chore: add bug-focused ESLint baseline

[Astro-Han]

Summary

Adds a low-noise ESLint baseline for PawWork-owned product TypeScript/Solid code:

• Adds root eslint.config.mjs scoped to packages/app/src, packages/ui/src, and packages/desktop-electron/src.
• Adds root bun run lint / bun run lint:ci scripts.
• Adds an advisory lint CI job that is not included in the blocking ci / check aggregate.
• Enables CodeRabbit's ESLint tool as an auxiliary signal.

Why

CodeRabbit recently warned that ESLint was skipped because the repo had no ESLint configuration. The goal here is not to satisfy CodeRabbit specifically, and not to introduce formatting or style enforcement.

This PR establishes a first bug-focused lint baseline that can be run locally and in CI. The initial rule set intentionally stays narrow because broader Promise and @eslint/js recommended rules currently surface many existing historical findings. Those should be handled in follow-up slices rather than bundled into the first baseline.

Related Issue

No dedicated issue. This follows the maintainer discussion from PR #630 CodeRabbit review tooling feedback.

Human Review Status

Pending. A human should make the final merge decision after reviewing the final diff and verification evidence.

Review Focus

• Confirm the ESLint scope stays limited to PawWork product src files and does not include packages/opencode.
• Confirm the rule set is bug-focused and does not enforce formatting, import sorting, or style preferences.
• Confirm the new CI lint job is advisory only and is not part of the blocking check.needs aggregate.
• Confirm CodeRabbit is treated as auxiliary; local/GitHub Actions lint is the source of truth for typed lint behavior.

Risk Notes

• Dependency risk: adds ESLint 9, typescript-eslint, and eslint-plugin-solid as dev dependencies only.
• CI risk: the lint job uses continue-on-error: true for the first PR, so it should not block merge while we observe noise.
• CodeRabbit risk: CodeRabbit may not execute all type-aware @typescript-eslint rules, so this PR does not rely on it as the source of truth.
• Lockfile note: bun.lock also refreshed workspace package metadata while adding the lint dependencies; no source files were changed for that metadata drift.
• Existing generated drift: packages/opencode/src/provider/models-snapshot.js was dirty in the handoff worktree before this work and is intentionally not included in this PR.

How To Verify

Lint: bun run lint -> passed
CI workflow contract: bun --cwd packages/opencode test test/github/ci-workflow.test.ts -> 9 passed, 0 failed
App typecheck: bun run --cwd packages/app typecheck -> passed
UI typecheck: bun run --cwd packages/ui typecheck -> passed
Desktop typecheck: bun run --cwd packages/desktop-electron typecheck -> passed
Lockfile verification: bun install --frozen-lockfile -> passed, no changes
Diff check: git diff --check -> passed
Implementation review: reviewer subagent found no P0/P1/P2 issues

Screenshots or Recordings

Not applicable. No visible UI changes.

Checklist

• Human review status is stated above as pending, approved, or not required
• I linked the related issue, or stated why there is no issue
• This PR has type, primary area, and priority labels, or I requested maintainer labeling
• I described the review focus and any meaningful risks
• I listed the relevant verification steps and the key result for each
• I did not introduce unrelated refactors, dependencies, generated files, or file changes beyond the stated scope
• I manually checked visible UI or copy changes when needed, with screenshots or recordings
• I considered macOS and Windows impact for platform, packaging, updater, signing, paths, shell, or permissions changes
• I called out docs, release notes, dependencies, permissions, credentials, deletion behavior, generated content, or local file changes when relevant
• I reviewed the final diff for unrelated changes and suspicious dependency changes
• I am targeting dev, and my PR title and commit messages use Conventional Commits in English

Summary by CodeRabbit

• Chores
  • Added ESLint configuration supporting TypeScript and Solid.js framework
  • Integrated linting job into the CI/CD pipeline to run automatically on code changes
  • Enabled CodeRabbit integration for automated code analysis

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR establishes ESLint linting infrastructure by introducing a flat ESLint configuration scoped to TypeScript and Solid/TSX files, adding lint scripts and dependencies to package.json, integrating linting into the CI workflow, and enabling CodeRabbit linting tools.

Changes

Linting Setup

Layer / File(s)	Summary
ESLint Flat Configuration eslint.config.mjs	ESLint config with global ignores for build/test/generated artifacts, TypeScript rules using typescript-eslint with projectService and safety checks, and Solid/TSX rules using eslint-plugin-solid to prevent unsafe JSX and React dependencies.
Lint Scripts and Dependencies package.json	Adds lint and lint:ci scripts to run ESLint on monorepo sources, and introduces eslint (^9.39.4) and eslint-plugin-solid (0.14.5) dev dependencies.
CI Lint Job .github/workflows/ci.yml	New conditional lint job in CI that checks out, sets up Node 24 and Bun 1.3.13, restores cache, installs dependencies, and runs bun run lint:ci with non-blocking failure.
CodeRabbit Tooling .coderabbit.yaml	Enables eslint and github-checks tools for automated code review integration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~18 minutes

Suggested labels

ci, task, app, desktop

Poem

🐰 A spellchecker hops into the fray,
ESLint rules now govern the way,
TypeScript and Solid both stand in the light,
CI validates code—caught bugs on sight!
The pawwork runs cleanly, all linted just right. 🏡✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'chore: add bug-focused ESLint baseline' is directly related to the primary change: establishing an initial ESLint configuration focused on bug detection for TypeScript/Solid code.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description is comprehensive and follows the required template with all major sections completed: Summary, Why, Related Issue, Human Review Status, Review Focus, Risk Notes, How To Verify, Screenshots/Recordings, and Checklist all present and well-filled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/eslint-bug-baseline

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Suggested priority: P2 (includes non-doc, non-test paths outside the low-risk bucket).

