# Platform โ€” Systematic Audit (cross-workspace) Date: 2026-05-04 Tooling-backed audit (with `GITEA_NPM_TOKEN` available): full `pnpm install`, typecheck, test, and lint run successfully across all 69 workspace packages (`packages/`, `services/`, `dashboards/`). Legend: ๐Ÿ”ด critical ยท ๐ŸŸ  high ยท ๐ŸŸก medium ยท ๐ŸŸข low ยท โฌœ open ยท ๐ŸŸฆ in PR ยท โœ… fixed (commit hash on the right). --- ## 0. Health snapshot | Check | Result | Notes | | ----------------- | ---------- | ------------------------------------------------------------------------------------------------------ | | `pnpm install -r` | โœ… pass | 4 peer warnings โ€” `@azure/cosmos` wants `@azure/core-client@^1.10.0`. Cosmetic. | | `pnpm typecheck` | โœ… pass | All TS sources compile (`tsc --noEmit`). | | `pnpm test` | โœ… pass | ~2,200 tests across 18+ test suites, all green. | | `pnpm lint` | ๐ŸŸก partial | After this audit's structural fixes: still 85 pre-existing errors in code, 96 warnings. See section P. | ## A. Lint pipeline blockers (fixed by this audit) | # | Issue | Severity | Status | Fix | | --- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | :----: | ----------- | | A1 | `packages/design-tokens/scripts/validate-tokens.cjs` โ€” 45 `no-undef` errors for `process` / `console`. Root eslint config didn't declare a Node-script env, and inline `/* eslint-env node */` is ignored by flat-config. | ๐ŸŸ  | โœ… | this commit | | A2 | `packages/design-tokens/scripts/token-coverage.cjs` โ€” same root cause: 1 unused `e` in catch. | ๐ŸŸข | โœ… | this commit | | A3 | `packages/ui/eslint.config.js` was a _complete override_ (flat config doesn't merge with the root). It declared no parser, so 38 parsing errors fired on `interface`, `import {โ€ฆ}`, and other TS syntax in `src/index.ts` and `src/components/*`. | ๐ŸŸ  | โœ… | this commit | | A4 | `packages/ui` lint also re-included `dist/**/*.d.ts` because the root's `ignores: ['dist/**']` isn't inherited by the package-local override. | ๐ŸŸก | โœ… | this commit | | A5 | `packages/ui/.storybook/preview.ts` not covered by any TS-parser block. | ๐ŸŸก | โœ… | this commit | | A6 | `packages/feedback-client/src/index.ts` โ€” 2 `no-undef` for browser globals `XMLHttpRequest` / `ProgressEvent` (not in root globals list). | ๐ŸŸข | โœ… | this commit | | A7 | `packages/feedback-client/src/index.ts` โ€” `preserve-caught-error` violation in `captureScreen()` (re-throwing without `cause`). | ๐ŸŸก | โœ… | this commit | | A8 | `packages/feedback-client/src/index.ts` โ€” `captureElement()` declares unused params `mimeType`, `quality`. Renamed with `_` prefix and documented why. | ๐ŸŸข | โœ… | this commit | | A9 | `packages/logger/src/__tests__/logger.test.ts` โ€” unused type import `LoggerConfig`. | ๐ŸŸข | โœ… | this commit | | A10 | `services/extraction-service/src/lib/circuit-breaker.test.ts` โ€” unused vitest import `afterEach`. | ๐ŸŸข | โœ… | this commit | | A11 | `services/extraction-service/src/modules/extract/sidecar-monitor.test.ts` โ€” unused type import `HealthCheck`. | ๐ŸŸข | โœ… | this commit | | A12 | `services/extraction-service/src/modules/extract/usage.test.ts` โ€” unused vitest import `beforeEach`. | ๐ŸŸข | โœ… | this commit | | A13 | `dashboards/tracker-web/src/__tests__/tracker-proxy.test.ts` โ€” unused local `url` (renamed to `_url`). | ๐ŸŸข | โœ… | this commit | These all matter because `pnpm -r exec eslint` bails on the first package failure, so the 45-error design-tokens issue was hiding everything below it. Now the pipeline runs to completion and **surfaces the real lint debt** (next section). ## P. Pre-existing lint debt now visible After section A's structural unblocks the workspace-wide lint reports: ``` โœ– 181 problems (85 errors, 96 warnings) ``` Errors break down by rule (top 4): | Rule | Count | Notes | | ----------------------------------- | ----: | ------------------------------------------------------------------ | | `@typescript-eslint/no-unused-vars` | 67 | Mostly unused imports / unused destructured params in tests + code | | `prefer-const` | 7 | `let` declarations never reassigned | | `no-redeclare` | 7 | Likely identifiers shadowing globals / re-imports | | `no-useless-escape` | 4 | Regex / string escapes that are no-ops | All of these are autofixable for the most part (`pnpm lint:fix`) **except** where renaming an unused var changes a public API surface. They span multiple packages I don't have working knowledge of (auth, llm, cosmos, billing-service, tracker-service, growth-service, etc.). I'm not fixing them blind in this pass โ€” each one is a one-liner but a wrong rename can break a downstream consumer. **Recommendation**: a follow-up sweep where the package owner runs `pnpm --filter lint:fix`, eyeballs the diff, and commits per package. Should be 6โ€“10 small commits. ## W. Pre-existing lint warnings (96) Mostly `no-console` in CLI tools (`create-app`, `keyvault`, `sidecar-monitor`, `generate.ts`, `roadmap/page.tsx`) and one `no-explicit-any` in `api-client`. These are intentional in CLI scripts (we already disabled `no-console` for `**/scripts/**` in this audit's eslint config change), and the rest are case-by- case judgment calls. Not blocking. ## R. Repo-state observations (not fixed) | # | Observation | Severity | Status | | --- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :------: | :----------------: | | R1 | Working tree had 3 uncommitted edits when the audit started: `docker-compose.ecosystem.yml` (removes `nomgap-web` from Docker), `products/nomgap/product.json` (replaces flag set + adds containers), `services/platform-service/src/modules/flags/seed.ts` (+14 lines of flags). These look like an in-progress nomgap-on-Vercel migration. **Not touched** โ€” out of audit scope and missing context. | โ€” | โฌœ | | R2 | Local `main` was 17 commits behind `origin/main` at the start of the session. Backup branch `backup/main-20260504-062733` was taken from `origin/main` (the source of truth) โ€” local stale main was _not_ backed up. | ๐ŸŸข | โœ… (backup exists) | | R3 | `.npmrc` references `${GITEA_NPM_TOKEN}` โ€” pnpm prints a noisy WARN if the env var is unset. Cosmetic; the install still resolves the public packages it can. | ๐ŸŸข | โฌœ | | R4 | `pnpm install -r` reports 4 missing peer warnings for `@azure/core-client@^1.10.0`. Adding it as an explicit dep on the two services that use `@azure/cosmos` would silence the warning. | ๐ŸŸข | โฌœ | --- ## Ordering of fixes 1. **Section A** (this commit) โ€” structural unblocks so `pnpm lint` runs end-to-end again. 2. **Section P** โ€” per-package `lint:fix` sweeps owned by each package's maintainer. Each package = one commit. ~6โ€“10 commits. 3. **Section W** โ€” case-by-case `no-console` review (defer; warnings only). 4. **Section R** โ€” chore-level housekeeping (peer deps, .npmrc).