passbolt-browser-extension 5.7.0 → 5.8.0

package/CHANGELOG.md

@@ -4,6 +4,79 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## [5.8.0] - 2025-12-16
+### Added
+- PB-46646 Reduce accidental destructive actions by moving Delete user and Disable MFA into a More menu in Users and groups
+- PB-28298 Add users to groups by dragging and dropping
+- PB-47198 Add exception to allow users to autofill workbench.cisecurity.org
+- PB-46997 DR - WP1.1 Update RbacsCollection to EntityV2Collection and add new methods
+- PB-46999 DR - WP1.2 Update RoleEntity schema and add new methods
+- PB-47000 DR - WP1.3 Update RolesCollection to EntityV2Collection and add new methods
+- PB-47002 DR - WP2.1 Update of RoleService to a RoleApiService
+- PB-47003 DR - WP2.2 Update of RoleModel to a RoleService
+- PB-47003 DR - WP2.3 Update of RbacService to a RbacApiService
+- PB-47014 DR - WP2.4 Update of RbacModel to a RbacService
+- PB-47015 DR - WP3.1 Create the FindAllRolesController and update the event
+- PB-47015 DR - WP3.1 Create the FindAllRolesController and update the event
+- PB-47017 DR - WP3.2 Update the FindMeController into a FindMeRbacController
+- PB-47088 DR - WP3.3 Create the FindAndUpdateRolesLocalStorageController
+- PB-47018 DR - WP4.1 Create RoleServiceWorkerService to get the roles
+- PB-47019 DR - WP4.2 Create RbacServiceWorkerService to get the RBAC permissions of a signed-in user
+- PB-47021 DR - WP4.3 Add the method canRoleUseAction in CanUseService
+- PB-47089 DR - WP4.4 Add a method to find and update roles in local storage
+- PB-47022 DR - WP5.1 Add the method canIUseAction in RbacContext
+- PB-47023 DR - WP5.2 Verify the signed-in user's RBAC privileges before allowing access to the FilterUsersByGroup functionality
+- PB-47024 DR - WP5.3 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUserWorkspaceMainActions functionality
+
+- PB-47023 DR - WP5.4 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUserWorkspaceActions functionality
+- PB-47036 DR - WP5.5 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUsersWorkspaceFilterBar functionality
+- PB-47037 DR - WP5.6 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUsers functionality
+- PB-47039 DR - WP5.7 Update CreateUser to select role in a dropdown component
+- PB-47042 DR - WP5.8 Update EditUser to select role in a dropdown component
+- PB-47027 DR - WP5.9 Create the component CreateRoleDialog
+- PB-47028 DR - WP5.10 Create the component EditRoleDialog
+- PB-47029 DR - WP5.11 Create the component DeleteRoleDialog
+- PB-47030 DR - WP5.12 Update the style of DisplayRbacAdministration to match current design
+- PB-47031 DR - WP5.13 Add create role in DisplayRbacAdministration
+- PB-47032 DR - WP5.14 Display all roles in DisplayRbacAdministration
+- PB-47033 DR - WP5.15 Add menu item to update the name of new role
+- PB-47016 DR - WP5.16 Add menu item to delete new role
+- PB-47090 DR - WP5.17 Update ManageAccountRecoveryUserSettings to use roles from context
+- PB-47091 DR - WP5.18 Update ReviewAccountRecoveryRequest to use roles from context
+- PB-47092 DR - WP5.19 Update DisplayScimSettingsAdministration to use roles from context
+- PB-47093 DR - WP5.20 Update DisplayUserDetailsInformation to use roles from context
+- PB-47094 DR - WP5.21 Update DisplayAccountRecoveryUserSettings to use roles from context
+- PB-47095 DR - WP5.22 Update UserWorkspaceContext to use roles from context
+- PB-47096 DR - WP5.23 Create the RoleContextProvider and add it on ExtAppContext
+- PB-47214 DR - WP5.24 Update the RoleEntity to avoid name bypass
+- PB-47215 DR - WP5.25 Update RolesCollection to filter out Guest role
+- PB-47216 DR - WP5.26 Update FindRolesService to filter out guest role
+- PB-47231 DR - WP5.27 Create component DeleteRoleNotAllowed
+
+### Fixed
+- PB-46180 Incorrect folder name encoding in sharing progress dialog
+- PB-46612 Add missing border radius to secret history selected revision
+- PB-45978 Resize bar continues dragging after mouse release
+- PB-46905 Display the "Remove from group" action button to group managers
+- PB-46627 Fix missing space in the “Advanced settings” of the password generator tabs between the last component and the CTA
+- PB-46930 Secret history review should display an unknown user when creator does not exists
+- PB-47298 KDBX not set expiry if never is set
+
+### Maintenance
+- PB-46636 Remove eslint v8 compatibility
+- PB-46890 Small upgrade for js-yaml (Medium)
+- PB-46831 Increase coverage of passbolt-styleguide DisplayUserTheme to 100%, and verify no change occurs when the user selects the already-selected theme
+- PB-29338 React 18: upgrade changes with Legacy DOM renderer
+- PB-47057 React 18: Remove unused dev dependency jest-dom
+- PB-47069 DisplayResourceDetailsInformation Test Cases for Expired Passwords
+- PB-46831 Increase coverage of passbolt-styleguide DisplayUserTheme to 100%
+- PB-47069 DisplayResourceDetailsInformation Test Cases for Expired Passwords
+- PB-47311 Major upgrade for serialize-javascript (Medium)
+- PB-46832 Increase coverage of ThemeEntity
+- PB-46833 Increase coverage of AccountSettingsService
+- PB-46834 Increase coverage of ThemeModel
+- PB-47011 ESLINT - WP1.1 Install phantom dependencies
+
 ## [5.7.0] - 2025-11-12
 ### Added
 - PB-17712 Focus should be put in the passphrase field when importing keepass file protected by passphrase
@@ -2491,7 +2564,8 @@ self registration settings option in the left-side bar
 - AP: User with plugin installed
 - LU: Logged in user
 
