From 0669767be2dbb3b27cd076888bdb1289707e60e5 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 13:02:32 +0000
Subject: [PATCH 1/4] Initial plan


From f144c91e737eeaf0bf492b733c2ca0abf530f524 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 13:10:10 +0000
Subject: [PATCH 2/4] docs: add lint warning rule recommendations

Agent-Logs-Url: https://github.com/counterfact/api-simulator/sessions/cbf6e973-676b-4692-af7f-89082d3e1bf8
---
 .../lint-warning-recommendations.md           | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 docs/development/lint-warning-recommendations.md

diff --git a/docs/development/lint-warning-recommendations.md b/docs/development/lint-warning-recommendations.md
new file mode 100644
index 000000000..4e98fcdb9
--- /dev/null
+++ b/docs/development/lint-warning-recommendations.md
@@ -0,0 +1,20 @@
+# Lint warning recommendations
+
+Baseline (2026-04-16): `yarn lint` reports 123 warnings across 8 rules.
+
+| Rule | Warnings | Recommendation | Why |
+| --- | ---: | --- | --- |
+| `security/detect-non-literal-fs-filename` | 50 | Selectively fix or ignore violations | Most hits are expected dynamic paths in file-system tooling; keep the rule for signal, but use validation wrappers and targeted ignores where inputs are trusted. |
+| `security/detect-object-injection` | 42 | Selectively fix or ignore violations | Many hits are dynamic key lookups on known maps. Keep the rule, but prefer `Map`/guarded access in risky paths and suppress known-safe cases. |
+| `jest/no-conditional-in-test` | 17 | Selectively fix or ignore violations | Some conditionals are legitimate for shared test helpers/table-driven cases; rewrite simple cases, keep explicit ignores for intentional patterns. |
+| `import/no-named-as-default-member` | 4 | Disable it | Current warnings are false-positive noise from `js-yaml` interop in tests; disabling improves signal-to-noise. |
+| `regexp/prefer-named-capture-group` | 3 | Fix violations | Small, mechanical updates (`(?:...)` or named groups) improve readability and can be fixed quickly. |
+| `jest/expect-expect` | 3 | Selectively fix or ignore violations | Some tests assert by expecting thrown errors/side effects through helpers; add explicit assertions where possible and ignore intentional patterns. |
+| `security/detect-unsafe-regex` | 2 | Selectively fix or ignore violations | One warning is from tooling config; review each regex for ReDoS risk and suppress only proven-safe patterns. |
+| `jest/no-disabled-tests` | 2 | Fix violations | Skipped tests should be either re-enabled or removed to avoid long-term blind spots. |
+
+## Suggested priority
+
+1. Fix now: `regexp/prefer-named-capture-group`, `jest/no-disabled-tests`
+2. Selective cleanup: `security/*`, `jest/no-conditional-in-test`, `jest/expect-expect`
+3. Disable: `import/no-named-as-default-member`

From 01dea739c12175ace4f200249cffc769f8afd0c6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 13:59:38 +0000
Subject: [PATCH 3/4] chore: add lint warning issue proposal series

Agent-Logs-Url: https://github.com/counterfact/api-simulator/sessions/0b2292ec-d93d-45f6-a331-97f8834b46ba

Co-authored-by: pmcelhaney <51504+pmcelhaney@users.noreply.github.com>
---
 ...it-security-detect-unsafe-regex-warnings.md | 18 ++++++++++++++++++
 ...ed-as-default-member-for-js-yaml-interop.md | 17 +++++++++++++++++
 ...isabled-tests-for-jest-no-disabled-tests.md | 18 ++++++++++++++++++
 ...-detect-non-literal-fs-filename-warnings.md | 17 +++++++++++++++++
 ...ecurity-detect-object-injection-warnings.md | 18 ++++++++++++++++++
 ...al-tests-for-jest-no-conditional-in-test.md | 18 ++++++++++++++++++
 .../resolve-jest-expect-expect-warnings.md     | 18 ++++++++++++++++++
 ...ps-for-regexp-prefer-named-capture-group.md | 17 +++++++++++++++++
 8 files changed, 141 insertions(+)
 create mode 100644 .github/issue-proposals/audit-security-detect-unsafe-regex-warnings.md
 create mode 100644 .github/issue-proposals/disable-import-no-named-as-default-member-for-js-yaml-interop.md
 create mode 100644 .github/issue-proposals/re-enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md
 create mode 100644 .github/issue-proposals/reduce-security-detect-non-literal-fs-filename-warnings.md
 create mode 100644 .github/issue-proposals/reduce-security-detect-object-injection-warnings.md
 create mode 100644 .github/issue-proposals/refactor-conditional-tests-for-jest-no-conditional-in-test.md
 create mode 100644 .github/issue-proposals/resolve-jest-expect-expect-warnings.md
 create mode 100644 .github/issue-proposals/update-capture-groups-for-regexp-prefer-named-capture-group.md

