Fix Codacy linting issues and resolve flaky http test infrastructure bug

Signed-off-by: Steve Springett <steve@springett.us>

Author: stevespringett

backend/src/db/connection.ts

@@ -3,7 +3,7 @@ import { KyselyPGlite } from 'kysely-pglite';
 import { Pool } from 'pg';
 import fs from 'node:fs';
 import { getConfig } from '../config/index.js';
-import { Database } from './types.js';
+import type { Database } from './types.js';
 import { logger } from '../utils/logger.js';
 
 let db: Kysely<Database> | null = null;

backend/src/db/migrate.ts

@@ -815,12 +815,14 @@ export async function runMigrations(): Promise<void> {
   for (const statement of statements) {
     if (statement.trim()) {
       try {
+        // biome-ignore lint/suspicious/noExplicitAny: Kysely executeQuery requires CompiledQuery but we build raw SQL
         await db.executeQuery({
-          sql: statement + ';',
+          sql: `${statement};`,
           parameters: [],
         } as any);
-      } catch (error: any) {
-        const msg = error?.message || '';
+      } catch (error: unknown) {
+        const errorMessage = (error as Record<string, unknown> | null)?.message || '';
+        const msg = typeof errorMessage === 'string' ? errorMessage : '';
         // Ignore "already exists" errors from CREATE INDEX / ALTER TABLE
         if (msg.includes('already exists')) {
           continue;

backend/src/events/channels/email.ts

@@ -101,7 +101,7 @@ export class EmailChannel implements NotificationChannel {
 
     // Validate required fields
     const required: (keyof SmtpConfig)[] = ['SMTP_HOST', 'SMTP_PORT', 'SMTP_FROM'];
-    const missing = required.filter((key) => !this.config![key]);
+    const missing = required.filter((key) => !this.config?.[key]);
     if (missing.length > 0) {
       throw new Error(
         `SMTP_ENABLED is true but required configuration is missing: ${missing.join(', ')}`,
@@ -337,7 +337,7 @@ export class EmailChannel implements NotificationChannel {
       if (!message) return;
 
       await this.transporter.sendMail({
-        from: this.config!.SMTP_FROM,
+        from: this.config?.SMTP_FROM || 'noreply@assessors-studio.local',
         to: message.to,
         subject: message.subject,
         text: message.text,

backend/src/events/webhook-channel.ts

@@ -299,7 +299,7 @@ export class WebhookChannel implements NotificationChannel {
 
     // Increment consecutive failures
     const newFailureCount = webhook.consecutive_failures + 1;
-    const updates: Record<string, any> = {
+    const updates: Record<string, unknown> = {
       consecutive_failures: newFailureCount,
       updated_at: new Date(),
     };
@@ -370,7 +370,7 @@ export class WebhookChannel implements NotificationChannel {
       await db
         .updateTable('webhook_delivery')
         .set({
-          attempt: (row.attempt as number) + 1,
+          attempt: typeof row.attempt === 'number' ? row.attempt + 1 : 2,
           status: 'pending',
           next_retry_at: null,
         })

backend/src/middleware/auth.ts

@@ -84,17 +84,17 @@ async function authenticateCookie(req: AuthRequest): Promise<AuthRequest['user']
   const token = req.cookies?.token;
   if (!token) return null;
 
-  let decoded: any;
+  let decoded: Record<string, unknown>;
   try {
-    decoded = jwt.verify(token, config.JWT_SECRET);
+    decoded = jwt.verify(token, config.JWT_SECRET) as Record<string, unknown>;
   } catch {
     return null;
   }
 
   const db = getDatabase();
   const session = await db
     .selectFrom('session')
-    .where('id', '=', decoded.sessionId)
+    .where('id', '=', decoded.sessionId as string)
     .where('expires_at', '>', new Date())
     .selectAll()
     .executeTakeFirst();

backend/src/middleware/camelCase.ts

@@ -34,7 +34,7 @@ function transformKeys(obj: unknown): unknown {
 export function camelCaseResponse(_req: Request, res: Response, next: NextFunction): void {
   const originalJson = res.json.bind(res);
 
