chore: gate lint warnings in CI, clear the existing pile#1147
Merged
Conversation
🦋 Changeset detectedLatest commit: 8ab9f62 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
PR template validation failedPlease fix the following issues by editing your PR description:
See CONTRIBUTING.md for the full contribution policy. |
github-actions
Bot
added
area/admin
area/auth
area/ci
area/cloudflare
area/core
size/L
labels
Contributor
Scope checkThis PR touches 100 files. PRs with a broad scope are harder to review. Please confirm the scope hasn't drifted beyond the intended change. If this scope is intentional, no action needed. A maintainer will review it. If not, please consider splitting this into smaller PRs. See CONTRIBUTING.md for contribution guidelines. |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
emdash-perf-coordinator | 8ab9f62 | May 22 2026, 03:17 PM |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
emdash-i18n | 8ab9f62 | May 22 2026, 03:18 PM |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
emdash-playground | 8ab9f62 | May 22 2026, 03:19 PM |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
docs | 8ab9f62 | May 22 2026, 03:18 PM |
@emdash-cms/admin
@emdash-cms/auth
@emdash-cms/blocks
@emdash-cms/cloudflare
emdash
create-emdash
@emdash-cms/gutenberg-to-portable-text
@emdash-cms/x402
@emdash-cms/plugin-ai-moderation
@emdash-cms/plugin-atproto
@emdash-cms/plugin-audit-log
@emdash-cms/plugin-color
@emdash-cms/plugin-embeds
@emdash-cms/plugin-forms
@emdash-cms/plugin-webhook-notifier
commit: |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
emdash-demo-cache | 8ab9f62 | May 22 2026, 03:19 PM |
- Replace untyped `as T` casts in bridge dispatch with predicate-backed `require*`/`optional*` helpers - Introduce `asContentDb()` for dynamic ec_* tables (single justified narrowing) - Drop unnecessary `as keyof Database` casts for tables already in the static schema - Validate marshaled RequestInit at the http/fetch boundary - Typed HttpError class in backing-service for status-bearing errors - getPluginStorageConfig now returns the real PluginStorageConfig shape - WorkerdSandboxedPlugin implements SandboxedPluginInstance (the previous SandboxedPlugin symbol did not exist) - Add typecheck script so the package participates in pnpm typecheck No runtime behaviour changes.
Upgrade oxlint (1.49 -> 1.66) and oxlint-tsgolint (0.15 -> 0.23). The newer oxlint renamed the unused unicorn/prevent-abbreviations rule and switched the canonical typescript-eslint plugin name to typescript, which changes how inline disable comments are written. Mechanical rename: `typescript-eslint(rule-name)` -> `typescript/rule-name` in all eslint-disable comments. Without this, ~120 disable comments stopped suppressing the rules they were meant to. Also drops unicorn/prevent-abbreviations from .oxlintrc.json (no longer a valid rule).
Contributor
There was a problem hiding this comment.
Pull request overview
This PR tightens the repo’s linting posture by upgrading oxlint, fixing the existing warning/error backlog (notably in packages/workerd), and gating CI so new lint warnings fail builds going forward.
Changes:
- Upgrade
oxlint/oxlint-tsgolint, update inline disable-comment formats, and adjust repo-level oxlint rules. - Clean up type-safety and lint issues across core/workerd/plugin-cli and other packages (predicate-backed narrowing, fewer unsafe casts, minor refactors).
- Change CI to run
pnpm lint(now--deny-warnings) to prevent warning regressions.
