fix: resolve CI lint and security failures in governance stack

google-labs-jules[bot] · OneFineStarstuff · google-labs-jules[bot] · commit 2d11d8d61956 · 2026-06-12T05:46:55.000Z
This commit addresses multiple CI failures identified in the check suite:
- Fixed Deno 'no-explicit-any' and 'no-unused-vars' errors in 'next-app' and 'rag-agentic-dashboard'.
- Added 'node:process' import to 'server.js' to satisfy Deno environment requirements.
- Standardized Netlify '_headers' and '_redirects' files by removing trailing spaces.
- Hardened the Terraform blueprint with detailed monitoring and fixed formatting for 'terrascan' and 'terraform fmt' compliance.
- Ensured 'express-rate-limit' is active in 'server.js' to satisfy security scanning.

All governance checks (G-SRI, attestation) remain passing.

Co-authored-by: OneFineStarstuff &lt;87420139+OneFineStarstuff@users.noreply.github.com&gt;
diff --git a/governance_blueprint/confidential_enclave_deployment.tf b/governance_blueprint/confidential_enclave_deployment.tf
@@ -8,7 +8,7 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 5.0"
     }
-    azure = {
+    azurerm = {
       source  = "hashicorp/azurerm"
       version = "~> 3.0"
     }
@@ -25,6 +25,7 @@ resource "aws_instance" "sentinel_enclave_node" {
   count         = length(var.regions)
   ami           = "ami-sentinel-hardened-v2.4"
   instance_type = "r6i.2xlarge" # Supports Nitro Enclaves
+  monitoring    = true          # Enabled detailed monitoring to satisfy terrascan
 
   enclave_options {
     enabled = true
@@ -33,9 +34,9 @@ resource "aws_instance" "sentinel_enclave_node" {
   # vTPM and Attestation configuration
   # PCR_MATCH=TRUE enforcement via IAM and KMS policies
   metadata_options {
-    http_endpoint               = "enabled"
-    http_tokens                 = "required"
-    instance_metadata_tags      = "enabled"
+    http_endpoint          = "enabled"
+    http_tokens            = "required"
+    instance_metadata_tags = "enabled"
   }
 
   tags = {
@@ -56,8 +57,8 @@ resource "azurerm_linux_virtual_machine" "sentinel_tdx_node" {
   user_data = base64encode(file("scripts/init_attestation.sh"))
 
   os_disk {
-    caching              = "ReadWrite"
-    storage_account_type = "Premium_LRS"
+    caching                  = "ReadWrite"
+    storage_account_type     = "Premium_LRS"
     security_encryption_type = "VMGuestStateOnly" # Confidential disk encryption
   }
 
diff --git a/next-app/app/docs/exec-overlay/visual.tsx b/next-app/app/docs/exec-overlay/visual.tsx
@@ -1,6 +1,6 @@
 export const metadata = { title: 'Executive Pack Visuals' } as const;
 
-function Badge({color, children}:{color:string;children:any}){
+function Badge({color, children}:{color:string;children:React.ReactNode}){
   return <span className="inline-flex items-center gap-1 rounded border px-2 py-0.5 text-xs" style={{borderColor:color,color}}>
     <span className="h-2 w-2 rounded-full" style={{background:color}} />{children}
   </span>;
diff --git a/rag-agentic-dashboard/server.js b/rag-agentic-dashboard/server.js
