Feature/upgrade deps (#151)

* Upgrade Dependencies

* Upgraded svelte

* Add project-specific Claude agent configuration and AGENTS.md

Add coding standards, architecture docs, and agent configurations
tailored for the Exceptionless.JavaScript TypeScript SDK monorepo.
Clean up settings.local.json to remove stale paths from another project.

* Migrate ESLint to flat config (eslint.config.mjs)

Replace legacy .eslintrc.js and .eslintignore with ESLint flat config.
- Use typescript-eslint v8 with projectService for type-aware linting
- Add eslint-plugin-jest for test file rules
- Remove unused Live Server extension recommendation
- Removed the need for eslint-plugin-import and other legacy plugins

* Fix lint errors from ESLint flat config migration

- Remove unused catch binding variables (BrowserGlobalHandlerPlugin)
- Replace short-circuit expressions with if statements (Configuration, DefaultEventQueue)
- Fix duplicate test titles in Utils.test.ts (toBoolean)
- Fix React error boundary componentDidCatch to use void instead of async

Upgrade root and library package dependencies

Root:
- eslint 10.x, @eslint/js 10.x, typescript-eslint 8.x (flat config)
- eslint-config-prettier 10.x, eslint-plugin-jest 29.x
- typescript 5.9.x, prettier 3.8.x, rimraf 6.x
- Replace npm-run-all (unmaintained) with npm-run-all2 8.x
- Remove legacy ESLint plugins (import, jsdoc, eslint-comments, eslint-plugin)

Library packages (core, browser, node, react):
- Jest 30.x, @jest/globals 30.x, jest-environment-jsdom 30.x
- ts-jest 29.4.x (supports Jest 30)
- @types/react 19.2.x, @types/react-dom 19.2.x

Upgrade example app dependencies

- Express 5.x (from 4.x)
- React 19.2.x, react-dom 19.2.x
- Vite 6.3+ (all apps)
- Vue 3.5.30, @vue/compiler-sfc 3.5.30
- Svelte 5.55.x, svelte-check 4.4.x, @sveltejs/vite-plugin-svelte 6.x
- @vitejs/plugin-react 4.7.x
- @testing-library/jest-dom 6.9.x, @testing-library/react 16.3.x
- Fix Prettier formatting in example files

Regenerate package-lock.json

Clean lockfile regeneration after all dependency upgrades.

Migrate from tseslint.config() to defineConfig()

tseslint.config() is deprecated in favor of ESLint core's defineConfig()
from eslint/config (available since ESLint v9.22.0). Use extends property
for shared config arrays instead of spreading.

Remove jQuery dependency from browser example

Replace $.ajax call with native fetch() API. jQuery was only used for
the AJAX demo button. This removes the last jQuery dependency and
eliminates the need to track jQuery major version updates.

Upgrade esbuild to 0.27, update dep specifiers

- Upgrade esbuild from ^0.25.0 to ^0.27.0 across all library packages
- Update @eslint/js specifier to ^10.0.1
- Update typescript-eslint specifier to ^8.57.2
- Fix vue package watch script syntax error (& &&)

Upgrade remaining example dependencies

- @vitejs/plugin-vue 5.x → 6.x (supports vite 5-8)
- @sveltejs/adapter-auto 4.x → 7.x (peer: @sveltejs/kit ^2)
- vitest 3.x → 4.x (supports vite 6-8)

Regenerate package-lock.json

agent-brower skill

reverted changes

Upgrade TypeScript to 6.0

- TypeScript ^6.0.2 in root and svelte-kit package.json
- Change moduleResolution from Node to Bundler (deprecated in TS 6)
- Add types: [angular] to angularjs tsconfig for Bundler compat
- Configure ts-jest with ignoreDeprecations: 6.0 (ts-jest forces
  module: commonjs which triggers TS 6 node10 deprecation warning)

Format agent-browser skill files with Prettier

Regenerate package-lock.json for TypeScript 6

Fix unused catch variables with trace logging

- Remove caughtErrors: none ESLint rule override
- Add trace logging in BrowserGlobalHandlerPlugin catch blocks
  for rejection detail and error property access failures

* Adopt #/ subpath imports (TS 6 feature)

- Add package.json imports field with source/default conditions
  to all library packages (core, browser, node, react)
- Convert all relative imports in src/ and test/ files to #/ paths
- Add paths mapping in each package's tsconfig.json for tsc resolution
- Add --conditions=source to esbuild commands for source bundling
- Replace jest-ts-webcompat-resolver with custom jest-resolver.cjs
  that supports package.json imports field per-package resolution
  and .js → .ts extension mapping

* Update CI and runtime configuration

- Add .npmrc with legacy-peer-deps=true (TS 6 peer dep workaround)
- Update GitHub Actions matrix: Node 22 + 24 (drop Node 20)
- Use --legacy-peer-deps in CI npm install step
- Bump node engine to >=22 (Node 22 LTS)
- Replace ts-jest ignoreDeprecations with diagnostics: false
  (tsc handles type checking, ts-jest only transpiles)