diff --git a/.github/issue-proposals/audit-security-detect-unsafe-regex-warnings.md b/.github/issue-proposals/audit-security-detect-unsafe-regex-warnings.md
new file mode 100644
index 000000000..8a1b05e3e
--- /dev/null
+++ b/.github/issue-proposals/audit-security-detect-unsafe-regex-warnings.md
@@ -0,0 +1,18 @@
+---
+title: Audit and resolve security/detect-unsafe-regex warnings
+parentIssue: 1901
+---
+
+Review each `security/detect-unsafe-regex` warning for potential ReDoS risk and either replace with safer regex patterns or annotate proven-safe usage.
+
+## Context and motivation
+
+Even with a small count, unsafe-regex findings can have high impact. Each pattern should be intentionally reviewed with input size and runtime behavior in mind.
+
+## Acceptance criteria
+
+- [ ] Every current `security/detect-unsafe-regex` warning has a documented disposition
+- [ ] Any vulnerable or questionable regex is rewritten to avoid catastrophic backtracking
+- [ ] Any suppression includes a proof-oriented safety note
+- [ ] Rule warnings are reduced or eliminated without changing intended behavior
+
diff --git a/.github/issue-proposals/disable-import-no-named-as-default-member-for-js-yaml-interop.md b/.github/issue-proposals/disable-import-no-named-as-default-member-for-js-yaml-interop.md
new file mode 100644
index 000000000..f3477fb1b
--- /dev/null
+++ b/.github/issue-proposals/disable-import-no-named-as-default-member-for-js-yaml-interop.md
@@ -0,0 +1,17 @@
+---
+title: Disable import/no-named-as-default-member for js-yaml interop noise
+parentIssue: 1901
+---
+
+Disable `import/no-named-as-default-member` (or scope-disable it in affected test files) to remove false-positive warnings around `js-yaml` usage.
+
+## Context and motivation
+
+Current warnings are concentrated in test code and are not indicating real defects. Reducing this noise improves lint signal for higher-value findings.
+
+## Acceptance criteria
+
+- [ ] Existing warning sites are reviewed to confirm false-positive behavior
+- [ ] Lint configuration is updated with the narrowest practical disable strategy
+- [ ] No functional behavior changes are introduced in tests
+- [ ] `import/no-named-as-default-member` warnings are eliminated
diff --git a/.github/issue-proposals/re-enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md b/.github/issue-proposals/re-enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md
new file mode 100644
index 000000000..cf6c81cfe
--- /dev/null
+++ b/.github/issue-proposals/re-enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md
@@ -0,0 +1,18 @@
+---
+title: Re-enable or remove disabled tests for jest/no-disabled-tests
+parentIssue: 1901
+---
+
+Resolve `jest/no-disabled-tests` findings by re-enabling skipped tests or removing obsolete ones.
+
+## Context and motivation
+
+Disabled tests reduce confidence and can mask regressions over time. The remaining skipped tests should be intentional and temporary, or removed.
+
+## Acceptance criteria
+
+- [ ] Every currently skipped test is evaluated
+- [ ] Tests that should remain are re-enabled with passing behavior
+- [ ] Obsolete or no-longer-actionable skipped tests are removed
+- [ ] `jest/no-disabled-tests` warnings are eliminated
+
diff --git a/.github/issue-proposals/reduce-security-detect-non-literal-fs-filename-warnings.md b/.github/issue-proposals/reduce-security-detect-non-literal-fs-filename-warnings.md
new file mode 100644
index 000000000..e269c12e2
--- /dev/null
+++ b/.github/issue-proposals/reduce-security-detect-non-literal-fs-filename-warnings.md
@@ -0,0 +1,17 @@
+---
+title: Reduce security/detect-non-literal-fs-filename warnings
+parentIssue: 1901
+---
+
+Address `security/detect-non-literal-fs-filename` warnings by introducing consistent path validation and narrowly scoped suppressions for trusted internal paths.
+
+## Context and motivation
+
+This rule currently generates the largest warning volume. Most hits are in internal file generation and migration flows where dynamic paths are expected. We should reduce noise without weakening protection for untrusted inputs.
+
+## Acceptance criteria
+
+- [ ] All current `security/detect-non-literal-fs-filename` warning sites are triaged as either fixable or intentionally ignored
