# Platform โ€” Systematic Audit (cross-workspace) Date: 2026-05-04 Tooling-backed audit (with `GITEA_NPM_TOKEN` available): full `pnpm install`, typecheck, test, and lint run successfully across all 69 workspace packages (`packages/`, `services/`, `dashboards/`). Legend: ๐Ÿ”ด critical ยท ๐ŸŸ  high ยท ๐ŸŸก medium ยท ๐ŸŸข low ยท โฌœ open ยท ๐ŸŸฆ in PR ยท โœ… fixed (commit hash on the right). --- ## 0. Health snapshot | Check | Result | Notes | | ----------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | | `pnpm install -r` | โœ… pass | No warnings when `GITEA_NPM_TOKEN` is exported after sourcing `~/.zshrc`. | | `pnpm typecheck` | โœ… pass | All TS sources compile (`tsc --noEmit`). | | `pnpm test` | โœ… pass | ~2,200 tests across 18+ test suites; prior cowork `EPIPE` cleared on focused rerun, and auth bcrypt timeout reliability was fixed in `d3fbeba`. | | `pnpm lint` | โœ… pass | Workspace lint exits 0 with 0 errors / 0 warnings after `663dcde`; final baseline rechecked through `ecfdc90`. See section W. | ## A. Lint pipeline blockers (fixed by this audit) | # | Issue | Severity | Status | Fix | | --- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | :----: | ----------- | | A1 | `packages/design-tokens/scripts/validate-tokens.cjs` โ€” 45 `no-undef` errors for `process` / `console`. Root eslint config didn't declare a Node-script env, and inline `/* eslint-env node */` is ignored by flat-config. | ๐ŸŸ  | โœ… | this commit | | A2 | `packages/design-tokens/scripts/token-coverage.cjs` โ€” same root cause: 1 unused `e` in catch. | ๐ŸŸข | โœ… | this commit | | A3 | `packages/ui/eslint.config.js` was a _complete override_ (flat config doesn't merge with the root). It declared no parser, so 38 parsing errors fired on `interface`, `import {โ€ฆ}`, and other TS syntax in `src/index.ts` and `src/components/*`. | ๐ŸŸ  | โœ… | this commit | | A4 | `packages/ui` lint also re-included `dist/**/*.d.ts` because the root's `ignores: ['dist/**']` isn't inherited by the package-local override. | ๐ŸŸก | โœ… | this commit | | A5 | `packages/ui/.storybook/preview.ts` not covered by any TS-parser block. | ๐ŸŸก | โœ… | this commit | | A6 | `packages/feedback-client/src/index.ts` โ€” 2 `no-undef` for browser globals `XMLHttpRequest` / `ProgressEvent` (not in root globals list). | ๐ŸŸข | โœ… | this commit | | A7 | `packages/feedback-client/src/index.ts` โ€” `preserve-caught-error` violation in `captureScreen()` (re-throwing without `cause`). | ๐ŸŸก | โœ… | this commit | | A8 | `packages/feedback-client/src/index.ts` โ€” `captureElement()` declares unused params `mimeType`, `quality`. Renamed with `_` prefix and documented why. | ๐ŸŸข | โœ… | this commit | | A9 | `packages/logger/src/__tests__/logger.test.ts` โ€” unused type import `LoggerConfig`. | ๐ŸŸข | โœ… | this commit | | A10 | `services/extraction-service/src/lib/circuit-breaker.test.ts` โ€” unused vitest import `afterEach`. | ๐ŸŸข | โœ… | this commit | | A11 | `services/extraction-service/src/modules/extract/sidecar-monitor.test.ts` โ€” unused type import `HealthCheck`. | ๐ŸŸข | โœ… | this commit | | A12 | `services/extraction-service/src/modules/extract/usage.test.ts` โ€” unused vitest import `beforeEach`. | ๐ŸŸข | โœ… | this commit | | A13 | `dashboards/tracker-web/src/__tests__/tracker-proxy.test.ts` โ€” unused local `url` (renamed to `_url`). | ๐ŸŸข | โœ… | this commit | These all matter because `pnpm -r exec eslint` bails on the first package failure, so the 45-error design-tokens issue was hiding everything below it. Now the pipeline runs to completion and the current workspace has **0 lint errors**. ## P. Pre-existing lint debt cleared Current workspace-wide lint reports no errors: ``` 0 errors ``` The stale handoff note expected 85 pre-existing errors, but a live rerun on 2026-05-04 found none. No