chore: fix pre-existing Biome linting errors across agent, account-agent, api, and workflows packages

Author: ryanwaits

biome.json

@@ -1,5 +1,8 @@
 {
 	"$schema": "https://biomejs.dev/schemas/1.9.4/schema.json",
+	"files": {
+		"ignore": ["**/dist/**", "**/node_modules/**", "**/.next/**", "**/build/**"]
+	},
 	"formatter": {
 		"enabled": true,
 		"indentStyle": "tab"

packages/account-agent/src/index.ts

@@ -226,7 +226,7 @@ function parseInsights(text: string | null): InsightOutput[] {
 		if (!Array.isArray(parsed)) return [];
 		// Basic validation
 		return parsed.filter(
-			(i: any) =>
+			(i: InsightOutput) =>
 				i.category &&
 				i.insight_type &&
 				i.severity &&

packages/account-agent/src/tools.ts

@@ -523,7 +523,7 @@ async function getSubgraphSchemaHealth(
 
 		for (const [tableName, tableDef] of Object.entries(defSchema) as [
 			string,
-			any,
+			{ columns?: Record<string, unknown>; indexes?: string[][] },
 		][]) {
 			// Get actual PG columns
 			const pgCols = await sql<{

packages/agent/src/db/__tests__/queries.test.ts

@@ -58,7 +58,7 @@ describe("snapshots", () => {
 
 		const snap = getLatestSnapshot(db);
 		expect(snap).not.toBeNull();
-		expect(snap!.disk).toBe('{"usedPct":45}');
+		expect(snap?.disk).toBe('{"usedPct":45}');
 	});
 });
 
@@ -93,8 +93,8 @@ describe("getUnresolvedAlertForService", () => {
 
 		const alert = getUnresolvedAlertForService(db, "indexer");
 		expect(alert).not.toBeNull();
-		expect(alert!.id).toBe(id);
-		expect(alert!.slackTs).toBe("1234567890.123456");
+		expect(alert?.id).toBe(id);
+		expect(alert?.slackTs).toBe("1234567890.123456");
 	});
 
 	test("returns null after resolve", () => {

packages/agent/src/index.ts

@@ -46,7 +46,7 @@ async function main(): Promise<void> {
 	log(`  services: ${config.services.map((s) => s.name).join(", ")}`);
 
 	// Ensure data dir exists
-	const { mkdirSync } = await import("fs");
+	const { mkdirSync } = await import("node:fs");
 	mkdirSync(config.dataDir, { recursive: true });
 
 	const db = initDb(config.dbPath);

packages/agent/src/notify/__tests__/slack-callback.test.ts

@@ -1,6 +1,6 @@
 import type { Database } from "bun:sqlite";
 import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
-import { createHmac } from "crypto";
+import { createHmac } from "node:crypto";
 import { initDb } from "../../db/index.ts";
 import {
 	getAlertById,
@@ -22,9 +22,7 @@ function makeSignedRequest(
 ): Request {
 	const ts = opts?.timestamp ?? String(Math.floor(Date.now() / 1000));
 	const secret = opts?.secret ?? SECRET;
-	const sig =
-		"v0=" +
-		createHmac("sha256", secret).update(`v0:${ts}:${body}`).digest("hex");
+	const sig = `v0=${createHmac("sha256", secret).update(`v0:${ts}:${body}`).digest("hex")}`;
 
 	return new Request("http://localhost:3900/hooks/slack", {
 		method: "POST",

packages/agent/src/notify/__tests__/slack-verify.test.ts

@@ -1,5 +1,5 @@
 import { describe, expect, test } from "bun:test";
-import { createHmac } from "crypto";
+import { createHmac } from "node:crypto";
 import { verifySlackSignature } from "../slack-verify.ts";
 
 const SECRET = "test_signing_secret_12345";
@@ -9,10 +9,7 @@ function makeSignature(
 	timestamp: string,
 	body: string,
 ): string {
-	return (
-		"v0=" +
-		createHmac("sha256", secret).update(`v0:${timestamp}:${body}`).digest("hex")
-	);
+	return `v0=${createHmac("sha256", secret).update(`v0:${timestamp}:${body}`).digest("hex")}`;
 }
 
