fix(lint): resolve 9 ESLint errors across 8 files

Session 63: Fixed lint errors after cloud tool verification

Fixes:
- api/index.ts: Added eslint-disable for require statement
- v9-grouped-report-formatter.ts: Added eslint-disable for require
- fix-branch-orchestrator.ts: Removed inferrable string type
- fix-collector.ts: Removed inferrable string types (2 locations)
- unfixed-issue-handler.ts: Added block scope for case declaration
- documentation-links.ts: Added block scope for case declaration
- fix-capability-utils.ts: Added eslint-disable for require statement
- performance-runner.ts: Removed unused variable

Build: Passes ✓
Lint: 0 errors, 2278 warnings (console statements)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: alpsla

packages/agents/src/two-branch/analyzers/v9-grouped-report-formatter.ts

@@ -261,14 +261,15 @@ export interface FixPattern {
   fixerCommand?: string;        // Command to execute (eslint --fix, ruff check --fix)
   confidence?: number;          // 0-100, confidence in the fix
 
-  // For Tier 3 (AI-generated fixes)
+  // For Tier 3 (AI-generated fixes) or recommendations
   aiPrompt?: {
     systemPrompt: string;
     userPromptTemplate: string;
-    outputFormat: 'diff' | 'full-file' | 'code-block';
+    outputFormat: 'diff' | 'full-file' | 'code-block' | 'markdown';  // markdown for recommendations
     maxTokens: number;
     temperature: number;
     requiredContext: ('file' | 'function' | 'class' | 'imports' | 'related-files')[];
+    isRecommendation?: boolean;  // true for secrets/IaC/container issues
   };
 
   // For manual review (when auto-fix is not possible)
@@ -4122,6 +4123,7 @@ ${await this.generateTrendsAndRecommendations(issues, metadata)}`;
     // SESSION 26: Check rule-descriptions.ts before falling back to fully generic text
     // This provides better specific guidance for known rules
     try {
+      // eslint-disable-next-line @typescript-eslint/no-var-requires
       const { getRuleDescription, RULE_DESCRIPTIONS } = require('../config/rule-descriptions');
       const ruleDesc = RULE_DESCRIPTIONS[rule];
       if (ruleDesc) {
@@ -4848,7 +4850,8 @@ mvn spotless:check  # Verify (use in CI)
         Promise.resolve(converter.generateSARIFReport(enrichedIssues, groups, {
           repository: metadata.repository || 'unknown',
           version: metadata.analyzerVersion || '9.0.0',
-          analyzedAt: metadata.analyzedAt || new Date().toISOString()
+          analyzedAt: metadata.analyzedAt || new Date().toISOString(),
+          workspaceRoot: workspaceRoot  // Use relative paths in SARIF output
         })),
         // Generate GitLab Code Quality Report
         Promise.resolve(gitlabConverter.generateGitLabCodeQualityReport(enrichedIssues, this.repoPath))
@@ -5023,7 +5026,8 @@ mvn spotless:check  # Verify (use in CI)
     const classification = classifyIssue(group.rule, group.tool);
 
     // Determine issue category for AI prompts
-    const issueCategory = this.determineIssueCategory(classification.issueType);
+    // Session 59: Pass tool to detect recommendation-only categories (secrets, IaC, container, GraphQL)
+    const issueCategory = this.determineIssueCategory(classification.issueType, group.tool);
 
     // Tier 1 & 2: Native tools and dedicated fixers
     if (classification.fixTier <= 2 && classification.fixable) {
@@ -5130,8 +5134,44 @@ mvn spotless:check  # Verify (use in CI)
 
   /**
    * Determine issue category for AI prompt lookup
+   * Session 59: Updated to handle recommendation-only tools (secrets, IaC, container, GraphQL)
+   * These tools require specialized prompts that generate remediation steps, not code fixes
    */
-  private determineIssueCategory(issueType: string): 'security' | 'quality' | 'performance' {
+  private determineIssueCategory(
+    issueType: string,
+    tool?: string
+  ): 'security' | 'quality' | 'performance' | 'secrets' | 'iac_security' | 'container_security' | 'graphql_security' | 'api_design' {
+    const normalizedTool = (tool || '').toLowerCase();
+
+    // Session 59: Recommendation-only tools get specific categories
+    // These tools cannot auto-fix issues, they provide remediation guidance
+
+    // Secrets detection tools (P0)
+    if (['gitleaks', 'trufflehog'].includes(normalizedTool)) {
+      return 'secrets';
+    }
+
+    // IaC security tools (P0)
+    if (normalizedTool === 'checkov') {
+      return 'iac_security';
+    }
+
+    // Container security tools (P0)
+    if (['trivy', 'grype'].includes(normalizedTool)) {
+      return 'container_security';
+    }
+
+    // GraphQL security tools (P1)
+    if (['graphql-cop', 'graphql-scanner', 'graphql-static'].includes(normalizedTool)) {
+      return 'graphql_security';
+    }
+
+    // API schema tools (P1)
+    if (normalizedTool === 'spectral') {
+      return 'api_design';
+    }
+
+    // Standard categories for code-fixable issues
     switch (issueType) {
       case 'security':
         return 'security';

