feat: a11y + Error Boundary + IPC validation + schema migrations

Second pass through the audit punch-list. ESLint and Prettier now clean
(0 errors, 0 warnings), typecheck clean, 53 tests pass.

ACCESSIBILITY (Modal)
- Full focus trap: Tab/Shift-Tab cycle within the dialog and never
  escape to the underlying page.
- Focus restoration: closing returns focus to the trigger button.
- First focusable child is focused on open (skipping the X button).
- aria-labelledby links the dialog to its <h2> via useId().
- Close button's hardcoded "Закрыть" replaced with i18n key.

ERROR RECOVERY
- Add ErrorBoundary component (class — only way) with localized
  fallback and a "try again" reset button. Stack trace shown only in
  dev. Wrapped around the whole App + a nested boundary around the
  routed pages so a crash in one route doesn't blank the chrome.
- Module-level guard on subscribeToBackend so React 18 StrictMode's
  dev-mode double-mount doesn't subscribe twice.
- Loading placeholder is now blank (was hardcoded Russian "Загрузка…"
  that English users would see during initial hydration).

TRAY i18n
- 5 tray strings now follow the current settings.language. Falls back
  to Russian when the store isn't loaded yet or the lang is unknown.
- refreshMenu() called on settings.language change and on
  pauseAll/resumeAll so the pause label stays in sync with state.

IPC VALIDATION (src/main/validate.ts)
- Hand-rolled validators for every renderer-supplied payload:
  exercise input/patch, challenge input/patch, settings patch, id,
  actualReps, snoozeMinutes. Range-check numeric fields
  (intervalMinutes ∈ [1, 1440], reps ∈ [1, 9999], multiplier ∈ [0,
  1000], snooze ∈ [1, 1440]), cap string lengths at 200, restrict
  enums (theme/lang/notify-mode/stat) to known values, validate
  quietHours.from/to with HH:MM regex and dedup quietHours.days.
- Every ipcMain.handle for mutations now runs the validator first and
  returns null on rejection instead of pushing junk into the store.
  A compromised renderer can no longer corrupt persisted state via
  out-of-range numbers or wrong-type fields.

SCHEMA MIGRATIONS (src/main/store.ts)
- Add __schemaVersion field to persisted state with CURRENT = 1.
- MIGRATIONS map: { 0: (s) => s } as a no-op seed; future structural
  changes (e.g. quietHours shape revision) get a single explicit slot.
- runMigrations() applies migrations in order; coerce() normalises the
  result into a fully-formed AppState. Both first-write and every
  flush() persist the version field.

EXHAUSTIVE-DEPS WARNINGS
- Dashboard: memoise `exercises` so downstream useMemos don't fire on
  every parent render; gate the history fetch on exercises change
  instead of any state change.
- HistoryHeatmap: wrap `weeks` in useMemo so monthLabels' deps are
  stable.

LINT POLISH
- updater.ts: refactor a Prettier-vs-no-extra-semi conflict by
  extracting the cast into a local binding.
- Remove dead import of `Challenge` from ipc.ts (now imported via
  validators).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