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.7.0...HEAD
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.8.0...HEAD
+[5.8.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.7.0...5.8.0
 [5.7.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.6.0...5.7.0
 [5.6.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.5.1...v5.6.0
 [5.5.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.5.0...v5.5.1

package/RELEASE_NOTES.md

@@ -1,72 +1,102 @@
-Release song: https://www.youtube.com/watch?v=fMnh5Tn8aeM
+Release song: https://www.youtube.com/watch?v=F5uXomY94w8
 
-Passbolt 5.7.0 introduces secret history, a highly demanded feature that gives users visibility and control over previous versions of their secrets. This release also includes several usability improvements requested and bug fixes reported by the community.
+Passbolt 5.8.0 introduces dynamic role management, allowing organizations to define additional roles that better align with internal policies, compliance requirements, and operational needs. This release also adds drag & drop user assignment to groups, simplifying day-to-day user and group management.
 
-## Secret history
+**Warning**: Ensure that all users have updated their browser extension to at least version 5.8 before assigning new roles. Otherwise, they will not be able to connect to Passbolt.
 
-It is now possible to access previous revisions of a secret directly from Passbolt.
+## Dynamic role management
 
-Secret history helps reduce the impact of human error and offers a safer way to manage evolving secrets. For instance, this enables users to undo an accidental update on the spot. Note that the feature is disabled by default and requires an administrator to enable it from the administration workspace.
+As was already the case with the default User role, Passbolt allows administrators to restrict what users can do by limiting access to specific capabilities. With version 5.8, this model is extended beyond the default Admin and User roles, making it possible to create additional roles and assign them to users for more granular control.Default roles cannot be modified or deleted, while newly created roles (up to two per instance)  can copy permissions from existing roles and can be renamed or deleted.
 