* Update CI configuration and harden Jest resolver

- Upgrade GitHub Action versions (checkout v6, setup-node v6, cache v5)
- Add .NET 8 SDK to CI for MinVer versioning support
- Define explicit GHA permissions (contents: read, packages: write)
- Add path traversal validation to jest-resolver.cjs to ensure imports remain within the package root

* Potential fix for code scanning alert no. 6: Incomplete string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: niemyjski

.agents/skills/agent-browser/SKILL.md

@@ -0,0 +1,306 @@
+# Authentication Patterns
+
+Login flows, session persistence, OAuth, 2FA, and authenticated browsing.
+
+**Related**: [session-management.md](session-management.md) for state persistence details, [SKILL.md](../SKILL.md) for quick start.
+
+## Contents
+
+- [Import Auth from Your Browser](#import-auth-from-your-browser)
+- [Persistent Profiles](#persistent-profiles)
+- [Session Persistence](#session-persistence)
+- [Basic Login Flow](#basic-login-flow)
+- [Saving Authentication State](#saving-authentication-state)
+- [Restoring Authentication](#restoring-authentication)
+- [OAuth / SSO Flows](#oauth--sso-flows)
+- [Two-Factor Authentication](#two-factor-authentication)
+- [HTTP Basic Auth](#http-basic-auth)
+- [Cookie-Based Auth](#cookie-based-auth)
+- [Token Refresh Handling](#token-refresh-handling)
+- [Security Best Practices](#security-best-practices)
+
+## Import Auth from Your Browser
+
+The fastest way to authenticate is to reuse cookies from a Chrome session you are already logged into.
+
+**Step 1: Start Chrome with remote debugging**
+
+```bash
+# macOS
+"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --remote-debugging-port=9222
+
+# Linux
+google-chrome --remote-debugging-port=9222
+
+# Windows
+"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222
+```
+
+Log in to your target site(s) in this Chrome window as you normally would.
+
+> **Security note:** `--remote-debugging-port` exposes full browser control on localhost. Any local process can connect and read cookies, execute JS, etc. Only use on trusted machines and close Chrome when done.
+
+**Step 2: Grab the auth state**
+
+```bash
+# Auto-discover the running Chrome and save its cookies + localStorage
+agent-browser --auto-connect state save ./my-auth.json
+```
+
+**Step 3: Reuse in automation**
+
+```bash
+# Load auth at launch
+agent-browser --state ./my-auth.json open https://app.example.com/dashboard
+
+# Or load into an existing session
+agent-browser state load ./my-auth.json
+agent-browser open https://app.example.com/dashboard
+```
+
+This works for any site, including those with complex OAuth flows, SSO, or 2FA -- as long as Chrome already has valid session cookies.
+
+> **Security note:** State files contain session tokens in plaintext. Add them to `.gitignore`, delete when no longer needed, and set `AGENT_BROWSER_ENCRYPTION_KEY` for encryption at rest. See [Security Best Practices](#security-best-practices).
+
+**Tip:** Combine with `--session-name` so the imported auth auto-persists across restarts:
+
+```bash
+agent-browser --session-name myapp state load ./my-auth.json
+# From now on, state is auto-saved/restored for "myapp"
+```
+
+## Persistent Profiles
+
+Use `--profile` to point agent-browser at a Chrome user data directory. This persists everything (cookies, IndexedDB, service workers, cache) across browser restarts without explicit save/load:
+
+```bash
+# First run: login once
+agent-browser --profile ~/.myapp-profile open https://app.example.com/login
+# ... complete login flow ...
+
+# All subsequent runs: already authenticated
+agent-browser --profile ~/.myapp-profile open https://app.example.com/dashboard
+```
+
+Use different paths for different projects or test users:
+
+```bash
+agent-browser --profile ~/.profiles/admin open https://app.example.com
+agent-browser --profile ~/.profiles/viewer open https://app.example.com
+```
+
+Or set via environment variable:
+
+```bash
+export AGENT_BROWSER_PROFILE=~/.myapp-profile
+agent-browser open https://app.example.com/dashboard
+```
+
+## Session Persistence
+
+Use `--session-name` to auto-save and restore cookies + localStorage by name, without managing files:
+
+```bash
+# Auto-saves state on close, auto-restores on next launch
+agent-browser --session-name twitter open https://twitter.com
+# ... login flow ...
+agent-browser close  # state saved to ~/.agent-browser/sessions/
+
+# Next time: state is automatically restored
+agent-browser --session-name twitter open https://twitter.com
+```
+
+Encrypt state at rest:
+
+```bash
+export AGENT_BROWSER_ENCRYPTION_KEY=$(openssl rand -hex 32)
