chore: Enable more lint rules, disable some that trigger a lot. Will clean up later.

src/agents/auth-profiles/display.ts

@@ -9,9 +9,7 @@ export function resolveAuthProfileDisplayLabel(params: {
   const { cfg, store, profileId } = params;
   const profile = store.profiles[profileId];
   const configEmail = cfg?.auth?.profiles?.[profileId]?.email?.trim();
-  const email =
-    configEmail ||
-    (profile && "email" in profile ? (profile.email as string | undefined)?.trim() : undefined);
+  const email = configEmail || (profile && "email" in profile ? profile.email?.trim() : undefined);
   if (email) return `${profileId} (${email})`;
   return profileId;
 }

src/agents/auth-profiles/oauth.ts

@@ -62,7 +62,7 @@ async function refreshOAuthTokenWithLock(params: {
               const newCredentials = await refreshQwenPortalCredentials(cred);
               return { apiKey: newCredentials.access, newCredentials };
             })()
-          : await getOAuthApiKey(cred.provider as OAuthProvider, oauthCreds);
+          : await getOAuthApiKey(cred.provider, oauthCreds);
     if (!result) return null;
     store.profiles[params.profileId] = {
       ...cred,
@@ -233,6 +233,7 @@ export async function resolveApiKeyForProfile(params: {
       `OAuth token refresh failed for ${cred.provider}: ${message}. ` +
         "Please try again or re-authenticate." +
         (hint ? `\n\n${hint}` : ""),
+      { cause: error },
     );
   }
 }

src/agents/auth-profiles/order.ts

@@ -112,7 +112,7 @@ export function resolveAuthProfileOrder(params: {
     }
 
     const cooldownSorted = inCooldown
-      .sort((a, b) => a.cooldownUntil - b.cooldownUntil)
+      .toSorted((a, b) => a.cooldownUntil - b.cooldownUntil)
       .map((entry) => entry.profileId);
 
     const ordered = [...available, ...cooldownSorted];
@@ -163,7 +163,7 @@ function orderProfilesByMode(order: string[], store: AuthProfileStore): string[]
   // Primary sort: type preference (oauth > token > api_key).
   // Secondary sort: lastUsed (oldest first for round-robin within type).
   const sorted = scored
-    .sort((a, b) => {
+    .toSorted((a, b) => {
       // First by type (oauth > token > api_key)
       if (a.typeScore !== b.typeScore) return a.typeScore - b.typeScore;
       // Then by lastUsed (oldest first)
@@ -177,7 +177,7 @@ function orderProfilesByMode(order: string[], store: AuthProfileStore): string[]
       profileId,
       cooldownUntil: resolveProfileUnusableUntil(store.usageStats?.[profileId] ?? {}) ?? now,
     }))
-    .sort((a, b) => a.cooldownUntil - b.cooldownUntil)
+    .toSorted((a, b) => a.cooldownUntil - b.cooldownUntil)
     .map((entry) => entry.profileId);
 
   return [...sorted, ...cooldownSorted];

src/agents/auth-profiles/repair.ts

@@ -45,7 +45,7 @@ export function suggestOAuthProfileIdForLegacyDefault(params: {
     const byEmail = oauthProfiles.find((id) => {
       const cred = params.store.profiles[id];
       if (!cred || cred.type !== "oauth") return false;
-      const email = (cred.email as string | undefined)?.trim();
+      const email = cred.email?.trim();
       return email === configuredEmail || id === `${providerKey}:${configuredEmail}`;
     });
     if (byEmail) return byEmail;
@@ -93,11 +93,10 @@ export function repairOAuthProfileIdMismatch(params: {
   }
 
   const toCred = params.store.profiles[toProfileId];
-  const toEmail =
-    toCred?.type === "oauth" ? (toCred.email as string | undefined)?.trim() : undefined;
+  const toEmail = toCred?.type === "oauth" ? toCred.email?.trim() : undefined;
 
   const nextProfiles = {
-    ...(params.cfg.auth?.profiles as Record<string, AuthProfileConfig> | undefined),
+    ...params.cfg.auth?.profiles,
   } as Record<string, AuthProfileConfig>;
   delete nextProfiles[legacyProfileId];
   nextProfiles[toProfileId] = {