-## User and group workspace improvements
+Dynamic roles also enable the delegation of administrative responsibilities. Rather than granting full administrative access, administrators can now assign selected capabilities to custom roles and distribute operational tasks across multiple users. Initial support covers group creation, as well as handling account recovery requests in Passbolt Pro.
 
-A new “Remove from group” action has been added to the user and group workspaces. This addition eliminates the confusion between permanently deleting a user and simply removing them from a specific group.
+At this stage, dynamic role management comes with a defined scope and set of constraints.
 
-Moreover, administrators can now instantly filter users that require attention via the “Attention Required” filter in the workspace. For instance: identifying users with a pending account recovery request to review, or missing metadata keys.
+- The default Admin and User roles keep fixed names and cannot be renamed or deleted.
+- As before, the User role can be restricted, but it cannot be assigned delegated administrative responsibilities.
+- The Admin role, by contrast, always retains access to all capabilities and cannot be restricted.
+- Custom roles are currently limited to two per instance and support a first set of administrative capabilities.
 
-## Import report
+This scope will be expanded progressively as additional needs and use cases are identified by the community.
 
-The application now displays a summary dialog after an import, offering accurate and actionable information. The report precisely categorises alerts into successes, warnings and errors, providing end users with additional logs.
+## Drag & drop users to groups
+
+Managing group membership often requires repetitive actions when working with large teams or frequently changing group structures. With Passbolt 5.8, administrators can now add users to a group by dragging them directly onto it from the Users & Groups workspace. This removes the need to open and edit each group individually and makes day-to-day group management faster and more fluid.
 
 ## Miscellaneous improvements
-As usual this release is packed with improvements and bug fixes reported by the community. Notably, the reliability of autofill has been improved across a wider range of websites. If you find that autofill does not work on a particular website, feel free to open a bug report including the website details to help us identify the custom selector. For more, check out the changelog below.
 
-Many thanks to everyone who provided feedback, reported issues, and helped refine these new features.
+As usual, this release includes fixes and smaller improvements intended to improve the overall experience. For the full list of changes, please refer to the changelog.
+
+Many thanks to everyone who provided feedback and helped refine these features.
 
