fix(#411): resolve CI lint errors — prettier, unused directives, no-base-to-string

- auth.config.ts: collapse multiline template literal to single line
- auth.controller.ts: add eslint-disable for intentional no-unnecessary-condition
- auth.service.ts: remove 5 unused eslint-disable directives (Node 24 resolves
  BetterAuth types), fix prettier formatting, fix no-base-to-string
- login/page.tsx: remove unnecessary String() wrapper
- auth-context.test.tsx: fix prettier line length

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

apps/api/src/auth/auth.config.ts

@@ -184,9 +184,7 @@ export function getTrustedOrigins(): string[] {
         origins.push(origin);
       } catch (urlError: unknown) {
         const detail = urlError instanceof Error ? urlError.message : String(urlError);
-        console.warn(
-          `[AUTH] Ignoring invalid URL in TRUSTED_ORIGINS: "${origin}" (${detail})`
-        );
+        console.warn(`[AUTH] Ignoring invalid URL in TRUSTED_ORIGINS: "${origin}" (${detail})`);
       }
     }
   }

apps/api/src/auth/auth.controller.ts

@@ -37,6 +37,7 @@ export class AuthController {
     // Defense-in-depth: AuthGuard should guarantee these, but if someone adds
     // a route with AuthenticatedRequest and forgets @UseGuards(AuthGuard),
     // TypeScript types won't help at runtime.
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
     if (!req.user || !req.session) {
       throw new UnauthorizedException("Missing authentication context");
     }

apps/api/src/auth/auth.service.ts

@@ -38,9 +38,7 @@ export class AuthService {
     // PrismaService extends PrismaClient and is compatible with BetterAuth's adapter
     // Cast is safe as PrismaService provides all required PrismaClient methods
     // TODO(#411): BetterAuth returns opaque types — replace when upstream exports typed interfaces
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
     this.auth = createAuth(this.prisma as unknown as PrismaClient);
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call
     this.nodeHandler = toNodeHandler(this.auth);
   }
 
@@ -107,7 +105,6 @@ export class AuthService {
   async verifySession(token: string): Promise<VerifiedSession | null> {
     try {
       // TODO(#411): BetterAuth getSession returns opaque types — replace when upstream exports typed interfaces
-      // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access
       const session = await this.auth.api.getSession({
         headers: {
           authorization: `Bearer ${token}`,
@@ -119,9 +116,7 @@ export class AuthService {
       }
 
       return {
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
         user: session.user as Record<string, unknown>,
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
         session: session.session as Record<string, unknown>,
       };
     } catch (error: unknown) {
@@ -143,19 +138,14 @@ export class AuthService {
             /Bearer\s+\S+/gi,
             "Bearer [REDACTED]"
           );
-          this.logger.error(
-            "Session verification failed due to unexpected error",
-            safeMessage
-          );
+          this.logger.error("Session verification failed due to unexpected error", safeMessage);
           throw error;
         }
       }
       // Non-Error thrown values — log for observability, treat as auth failure
       if (!(error instanceof Error)) {
-        this.logger.warn(
-          "Session verification received non-Error thrown value",
-          typeof error === "object" ? JSON.stringify(error) : String(error),
-        );
+        const errorDetail = typeof error === "string" ? error : JSON.stringify(error);
+        this.logger.warn("Session verification received non-Error thrown value", errorDetail);
       }
       return null;
     }