Code quality review: fix verbose logging bug, dead code, type safety, and security vulnerabilities

[Copilot]

Overall code quality pass addressing a functional bug, type safety issues, dead code, and dependency vulnerabilities found during project review.

Bug: Verbose mode was silently broken

The global logger singleton was always instantiated with verbose: false and never updated — logger.debug() was effectively a no-op regardless of --verbose.

// Before: setVerbose never existed; singleton stayed at verbose: false
if (config.verbose) {
  logger.info('Verbose mode enabled'); // but debug() still suppressed
}

// After: logger.ts gains setVerbose(); server.ts calls it
if (config.verbose) {
  logger.setVerbose(true);
  logger.info('Verbose mode enabled');
}

Type safety

• configPersistence.ts: Extracted nested isValidSavedConfig to module scope; replaced as any with Record<string, unknown> indexing — makes it independently testable and removes any.
• router.ts: Replaced two mapping.filePath! non-null assertions with an explicit guard that returns a 500 JSON response if filePath is unexpectedly undefined.

Dead code

• typeMapping.ts: Removed stale commented-out console.debug in buildTypeMap.

Security

Fixed 2 npm vulnerabilities via npm audit fix:

• qs — DoS via array limit bypass (GHSA-w7fw-mjwx-w883)
• minimatch — ReDoS via repeated wildcards (GHSA-3ppc-4f35-3m26)

Style

• README: fixed typo "Y ou'll" → "You'll"
• config.ts: removed stray double blank line in interface body

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• scarf.sh
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node ./report.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.