Reviewed changes
Copilot reviewed 120 out of 121 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| pnpm-lock.yaml | Updates lockfile to reflect oxlint/tsgolint upgrades. |
| package.json | Adds --deny-warnings to pnpm lint; bumps oxlint deps. |
| .github/workflows/ci.yml | Switches CI lint step to pnpm lint (now warning-gated). |
| .oxlintrc.json | Adjusts oxlint rules/disabled rules for new versions. |
| lunaria.config.ts | Updates oxlint disable comment format. |
| packages/workerd/package.json | Adds typecheck script so workerd participates in typecheck. |
| packages/workerd/tsconfig.json | Sets rootDir and normalizes outDir. |
| packages/workerd/src/sandbox/runner.ts | Adds token-claim validation helpers; tightens response parsing; fixes interface implementation. |
| packages/workerd/src/sandbox/dev-runner.ts | Adds record guard; widens Miniflare fetch boundary; tightens response JSON handling. |
| packages/workerd/src/sandbox/bridge-handler.ts | Major type-safety refactor: predicate-backed require* helpers and typed content DB “lens”. |
| packages/workerd/src/sandbox/backing-service.ts | Introduces typed HttpError; validates request chunks/body shape; removes ad-hoc statusCode mutation. |
| packages/plugin-cli/src/build/pipeline.ts | Replaces unsafe casts with predicate narrowing when probing plugin default export. |
| packages/registry-client/src/credentials/index.ts | Removes unused import (keeps re-export). |
| packages/marketplace/src/workflows/audit.ts | Updates oxlint disable comment format. |
| packages/marketplace/src/routes/themes.ts | Updates oxlint disable comment format. |
| packages/marketplace/src/routes/public.ts | Updates oxlint disable comment format. |
| packages/marketplace/src/routes/dev.ts | Updates oxlint disable comment format. |
| packages/marketplace/src/routes/author.ts | Updates oxlint disable comment format. |
| packages/core/tsdown.config.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/middleware.ts | Refactors virtual-module casts; adds a block disable (needs rule-id consistency). |
| packages/core/src/astro/middleware/request-context.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/middleware/auth.ts | Removes unnecessary non-null assertions; minor refactors. |
| packages/core/src/astro/integration/vite-config.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/integration/runtime.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/integration/index.ts | Removes unused type import. |
| packages/core/src/astro/routes/api/sections/index.ts | Removes redundant emdash! non-null assertion. |
| packages/core/src/astro/routes/api/sections/[slug].ts | Removes redundant emdash! non-null assertions. |
| packages/core/src/astro/routes/api/schema/index.ts | Removes redundant emdash! non-null assertion. |
| packages/core/src/astro/routes/api/schema/orphans/index.ts | Removes redundant emdash! non-null assertion. |
| packages/core/src/astro/routes/api/schema/orphans/[slug].ts | Removes redundant emdash! non-null assertion. |
| packages/core/src/astro/routes/api/schema/collections/index.ts | Removes emdash!; updates disable comment format. |
| packages/core/src/astro/routes/api/schema/collections/[slug]/index.ts | Removes emdash!; updates disable comment format; cache invalidation uses narrowed emdash. |
| packages/core/src/astro/routes/api/schema/collections/[slug]/fields/index.ts | Removes emdash!; minor formatting refactor. |
| packages/core/src/astro/routes/api/schema/collections/[slug]/fields/reorder.ts | Removes redundant emdash! non-null assertion. |
| packages/core/src/astro/routes/api/schema/collections/[slug]/fields/[fieldSlug].ts | Removes emdash!; updates disable comment format. |
| packages/core/src/astro/routes/api/redirects/index.ts | Removes redundant emdash! non-null assertion. |
| packages/core/src/astro/routes/api/redirects/[id].ts | Removes redundant emdash! non-null assertion. |
| packages/core/src/astro/routes/api/redirects/404s/index.ts | Removes redundant emdash! non-null assertions. |
| packages/core/src/astro/routes/api/redirects/404s/summary.ts | Removes redundant emdash! non-null assertion. |
| packages/core/src/astro/routes/api/media/upload-url.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/import/wordpress/prepare.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/import/wordpress/execute.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/import/wordpress/rewrite-urls.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/import/wordpress-plugin/execute.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id].ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id]/publish.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id]/unpublish.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id]/restore.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id]/duplicate.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id]/discard-draft.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id]/schedule.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id]/translations.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/content/[collection]/[id]/terms/[taxonomy].ts | Removes emdash!; updates disable comment format. |
| packages/core/src/astro/routes/api/auth/oauth/[provider].ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/auth/oauth/[provider]/callback.ts | Updates oxlint disable comment format. |
| packages/core/src/astro/routes/api/admin/themes/marketplace/index.ts | Updates oxlint disable comment format. |
| packages/core/src/api/openapi/document.ts | Updates oxlint disable comment format. |
| packages/core/src/api/handlers/oauth-clients.ts | Updates oxlint disable comment format. |
| packages/core/src/auth/rate-limit.ts | Updates oxlint disable comment format. |