 ### Added
-- PB-17712 Focus should be put in the passphrase field when importing keepass file protected by passphrase
-- PB-33599 Allow users to access previous revisions of a resource’s secret
-- PB-33599 Allow administrators to configure how many secret revisions are retained
-- PB-44420 Allow administrators to download the Users Directory sync report for follow-up actions
-- PB-44434 As an administrator I can see encrypted metadata healthchecks from the administration workspace
-- PB-45249 Add “Attention required” filter in the “Users & groups” workspace to filter users by attention required
-- PB-45842 Add link to SCIM admin guide in the product
-- PB-46427 Add remove from group button in User & Group Workspace page
+- PB-46646 Reduce accidental destructive actions by moving Delete user and Disable MFA into a More menu in Users and groups
+- PB-28298 Add users to groups by dragging and dropping
+- PB-47198 Add exception to allow users to autofill workbench.cisecurity.org
+- PB-46997 DR - WP1.1 Update RbacsCollection to EntityV2Collection and add new methods
+- PB-46999 DR - WP1.2 Update RoleEntity schema and add new methods
+- PB-47000 DR - WP1.3 Update RolesCollection to EntityV2Collection and add new methods
+- PB-47002 DR - WP2.1 Update of RoleService to a RoleApiService
+- PB-47003 DR - WP2.2 Update of RoleModel to a RoleService
+- PB-47003 DR - WP2.3 Update of RbacService to a RbacApiService
+- PB-47014 DR - WP2.4 Update of RbacModel to a RbacService
+- PB-47015 DR - WP3.1 Create the FindAllRolesController and update the event
+- PB-47015 DR - WP3.1 Create the FindAllRolesController and update the event
+- PB-47017 DR - WP3.2 Update the FindMeController into a FindMeRbacController
+- PB-47088 DR - WP3.3 Create the FindAndUpdateRolesLocalStorageController
+- PB-47018 DR - WP4.1 Create RoleServiceWorkerService to get the roles
+- PB-47019 DR - WP4.2 Create RbacServiceWorkerService to get the RBAC permissions of a signed-in user
+- PB-47021 DR - WP4.3 Add the method canRoleUseAction in CanUseService
+- PB-47089 DR - WP4.4 Add a method to find and update roles in local storage
+- PB-47022 DR - WP5.1 Add the method canIUseAction in RbacContext
+- PB-47023 DR - WP5.2 Verify the signed-in user's RBAC privileges before allowing access to the FilterUsersByGroup functionality
+- PB-47024 DR - WP5.3 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUserWorkspaceMainActions functionality
+
+- PB-47023 DR - WP5.4 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUserWorkspaceActions functionality
+- PB-47036 DR - WP5.5 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUsersWorkspaceFilterBar functionality
+- PB-47037 DR - WP5.6 Verify the signed-in user's RBAC privileges before allowing access to the DisplayUsers functionality
+- PB-47039 DR - WP5.7 Update CreateUser to select role in a dropdown component
+- PB-47042 DR - WP5.8 Update EditUser to select role in a dropdown component
+- PB-47027 DR - WP5.9 Create the component CreateRoleDialog
+- PB-47028 DR - WP5.10 Create the component EditRoleDialog
+- PB-47029 DR - WP5.11 Create the component DeleteRoleDialog
+- PB-47030 DR - WP5.12 Update the style of DisplayRbacAdministration to match current design
+- PB-47031 DR - WP5.13 Add create role in DisplayRbacAdministration
+- PB-47032 DR - WP5.14 Display all roles in DisplayRbacAdministration
+- PB-47033 DR - WP5.15 Add menu item to update the name of new role
+- PB-47016 DR - WP5.16 Add menu item to delete new role
+- PB-47090 DR - WP5.17 Update ManageAccountRecoveryUserSettings to use roles from context
+- PB-47091 DR - WP5.18 Update ReviewAccountRecoveryRequest to use roles from context
+- PB-47092 DR - WP5.19 Update DisplayScimSettingsAdministration to use roles from context
+- PB-47093 DR - WP5.20 Update DisplayUserDetailsInformation to use roles from context
+- PB-47094 DR - WP5.21 Update DisplayAccountRecoveryUserSettings to use roles from context
+- PB-47095 DR - WP5.22 Update UserWorkspaceContext to use roles from context
+- PB-47096 DR - WP5.23 Create the RoleContextProvider and add it on ExtAppContext
+- PB-47214 DR - WP5.24 Update the RoleEntity to avoid name bypass
+- PB-47215 DR - WP5.25 Update RolesCollection to filter out Guest role
+- PB-47216 DR - WP5.26 Update FindRolesService to filter out guest role
+- PB-47231 DR - WP5.27 Create component DeleteRoleNotAllowed
 
 ### Fixed
-- PB-18497 Add loading spinner when submitting imported GPG key during account extension association (activation/recover)
-- PB-36183 Display UTC date in tooltip for relative “X days ago” timestamps
-- PB-42032 Fix: update passphrase help section link goes to the former help site
-- PB-43950 Add padding between fields and their description on the Users Directory administration page
-- PB-44603 Help link in administration internationalization page should target the contribute page of the help site
-- PB-44949 GITHUB#240 Inform menu crash on suggested resource icon
-- PB-45263 Enforce password expiry on imported resources when a password policy requires it
-- PB-45588 Extend metadata description textarea in resource creation dialog to use full available height
-- PB-45699 User without groups is not display correctly on the right sidebar
-- PB-45723 The in-form CTA is not visible since v5.5 for some web application
-- PB-45797 Fix typos in BExt
-- PB-45917 I can autofill my username in the login form of cryptpad in French
-- PB-45992 Keep selection of resources when collapsing the Workspace section
-- PB-46013 Empty Full Report textarea displayed in Users Directory dialogs when there are no resources to synchronize
-- PB-46065 Prevent re-encryption of metadata with personal user key when a resource is shared with a group
-- PB-46118 Import unexpected error handling on import
-- PB-46191 Update UserSettings validateDomain to make sure the issue cannot be exploited
-- PB-46372 As LU, I should see the content share dialog within the boundaries of the dialog
-- PB-46385 Fix auto-fill on OVH with custom selector field on username
+- PB-46180 Incorrect folder name encoding in sharing progress dialog
+- PB-46612 Add missing border radius to secret history selected revision
+- PB-45978 Resize bar continues dragging after mouse release
+- PB-46905 Display the "Remove from group" action button to group managers
+- PB-46627 Fix missing space in the “Advanced settings” of the password generator tabs between the last component and the CTA
+- PB-46930 Secret history review should display an unknown user when creator does not exists
+- PB-47298 KDBX not set expiry if never is set
 