src/main/validate.ts

@@ -0,0 +1,311 @@
+/**
+ * Hand-rolled runtime validators for IPC payloads.
+ *
+ * TypeScript types are erased at compile time — a compromised or buggy
+ * renderer can still send arbitrary JSON across the IPC boundary. These
+ * helpers enforce shape, type and range BEFORE the data hits the store.
+ *
+ * Philosophy: be lenient with unknown fields (drop them silently), strict
+ * about known fields (reject the call if a known field is the wrong type
+ * or out of range). Never throw to the renderer; return a sanitised value
+ * or `null` and the caller decides what to do.
+ */
+
+import type {
+  Challenge,
+  Exercise,
+  GameStat,
+  Settings,
+  Theme,
+  Language,
+  NotificationMode
+} from '@shared/types'
+
+const MAX_STR_LEN = 200
+const VALID_THEMES: Theme[] = ['system', 'light', 'dark']
+const VALID_LANGS: Language[] = ['ru', 'en']
+const VALID_NOTIFY: NotificationMode[] = ['toast', 'modal', 'both']
+const VALID_STATS: GameStat[] = [
+  'deaths',
+  'kills',
+  'assists',
+  'last_hits',
+  'denies',
+  'duration_min'
+]
+const HHMM_RE = /^\d{1,2}:\d{2}$/
+
+function isObj(v: unknown): v is Record<string, unknown> {
+  return typeof v === 'object' && v !== null && !Array.isArray(v)
+}
+
+function safeStr(v: unknown, max = MAX_STR_LEN): string | undefined {
+  if (typeof v !== 'string') return undefined
+  if (v.length === 0 || v.length > max) return undefined
+  return v
+}
+
+function intInRange(v: unknown, min: number, max: number): number | undefined {
+  if (typeof v !== 'number' || !Number.isFinite(v)) return undefined
+  const n = Math.trunc(v)
+  if (n < min || n > max) return undefined
+  return n
+}
+
+function numInRange(v: unknown, min: number, max: number): number | undefined {
+  if (typeof v !== 'number' || !Number.isFinite(v)) return undefined
+  if (v < min || v > max) return undefined
+  return v
+}
+
+function bool(v: unknown): boolean | undefined {
+  return typeof v === 'boolean' ? v : undefined
+}
+
+function oneOf<T extends string>(
+  v: unknown,
+  allowed: readonly T[]
+): T | undefined {
+  return typeof v === 'string' && (allowed as readonly string[]).includes(v)
+    ? (v as T)
+    : undefined
+}
+
+// -----------------------------------------------------------------------
+// Exercise validators
+// -----------------------------------------------------------------------
+
+export function validateExerciseInput(
+  raw: unknown
+): Omit<Exercise, 'id' | 'nextFireAt' | 'lastDoneAt'> | null {
+  if (!isObj(raw)) return null
+  const name = safeStr(raw.name)
+  const reps = intInRange(raw.reps, 1, 9999)
+  const intervalMinutes = intInRange(raw.intervalMinutes, 1, 24 * 60)
+  const icon = safeStr(raw.icon, 64) ?? 'Activity'
+  const enabled = bool(raw.enabled) ?? true
+  if (
+    name === undefined ||
+    reps === undefined ||
+    intervalMinutes === undefined
+  ) {
+    return null
+  }
+  return { name, reps, intervalMinutes, icon, enabled }
+}
+
+export function validateExercisePatch(
+  raw: unknown
+): Partial<Omit<Exercise, 'id'>> | null {
+  if (!isObj(raw)) return null
+  const out: Partial<Omit<Exercise, 'id'>> = {}
+  if ('name' in raw) {
+    const v = safeStr(raw.name)
+    if (v === undefined) return null
+    out.name = v
+  }
+  if ('reps' in raw) {
+    const v = intInRange(raw.reps, 1, 9999)
+    if (v === undefined) return null
+    out.reps = v
+  }
+  if ('intervalMinutes' in raw) {
+    const v = intInRange(raw.intervalMinutes, 1, 24 * 60)
+    if (v === undefined) return null
+    out.intervalMinutes = v
+  }
+  if ('icon' in raw) {
+    const v = safeStr(raw.icon, 64)
+    if (v === undefined) return null
+    out.icon = v
+  }
+  if ('enabled' in raw) {
+    const v = bool(raw.enabled)
+    if (v === undefined) return null
+    out.enabled = v
+  }
+  // Allow scheduler-controlled fields to be patched (used by store.markDone
+  // through this same boundary), but range-check them.
+  if ('nextFireAt' in raw) {
+    const v = numInRange(raw.nextFireAt, 0, Number.MAX_SAFE_INTEGER)
+    if (v === undefined) return null
+    out.nextFireAt = v
+  }
+  if ('lastDoneAt' in raw) {
+    const v = numInRange(raw.lastDoneAt, 0, Number.MAX_SAFE_INTEGER)
+    if (v === undefined) return null
+    out.lastDoneAt = v
+  }
+  return out
+}
+
+// -----------------------------------------------------------------------
+// Challenge validators
+// -----------------------------------------------------------------------
+
+export function validateChallengeInput(
+  raw: unknown
+): Omit<Challenge, 'id'> | null {
+  if (!isObj(raw)) return null
+  const name = safeStr(raw.name)