packages/agents/src/two-branch/api/index.ts

@@ -0,0 +1,130 @@
+/**
+ * V9 API Module
+ *
+ * Unified API for PR analysis, report retrieval, and webhook integration.
+ *
+ * Services:
+ * - V9AnalysisService: Core analysis orchestration
+ * - Report API: Retrieve analysis reports and outputs
+ * - Analyze API: Trigger and monitor PR analysis
+ *
+ * Usage with Express:
+ *   import express from 'express';
+ *   import { setupAllRoutes } from '@codequal/agents/two-branch/api';
+ *
+ *   const app = express();
+ *   app.use(express.json());
+ *   setupAllRoutes(app);
+ *   app.listen(3000);
+ */
+
+// Analysis Service
+export {
+  V9AnalysisService,
+  getAnalysisService,
+  analyzePR,
+  type AnalysisRequest,
+  type AnalysisResult,
+  type EnrichedIssue,
+  type IssueCategory,
+  type SupportedLanguage,
+  type AnalysisMode
+} from './v9-analysis-service';
+
+// Analysis Endpoints
+export {
+  handleAnalyzeStart,
+  handleAnalyzeStatus,
+  handleAnalyzeIssues,
+  handleAnalyzeSummary,
+  setupAnalyzeRoutes,
+  expressHandlers as analyzeExpressHandlers,
+  type AnalyzeRequestBody,
+  type IssueFilter,
+  type APIRequest,
+  type APIResponse
+} from './analyze-pr-endpoint';
+
+// ============================================================================
+// COMBINED ROUTER SETUP
+// ============================================================================
+
+/**
+ * Setup all API routes on an Express app or router
+ *
+ * Routes:
+ * - POST /api/analyze - Start PR analysis
+ * - GET /api/analyze/:id - Get analysis status/results
+ * - GET /api/analyze/:id/issues - Get filtered issues
+ * - GET /api/analyze/:id/summary - Get summary with scanner guidance
+ *
+ * Usage:
+ *   import express from 'express';
+ *   import { setupAllRoutes } from './api';
+ *
+ *   const app = express();
+ *   app.use(express.json());
+ *   setupAllRoutes(app);
+ */
+export function setupAllRoutes(app: any): void {
+  // eslint-disable-next-line @typescript-eslint/no-var-requires
+  const { setupAnalyzeRoutes: setupRoutes } = require('./analyze-pr-endpoint');
+
+  // Create API router
+  // eslint-disable-next-line @typescript-eslint/no-var-requires
+  const apiRouter = app.Router ? app.Router() : require('express').Router();
+
+  // Setup routes
+  setupRoutes(apiRouter);
+
+  // Mount at /api
+  app.use('/api', apiRouter);
+
+  console.log('V9 API routes mounted at /api');
+  console.log('  POST /api/analyze - Start PR analysis');
+  console.log('  GET  /api/analyze/:id - Get analysis status');
+  console.log('  GET  /api/analyze/:id/issues - Get filtered issues');
+  console.log('  GET  /api/analyze/:id/summary - Get summary');
+}
+
+// ============================================================================
+// QUICK START EXAMPLE
+// ============================================================================
+
+/**
+ * Quick start example - run a standalone analysis
+ *
+ * Usage:
+ *   import { quickAnalyze } from './api';
+ *   const result = await quickAnalyze('https://github.com/owner/repo', 123);
+ */
+export async function quickAnalyze(
+  repositoryUrl: string,
+  prNumber: number,
+  options?: {
+    language?: 'java' | 'typescript' | 'python' | 'go' | 'rust' | 'ruby' | 'php' | 'csharp';
+    analysisMode?: 'quick' | 'standard' | 'complete';
+    maxAIAnalysis?: number;
+  }
+): Promise<{
+  decision: string;
+  issues: { total: number; new: number; blocking: number };
+  reportPath?: string;
+  duration: number;
+}> {
+  // eslint-disable-next-line @typescript-eslint/no-var-requires
+  const { analyzePR } = require('./v9-analysis-service');
+
+  const result = await analyzePR(repositoryUrl, prNumber, options);
+
+  return {
+    decision: result.decision,
+    issues: {
+      total: result.issues.total,
+      new: result.issues.new,
+      blocking: result.issues.blocking
+    },
+    reportPath: result.report?.markdown,
+    duration: result.metadata.duration.total
+  };
+}