audit + fixes: forensic 2026-05-23 — 9 commits, 5 P0/P1 fixes, ESLint -34

.eslint-baseline.json

@@ -1,16 +1,13 @@
 {
-  "generatedAt": "2026-05-22T03:12:40.396Z",
-  "totalErrors": 473,
+  "generatedAt": "2026-05-23T02:18:35.830Z",
+  "totalErrors": 439,
   "counts": {
     "src/components/access/DevAccessDeniedPage.tsx": {
       "react-hooks/exhaustive-deps": 1
     },
     "src/components/admin/OwnershipRepairDialog.tsx": {
       "@typescript-eslint/naming-convention": 1
     },
-    "src/components/admin/connections/ConnectionTestDetailsDialog.tsx": {
-      "no-duplicate-imports": 1
-    },
     "src/components/admin/connections/ConnectionTestHistoryPanel.tsx": {
       "@typescript-eslint/no-non-null-assertion": 1
     },
@@ -184,11 +181,7 @@
       "@typescript-eslint/naming-convention": 1
     },
     "src/components/common/EnhancedSpotlight.tsx": {
-      "@typescript-eslint/no-explicit-any": 1,
-      "@typescript-eslint/no-unused-vars": 1,
-      "no-empty": 1,
-      "react-hooks/exhaustive-deps": 2,
-      "react-hooks/rules-of-hooks": 1
+      "react-hooks/exhaustive-deps": 2
     },
     "src/components/compare/ComparisonDuelView.tsx": {
       "@typescript-eslint/no-unused-vars": 1
@@ -364,22 +357,12 @@
     "src/components/layout/GlobalOverlay.tsx": {
       "@typescript-eslint/no-unused-vars": 4
     },
-    "src/components/layout/Header.tsx": {
-      "@typescript-eslint/no-unused-vars": 9
-    },
     "src/components/layout/MainLayout.tsx": {
-      "@typescript-eslint/no-unused-vars": 2,
       "react-hooks/exhaustive-deps": 1
     },
     "src/components/layout/SidebarReorganized.tsx": {
       "@typescript-eslint/no-unused-vars": 5
     },
-    "src/components/layout/sidebar/SidebarBrandHeader.tsx": {
-      "@typescript-eslint/no-explicit-any": 1,
-      "@typescript-eslint/no-unused-vars": 1,
-      "no-empty": 1,
-      "react-hooks/rules-of-hooks": 1
-    },
     "src/components/layout/sidebar/SidebarNavGroup.tsx": {
       "react-hooks/exhaustive-deps": 1
     },
@@ -869,11 +852,7 @@
       "@typescript-eslint/no-unused-vars": 1
     },
     "src/components/ui/ShortcutsHelpDialog.tsx": {
-      "@typescript-eslint/naming-convention": 1,
-      "@typescript-eslint/no-explicit-any": 2,
-      "@typescript-eslint/no-unused-vars": 1,
-      "no-empty": 1,
-      "react-hooks/rules-of-hooks": 1
+      "@typescript-eslint/naming-convention": 1
     },
     "src/components/ui/currency-input.tsx": {
       "@typescript-eslint/no-explicit-any": 1
@@ -884,9 +863,6 @@
     "src/components/ui/stat-card.tsx": {
       "@typescript-eslint/naming-convention": 2
     },
-    "src/contexts/AuthContext.test.tsx": {
-      "@typescript-eslint/consistent-type-imports": 1
-    },
     "src/contexts/AuthContext.tsx": {
       "@typescript-eslint/no-explicit-any": 2,
       "@typescript-eslint/no-unused-vars": 7
@@ -1066,12 +1042,6 @@
     "src/hooks/simulator/useWizardPersistence.ts": {
       "react-hooks/exhaustive-deps": 1
     },
-    "src/hooks/ui/useGlobalShortcuts.ts": {
-      "@typescript-eslint/no-explicit-any": 1,
-      "@typescript-eslint/no-unused-vars": 1,
-      "react-hooks/exhaustive-deps": 1,
-      "react-hooks/rules-of-hooks": 1
-    },
     "src/lib/auth/auth-flow-tracer.ts": {
       "eqeqeq": 1
     },
@@ -1250,9 +1220,6 @@
       "react-hooks/exhaustive-deps": 1
     },
     "src/pages/system/SystemStatusPage.tsx": {
-      "@typescript-eslint/no-explicit-any": 1,
-      "@typescript-eslint/no-non-null-assertion": 1,
-      "@typescript-eslint/no-unused-vars": 4,
       "react-hooks/exhaustive-deps": 1
     },
     "src/pages/tools/AdvancedPriceSearchPage.tsx": {
@@ -1290,9 +1257,6 @@
       "@typescript-eslint/no-explicit-any": 5,
       "no-console": 1
     },
-    "src/tests/AdminLayout.test.tsx": {
-      "@typescript-eslint/no-explicit-any": 1
-    },
     "src/tests/AdminMobileInteraction.test.tsx": {
       "@typescript-eslint/no-unused-vars": 1
     },

