Disallow and suppress unsafe assignment

[gundermanc]

Summary

Disallows unsafe assignments, like assignment of any typed expressions. This prevents a common type safety issue where code can be written that is declared as one type, but in practice, is another.

For now, just suppress all instances.

Fixes: #19719

Additional cleanup tracked under: #19731

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @gundermanc, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the codebase's type safety by introducing a new ESLint rule that disallows unsafe assignments. The primary goal is to prevent potential runtime errors caused by incorrect type assumptions. To facilitate this change, all current violations of the new rule have been temporarily suppressed, allowing for a focused effort on addressing these issues systematically in future work. Additionally, several areas of the code have been refactored to use more explicit and safer type handling patterns.

Highlights

• Enhanced Type Safety: The @typescript-eslint/no-unsafe-assignment ESLint rule has been enabled across the codebase to prevent common type safety issues arising from assigning any typed expressions.
• Initial Rule Suppression: All existing instances that violate the newly enabled no-unsafe-assignment rule have been suppressed with // eslint-disable-next-line comments. This allows for a gradual adoption of the stricter type checking.
• Refactored Type Assertions and Type Guards: Several files have been updated to replace explicit type assertions with more robust type checking mechanisms, including the introduction of new type guards and explicit type arguments for generic functions, improving overall code reliability.
• Import Statement Consolidation: Minor adjustments were made to import statements in a few files, consolidating multiple imports from the same package into a single line for better readability and consistency.

