • Feature-first architecture supports adding new features independently
  • React Query handles caching, deduplication, and background refetching
  • WebSocket service supports message queuing and reconnection
  • Zustand stores are lightweight and composable
  • Environment-based configuration for dev/staging/prod

Issues / Risks:

  • Single WebSocket Connection: All chat goes through one connection—scaling users may require multiplexing
  • Monolithic Chat Store: All messages stored in one Zustand store—could grow large
  • No Pagination for Sessions: listSessions() fetches all sessions without limits

Recommendations:

  1. Implement session/message pagination with cursor-based API
  2. Consider message archival strategy for old conversations
  3. Add database indexes documentation for backend queries
  4. Plan for horizontal scaling of WebSocket connections
  5. Implement offline-first sync strategy with conflict resolution

3.5 Testing and QA

Current State:

  • Jest + React Native Testing Library configured in jest.config.js
  • jest.setup.js exists with mocks for expo-audio, expo-haptics, AsyncStorage
  • Zero test files found (searched for *.test.ts, *.test.tsx)
  • Test scripts in package.json: test, test:watch, test:coverage

Notable Gaps:

  • No unit tests for services (authService, chatService, apiClient)
  • No component tests for critical UI (MessageBubble, ChatInput, auth forms)
  • No integration tests for auth flow
  • No E2E tests (Detox/Maestro not configured)

Recommendations:

  1. Priority 1: Add tests for authService.ts (sign in, sign up, token refresh)
  2. Priority 2: Add tests for chatService.ts (WebSocket handling, message queue)
  3. Priority 3: Add component tests for ChatScreen, MessageBubble
  4. Priority 4: Set up Detox or Maestro for E2E testing
  5. Add tests to CI pipeline before merge
  6. Set minimum coverage threshold (suggest 60% initially)

3.6 UI/UX and Frontend Patterns

Observed Patterns:

  • Glass morphism design system with light/dark mode support
  • Consistent use of GlassView, GlassButton, GlassCard components
  • Theme context with system preference detection
  • Smooth animations via react-native-reanimated
  • Proper safe area handling with react-native-safe-area-context
  • FlashList for performant chat rendering

Usability/Accessibility Concerns:

  • Limited ARIA Support: No explicit accessibility labels visible in components
  • Color Contrast: Theme defines colors but no contrast ratio validation
  • Touch Targets: Some buttons may be below 44pt minimum (iOS HIG)
  • No Accessibility Testing: No integration with accessibility tools

Recommendations:

  1. Add accessibilityLabel and accessibilityRole to interactive elements
  2. Validate color contrast ratios for WCAG AA compliance
  3. Ensure minimum 44x44pt touch targets for all buttons
  4. Test with VoiceOver (iOS) and TalkBack (Android)
  5. Consider react-native-accessibility-engine for automated checks

3.7 Code Quality and Style

Overall Consistency:

  • ESLint with TypeScript, React, and React Hooks plugins configured
  • Prettier integration for code formatting
  • Unused imports plugin enabled (eslint-plugin-unused-imports)
  • Strict TypeScript config with noImplicitAny, strictNullChecks, etc.

Notable Code Smells:

  • Excessive Logging: 246 console.log statements across 33 files
  • TODO/FIXME Comments: 4 unaddressed (in KnowledgeGraphScreen.tsx, SoundService.ts)
  • Long Functions: ChatScreen.tsx render function is complex with multiple effects
  • Type Assertions: Some as casts that could be avoided with better typing

Recommended Refactors:

FileIssueSuggestion
src/features/chat/screens/ChatScreen.tsx692 lines, complex effectsExtract WebSocket handling to custom hook
src/features/settings/screens/SettingsScreen.tsx760 linesSplit into IntegrationsSection, PrivacySection, etc.
src/shared/theme/tokens.ts748 lines, duplicated light/darkUse token factory pattern
src/features/chat/services/chatService.ts843 linesSplit WebSocket and REST concerns
Multiple filesconsole.log everywhereCentralized logger with log levels

3.8 Documentation and Onboarding

What is Documented Well:

  • Comprehensive README with setup, run, and build instructions
  • Environment configuration explained with table format
  • 19 documentation files in /docs covering auth, notifications, integrations
  • Code comments in service files explaining purpose and usage
  • Feature architecture documented in README

What is Missing or Unclear:

  • No CONTRIBUTING.md or development guidelines
  • No architecture decision records (ADRs)
  • API documentation not present (expects external backend docs)
  • No troubleshooting guide for common development issues
  • Component documentation/storybook not available