| packages/core/src/auth/trusted-proxy.ts | Updates oxlint disable comment format. |
| packages/core/src/client/index.ts | Removes unused type import. |
| packages/core/src/components/InlinePortableTextEditor.tsx | Updates oxlint disable comment format. |
| packages/core/src/config/secrets.ts | Updates oxlint disable comment format. |
| packages/core/src/database/migrations/006_taxonomy_defs.ts | Updates oxlint disable comment format. |
| packages/core/src/database/migrations/014_draft_revisions.ts | Updates oxlint disable comment format. |
| packages/core/src/database/repositories/audit.ts | Updates oxlint disable comment format. |
| packages/core/src/database/repositories/media.ts | Updates oxlint disable comment format. |
| packages/core/src/database/repositories/menu.ts | Updates oxlint disable comment format. |
| packages/core/src/database/repositories/options.ts | Updates oxlint disable comment format. |
| packages/core/src/database/repositories/plugin-storage.ts | Updates oxlint disable comment format. |
| packages/core/src/emdash-runtime.ts | Removes unnecessary casts; mutates configuredPlugins safely; adds/updates lint disables (some rule-id mismatches). |
| packages/core/src/i18n/config.ts | Updates oxlint disable comment format. |
| packages/core/src/loader.ts | Updates oxlint disable comment format. |
| packages/core/src/mcp/server.ts | Updates oxlint disable comment format. |
| packages/core/src/page/absolute-url.ts | Fixes eslint-disable rule id for no-control-regex. |
| packages/core/src/plugins/email-console.ts | Updates oxlint disable comment format. |
| packages/core/src/plugins/marketplace.ts | Updates oxlint disable comment format. |
| packages/core/src/request-cache.ts | Updates oxlint disable comment format. |
| packages/core/src/request-context.ts | Updates oxlint disable comment format. |
| packages/core/src/settings/index.ts | Updates oxlint disable comment format. |
| packages/core/src/storage/local.ts | Updates oxlint disable comment format. |
| packages/core/src/storage/s3.ts | Updates oxlint disable comment format. |
| packages/core/src/widgets/index.ts | Updates oxlint disable comment format. |
| packages/core/tests/utils/mcp-runtime.ts | Updates oxlint disable comment format. |
| packages/core/tests/unit/runtime/manifest-build.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/unit/import/wxr-taxonomies.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/unit/import/wp-prepare-invalidate.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/unit/import/ssrf.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/unit/astro/signup-rate-limit.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/unit/astro/middleware-redirect.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/unit/astro/content-routes-authz.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/integration/mcp/validation.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/integration/mcp/drafts.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/integration/auth/rate-limit.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/integration/astro/setup-site-url-lock.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/integration/astro/setup-admin-nonce.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/integration/astro/setup-admin-nonce-success.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/integration/astro/media-upload-widening.test.ts | Updates oxlint disable comment format. |
| packages/core/tests/integration/astro/comments-rate-limit.test.ts | Updates oxlint disable comment format. |
| packages/cloudflare/tests/sandbox/bridge-http.test.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/db/d1.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/db/d1-introspector.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/db/do.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/db/do-class.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/db/do-dialect.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/db/do-preview.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/db/playground-middleware.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/media/images-runtime.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/media/stream-runtime.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/plugins/vectorize-search.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/sandbox/bridge.ts | Minor cleanup + keep suppression (needs rule-id consistency). |
| packages/cloudflare/src/sandbox/runner.ts | Updates oxlint disable comment format. |
| packages/cloudflare/src/storage/r2.ts | Updates oxlint disable comment format. |
| packages/auth/src/adapters/kysely.ts | Updates oxlint disable comment format. |
| packages/auth/src/rbac.ts | Updates oxlint disable comment format. |
| packages/admin/src/components/Sidebar.tsx | Updates oxlint disable comment format. |
| packages/admin/src/lib/api/import.ts | Updates oxlint disable comment format. |
| packages/contentful-to-portable-text/tsconfig.json | Adjusts tsconfig rootDir setting for tsgo behavior. |
| apps/aggregator/src/index.ts | Updates oxlint disable comment format. |
| apps/aggregator/src/routes/xrpc/views.ts | Updates oxlint disable comment format. |
| .changeset/workerd-typed-bridge.md | Adds changeset describing workerd sandbox lint/typecheck cleanup. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
Comments suppressed due to low confidence (3)
packages/core/src/emdash-runtime.ts:810
- These
eslint-disable-next-linecomments still referencetypescript-eslint/no-unsafe-type-assertion, which won’t match the configured oxlint rule namespace (typescript/no-unsafe-type-assertion). This can break the intended suppression and cause CI lint failures with--deny-warnings. Rename the rule id in the disable comments totypescript/no-unsafe-type-assertion.