Changelog

• eslint.config.js
  • Enabled the @typescript-eslint/no-unsafe-assignment ESLint rule.
• packages/a2a-server/src/commands/restore.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/a2a-server/src/config/settings.ts
  • Updated import statement for MCPServerConfig.
  • Added ESLint disable comment for unsafe assignment.
• packages/a2a-server/src/http/app.ts
  • Updated import statements for TaskStore and GitService.
  • Added ESLint disable comments for unsafe assignments.
• packages/a2a-server/src/persistence/gcs.ts
  • Added ESLint disable comments for unsafe assignments.
• packages/cli/src/config/extension-manager.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/config/extensionRegistryClient.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/test-utils/AppRig.tsx
  • Added ESLint disable comments for unsafe assignments.
• packages/cli/src/test-utils/customMatchers.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/test-utils/mockCommandContext.ts
  • Added ESLint disable comments for unsafe assignments in mock context creation and merge function.
• packages/cli/src/test-utils/settings.ts
  • Added ESLint disable comments for unsafe assignments in mock settings creation.
• packages/cli/src/ui/components/SettingsDialog.tsx
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/ui/components/triage/TriageDuplicates.tsx
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/ui/components/triage/TriageIssues.tsx
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/ui/hooks/useAtCompletion.ts
  • Added ESLint disable comments for unsafe assignments in Fzf search results.
• packages/cli/src/ui/hooks/useSessionBrowser.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/ui/hooks/useSlashCompletion.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/ui/hooks/useStateAndRef.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/ui/utils/TableRenderer.tsx
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/ui/utils/terminalSetup.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/ui/utils/textUtils.ts
  • Added ESLint disable comments for unsafe assignments in array processing.
• packages/cli/src/utils/envVarResolver.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/utils/gitUtils.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/utils/jsonoutput.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/utils/persistentState.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/utils/readStdin.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/utils/sessionUtils.ts
  • Added ESLint disable comments for unsafe assignments when parsing session data.
• packages/cli/src/utils/settingsUtils.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/zed-integration/acpErrors.ts
  • Added ESLint disable comments for unsafe assignments when parsing error messages.
• packages/cli/src/zed-integration/fileSystemService.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/cli/src/zed-integration/zedIntegration.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/agents/acknowledgedAgents.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/agents/agent-scheduler.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/agents/local-executor.ts
  • Refactored LlmRole import.
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/agents/registry.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/code_assist/admin/admin_controls.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/code_assist/converter.ts
  • Introduced isPart type guard.
  • Refactored toContent function for improved type safety.
• packages/core/src/code_assist/experiments/experiments.ts
  • Added ESLint disable comment for unsafe assignment.
  • Removed redundant type assertion.
• packages/core/src/code_assist/oauth-credential-storage.ts
  • Updated type assertion for parsed credentials.
• packages/core/src/code_assist/oauth2.ts
  • Improved type checking for OAuth credentials and server address.
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/code_assist/server.ts
  • Removed unused GoogleRpcResponse import.
  • Added explicit type arguments to client requests.
  • Removed redundant type assertions.
  • Refactored VPC SC error checking with a type guard.
• packages/core/src/core/logger.ts
  • Added ESLint disable comments for unsafe assignments when parsing log and checkpoint files.
• packages/core/src/hooks/hookRunner.ts
  • Updated import statements.
  • Added ESLint disable comments for unsafe assignments when parsing hook output.
• packages/core/src/hooks/trustedHooks.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/ide/ide-client.ts
  • Consolidated SDK imports.
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/ide/ide-connection-utils.ts
  • Added ESLint disable comments for unsafe assignments when parsing connection configurations.
• packages/core/src/ide/process-utils.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/mcp/oauth-utils.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/mcp/token-storage/keychain-token-storage.ts
  • Added ESLint disable comments for unsafe assignments during dynamic module import.
• packages/core/src/safety/checker-runner.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/services/sessionSummaryUtils.ts
  • Added ESLint disable comments for unsafe assignments when handling session summaries.
• packages/core/src/services/shellExecutionService.ts
  • Added ESLint disable comments for unsafe assignments in shell execution logic.
• packages/core/src/telemetry/clearcut-logger/clearcut-logger.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/telemetry/integration.test.circular.ts
  • Added ESLint disable comments for unsafe assignments in circular reference test setup.
• packages/core/src/telemetry/loggers.test.circular.ts
  • Added ESLint disable comments for unsafe assignments in circular reference test setup.
• packages/core/src/telemetry/loggers.ts
  • Added ESLint disable comments for unsafe assignments in telemetry logging.
• packages/core/src/tools/mcp-client.ts
  • Consolidated SDK imports.
  • Added ESLint disable comments for unsafe assignments.
• packages/core/src/tools/ripGrep.ts
  • Added ESLint disable comments for unsafe assignments when parsing grep output.
• packages/core/src/tools/tool-registry.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/tools/xcode-mcp-fix-transport.ts
  • Added ESLint disable comments for unsafe assignments when handling Xcode MCP bridge transport.
• packages/core/src/utils/filesearch/fileSearch.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/utils/getPty.ts
  • Added ESLint disable comments for unsafe assignments during dynamic module imports.
• packages/core/src/utils/googleErrors.ts
  • Added ESLint disable comments for unsafe assignments when parsing Google API errors.
• packages/core/src/utils/memoryDiscovery.ts
  • Added ESLint disable comments for unsafe assignments during memory discovery.
• packages/core/src/utils/safeJsonStringify.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/utils/schemaValidator.ts
  • Added ESLint disable comments for unsafe assignments during Ajv class instantiation.
• packages/core/src/utils/shell-utils.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/core/src/utils/stdio.ts
  • Added ESLint disable comments for unsafe assignments in createWorkingStdio proxy.
• packages/core/src/utils/userAccountManager.ts
  • Added ESLint disable comments for unsafe assignments when managing user accounts.
• packages/devtools/src/index.ts
  • Added ESLint disable comment for unsafe assignment.
• packages/sdk/src/session.ts
  • Added ESLint disable comments for unsafe assignments in session handling.
• packages/vscode-ide-companion/src/extension.ts
  • Added ESLint disable comments for unsafe assignments when checking for extension updates.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is a great step towards improving the codebase's type safety by enabling the @typescript-eslint/no-unsafe-assignment rule. The approach of adding suppression comments for existing violations as a baseline, with a follow-up issue for cleanup, is a solid strategy for incrementally improving a large codebase. I've noticed that in a few places, you've already gone ahead and fixed the underlying issue instead of just suppressing it, which is excellent! My review comments focus on JSON.parse calls where the data source is external and not guaranteed to be valid, and I've also suggested a more modern alternative for deep cloning objects.

[gemini-code-assist]

Assigning the result of JSON.parse to loadedMetadata without runtime validation is unsafe, as the data from GCS might not conform to the expected shape. This could lead to runtime errors when properties like _contextId are accessed later. Since Zod is already used in the project, I recommend defining a Zod schema for the metadata and using schema.parse() or schema.safeParse() to validate the data after parsing. This will ensure type safety and prevent potential crashes.

[gemini-code-assist]

Directly casting the result of JSON.parse(stdout) to Issue[] is unsafe. The output from the gh command is not guaranteed to match the Issue interface, which could lead to runtime errors. It would be safer to parse this into an unknown type and then validate its structure, for instance using a Zod schema, before casting it to Issue[].

[gemini-code-assist]

Instead of using JSON.parse(JSON.stringify(pendingSettings)) for deep cloning, consider using structuredClone(pendingSettings). It's a modern, more performant, and safer way to deep-clone objects, and it's supported since you're on Node.js >= 20.

Suggested change

	// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
	const newSettings = JSON.parse(JSON.stringify(pendingSettings));
	const newSettings = structuredClone(pendingSettings);

[github-actions]

Size Change: +625 B (0%)

Total Size: 25.2 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	25.2 MB	+625 B (0%)
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B

_{compressed-size-action}