What changed:
- Added an auth package Vitest config with the existing forks pool and a 15s test timeout.
- Kept production bcryptjs salt rounds and test assertions unchanged.
Why:
- On this machine one 12-round bcryptjs hash can exceed Vitest's default 5s timeout, making the auth suite fail even though the implementation succeeds.
Verification:
- pnpm --filter @bytelyst/auth build
- pnpm --filter @bytelyst/auth test
- pnpm --filter @bytelyst/auth exec eslint . --ext .ts,.tsx
Replace the Headers branch's any cast with a typed copy into a Record so the shared API client keeps the same header merge behavior without a no-explicit-any warning.
Verification: pnpm --filter @bytelyst/api-client build; pnpm --filter @bytelyst/api-client test; pnpm --filter @bytelyst/api-client exec eslint . --ext .ts,.tsx; pnpm lint.
The first `pnpm -r exec eslint .` run was bailing at the very first
package (design-tokens), hiding any lint state in the rest of the 69
workspace packages. This commit fixes the structural blockers so the
pipeline runs end-to-end, then sweeps the small, low-risk lint errors
in the next 4 packages it surfaces. Real lint debt that remains
(85 errors, mostly @typescript-eslint/no-unused-vars across many
unrelated packages) is cataloged in docs/AUDIT_PLATFORM.md for follow-
up by package owners.
Structural fixes (eslint config):
- eslint.config.js (root):
• New flat-config block for **/*.cjs and **/scripts/**/*.{js,cjs}
with Node globals (process, console, require, module, __dirname)
and no-console disabled. CLI scripts legitimately print to
stdout. This alone clears the 45 errors in design-tokens'
validate-tokens.cjs.
• Added XMLHttpRequest + ProgressEvent to browser globals so
feedback-client compiles.
- packages/ui/eslint.config.js:
• Added @typescript-eslint/parser — the package-local override
replaced (didn't merge with) the root config, so TS syntax was
being parsed by espree and erroring on every `interface` /
type import.
• Added ignores for dist/** (root's ignores aren't inherited).
• Extended the files glob to .storybook/**/*.{ts,tsx}.
Mechanical lint fixes (no behaviour change):
- design-tokens/scripts/{validate,token-coverage}.cjs: empty catch
binding (catch (e) → catch).
- feedback-client/src/index.ts:
• captureScreen(): preserve caught error via `{ cause: err }`
on the rethrown Error (preserve-caught-error rule, real bug —
previous chain dropped the original stack).
• captureElement(): rename unused parity params mimeType/quality
to _mimeType/_quality and document why they exist.
- logger/__tests__/logger.test.ts: drop unused `LoggerConfig` import.
- extraction-service/{lib/circuit-breaker,modules/extract/{sidecar-
monitor,usage}}.test.ts: drop 3 unused vitest/type imports.
- tracker-web/__tests__/tracker-proxy.test.ts: rename unused local
`url` → `_url`.
New: docs/AUDIT_PLATFORM.md
Tooling-backed audit summary (pnpm install / typecheck / test / lint
results), classification of remaining lint debt by rule, and an
ordered hand-off plan for package owners to clear the rest with
`pnpm --filter <pkg> lint:fix` followed by an eyeball review.
Verified before commit:
- `pnpm typecheck` → pass (all 69 packages compile)
- `pnpm test` → pass (~2,200 tests across 18+ suites)
- `pnpm lint` → 85 pre-existing errors surfaced (none introduced
by this commit; all in unrelated packages — see AUDIT_PLATFORM.md
section P).
Out of scope (left untouched in working tree):
- In-progress nomgap-on-Vercel migration: docker-compose.ecosystem.yml,
products/nomgap/product.json, services/platform-service/src/
modules/flags/seed.ts.
- pnpm-lock.yaml: my `pnpm install -r` regenerated it (+2.9k/-8.5k
lines) — not part of the audit, owner should commit deliberately.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three coordinated fixes so 'docker compose up cosmos-emulator platform-service
cowork-service --wait' completes end-to-end (pre-existing blocker surfaced by
W1 post-push review).