-  res.json = function (body: unknown) {
+  res.json = (body: unknown) => {
     return originalJson(transformKeys(body));
   };
 

backend/src/routes/admin-notification-rules.ts

@@ -11,7 +11,8 @@ import { z } from 'zod';
 import { v4 as uuidv4 } from 'uuid';
 import { getDatabase } from '../db/connection.js';
 import { logger } from '../utils/logger.js';
-import { AuthRequest, requireAuth, requirePermission } from '../middleware/auth.js';
+import type { AuthRequest } from '../middleware/auth.js';
+import { requireAuth, requirePermission } from '../middleware/auth.js';
 import { asyncHandler, handleValidationError } from '../utils/route-helpers.js';
 
 const router = Router();
@@ -32,7 +33,7 @@ const updateRuleSchema = createRuleSchema.partial();
  * GET /admin/notification-rules
  * List all system notification rules
  */
-router.get('/', requireAuth, requirePermission('admin.notification_rules'), asyncHandler(async (req: AuthRequest, res: Response): Promise<void> => {
+router.get('/', requireAuth, requirePermission('admin.notification_rules'), asyncHandler(async (_req: AuthRequest, res: Response): Promise<void> => {
   const db = getDatabase();
   const rules = await db
     .selectFrom('notification_rule')
@@ -41,7 +42,7 @@ router.get('/', requireAuth, requirePermission('admin.notification_rules'), asyn
     .orderBy('created_at', 'desc')
     .execute();
 
-  res.json(rules);
+  res.json(rules as Record<string, unknown>[]);
 }));
 
 /**
@@ -197,7 +198,7 @@ router.put('/:id', requireAuth, requirePermission('admin.notification_rules'), a
     }
 
     // Update rule
-    const updates: Record<string, any> = {};
+    const updates: Record<string, unknown> = {};
     if (data.name) updates.name = data.name;
     if (data.channel) updates.channel = data.channel;
     if (data.eventTypes) updates.event_types = JSON.stringify(data.eventTypes);

backend/src/routes/assessors.ts

@@ -5,7 +5,8 @@ import { v4 as uuidv4 } from 'uuid';
 import { getDatabase } from '../db/connection.js';
 import { asyncHandler, handleValidationError } from '../utils/route-helpers.js';
 import { logger } from '../utils/logger.js';
-import { AuthRequest, requireAuth, requirePermission } from '../middleware/auth.js';
+import type { AuthRequest } from '../middleware/auth.js';
+import { requireAuth, requirePermission } from '../middleware/auth.js';
 
 const router = Router();
 
@@ -22,14 +23,16 @@ const updateAssessorSchema = z.object({
 });
 
 // GET / - List all assessors
-router.get('/', requireAuth, asyncHandler(async (req: AuthRequest, res: Response): Promise<void> => {
+router.get('/', requireAuth, asyncHandler(async (_req: AuthRequest, res: Response): Promise<void> => {
   const db = getDatabase();
 
   const assessors = (await db
     .selectFrom('assessor')
+    // biome-ignore lint/suspicious/noExplicitAny: Kysely cross-table join refs require type cast
     .leftJoin('entity', (join) =>
       join.onRef('entity.id' as any, '=', 'assessor.entity_id' as any)
     )
+    // biome-ignore lint/suspicious/noExplicitAny: Kysely cross-table join refs require type cast
     .leftJoin('app_user', (join) =>
       join.onRef('app_user.id' as any, '=', 'assessor.user_id' as any)
     )
@@ -46,7 +49,7 @@ router.get('/', requireAuth, asyncHandler(async (req: AuthRequest, res: Response
       'app_user.display_name as user_display_name',
     ])
     .orderBy('assessor.created_at', 'desc')
-    .execute()) as any[];
+    .execute()) as Record<string, unknown>[];
 
   res.json({ data: assessors });
 }));
@@ -57,9 +60,11 @@ router.get('/:id', requireAuth, asyncHandler(async (req: AuthRequest, res: Respo
 
