You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Evidence: electron/mcp/coordinator.ts:1626-1708, especially timeout path around 1685-1699; electron/mcp/replay-cache.ts.
Fix direction: use one complete(result) path for timer cleanup, replay-cache write, resolver removal, active-wait handling, and promise resolution.
Tests: add retry-after-timeout coverage for the same requestId.
Finding 2: store import cycles break lint:arch.
Evidence: npm run lint:arch reports 7 cycles across src/store/projects.ts, tasks.ts, focus.ts, navigation.ts, persistence.ts, and terminals.ts.
Fix direction: extract pure selectors/helpers so store modules flow one way.
Finding 3: CI skips major repo gates.
Evidence: .github/workflows/ci.yml runs typecheck/lint/format only; Electron code is mostly compiled by npm run compile.
Fix direction: run npm run check and npm test in CI; add npm run check:static after current failures are fixed.
Finding 7: Knip reports verified dead files, exports, types, dependency, and config drift.
Evidence: npm run lint:dead reports stale entry points, unused files, unused exports/types, unused @types/dompurify, and unlisted binaries.
Fix direction: update Knip entries, remove verified dead code/dependency, and keep the gate green.
Finding 38: OpenSpec validation is red and completed changes remain active.
Evidence: npx --no-install openspec spec validate custom-themes --strict fails with requirements.4.text: Requirement must contain SHALL or MUST keyword; npx --no-install openspec change validate custom-themes --strict fails because the change has no delta specs.
Fix direction: fix custom-theme spec structure, add/remove the dangling change, and archive completed changes.
Finding 41: npm config and security-rule script are noisy/brittle.
Evidence: .npmrc emits npm warnings; npm run test:security-rules fails with spawnSync semgrep ENOENT when semgrep is missing.
Fix direction: normalize/remove .npmrc; add a friendly semgrep preflight or install semgrep in CI.
Derived from the local audit report
CODE_QUALITY_FINDINGS.mdcreated on 2026-05-30.Scope
This issue tracks the highest-priority correctness and quality-gate failures found during the audit.
Findings
wait_for_signal_donetimeout bypasses replay cache.electron/mcp/coordinator.ts:1626-1708, especially timeout path around1685-1699;electron/mcp/replay-cache.ts.complete(result)path for timer cleanup, replay-cache write, resolver removal, active-wait handling, and promise resolution.requestId.lint:arch.npm run lint:archreports 7 cycles acrosssrc/store/projects.ts,tasks.ts,focus.ts,navigation.ts,persistence.ts, andterminals.ts..github/workflows/ci.ymlruns typecheck/lint/format only; Electron code is mostly compiled bynpm run compile.npm run checkandnpm testin CI; addnpm run check:staticafter current failures are fixed.npm run lint:deadreports stale entry points, unused files, unused exports/types, unused@types/dompurify, and unlisted binaries.npx --no-install openspec spec validate custom-themes --strictfails withrequirements.4.text: Requirement must contain SHALL or MUST keyword;npx --no-install openspec change validate custom-themes --strictfails because the change has no delta specs..npmrcemits npm warnings;npm run test:security-rulesfails withspawnSync semgrep ENOENTwhen semgrep is missing..npmrc; add a friendly semgrep preflight or install semgrep in CI.Acceptance checks
npm run lint:archnpm run lint:deadnpm run test:security-rulesnpx openspec validate --all --strictnpm run checknpm test