+- [ ] High-risk call sites that touch user-provided paths use explicit validation/normalization before file-system access
+- [ ] Any lint suppressions include an inline safety rationale
+- [ ] Net warning count for this rule is reduced
diff --git a/.github/issue-proposals/reduce-security-detect-object-injection-warnings.md b/.github/issue-proposals/reduce-security-detect-object-injection-warnings.md
new file mode 100644
index 000000000..96437bed7
--- /dev/null
+++ b/.github/issue-proposals/reduce-security-detect-object-injection-warnings.md
@@ -0,0 +1,18 @@
+---
+title: Reduce security/detect-object-injection warnings
+parentIssue: 1901
+---
+
+Reduce `security/detect-object-injection` warnings by replacing ambiguous dynamic object indexing with safer access patterns or documenting trusted usage.
+
+## Context and motivation
+
+Many warnings come from map-like structures and route/context registries where dynamic keys are expected. We need a consistent pattern for safe keyed access so this rule remains useful.
+
+## Acceptance criteria
+
+- [ ] All current `security/detect-object-injection` warning sites are triaged
+- [ ] Risky dynamic lookups are refactored (for example, validated key guards or `Map` usage)
+- [ ] Remaining suppressions include clear justification for why access is safe
+- [ ] Net warning count for this rule is reduced
+
diff --git a/.github/issue-proposals/refactor-conditional-tests-for-jest-no-conditional-in-test.md b/.github/issue-proposals/refactor-conditional-tests-for-jest-no-conditional-in-test.md
new file mode 100644
index 000000000..7c6384b4f
--- /dev/null
+++ b/.github/issue-proposals/refactor-conditional-tests-for-jest-no-conditional-in-test.md
@@ -0,0 +1,18 @@
+---
+title: Refactor conditional tests for jest/no-conditional-in-test
+parentIssue: 1901
+---
+
+Refactor test cases that trigger `jest/no-conditional-in-test` so assertions are deterministic and intent remains clear.
+
+## Context and motivation
+
+The rule catches conditional logic that can hide assertion paths. Some current uses are intentional helper patterns, while others can be simplified.
+
+## Acceptance criteria
+
+- [ ] Current warning sites are reviewed and categorized as refactor or keep-with-justification
+- [ ] Refactorable tests are rewritten to avoid in-test branching
+- [ ] Any remaining exceptions are narrowly suppressed with rationale
+- [ ] Net warning count for this rule is reduced
+
diff --git a/.github/issue-proposals/resolve-jest-expect-expect-warnings.md b/.github/issue-proposals/resolve-jest-expect-expect-warnings.md
new file mode 100644
index 000000000..fcf4fc444
--- /dev/null
+++ b/.github/issue-proposals/resolve-jest-expect-expect-warnings.md
@@ -0,0 +1,18 @@
+---
+title: Resolve jest/expect-expect warnings
+parentIssue: 1901
+---
+
+Address `jest/expect-expect` warnings by adding explicit assertions or using approved assertion patterns for helper-driven tests.
+
+## Context and motivation
+
+Some tests rely on side-effect or thrown-error pathways that are not always detected by the rule. We should make assertions explicit where practical.
+
+## Acceptance criteria
+
+- [ ] Current warning sites are triaged
+- [ ] Tests that can include direct assertions are updated
+- [ ] Legitimate helper patterns are configured or suppressed in a narrow, documented way
+- [ ] Net warning count for this rule is reduced
+
diff --git a/.github/issue-proposals/update-capture-groups-for-regexp-prefer-named-capture-group.md b/.github/issue-proposals/update-capture-groups-for-regexp-prefer-named-capture-group.md
new file mode 100644
index 000000000..2c5a1986b
--- /dev/null
+++ b/.github/issue-proposals/update-capture-groups-for-regexp-prefer-named-capture-group.md
@@ -0,0 +1,17 @@
+---
+title: Update regex capture groups for regexp/prefer-named-capture-group
+parentIssue: 1901
+---
+
+Apply mechanical regex updates for `regexp/prefer-named-capture-group` warnings using named or non-capturing groups as appropriate.
+
+## Context and motivation
+
+This is low-risk cleanup with small warning count. The update should improve readability while preserving behavior.
+
+## Acceptance criteria
+
+- [ ] All current warning sites are updated to named or non-capturing capture groups
+- [ ] Existing behavior is preserved by tests
+- [ ] `regexp/prefer-named-capture-group` warnings are eliminated
+

