fix(codemode): lint/type cleanup + ignore .claude hooks

[Jarvis-AojDevStuio]

Prudent engineering cleanup for codemode port:

• Stop eslint from scanning .claude/hooks scripts (Node CJS helpers; not package surface)
• Fix codemode TS files to avoid explicit any, satisfy curly rule, and improve runtime safety
• Make loadWorkspaceSpec merge typing explicit so type-check passes
• Add web/Node globals for fetch/TextDecoder/URLSearchParams

Verification:

• npm run lint (no errors)
• npm run type-check (pass)
• npm test (pass; includes integration + e2e)
• npm run build (pass)

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/codemode-lint-types

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[AojdevStudio]

@claude review this

[claude]

Claude finished @AojdevStudio's task in 2m 17s —— View job

---

PR Review: fix(codemode): lint/type cleanup + ignore .claude hooks

Tasks:

• Gather context and understand request
• Read changed files and analyze diff
• Provide comprehensive review feedback

---

Summary

This PR is a solid engineering cleanup. The changes correctly address ESLint/TypeScript issues introduced by the codemode port, and the auth bootstrap rewrite is a meaningful improvement. A few concerns worth calling out below.

---

eslint.config.js — Minor issue

The ignore logic has a subtle ordering risk. The global ignores block contains both .claude/** (ignores everything under .claude/) and !.claude/hooks/**/*.js (un-ignores hook files). This works in ESLint flat config, but the pattern depends on negation in a global-ignores-only config block, which is less commonly documented and could silently break if ESLint changes behavior.

A simpler and unambiguous alternative would be to only ignore .claude/settings.json or other specific non-JS files, rather than .claude/** + negation:

// Instead of:
'.claude/**',
'**/*.js',
'!jest.config.js',
'!eslint.config.js',
'!.claude/hooks/**/*.js',

// Consider:
'.claude/settings.json',
'.claude/settings.local.json',
'**/*.js',
'!jest.config.js',
'!eslint.config.js',
'!.claude/hooks/**/*.js',

The current approach works, but the negation dependency makes it fragile. Fix this →

---

index-codemode.ts — Bugs/concerns

1. as never cast is a type safety escape hatch (line 101)

auth = AuthManager.getInstance(oauthKeys as never, logger);

oauthKeys is typed as unknown (it came from (keys as { web?: unknown; installed?: unknown }).web), and AuthManager.getInstance requires OAuthKeys which has client_id, client_secret, redirect_uris. Using as never bypasses type checking entirely — if the JSON file has an unexpected structure, this silently passes the wrong shape into AuthManager and would fail at runtime with a confusing error.

The correct fix is either:

• Export the OAuthKeys interface from AuthManager.ts and validate/cast to it properly
• Or at minimum use a narrowing guard:

function isOAuthKeys(v: unknown): v is { client_id: string; client_secret: string; redirect_uris: string[] } {
  return typeof v === "object" && v !== null && "client_id" in v;
}

Fix this →

2. Redundant double-cast on keys (lines 92–95)

const keys = JSON.parse(await keysContent) as { web?: unknown; installed?: unknown };
const oauthKeys = (keys as { web?: unknown; installed?: unknown }).web ??
  (keys as { web?: unknown; installed?: unknown }).installed;

keys is already typed as { web?: unknown; installed?: unknown }, so the re-casts on lines 93–95 are noise. Drop them:

const oauthKeys = keys.web ?? keys.installed;

3. Odd keysContent pattern (lines 91–92)

const keysContent = (await import("node:fs/promises")).readFile(oauthPath, "utf8");
const keys = JSON.parse(await keysContent) as ...;

readFile returns a Promise, which is not awaited until the next line. This works but reads as though keysContent is a string. Simpler:

const raw = await (await import("node:fs/promises")).readFile(oauthPath, "utf8");
const keys = JSON.parse(raw) as { web?: unknown; installed?: unknown };

---

src/codemode/apiHost.ts — Looks good

• Record<string, unknown> and body?: unknown are correct replacements for any
• Curly braces added throughout — satisfies the curly rule cleanly
• Reformatted IIFE for JSON parsing is much more readable
• return JSON.parse(text) as unknown — the as unknown is unnecessary (JSON.parse returns any, which is directly assignable to unknown) but harmless

---

src/codemode/loadWorkspaceSpec.ts — Looks good

Extracting mergedPaths: Record<string, unknown> as a separate variable before embedding it in merged is the right approach to keep Object.assign type-safe. The const doc: unknown = YAML.load(raw) explicit annotation is also correct.

---

src/codemode/sandbox.ts — Looks good

All any → unknown replacements are appropriate. The reformatted fnRef.apply() calls are more readable with no functional change.

---

Bottom line

The auth bootstrap rewrite and ESLint config are the most substantive improvements and are both correct in intent. The main issues are:

1. as never cast — type safety hole; should be fixed before merge
2. Minor style issues in the keys parsing block — low risk but worth cleaning up

Verdict: Approve pending as never fix and minor cleanup. The try/catch wrapper ensures runtime failures won't crash the server, but a proper type guard is the right approach here.
|