1. Remove harmful prepare:tsc from @bytelyst/react-native-platform-sdk
package.json. The hook fires during pnpm install --frozen-lockfile against
an empty src/ tree (because Dockerfiles COPY package.jsons before
sources), tsc aborts, install fails. Canonical monorepo build flow is
pnpm -r build using the existing build:tsc script; prepare only runs for
git+ URL installs (which this published package doesn't use), so removing
it is lossless.
2. Add --ignore-scripts to platform-service + mcp-server Dockerfile install
steps. Mirrors the pattern already used by extraction-service/Dockerfile,
dashboards/admin-web/Dockerfile, dashboards/tracker-web/Dockerfile.
Belt-and-braces against future prepare-hook regressions in any workspace
package.
3. Expand .dockerignore node_modules/dist/.next/coverage to **/ globs.
Docker's .dockerignore with bare 'node_modules' only matches root-level;
nested packages/*/node_modules/ were being COPY'd into images, poisoning
them with host-absolute-path .bin shims (e.g. @bytelyst/storage's tsc
shim resolved to /learning_voice_ai_agent/node_modules/.pnpm/... which
doesn't exist in the container → MODULE_NOT_FOUND). The glob fix makes
COPY packages/ packages/ deliver source only.
Gap: INFRA-gap-02
Verified:
pnpm install --frozen-lockfile ✅
pnpm --filter @bytelyst/react-native-platform-sdk build ✅
pnpm --filter @bytelyst/react-native-platform-sdk typecheck ✅
docker compose build platform-service ✅ (previously failed)
docker compose build mcp-server ✅
docker compose build extraction-service ✅
Browser/React Native-safe typed client for platform-service billing
endpoints: plans, subscriptions, payments, and usage.
Follows the same factory pattern as broadcast-client and survey-client.
Any ByteLyst product can add billing with 5 lines of wiring code.
12 tests covering all methods, auth headers, error handling, and
404 null-return for missing subscriptions.
Published 60 @bytelyst/* packages to local Gitea npm registry.
create-app skipped (private: true — internal scaffolding tool).
Token regenerated with full write:package scope to fix E401.
- packages/llm: add FallbackLLMProvider (providers/fallback.ts) that
tries each provider in order, skipping unconfigured or erroring ones;
wire 'fallback' as a first-class LLMProviderType in factory + types
- packages/llm: improve auto-detection in factory — PERPLEXITY_API_KEY
and GEMINI_API_KEY trigger auto-selection when no explicit provider set
- scripts/release.sh: new pipeline — rebase from origin/main, build,
apply changesets, publish outdated packages to Gitea registry, push
- scripts/run-registry-tests.sh: fix Gitea URL health-check to use a
real package endpoint with auth header instead of bare registry root
- docs: mark Vercel track-B prompts B1–B3 as complete
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BUG 1: Azure locale derivation produced 'en-EN' (invalid) for 2-letter codes.
→ Added toAzureLocale() with 28-language mapping table (en→en-US, pt→pt-BR, etc.)
→ Exported for testing; falls back to code-CODE for unmapped languages.
BUG 2: model field from request schema was silently dropped after provider refactor.
→ Added optional model field to TranscriptionInput interface.
→ OpenAI provider now uses input.model override (falls back to config.model).
→ Route passes model through to provider.transcribe().
GAP 4: SUPPORTED_AUDIO_TYPES was defined but never validated against.
→ Route now rejects unsupported content-types with a clear error message.
→ Allows application/octet-stream (Azure Blob SAS URLs often return this).
GAP 5: Client JSDoc still said 'via OpenAI Whisper API' — now 'via configured STT provider'.
GAP 8: Azure WAV content-type hardcoded samplerate=16000 — now generic audio/wav.
Tests: 42 transcription tests (was 35), 178 total passing.