P-sweep package commits were needed in this session. ## W. Pre-existing lint warnings Workspace lint now reports **0 errors / 0 warnings**. Intentional CLI, generator, diagnostic-capture, and development-monitor console surfaces were documented with narrow lint policy; platform-service runtime console usage was replaced with structured stderr diagnostics. Follow-up package sweeps on 2026-05-04: - `db4257f` cleared admin feedback page React warnings. - `021f053` typed predictive campaign event dispatch. - `04d2398` cleared tracker-web roadmap console warnings and removed the stale CommonJS ESLint config in favor of the existing `eslint.config.mjs`. - `5fb4921` documented the two intentional `@bytelyst/broadcast-client` deep-link diagnostics with narrow lint justifications. - `1089597` cleared the remaining admin-web React hook/image/unused-symbol warnings. - `5b0fbc2` documented intentional `@bytelyst/config` Key Vault startup diagnostics with narrow lint justifications. - `e9a70ed` documented intentional `@lysnrai/monitoring` health-check CLI output with a file-level lint justification. - `433c3a5` documented intentional `@bytelyst/create-app` generator output and design-token generation output with narrow file-level lint justifications. - `91e08bf` documented intentional `@bytelyst/diagnostics-client` console capture with a narrow lint justification. - `9cd7089` documented development-only extraction sidecar health alerts with a narrow lint justification. - `2c9dc18` documented platform-service script/codegen output with file-level lint policy and replaced the remaining migration-script `any` with `unknown` narrowing. The migration script keeps a TODO because `--help` still imports service config eagerly and requires platform env vars. - `663dcde` replaced platform-service runtime console diagnostics in push notifications, AI diagnostics, and diagnostics repository/auto-trigger code with structured stderr helpers. Final warning-sweep verification reran platform-service build/test/lint and workspace lint; all pass. Workspace lint is now **0 errors** with **0 warnings**. ## R. Repo-state observations (not fixed) | # | Observation | Severity | Status | | --- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: | :----------------: | | R1 | Working tree had 3 uncommitted edits when the audit started: `docker-compose.ecosystem.yml`, `products/nomgap/product.json`, and `services/platform-service/src/modules/flags/seed.ts`. These were finalized separately in `b440330` (`chore(nomgap): finalize product deployment config`). Current working tree is clean after `ecfdc90`; `pnpm-lock.yaml` is also clean and was not committed in warning-sweep work. | โ€” | โœ… | | R2 | Local `main` was 17 commits behind `origin/main` at the start of the session. Backup branch `backup/main-20260504-062733` was taken from `origin/main` (the source of truth) โ€” local stale main was _not_ backed up. | ๐ŸŸข | โœ… (backup exists) | | R3 | `.npmrc` references `${GITEA_NPM_TOKEN}`. On this machine `~/.zshrc` defines the token but does not export it, so use `source ~/.zshrc && export GITEA_NPM_TOKEN` before `pnpm`; this silences the WARN. | ๐ŸŸข | โœ… documented | | R4 | Earlier `pnpm install -r` reported peer warnings for `@azure/core-client@^1.10.0`. A live rerun with the token exported reported no peer warnings. | ๐ŸŸข | โœ… verified | --- ## Ordering of fixes 1. **Section A** (this commit) โ€” structural unblocks so `pnpm lint` runs end-to-end again. 2. **Section P** โ€” no current lint errors; no package sweeps needed. 3. **Section W** โ€” warning review complete; workspace lint holds at 0 errors / 0 warnings. 4. **Section R** โ€” housekeeping verified/documented. 5. **Auth test reliability** โ€” bcrypt timeout fixed in `d3fbeba` and audit handoff recorded in `ecfdc90`.