.github/workflows/branch-protection-sentinel.yml

@@ -37,7 +37,7 @@ jobs:
     name: Verify push to main matches accepted patterns
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           # fetch-depth: 0 → histórico completo, para auditar todos os commits do push
           fetch-depth: 0

.github/workflows/ci.yml

@@ -30,9 +30,9 @@ jobs:
     continue-on-error: true
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
 
@@ -55,9 +55,9 @@ jobs:
     timeout-minutes: 90
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -189,8 +189,8 @@ jobs:
     needs: quality
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -207,9 +207,9 @@ jobs:
     timeout-minutes: 75
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -239,7 +239,7 @@ jobs:
 
       - name: Upload coverage report
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: coverage-report-${{ github.run_id }}
           path: coverage/
@@ -261,8 +261,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: quality
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -289,7 +289,7 @@ jobs:
           --coverage.thresholds.branches=0
           --coverage.thresholds.statements=0
       - name: Upload Coverage Artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: full-coverage-report
           path: coverage/
@@ -300,8 +300,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: quality
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -313,7 +313,7 @@ jobs:
         run: npm run test:e2e:critical
       - name: Upload E2E Report
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: playwright-report
           path: playwright-report/
@@ -329,8 +329,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: build-gate
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -342,7 +342,7 @@ jobs:
         run: npx playwright test e2e/flows/elite-ux-validation.spec.ts
       - name: Upload Elite E2E Report
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: playwright-elite-report
           path: playwright-report/
@@ -355,9 +355,9 @@ jobs:
     timeout-minutes: 10
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -400,7 +400,7 @@ jobs:
 
       - name: Upload ref-warning console snapshot
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: console-snapshot-ref-${{ github.run_id }}
           path: |
@@ -415,9 +415,9 @@ jobs:
     timeout-minutes: 10
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -455,7 +455,7 @@ jobs:
 
       - name: Upload hook coverage artifact
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: hooks-coverage
           path: coverage/
@@ -468,9 +468,9 @@ jobs:
     timeout-minutes: 10
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -509,7 +509,7 @@ jobs:
 
       - name: Upload price-freshness coverage artifact
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: price-freshness-coverage
           path: coverage/
@@ -522,9 +522,9 @@ jobs:
     timeout-minutes: 10
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -537,7 +537,7 @@ jobs:
 
       - name: Upload cloud-status coverage artifact
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: cloud-status-coverage
           path: coverage/
@@ -550,9 +550,9 @@ jobs:
     timeout-minutes: 15
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
 
@@ -574,9 +574,9 @@ jobs:
     timeout-minutes: 20
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version-file: '.nvmrc'
           cache: npm
@@ -592,7 +592,7 @@ jobs:
 
       - name: Upload Theme Validation Report
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: theme-validation-report
           path: |

.github/workflows/codeql.yml

@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v4

.github/workflows/contract-tests.yml

@@ -37,8 +37,8 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: '20'
           cache: 'npm'
@@ -63,9 +63,9 @@ jobs:
     if: github.event.pull_request.head.repo.full_name == github.repository
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: '20'
           cache: 'npm'