Files

100 lines
4.5 KiB
Markdown

# MoonWell Launcher Project Review
Reviewed on 2026-06-18.
## Overview
MoonWell Launcher is a Flutter desktop application for a private World of
Warcraft: Wrath of the Lich King server. Its core responsibilities are account
login, client installation/synchronization, news display, and launching
`Wow.exe`.
The project is already more than a Flutter template: it has a clear launcher
API contract, domain models for manifests and sessions, a sync use case,
installation scanning, logging, dependency injection, and tests around the
most important file verification behavior.
## Strong Points
- The project uses a readable layered structure: UI under `lib/app`, feature
code under `lib/features`, and shared primitives under `lib/core`.
- Client sync is manifest driven and verifies downloaded files by size and
SHA-256 before replacing local files.
- Local path handling normalizes manifest paths and rejects absolute paths or
traversal attempts before resolving files under the selected installation
directory.
- Player-generated or volatile client directories are excluded from
verification: `Cache`, `Errors`, `Logs`, `Screenshots`, `WTF`, and launcher
metadata.
- Hash caching is implemented as an optimization while keeping the server
manifest as the source of truth.
- Sync diagnostics are written to `.moonwell_launcher/launcher.log`, and failed
downloads can be preserved for inspection.
- The Web API integration is documented in `docs/launcher_web_api_spec.md`,
including login, manifest, presigned download, news, pause/resume, and launch
behavior.
- Tests cover deterministic build hash behavior, ignored directories, hash
cache behavior, path traversal rejection, sync success, stale file removal,
download verification failure, session restore, preferences, and news loading.
## Weak Points And Risks
- `README.md` was still the generated Flutter starter text before this review,
so new contributors had no project-specific setup or operation guide.
- There was no `AGENTS.md`, so future automated or human contributors had to
infer architecture, commands, and safety rules from source code.
- At initial review, `lib/main.dart` contained a large inactive demo
`LauncherHome` implementation. This has since been removed from the active
entrypoint.
- At initial review, several Russian UI strings appeared mojibake-encoded in
the active login and home flow. These active strings have since been
normalized to UTF-8.
- At initial review, custom title-bar widgets were duplicated between login and
home screens. They have since been extracted into a shared widget.
- Session tokens were originally persisted through `shared_preferences`. They
now use `flutter_secure_storage`, while `shared_preferences` remains limited
to non-sensitive launcher preferences.
- The dependency injection output file `lib/service_container.config.dart` is
committed, but the regeneration command was not previously documented.
- UI/widget/integration coverage is still light compared with the risk in login,
bootstrap, directory selection, news failure handling, sync controls, and
launch behavior.
- There is no visible CI configuration in the repository.
- The current working tree already had modified `pubspec.yaml` and
`pubspec.lock` before this documentation pass. Those changes were not part of
this review and should be preserved.
## Flutter 3.44.2 Upgrade Feasibility
Assumption: `3.44.2` means Flutter SDK `3.44.2`.
Current local indicators:
- `.fvmrc` is absent.
- `pubspec.yaml` declares Dart SDK `^3.9.0`.
- `pubspec.lock` declares Flutter SDK `>=3.38.0`.
- The project policy is latest stable Flutter SDK only; FVM-pinned workflows are
not supported.
- The local shell now finds Flutter `3.44.2` on the stable channel.
Flutter `3.44.2` has been validated for dependency resolution, formatting,
analysis, and tests. A production-like Windows build smoke test remains open.
Recommended upgrade path:
1. Keep the latest stable Flutter SDK on PATH.
2. Run `fvm flutter pub get`.
3. Regenerate dependency injection only if dependency resolution or generator
output requires it:
`fvm dart run build_runner build --delete-conflicting-outputs`.
4. Run `fvm flutter analyze`.
5. Run a Windows build smoke test:
`fvm flutter build windows --dart-define=MOONWELL_API_BASE_URL=https://host`.
## Recommended Refactoring Direction
- Keep secure session persistence covered by tests when login or session
restore behavior changes.
- Add CI or a documented local verification workflow that runs analysis and a
Windows build smoke test with the latest stable Flutter SDK.