From 531fa1e2ab16f79eeccc74fd4d4c44cf46f64c5e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 14:00:55 +0000
Subject: [PATCH 4/4] chore: tidy issue proposal formatting

Agent-Logs-Url: https://github.com/counterfact/api-simulator/sessions/0b2292ec-d93d-45f6-a331-97f8834b46ba

Co-authored-by: pmcelhaney <51504+pmcelhaney@users.noreply.github.com>
---
 .../audit-security-detect-unsafe-regex-warnings.md               | 1 -
 ...enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md | 1 -
 .../reduce-security-detect-object-injection-warnings.md          | 1 -
 ...refactor-conditional-tests-for-jest-no-conditional-in-test.md | 1 -
 .github/issue-proposals/resolve-jest-expect-expect-warnings.md   | 1 -
 ...pdate-capture-groups-for-regexp-prefer-named-capture-group.md | 1 -
 6 files changed, 6 deletions(-)

diff --git a/.github/issue-proposals/audit-security-detect-unsafe-regex-warnings.md b/.github/issue-proposals/audit-security-detect-unsafe-regex-warnings.md
index 8a1b05e3e..7925b3820 100644
--- a/.github/issue-proposals/audit-security-detect-unsafe-regex-warnings.md
+++ b/.github/issue-proposals/audit-security-detect-unsafe-regex-warnings.md
@@ -15,4 +15,3 @@ Even with a small count, unsafe-regex findings can have high impact. Each patter
 - [ ] Any vulnerable or questionable regex is rewritten to avoid catastrophic backtracking
 - [ ] Any suppression includes a proof-oriented safety note
 - [ ] Rule warnings are reduced or eliminated without changing intended behavior
-
diff --git a/.github/issue-proposals/re-enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md b/.github/issue-proposals/re-enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md
index cf6c81cfe..38d961390 100644
--- a/.github/issue-proposals/re-enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md
+++ b/.github/issue-proposals/re-enable-or-remove-disabled-tests-for-jest-no-disabled-tests.md
@@ -15,4 +15,3 @@ Disabled tests reduce confidence and can mask regressions over time. The remaini
 - [ ] Tests that should remain are re-enabled with passing behavior
 - [ ] Obsolete or no-longer-actionable skipped tests are removed
 - [ ] `jest/no-disabled-tests` warnings are eliminated
-
diff --git a/.github/issue-proposals/reduce-security-detect-object-injection-warnings.md b/.github/issue-proposals/reduce-security-detect-object-injection-warnings.md
index 96437bed7..bc70b1700 100644
--- a/.github/issue-proposals/reduce-security-detect-object-injection-warnings.md
+++ b/.github/issue-proposals/reduce-security-detect-object-injection-warnings.md
@@ -15,4 +15,3 @@ Many warnings come from map-like structures and route/context registries where d
 - [ ] Risky dynamic lookups are refactored (for example, validated key guards or `Map` usage)
 - [ ] Remaining suppressions include clear justification for why access is safe
 - [ ] Net warning count for this rule is reduced
-
diff --git a/.github/issue-proposals/refactor-conditional-tests-for-jest-no-conditional-in-test.md b/.github/issue-proposals/refactor-conditional-tests-for-jest-no-conditional-in-test.md
index 7c6384b4f..6909ff383 100644
--- a/.github/issue-proposals/refactor-conditional-tests-for-jest-no-conditional-in-test.md
+++ b/.github/issue-proposals/refactor-conditional-tests-for-jest-no-conditional-in-test.md
@@ -15,4 +15,3 @@ The rule catches conditional logic that can hide assertion paths. Some current u
 - [ ] Refactorable tests are rewritten to avoid in-test branching
 - [ ] Any remaining exceptions are narrowly suppressed with rationale
 - [ ] Net warning count for this rule is reduced
-
diff --git a/.github/issue-proposals/resolve-jest-expect-expect-warnings.md b/.github/issue-proposals/resolve-jest-expect-expect-warnings.md
index fcf4fc444..8ce08d52a 100644
--- a/.github/issue-proposals/resolve-jest-expect-expect-warnings.md
+++ b/.github/issue-proposals/resolve-jest-expect-expect-warnings.md
@@ -15,4 +15,3 @@ Some tests rely on side-effect or thrown-error pathways that are not always dete
 - [ ] Tests that can include direct assertions are updated
 - [ ] Legitimate helper patterns are configured or suppressed in a narrow, documented way
 - [ ] Net warning count for this rule is reduced
-
diff --git a/.github/issue-proposals/update-capture-groups-for-regexp-prefer-named-capture-group.md b/.github/issue-proposals/update-capture-groups-for-regexp-prefer-named-capture-group.md
index 2c5a1986b..aab26539a 100644
--- a/.github/issue-proposals/update-capture-groups-for-regexp-prefer-named-capture-group.md
+++ b/.github/issue-proposals/update-capture-groups-for-regexp-prefer-named-capture-group.md
@@ -14,4 +14,3 @@ This is low-risk cleanup with small warning count. The update should improve rea
 - [ ] All current warning sites are updated to named or non-capturing capture groups
 - [ ] Existing behavior is preserved by tests
 - [ ] `regexp/prefer-named-capture-group` warnings are eliminated
-