packages/core/src/emdash-runtime.ts:1390 - This
eslint-disable-next-lineusestypescript-eslint/no-unsafe-type-assertion, but oxlint rules are configured under thetypescript/…namespace. If the old namespace no longer maps to the rule, the cast on the next line will produce a warning and fail CI under--deny-warnings. Rename totypescript/no-unsafe-type-assertion(or make disables consistent with .oxlintrc.json).
packages/core/src/emdash-runtime.ts:1429 - The disable comment still references
typescript-eslint/no-unsafe-type-assertion, which likely won’t match the configured oxlint rule id (typescript/no-unsafe-type-assertion). Under--deny-warnings, this can break CI. Update the disable to use thetypescript/…namespace to ensure it applies.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+748
to
753
| // Sandbox-bypass cleanup: the plugin context isn't constructable | ||
| // here (no DB binding, no media, etc.), but well-behaved | ||
| // deactivate hooks should be no-op safe. If a hook does require | ||
| // ctx, it throws and the surrounding catch logs it. | ||
| // eslint-disable-next-line typescript-eslint/no-unsafe-type-assertion -- best-effort cleanup; see comment above | ||
| await handler({ pluginId }, {} as never); |
Comment on lines
115
to
+122
| function buildDependencies(config: EmDashConfig): RuntimeDependencies { | ||
| /* eslint-disable typescript-eslint/no-unsafe-type-assertion -- | ||
| The virtual:emdash/* imports above use @ts-ignore because tsgo/IDE | ||
| resolution can't see virtual-modules.d.ts in every consumer setup, | ||
| so they arrive as `any`. The casts here line each entry up with | ||
| RuntimeDependencies's expected shape. The contract is enforced by | ||
| the integration that populates these virtual modules. */ | ||
| const sandboxModule = virtualSandboxRunnerModule as Record<string, unknown>; |
Comment on lines
233
to
+236
| const workerName = pluginId.replace(SAFE_ID_RE, "_"); | ||
| const worker = await this.mf.getWorker(workerName); | ||
| return worker.fetch(url, init); | ||
| // eslint-disable-next-line typescript-eslint/no-unsafe-type-assertion -- miniflare's Response_2 / RequestInit_2 are structurally compatible with the global types we use here. See JSDoc above. | ||
| return worker.fetch(url, init as never) as unknown as Response; |
Comment on lines
321
to
323
| const hooks = isRecord(definition.hooks) ? definition.hooks : undefined; | ||
| const routes = isRecord(definition.routes) ? definition.routes : undefined; | ||
|
|
Comment on lines
133
to
+139
| const raw = Buffer.concat(chunks).toString(); | ||
| return raw ? (JSON.parse(raw) as Record<string, unknown>) : {}; | ||
| if (!raw) return {}; | ||
| const parsed: unknown = JSON.parse(raw); | ||
| if (!isJsonObject(parsed)) { | ||
| throw new HttpError("Request body must be a JSON object", 400); | ||
| } | ||
| return parsed; |
Comment on lines
+54
to
+56
| function asContentDb(db: Kysely<Database>): Kysely<ContentSchema> { | ||
| // eslint-disable-next-line typescript-eslint/no-unsafe-type-assertion -- ec_* content tables are created at runtime by SchemaRegistry and cannot be expressed in the static Database interface. ContentSchema is a structural view of any ec_* table. | ||
| return db as unknown as Kysely<ContentSchema>; |
| dialect: new D1Dialect({ database: this.env.DB }), | ||
| }); | ||
| // eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- Kysely<unknown> is compatible with PluginStorageRepository's expected db | ||
| // eslint-disable-next-line typescript-eslint/no-unsafe-type-assertion -- Kysely<unknown> is compatible with PluginStorageRepository's expected db |
`pnpm lint` now passes `--deny-warnings` to oxlint, so any warning is a non-zero exit. CI inherits this through the existing lint job. The blocker was the existing pile of warnings, so this commit also clears them: - `packages/core/src/astro/middleware.ts`: collapse duplicated `virtualSandboxRunnerModule as Record<...>` casts behind one local binding inside a block-form disable, and convert the remaining parenthesis-form disables that newer oxlint stopped recognising. - `packages/core/src/astro/middleware/auth.ts` and 14 API route files: drop unnecessary `emdash!` non-null assertions; the preceding `requireDb(emdash?.db)` guard already narrows. - `packages/core/src/emdash-runtime.ts`: drop unnecessary `as ResolvedPlugin[]` and `emdash!