 ### Maintenance
-- PB-30373 Remove unused event passbolt.app-bootstrap.navigate-to-logout
-- PB-45099 Update: Regular expression on private key metadata validation
-- PB-45100 Update: Regular expression on GPG Message validation
-- PB-45585 Fix SCIM styleguide related unit tests error
-- PB-45589 Refactor resource favorite capability to use FavoriteServiceWorkerService instead of direct port requests
-- PB-45590 Migrate favorite logic from FavoriteModel to FavoriteResourceService and remove legacy model
-- PB-45591 Route passbolt.favorite.add/delete events through controllers instead of calling services directly
-- PB-45593 Add test coverage for FavoriteService API and rename class to align with Passbolt standard
-- PB-45678 Upgrade ESLint dependencies across both repositories
-- PB-45835 Migrate group (partially) related code to new architecture
-- PB-45894 Rename leftSideBar and rightSideBar classes to respect naming convention
-- PB-45963 Replace find-all with find-my-groups Port Requests
-- PB-45965 Rename groupService to groupApiService
-- PB-46127 Update i18next dependency
-- PB-46190 Update themeEntity to remove preview unused field
+- PB-46636 Remove eslint v8 compatibility
+- PB-46890 Small upgrade for js-yaml (Medium)
+- PB-46831 Increase coverage of passbolt-styleguide DisplayUserTheme to 100%, and verify no change occurs when the user selects the already-selected theme
+- PB-29338 React 18: upgrade changes with Legacy DOM renderer
+- PB-47057 React 18: Remove unused dev dependency jest-dom
+- PB-47069 DisplayResourceDetailsInformation Test Cases for Expired Passwords
+- PB-46831 Increase coverage of passbolt-styleguide DisplayUserTheme to 100%
+- PB-47069 DisplayResourceDetailsInformation Test Cases for Expired Passwords
+- PB-47311 Major upgrade for serialize-javascript (Medium)
+- PB-46832 Increase coverage of ThemeEntity
+- PB-46833 Increase coverage of AccountSettingsService
+- PB-46834 Increase coverage of ThemeModel
+- PB-47011 ESLINT - WP1.1 Install phantom dependencies