+agent-browser --session-name secure open https://app.example.com
+```
+
+## Basic Login Flow
+
+```bash
+# Navigate to login page
+agent-browser open https://app.example.com/login
+agent-browser wait --load networkidle
+
+# Get form elements
+agent-browser snapshot -i
+# Output: @e1 [input type="email"], @e2 [input type="password"], @e3 [button] "Sign In"
+
+# Fill credentials
+agent-browser fill @e1 "user@example.com"
+agent-browser fill @e2 "password123"
+
+# Submit
+agent-browser click @e3
+agent-browser wait --load networkidle
+
+# Verify login succeeded
+agent-browser get url  # Should be dashboard, not login
+```
+
+## Saving Authentication State
+
+After logging in, save state for reuse:
+
+```bash
+# Login first (see above)
+agent-browser open https://app.example.com/login
+agent-browser snapshot -i
+agent-browser fill @e1 "user@example.com"
+agent-browser fill @e2 "password123"
+agent-browser click @e3
+agent-browser wait --url "**/dashboard"
+
+# Save authenticated state
+agent-browser state save ./auth-state.json
+```
+
+## Restoring Authentication
+
+Skip login by loading saved state:
+
+```bash
+# Load saved auth state
+agent-browser state load ./auth-state.json
+
+# Navigate directly to protected page
+agent-browser open https://app.example.com/dashboard
+
+# Verify authenticated
+agent-browser snapshot -i
+```
+
+## OAuth / SSO Flows
+
+For OAuth redirects:
+
+```bash
+# Start OAuth flow
+agent-browser open https://app.example.com/auth/google
+
+# Handle redirects automatically
+agent-browser wait --url "**/accounts.google.com**"
+agent-browser snapshot -i
+
+# Fill Google credentials
+agent-browser fill @e1 "user@gmail.com"
+agent-browser click @e2  # Next button
+agent-browser wait 2000
+agent-browser snapshot -i
+agent-browser fill @e3 "password"
+agent-browser click @e4  # Sign in
+
+# Wait for redirect back
+agent-browser wait --url "**/app.example.com**"
+agent-browser state save ./oauth-state.json
+```
+
+## Two-Factor Authentication
+
+Handle 2FA with manual intervention:
+
+```bash
+# Login with credentials
+agent-browser open https://app.example.com/login --headed  # Show browser
+agent-browser snapshot -i
+agent-browser fill @e1 "user@example.com"
+agent-browser fill @e2 "password123"
+agent-browser click @e3
+
+# Wait for user to complete 2FA manually
+echo "Complete 2FA in the browser window..."
+agent-browser wait --url "**/dashboard" --timeout 120000
+
+# Save state after 2FA
+agent-browser state save ./2fa-state.json
+```
+
+## HTTP Basic Auth
+
+For sites using HTTP Basic Authentication:
+
+```bash
+# Set credentials before navigation
+agent-browser set credentials username password
+
+# Navigate to protected resource
+agent-browser open https://protected.example.com/api
+```
+
+## Cookie-Based Auth
+
+Manually set authentication cookies:
+
+```bash
+# Set auth cookie
+agent-browser cookies set session_token "abc123xyz"
+
+# Navigate to protected page
+agent-browser open https://app.example.com/dashboard
+```
+
+## Token Refresh Handling
+
+For sessions with expiring tokens:
+
+```bash
+#!/bin/bash
+# Wrapper that handles token refresh
+
+STATE_FILE="./auth-state.json"
+
+# Try loading existing state
+if [[ -f "$STATE_FILE" ]]; then
+    agent-browser state load "$STATE_FILE"
+    agent-browser open https://app.example.com/dashboard
+
+    # Check if session is still valid
+    URL=$(agent-browser get url)
+    if [[ "$URL" == *"/login"* ]]; then
+        echo "Session expired, re-authenticating..."
+        # Perform fresh login
+        agent-browser snapshot -i
+        agent-browser fill @e1 "$USERNAME"
+        agent-browser fill @e2 "$PASSWORD"
+        agent-browser click @e3
+        agent-browser wait --url "**/dashboard"
+        agent-browser state save "$STATE_FILE"
+    fi
+else
+    # First-time login
+    agent-browser open https://app.example.com/login
+    # ... login flow ...
+fi
+```
+
+## Security Best Practices
+
+1. **Never commit state files** - They contain session tokens
+
+   ```bash
+   echo "*.auth-state.json" >> .gitignore
+   ```
+
+2. **Use environment variables for credentials**
+
+   ```bash
+   agent-browser fill @e1 "$APP_USERNAME"
+   agent-browser fill @e2 "$APP_PASSWORD"
+   ```
+
+3. **Clean up after automation**
+
+   ```bash
+   agent-browser cookies clear
+   rm -f ./auth-state.json
+   ```
+
+4. **Use short-lived sessions for CI/CD**
+   ```bash
+   # Don't persist state in CI
+   agent-browser open https://app.example.com/login
+   # ... login and perform actions ...
+   agent-browser close  # Session ends, nothing persisted
+   ```