P1/P0 are reserved for maintainer confirmation. Please relabel manually if this is a release blocker, security issue, data-loss risk, or updater/runtime failure.

[gemini-code-assist]

Code Review

This pull request integrates ESLint into the project by adding the necessary dependencies and a new configuration file, eslint.config.mjs, which defines rules for TypeScript and Solid.js. It also introduces lint and lint:ci scripts to the root package.json. Feedback from the reviewer correctly identified that the defineConfig helper from eslint/config is invalid for ESLint 9 and recommended using tseslint.config for better type support. Additionally, it was suggested to simplify the linting script glob to eslint . to leverage the configuration's native file discovery and ensure the configuration file itself is linted.

[coderabbitai]

🧹 Nitpick comments (2)

package.json (1)

14-14: ⚡ Quick win

Consider using eslint . to rely on config file patterns.

The lint script explicitly passes file globs to ESLint, duplicating the patterns defined in eslint.config.mjs files arrays. This creates two sources of truth that can drift out of sync.

Since the ESLint config already defines which files to lint via the files property in each rule block, you can simplify to:

-    "lint": "eslint \"packages/{app,ui,desktop-electron}/src/**/*.{ts,tsx}\"",
+    "lint": "eslint .",

This makes the config file the single source of truth for which files to lint. If you prefer explicit CLI globs for visibility or other reasons, consider adding a comment explaining the rationale.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 14, The "lint" npm script currently hardcodes CLI globs
("lint" script) that duplicate patterns already defined in eslint.config.mjs;
update the package.json "lint" script to use a generic eslint invocation (e.g.,
eslint .) so the eslint.config.mjs files arrays remain the single source of
truth, or if you must keep explicit globs, add a comment in package.json
explaining why the CLI globs are intentionally duplicated; ensure you reference
and update the "lint" script entry so it no longer conflicts with
eslint.config.mjs file patterns.

.github/workflows/ci.yml (1)

132-167: ⚡ Quick win

Consider adding Turbo cache for the lint job.

The typecheck job includes Turbo caching (lines 119-125), but the lint job only has Bun install cache. Since ESLint with projectService enabled can be resource-intensive, adding Turbo cache would improve CI performance and developer experience:

📦 Add Turbo cache for lint job

       - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # actions/cache@v5
         with:
           path: ~/.bun/install/cache
           key: bun-${{ runner.os }}-${{ hashFiles('bun.lock') }}
           restore-keys: |
             bun-${{ runner.os }}-
 
+      - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # actions/cache@v5
+        with:
+          path: .turbo/cache
+          key: turbo-${{ runner.os }}-lint-${{ hashFiles('turbo.json', '**/package.json', 'bun.lock') }}-${{ github.sha }}
+          restore-keys: |
+            turbo-${{ runner.os }}-lint-${{ hashFiles('turbo.json', '**/package.json', 'bun.lock') }}-
+            turbo-${{ runner.os }}-lint-
+
       - run: bun install --frozen-lockfile

This matches the pattern used by other CI jobs and would speed up repeat lint runs. Since this is a baseline PR, you may choose to defer this optimization.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 132 - 167, The lint job currently only
caches Bun install artifacts but should also use the Turbo cache like the
typecheck job; update the lint job (job name "lint", steps around
"actions/cache", "bun install --frozen-lockfile", and the "lint" step that runs
"bun run lint:ci") to add Turbo cache restore/save steps (same placement as
typecheck) so repeated lint runs reuse the .turbo cache and speed up ESLint with
projectService enabled.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 132-167: The lint job currently only caches Bun install artifacts
but should also use the Turbo cache like the typecheck job; update the lint job
(job name "lint", steps around "actions/cache", "bun install --frozen-lockfile",
and the "lint" step that runs "bun run lint:ci") to add Turbo cache restore/save
steps (same placement as typecheck) so repeated lint runs reuse the .turbo cache
and speed up ESLint with projectService enabled.

In `@package.json`:
- Line 14: The "lint" npm script currently hardcodes CLI globs ("lint" script)
that duplicate patterns already defined in eslint.config.mjs; update the
package.json "lint" script to use a generic eslint invocation (e.g., eslint .)
so the eslint.config.mjs files arrays remain the single source of truth, or if
you must keep explicit globs, add a comment in package.json explaining why the
CLI globs are intentionally duplicated; ensure you reference and update the
"lint" script entry so it no longer conflicts with eslint.config.mjs file
patterns.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: c594a7bf-1da0-4362-9729-244b24c72f23

📥 Commits

Reviewing files that changed from the base of the PR and between 10ae5fb and d87be10.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• .coderabbit.yaml
• .github/workflows/ci.yml
• eslint.config.mjs
• package.json

[Astro-Han]

CodeRabbit nit follow-up: kept the explicit lint glob because eslint . --format json widens the first baseline to 500 files, including .github scripts and public JS. Skipped the suggested Turbo cache for the advisory lint job because the job runs direct eslint, not bun turbo, so .turbo/cache would not be used by this command. Current CI lint already passed.