Suggestions for Smoother Onboarding:

  1. Add CONTRIBUTING.md with PR process, commit conventions
  2. Create architecture overview diagram (Mermaid or similar)
  3. Add inline documentation for complex hooks/components
  4. Document common error scenarios and solutions
  5. Consider Storybook for UI component catalog

3.9 Tooling, Automation, and Observability

CI/CD Currently in Place:

  • GitHub Actions: 3 workflows
    • lint.yml: ESLint on push/PR
    • typecheck.yml: TypeScript type checking
    • format.yml: Prettier formatting check (assumed)
  • EAS Build: Configured for development, preview, and production profiles
  • Prebuild Scripts: Environment-specific (dev/prod) with automatic Firebase config

Gaps:

  • No Test Execution in CI: Tests not run in any workflow
  • No Security Scanning: No dependency audit, no SAST
  • No Build Caching: npm ci runs fresh each time
  • No Preview Deployments: No automatic preview builds for PRs

Recommended Improvements:

  1. Add test execution to CI workflow
  2. Add npm audit step for dependency vulnerabilities
  3. Implement build caching for faster CI runs
  4. Add EAS Preview builds for PR review
  5. Consider CodeQL or Snyk for security scanning

Observability Gaps:

  • No crash reporting (Sentry, Crashlytics)
  • Minimal analytics events (sendEvent used sparingly)
  • No performance monitoring
  • Error handling logs to console only

Recommendations:

  1. Integrate Sentry for crash reporting and error tracking
  2. Add Firebase Performance Monitoring
  3. Implement structured logging with log levels
  4. Add user journey analytics for key flows

4. Prioritized Action Plan

4.1 High-Priority (Short Term, High Impact)

  • [ ] Add production logging utility (src/shared/utils/logger.ts) - Strip console.logs in production, add structured logging
  • [ ] Implement Error Boundaries - Add at App, Screen, and critical component levels to prevent full-app crashes
  • [ ] Add auth service tests (src/features/auth/services/__tests__/authService.test.ts) - Critical path needs coverage
  • [ ] Sanitize WebSocket URL logging (chatService.ts:321) - Remove token from logged URLs
  • [ ] Add tests to CI pipeline - Extend .github/workflows/ to run Jest tests on PR

4.2 Medium-Priority

  • [ ] Refactor ChatScreen - Extract WebSocket logic to useChatWebSocket hook
  • [ ] Refactor SettingsScreen - Split into focused section components
  • [ ] Add Sentry integration - Crash reporting for production builds
  • [ ] Implement accessibility labels - Add to all interactive components
  • [ ] Add component tests - Cover ChatInput, MessageBubble, AuthForms
  • [ ] Create CONTRIBUTING.md - Document development process and conventions

4.3 Long-Term / Nice-to-Have

  • [ ] Refactor theme tokens - Use factory pattern to reduce duplication
  • [ ] Add E2E tests - Set up Detox or Maestro for critical user flows
  • [ ] Implement Storybook - Component documentation and visual testing
  • [ ] Add architecture diagrams - Mermaid diagrams in docs
  • [ ] Security hardening - Certificate pinning, secure storage for tokens
  • [ ] Performance monitoring - Firebase Performance or custom solution

5. Appendix: Notable Files / Modules

Entry Points

FilePurpose
App.tsxRoot component, wraps with RootProvider
src/app/navigation/RootNavigator.tsxNavigation structure, auth gating
src/app/providers/RootProvider.tsxComposes all app providers

Core Services (High Complexity)

FileLinesPurpose
src/features/auth/services/authService.ts689Firebase Auth wrapper, token management
src/features/chat/services/chatService.ts843WebSocket handling, session management
src/shared/services/composioService.ts251Third-party OAuth integration
src/shared/services/pushNotificationService.ts259FCM push notifications

State Management

FilePurpose
src/features/chat/store/useChatStore.tsPersisted chat messages
src/shared/store/useAuthStore.tsUser profile, connected services
src/features/chat/store/useChatUIStore.tsEphemeral UI state

Large Screens (Refactor Candidates)

FileLinesNotes
src/features/chat/screens/ChatScreen.tsx692Core chat UI, complex effects
src/features/settings/screens/SettingsScreen.tsx760Settings and integrations

Configuration

FilePurpose
src/config.tsCentralized app configuration
app.config.tsExpo/EAS configuration
src/shared/services/google/config/firebaseConfig.tsFirebase REST API config

Report generated by codebase review. Findings based on static analysis of repository as of January 2, 2026.

Toqi App Documentation

Copyright © 2026