package/eslint.config.mjs

@@ -1,146 +1,224 @@
-import {defineConfig} from "eslint/config";
-import jest from "eslint-plugin-jest";
-import noUnsanitized from "eslint-plugin-no-unsanitized";
-import globals from "globals";
-import babelParser from "@babel/eslint-parser";
-import path from "node:path";
-import {fileURLToPath} from "node:url";
-import js from "@eslint/js";
-import {FlatCompat} from "@eslint/eslintrc";
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-const compat = new FlatCompat({
-  baseDirectory: __dirname,
-  recommendedConfig: js.configs.recommended,
-  allConfig: js.configs.all
-});
-
-export default defineConfig([{
-  extends: compat.extends("eslint:recommended", "plugin:react/recommended"),
-
-  plugins: {
-    jest,
-    "no-unsanitized": noUnsanitized
-  },
-
-  languageOptions: {
-    globals: {
-      ...globals.browser,
-      ...globals.amd,
-      ...globals.webextensions,
-      ...globals.jest,
-      ...globals.node,
-      global: true,
-      port: true,
-      Validator: true,
-      openpgp: true,
-      PapaParse: true,
-      kdbxweb: true,
-      storage: true,
-      jsSHA: true,
-      XRegExp: true,
-      stripslashes: true,
-      urldecode: true,
-      OpenpgpkeyEntity: true,
-    },
+import globals from 'globals';
+import babelParser from '@babel/eslint-parser';
+import path from 'path';
+import {fileURLToPath} from 'url';
+
+// ESLint plugins import
+import js from '@eslint/js';
+import noUnsanitizedPlugin from 'eslint-plugin-no-unsanitized';
+import jestPlugin from 'eslint-plugin-jest';
+import reactPlugin from 'eslint-plugin-react';
+import importPlugin from 'eslint-plugin-import';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+export default [
+  js.configs.recommended,                        // core JavaScript rules
+  reactPlugin.configs.flat.recommended,          // React best practices
+  reactPlugin.configs.flat['jsx-runtime'],       // JSX transform rules
+  importPlugin.flatConfigs.recommended,          // import/export validations
+  {
+    files: ['**/*.{js,jsx,mjs,cjs}'],
+
+    languageOptions: {
+      parser: babelParser,
+      ecmaVersion: 2024,
+      sourceType: 'module',
+
+      parserOptions: {
+        requireConfigFile: false,
+        ecmaFeatures: {
+          jsx: true,
+        },
+        babelOptions: {
+          presets: ['@babel/preset-react'],
+        },
+      },
 
-    parser: babelParser,
-    ecmaVersion: 2018,
-    sourceType: "module",
+      globals: {
+        ...globals.browser,
+        ...globals.node,
+        ...globals.es2024,
+        ...globals.webextensions,
 
-    parserOptions: {
-      requireConfigFile: false,
+        // Custom globals
+        global: 'readonly',
+        port: 'readonly',
+      },
+    }, plugins: {
+      'no-unsanitized': noUnsanitizedPlugin,
+    },
 