→ toAzureLocale: 4 tests (locale mapping, passthrough, fallback, case-insensitive)
→ setSTT: 1 test (singleton override)
→ model passthrough: 2 tests (mock ignores, input accepts)
Aligns with referral-client, org-client, and marketplace-client which
all send this header. The billing API likely requires it for product
scoping.
Made-with: Cursor
toggleTheme was calling applyTheme() inside the state updater AND
the useEffect was also applying on state change — double DOM write.
Now toggleTheme relies solely on the useEffect, matching setTheme
behavior.
setTheme, toggleTheme, and storage event listener now check
typeof window before accessing localStorage/addEventListener.
Prevents crashes in Next.js server components.
Modifiers (shift, alt, meta) are now checked in both directions:
when not required, the physical key must NOT be pressed either.
Before: Cmd+K shortcut would fire on Cmd+Shift+K or Cmd+Alt+K.
After: exact modifier combination is enforced.
4 regression tests added.
Root cause: tinypool worker teardown calls kill() which returns EPERM
in the act_runner host environment on Node.js v25.2.1. Tests pass but
the vitest process crashes during cleanup, causing CI failure.
Fix: --pool forks CLI flag on every package/service test script, plus
pool: 'forks' in all vitest.config.ts files. This uses child_process.fork()
worker management which handles termination cleanly.
60 package.json files updated, 10 vitest.config.ts files updated.
- Created .npmrc with @bytelyst scoped registry pointing to local Gitea
- Added publishConfig.registry to all 57 @bytelyst/* package.json files
- Created scripts/harden-publish-config.sh for future re-runs
- Prevents accidental publish to npmjs.org or corporate JFrog registry
- diagnostics/subscribers: wire session.created email notification to
target user using existing 'diagnostics-session-created' template
(was just logging instead of sending the email)
- events/types: add missing 'currency' field to payment.failed schema
(payment.succeeded had it, payment.failed did not — inconsistency)
- delivery/subscribers: use event.payload.currency instead of hardcoded
empty string in payment-failed email variables
- Typecheck clean, 1483/1483 tests pass
6 test files across 4 packages (auth-ui, dashboard-components,
dashboard-shell, react-auth) failed with 'document is not defined'
when run from the monorepo root because the root vitest config uses
environment: 'node'. The package-local configs set happy-dom but are
ignored when vitest is invoked from root.
Fix: Add per-file '// @vitest-environment happy-dom' annotations,
which is the recommended vitest pattern for mixed-environment monorepos.
This ensures tests work regardless of which config is loaded.
Recovers 148 tests across 6 files.
EventSource API cannot set custom headers, so the SSE /flags/stream
endpoint and feature-flag-client were broken for streaming mode:
- Server: accept productId and token from query string as fallback
when x-product-id / authorization headers are absent
- Client: pass productId (and optional auth token) as query params
when constructing the EventSource URL
- Swift: getOrCreateKey(service:account:), loadKey(), deleteKey()
- Generates random AES-256 key, persists as hex in BLKeychain
- Subsequent calls return the same key for stable per-device DEK
- Kotlin: getOrCreateKey(store:account:), loadKey(), deleteKey()
- Generates random AES-256 key, persists as hex in BLSecureStore
- Uses EncryptedSharedPreferences for at-rest protection
- All existing tests still pass (21/21 Kotlin)
- BLAuditLogger is an enum (static API) — cannot be constructed; use .Type reference + configure()
- BLCrashReporter is @MainActor — defer construction to start() via Task { @MainActor }
- telemetry-client: createWebTelemetry() wraps createTelemetryClient() with web defaults
- diagnostics-client: createWebDiagnostics() wraps DiagnosticsClient with install ID + web defaults
- Eliminates ~70 lines of boilerplate per web app
- 11/11 telemetry tests pass, 21/21 diagnostics tests pass
Allows dynamic config resolution (e.g. test mocks that change config between calls).
Options can now be string | (() => string) for both jwtSecret and jwksUrl.