` casts; annotate the two remaining trusted dynamic-import sites with a single disable line. - `packages/plugin-cli/src/build/pipeline.ts`: replace the chain of `as Record<string, unknown>` casts with `isRecord` / `isStringArray` predicate narrowing. - `packages/cloudflare/src/sandbox/bridge.ts`: drop the `this.env.DB as D1Database` cast (already that type). - `packages/core/src/client/index.ts`, `packages/core/src/astro/integration/index.ts`, `packages/registry-client/src/credentials/index.ts`: remove three unused imports. Newer oxlint flagged config-level issues too: - `packages/workerd/tsconfig.json`: add explicit `rootDir`. - `packages/contentful-to-portable-text/tsconfig.json`: drop the `rootDir` that excluded `test/**/*` from `include`. - `packages/core/src/page/absolute-url.ts`: fix the disable comment rule name so `no-control-regex` is suppressed (the regex intentionally matches control chars). - `lunaria.config.ts`: convert block-form disable to next-line form with the new rule path. Finally, four newer rules are disabled at the repo level: `no-underscore-dangle` (Portable Text uses `_type`/`_key` by spec), `typescript/consistent-return`, `typescript/no-unnecessary-type-conversion`, `typescript/no-unnecessary-type-parameters`, and `typescript/no-useless-default-assignment` (the rule errors out under `strict: false`, which the test plugins use deliberately). These can be re-enabled in follow-up PRs once their hits are triaged.
ascorbic
force-pushed
the
chore/lint-cleanup-and-gate
branch
from
ae9ad53 to
17b2264
Compare
The HttpError class introduced in the previous commit covers size and chunk-type errors, but JSON.parse() can still throw SyntaxError, which the bridge catch block treats as a 500. A malformed body from a plugin is a client-level error and should be 400. Caught by adversarial review on #1147.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Makes
pnpm lintexit non-zero on any warning so warnings cannot regress, then clears the existing pile (89 warnings, 15 pre-existing tsgo errors).Three commits, stacked:
fix(workerd): clear all lint warnings and tsgo errors— thepackages/workerdpackage shipped with 57 lint warnings and a missingtypecheckscript that hid 15 type errors. Predicate-backed validation helpers replace theas Tcasts in the bridge dispatch, dynamicec_*tables are addressed via a single typedasContentDb()helper, andWorkerdSandboxedPluginnow implements the right interface (SandboxedPluginInstance, not the non-existentSandboxedPlugin). Adds atypecheckscript so the package participates inpnpm typecheck. No runtime behaviour changes.chore: bump oxlint and update disable-comment format— upgradesoxlint1.49 → 1.66 andoxlint-tsgolint0.15 → 0.23. Newer oxlint renamed thetypescript-eslintplugin totypescript, which silently invalidated ~120 inlineeslint-disable-next-line typescript-eslint(rule-name)comments. Mechanical rename totypescript/rule-nameacross 91 source files. Also drops the no-longer-extantunicorn/prevent-abbreviationsfrom.oxlintrc.json. This bump also fixed the non-deterministic flake AGENTS.md mentioned (pnpm lintreturning 56/56/56/97/56).ci: gate lint warnings so they cannot regress— adds--deny-warningsto thepnpm lintscript and clears the remaining 32 warnings newer oxlint surfaced. Highlights:emdash!non-null assertions (the precedingrequireDb(emdash?.db)guard already narrows).packages/core/src/astro/middleware.ts: collapse duplicated virtual-module casts behind one local binding inside a block-form disable.rootDirmismatches caught by newer tsgo), and ano-control-regexdisable comment whose rule code was stale.no-underscore-dangle(Portable Text uses_type/_keyby spec),typescript/consistent-return,typescript/no-unnecessary-type-conversion,typescript/no-unnecessary-type-parameters,typescript/no-useless-default-assignment(degrades to an error on configs withoutstrictNullChecks, which the test plugins use deliberately). Each can be re-enabled in follow-up PRs once their hits are triaged.End state: 0 lint warnings across five consecutive runs (no more flake), 0 tsgo errors in
packages/workerd,pnpm lintexits non-zero on any new warning.The
plugin-cli/src/build/pipeline.tscleanup that was in an earlier version of this PR landed independently as #1145 (Zod-based validation, better than what I had here).Type of change
Checklist
pnpm typecheckpassespnpm lintpassespnpm testpasses (workerd: 73/73)pnpm formathas been runAI-generated code disclosure