-      babelOptions: {
-        presets: ["@babel/preset-react"],
+    settings: {
+      react: {
+        version: 'detect',
       },
+      'import/resolver': {
+        node: {
+          paths: [__dirname], // Add project root to resolution paths
+          extensions: ['.js', '.jsx', '.mjs', '.cjs'],
+        },
+        alias: {
+          map: [
+            ['passbolt-styleguide', path.resolve(__dirname)],
+          ],
+          extensions: ['.js', '.jsx', '.ts', '.tsx'],
+        },
+      },
+    },
+
+    rules: {
+      /*
+       * ============================================
+       * CUSTOM OVERRIDES
+       * ============================================
+       */
+
+      "array-bracket-spacing": 1, // Enforces consistent spacing inside array brackets
+      "block-spacing": 1, // Enforces consistent spacing inside single-line blocks
+      "brace-style": ["warn", "1tbs", {allowSingleLine: true}], // Enforces one true brace style (opening brace on same line)
+      "comma-spacing": 1, // Enforces consistent spacing before/after commas
+      "computed-property-spacing": 1, // Enforces consistent spacing inside computed property brackets
+      "eol-last": 1, // Requires newline at the end of files
+      "func-call-spacing": 1, // Disallows spaces between function name and parentheses in calls
+      "key-spacing": ["warn", {mode: "minimum"}], // Enforces minimum spacing between keys and values in object literals
+      "keyword-spacing": 1, // Enforces consistent spacing before/after keywords (if, else, for, etc.)
+      "linebreak-style": 1, // Enforces consistent linebreak style (unix vs windows)
+      "no-trailing-spaces": 1, // Disallows trailing whitespace at the end of lines
+      "object-curly-spacing": ["warn", "never"], // Disallows spaces inside object curly braces
+      "one-var": ["error", {initialized: "never", uninitialized: "always"}], // Enforces variables declaration style (one declaration for uninitialized, separate for initialized)
+      "padded-blocks": ["warn", "never"], // Disallows padding blank lines within blocks
+      "semi": ["warn", "always"], // Requires semicolons at the end of statements
+      "semi-spacing": 1, // Enforces spacing before/after semicolons
+      "space-before-blocks": 1, // Requires space before opening brace of blocks
+      "space-before-function-paren": ["warn", "never"], // Disallows space before function parentheses
+      "space-in-parens": ["warn", "never"], // Disallows spaces inside parentheses
+      "space-infix-ops": 1, // Requires spaces around infix operators (+, -, =, etc.)
+      "arrow-body-style": ["warn", "as-needed"], // Requires braces around arrow function body only when needed
+      "arrow-parens": ["warn", "as-needed"], // Requires parens around arrow function parameters only when needed
+      "arrow-spacing": 1, // Enforces consistent spacing before/after arrow function arrows
+      "template-curly-spacing": ["warn", "never"], // Disallows spaces inside template literal curly braces
+      "multiline-comment-style": ["error", "starred-block"], // Enforces starred-block style for multiline comments (/* * */)
+      "indent": ["warn", 2, {MemberExpression: 1, SwitchCase: 1}], // Enforces 2 spaces indentation with specific rules for member expressions and switch cases
+      // "object-shorthand": ["error", "consistent"],
+
+
+      // Critical rules not in recommended configs
+      'curly': 'error',                          // Always use braces
+      'no-implicit-coercion': 'error',           // No implicit type coercion
+      'no-implicit-globals': 'error',            // No implicit global variables
+      'no-unsanitized/method': 'error',          // Prevent XSS via innerHTML
+      'no-unsanitized/property': 'error',        // Prevent XSS via outerHTML
+
+      // Our specific preferences (override recommended)
+      'no-console': 'off',                       // Allow console.log in dev
+      'react/display-name': 'off',               // Don't require display names
+      'react/prop-types': 'off',                 // Skip PropTypes (future TypeScript)
+      'no-useless-escape': 'off',                // Too many false positives
+      "func-names": [
+        "error",
+        "never"
+      ],
+
+      // Phantom dependency detection (CRITICAL)
+      'import/no-extraneous-dependencies': ['error', {
+        devDependencies: [
+          '**/*.test.{js,jsx}',
+          '**/*.spec.{js,jsx}',
+          '**/__tests__/**',
+          '**/test/**',
+          '**/tests/**',
+          '**/scripts/**',
+          '*.config.{js,mjs,cjs}',
+          'webpack.config.js',
+        ],
+        optionalDependencies: false,
+        peerDependencies: true,
+      }],
+
+      // Browser extension specific
+      'n/no-unsupported-features/node-builtins': 'off',  // We use browser APIs
+      'n/no-missing-import': 'off',                       // Handled by import plugin
+      'n/no-missing-require': 'off',                      // Handled by import plugin
+
+      // Muted during migration
+      'import/no-named-as-default-member': 'off',
+      'import/no-duplicates': 'off',
+      'import/named': 'off',
+      'import/no-named-as-default': 'off',
+      'no-empty': 'off',
+      'react/jsx-uses-react': 'error',  // Marks React as used when JSX is present
+      'react/jsx-uses-vars': 'error',   // Marks JSX components as used
+      'react/react-in-jsx-scope': 'error', // Ensures React is in scope for JSX
     },
   },
+  /*
+   * ============================================
+   * TEST FILES CONFIGURATION
+   * ============================================
+   */
+  {
+    files: [
+      '**/*.test.{js,jsx}',
+      '**/*.test.data.{js,jsx}',
+      '**/*.test.page.{js,jsx}',
+      '**/*.test.page.object.{js,jsx}',
+      '**/*.test.stories.{js,jsx}',
+      '**/*.spec.{js,jsx}',
+      '**/__tests__/**',
+      '**/test/mock/**',
+    ],
+
+    languageOptions: {
+      globals: {
+        ...globals.jest,
+      },
+    },
+
+    plugins: {
+      jest: jestPlugin,
+    },
 