   const assessor = await db
     .selectFrom('assessor')
+    // biome-ignore lint/suspicious/noExplicitAny: Kysely cross-table join refs require type cast
     .leftJoin('entity', (join) =>
       join.onRef('entity.id' as any, '=', 'assessor.entity_id' as any)
     )
+    // biome-ignore lint/suspicious/noExplicitAny: Kysely cross-table join refs require type cast
     .leftJoin('app_user', (join) =>
       join.onRef('app_user.id' as any, '=', 'assessor.user_id' as any)
     )
@@ -86,6 +91,7 @@ router.get('/:id', requireAuth, asyncHandler(async (req: AuthRequest, res: Respo
   // Get attestations by this assessor
   const attestations = (await db
     .selectFrom('attestation')
+    // biome-ignore lint/suspicious/noExplicitAny: Kysely cross-table join refs require type cast
     .leftJoin('assessment', (join) =>
       join.onRef('assessment.id' as any, '=', 'attestation.assessment_id' as any)
     )
@@ -98,7 +104,7 @@ router.get('/:id', requireAuth, asyncHandler(async (req: AuthRequest, res: Respo
       'assessment.id as assessment_id',
     ])
     .orderBy('attestation.created_at', 'desc')
-    .execute()) as any[];
+    .execute()) as Record<string, unknown>[];
 
   res.json({ ...assessor, attestations });
 }));
@@ -154,7 +160,7 @@ router.put(
         return;
       }
 
-      const updateData: any = { updated_at: new Date() };
+      const updateData: Record<string, unknown> = { updated_at: new Date() };
       if (data.thirdParty !== undefined) updateData.third_party = data.thirdParty;
       if (data.entityId !== undefined) updateData.entity_id = data.entityId;
       if (data.userId !== undefined) updateData.user_id = data.userId;

backend/src/routes/attestations.ts

@@ -4,7 +4,8 @@ import { z } from 'zod';
 import { v4 as uuidv4 } from 'uuid';
 import { getDatabase } from '../db/connection.js';
 import { logger } from '../utils/logger.js';
-import { AuthRequest, requireAuth, requirePermission } from '../middleware/auth.js';
+import type { AuthRequest } from '../middleware/auth.js';
+import { requireAuth, requirePermission } from '../middleware/auth.js';
 import { toSnakeCase } from '../middleware/camelCase.js';
 import { asyncHandler, handleValidationError } from '../utils/route-helpers.js';
 
@@ -14,7 +15,7 @@ const router = Router();
  * Check if an attestation's parent assessment is read-only.
  * Returns error message if read-only, null if mutable.
  */
-async function checkAttestationAssessmentReadOnly(db: any, assessmentId: string): Promise<string | null> {
+async function checkAttestationAssessmentReadOnly(db: ReturnType<typeof getDatabase>, assessmentId: string): Promise<string | null> {
   const assessment = await db
     .selectFrom('assessment')
     .where('id', '=', assessmentId)
@@ -70,9 +71,11 @@ router.get('/', requireAuth, asyncHandler(async (req: AuthRequest, res: Response
     .selectFrom('attestation')
     .leftJoin('assessment', 'assessment.id', 'attestation.assessment_id')
     .leftJoin('signatory', 'signatory.id', 'attestation.signatory_id')
+    // biome-ignore lint/suspicious/noExplicitAny: Kysely cross-table join refs require type cast
     .leftJoin('assessor', (join) =>
       join.onRef('assessor.id' as any, '=', 'attestation.assessor_id' as any)
     )
+    // biome-ignore lint/suspicious/noExplicitAny: Kysely cross-table join refs require type cast
     .leftJoin('entity as assessor_entity', (join) =>
       join.onRef('assessor_entity.id' as any, '=', 'assessor.entity_id' as any)
     )
@@ -92,7 +95,7 @@ router.get('/', requireAuth, asyncHandler(async (req: AuthRequest, res: Response
     ])
     .limit(limit)
     .offset(offset)
-    .execute()) as any[];
+    .execute()) as Record<string, unknown>[];
 
   res.json({
     data: attestations,
@@ -231,7 +234,7 @@ router.put(
         return;
       }
 
-      const updateData: any = {};
+      const updateData: Record<string, unknown> = {};
 
       if (data.summary !== undefined) updateData.summary = data.summary;
       if (data.signatoryId !== undefined) updateData.signatoryId = data.signatoryId;

backend/src/routes/export.ts

@@ -5,7 +5,8 @@ import PDFDocument from 'pdfkit';
 import { getDatabase } from '../db/connection.js';
 import { asyncHandler } from '../utils/route-helpers.js';
 import { logger } from '../utils/logger.js';
-import { AuthRequest, requireAuth, requirePermission } from '../middleware/auth.js';
+import type { AuthRequest } from '../middleware/auth.js';
+import { requireAuth, requirePermission } from '../middleware/auth.js';
 
 const router = Router();