 function nowTimestamp(): string {

packages/agent/src/notify/slack-verify.ts

@@ -1,4 +1,4 @@
-import { createHmac } from "crypto";
+import { createHmac } from "node:crypto";
 
 const MAX_TIMESTAMP_DRIFT_S = 300; // 5 minutes
 
@@ -13,21 +13,19 @@ export function verifySlackSignature(
 
 	// Reject replay attacks
 	const ts = Number.parseInt(timestamp, 10);
-	if (isNaN(ts)) return false;
+	if (Number.isNaN(ts)) return false;
 	const now = Math.floor(Date.now() / 1000);
 	if (Math.abs(now - ts) > MAX_TIMESTAMP_DRIFT_S) return false;
 
 	const basestring = `v0:${timestamp}:${body}`;
-	const expected =
-		"v0=" +
-		createHmac("sha256", signingSecret).update(basestring).digest("hex");
+	const expected = `v0=${createHmac("sha256", signingSecret).update(basestring).digest("hex")}`;
 
 	// Timing-safe comparison
 	if (signature.length !== expected.length) return false;
 	const sigBuf = Buffer.from(signature);
 	const expBuf = Buffer.from(expected);
 	try {
-		const { timingSafeEqual } = require("crypto");
+		const { timingSafeEqual } = require("node:crypto");
 		return timingSafeEqual(sigBuf, expBuf);
 	} catch {
 		return signature === expected;

packages/api/src/index.ts

@@ -9,10 +9,12 @@ import { closeDb, getDb } from "@secondlayer/shared/db";
 // API service - REST API for stream management
 import { Hono } from "hono";
 import { cors } from "hono/cors";
+import { requireAdmin } from "./middleware/admin.ts";
 import { errorHandler } from "./middleware/error.ts";
 import { requestLogger } from "./middleware/logging.ts";
 import { countApiRequests } from "./middleware/usage.ts";
 import accountsRouter from "./routes/accounts.ts";
+import adminRouter from "./routes/admin.ts";
 import authRouter from "./routes/auth.ts";
 import chatSessionsRouter from "./routes/chat-sessions.ts";
 import insightsRouter from "./routes/insights.ts";
@@ -30,8 +32,6 @@ import subgraphsRouter, {
 } from "./routes/subgraphs.ts";
 import waitlistRouter from "./routes/waitlist.ts";
 import workflowsRouter from "./routes/workflows.ts";
-import adminRouter from "./routes/admin.ts";
-import { requireAdmin } from "./middleware/admin.ts";
 
 const app = new Hono();
 

packages/api/src/lib/ownership.ts

@@ -1,6 +1,7 @@
 import { ForbiddenError, StreamNotFoundError } from "@secondlayer/shared";
 import type { Database } from "@secondlayer/shared/db";
 import { getDb } from "@secondlayer/shared/db";
+import type { Context } from "hono";
 import type { Kysely } from "kysely";
 
 /**
@@ -74,18 +75,18 @@ export async function assertSubgraphOwnership(
 }
 
 /** Extract api_key_id from Hono context, or undefined in DEV_MODE */
-export function getApiKeyId(c: any): string | undefined {
-	const apiKey = c.get("apiKey");
+export function getApiKeyId(c: Context): string | undefined {
+	const apiKey = c.get("apiKey") as { id: string } | undefined;
 	return apiKey?.id;
 }
 
 /** Extract account_id from Hono context, or undefined in DEV_MODE */
-export function getAccountId(c: any): string | undefined {
+export function getAccountId(c: Context): string | undefined {
 	return c.get("accountId") as string | undefined;
 }
 
 /** Resolve all active API key IDs for the current request's account. */
-export async function resolveKeyIds(c: any): Promise<string[] | undefined> {
+export async function resolveKeyIds(c: Context): Promise<string[] | undefined> {
 	const accountId = getAccountId(c);
 	if (!accountId) return undefined;
 	const ids = await getAccountKeyIds(getDb(), accountId);
@@ -108,7 +109,7 @@ export async function resolveKeyIds(c: any): Promise<string[] | undefined> {
  *   - the account has zero active API keys (caller should 403 with NO_API_KEY)
  */
 export async function resolveApiKeyIdForWrite(
-	c: any,
+	c: Context,
 ): Promise<string | undefined> {
 	const direct = getApiKeyId(c);
 	if (direct) return direct;