+  const gameId = safeStr(raw.gameId, 32)
+  const stat = oneOf(raw.stat, VALID_STATS)
+  const multiplier = numInRange(raw.multiplier, 0, 1000)
+  const exerciseName = safeStr(raw.exerciseName)
+  const icon = safeStr(raw.icon, 64) ?? 'Activity'
+  const enabled = bool(raw.enabled) ?? true
+  if (
+    name === undefined ||
+    gameId === undefined ||
+    stat === undefined ||
+    multiplier === undefined ||
+    exerciseName === undefined
+  ) {
+    return null
+  }
+  return {
+    name,
+    gameId: gameId as Challenge['gameId'],
+    stat,
+    multiplier,
+    exerciseName,
+    icon,
+    enabled
+  }
+}
+
+export function validateChallengePatch(
+  raw: unknown
+): Partial<Omit<Challenge, 'id'>> | null {
+  if (!isObj(raw)) return null
+  const out: Partial<Omit<Challenge, 'id'>> = {}
+  if ('name' in raw) {
+    const v = safeStr(raw.name)
+    if (v === undefined) return null
+    out.name = v
+  }
+  if ('exerciseName' in raw) {
+    const v = safeStr(raw.exerciseName)
+    if (v === undefined) return null
+    out.exerciseName = v
+  }
+  if ('stat' in raw) {
+    const v = oneOf(raw.stat, VALID_STATS)
+    if (v === undefined) return null
+    out.stat = v
+  }
+  if ('multiplier' in raw) {
+    const v = numInRange(raw.multiplier, 0, 1000)
+    if (v === undefined) return null
+    out.multiplier = v
+  }
+  if ('icon' in raw) {
+    const v = safeStr(raw.icon, 64)
+    if (v === undefined) return null
+    out.icon = v
+  }
+  if ('enabled' in raw) {
+    const v = bool(raw.enabled)
+    if (v === undefined) return null
+    out.enabled = v
+  }
+  return out
+}
+
+// -----------------------------------------------------------------------
+// Settings validators
+// -----------------------------------------------------------------------
+
+export function validateSettingsPatch(raw: unknown): Partial<Settings> | null {
+  if (!isObj(raw)) return null
+  const out: Partial<Settings> = {}
+  if ('globalEnabled' in raw) {
+    const v = bool(raw.globalEnabled)
+    if (v === undefined) return null
+    out.globalEnabled = v
+  }
+  if ('startWithWindows' in raw) {
+    const v = bool(raw.startWithWindows)
+    if (v === undefined) return null
+    out.startWithWindows = v
+  }
+  if ('startMinimized' in raw) {
+    const v = bool(raw.startMinimized)
+    if (v === undefined) return null
+    out.startMinimized = v
+  }
+  if ('minimizeToTray' in raw) {
+    const v = bool(raw.minimizeToTray)
+    if (v === undefined) return null
+    out.minimizeToTray = v
+  }
+  if ('soundEnabled' in raw) {
+    const v = bool(raw.soundEnabled)
+    if (v === undefined) return null
+    out.soundEnabled = v
+  }
+  if ('notificationMode' in raw) {
+    const v = oneOf(raw.notificationMode, VALID_NOTIFY)
+    if (v === undefined) return null
+    out.notificationMode = v
+  }
+  if ('theme' in raw) {
+    const v = oneOf(raw.theme, VALID_THEMES)
+    if (v === undefined) return null
+    out.theme = v
+  }
+  if ('language' in raw) {
+    const v = oneOf(raw.language, VALID_LANGS)
+    if (v === undefined) return null
+    out.language = v
+  }
+  if ('snoozeMinutes' in raw) {
+    const v = intInRange(raw.snoozeMinutes, 1, 24 * 60)
+    if (v === undefined) return null
+    out.snoozeMinutes = v
+  }
+  if ('quietHours' in raw) {
+    const qh = raw.quietHours
+    if (!isObj(qh)) return null
+    const enabled = bool(qh.enabled)
+    const from = safeStr(qh.from, 8)
+    const to = safeStr(qh.to, 8)
+    if (
+      enabled === undefined ||
+      from === undefined ||
+      to === undefined ||
+      !HHMM_RE.test(from) ||
+      !HHMM_RE.test(to)
+    ) {
+      return null
+    }
+    if (!Array.isArray(qh.days)) return null
+    const days: number[] = []
+    for (const d of qh.days) {
+      const n = intInRange(d, 0, 6)
+      if (n === undefined) return null
+      if (!days.includes(n)) days.push(n)
+    }
+    out.quietHours = { enabled, from, to, days }
+  }
+  return out
+}
+
+// -----------------------------------------------------------------------
+// Misc tiny validators
+// -----------------------------------------------------------------------
+
+export function validateId(raw: unknown): string | null {
+  // UUIDs from store.ts via randomUUID(); accept any reasonable string id.
+  const v = safeStr(raw, 64)
+  return v ?? null
+}
+
+export function validateActualReps(raw: unknown): number | undefined {
+  if (raw === undefined || raw === null) return undefined
+  return intInRange(raw, 0, 100000) ?? undefined
+}
+
+export function validateSnoozeMinutes(raw: unknown): number | null {
+  return intInRange(raw, 1, 24 * 60) ?? null
+}