-  settings: {
-    react: {
-      version: "detect",
+    rules: {
+      ...jestPlugin.configs['flat/recommended'].rules,
+
+      // Test-specific overrides
+      'no-console': 'off',                       // Allow console in tests
+      'import/no-extraneous-dependencies': 'off', // Dev deps OK in tests
+      'jest/prefer-expect-assertions': 'off',     // Not always needed
+
+      // Rules muted during migration
+      'jest/no-conditional-expect': 'off',
+      'jest/valid-title': 'off',
+      'jest/no-alias-methods': 'off',
+      'jest/no-export': 'off',
+      'jest/valid-expect': 'off',
+      'jest/no-identical-title': 'off',
+      'jest/expect-expect': 'off',
+      'jest/valid-expect-in-promise': 'off',
+      'jest/no-disabled-tests': 'off',
+      'jest/valid-describe-callback': 'off',
+      'jest/no-focused-tests': 'off',
+      'jest/no-standalone-expect': 'off'
     },
   },
+  /*
+   * ============================================
+   * BUILD/CONFIG FILES
+   * ============================================
+   */
+  {
+    files: ['*.config.{js,mjs,cjs}', 'scripts/**/*.js', 'webpack.config.js'],
+
+    languageOptions: {
+      globals: {
+        ...globals.node,
+      },
+    },
 
-  rules: {
-    strict: ["error", "never"],
-    "no-console": 0,
-
-    "no-empty": ["error", {
-      allowEmptyCatch: true,
-    }],
-
-    curly: 2,
-    "no-eval": 2,
-
-    "no-extend-native": ["error", {
-      exceptions: ["Error"],
-    }],
-
-    "no-global-assign": 2,
-    "no-implicit-coercion": 2,
-    "no-implicit-globals": 2,
-    "no-implied-eval": 2,
-    "no-lone-blocks": 2,
-    "no-useless-escape": 0,
-    "array-bracket-spacing": 1,
-    "block-spacing": 1,
-
-    "brace-style": ["warn", "1tbs", {
-      allowSingleLine: true,
-    }],
-
-    "comma-spacing": 1,
-    "computed-property-spacing": 1,
-    "eol-last": 1,
-    "func-call-spacing": 1,
-
-    "key-spacing": ["warn", {
-      mode: "minimum",
-    }],
-
-    "keyword-spacing": 1,
-    "linebreak-style": 1,
-    "no-trailing-spaces": 1,
-    "no-var": 1,
-    "object-curly-spacing": ["warn", "never"],
-
-    "one-var": ["error", {
-      initialized: "never",
-      uninitialized: "always",
-    }],
-
-    "padded-blocks": ["warn", "never"],
-    semi: ["warn", "always"],
-    "semi-spacing": 1,
-    "space-before-blocks": 1,
-    "space-before-function-paren": ["warn", "never"],
-    "space-in-parens": ["warn", "never"],
-    "space-infix-ops": 1,
-    "arrow-body-style": ["warn", "as-needed"],
-    "arrow-parens": ["warn", "as-needed"],
-    "arrow-spacing": 1,
-    "no-useless-constructor": 1,
-
-    "prefer-arrow-callback": ["warn", {
-      allowNamedFunctions: true,
-    }],
-
-    "prefer-const": ["error"],
-    "prefer-template": 1,
-    "template-curly-spacing": ["warn", "never"],
-    "func-names": ["error", "never"],
-    "object-shorthand": ["error", "consistent"],
-    "multiline-comment-style": ["error", "starred-block"],
-
-    indent: ["warn", 2, {
-      MemberExpression: 1,
-      SwitchCase: 1,
-    }],
-
-    "no-unsanitized/method": "error",
-    "no-unsanitized/property": "error",
+    rules: {
+      'no-console': 'off',                       // Allow console in scripts
+      'import/no-extraneous-dependencies': 'off', // Dev deps OK in configs
+    },
   },
-}]);
+];