mstro-app 0.3.0 → 0.3.1

package/server/cli/headless/types.ts

@@ -19,7 +19,7 @@ export interface ToolUseEvent {
   toolId?: string;
   index?: number;
   partialJson?: string;
-  completeInput?: any;
+  completeInput?: Record<string, unknown>;
   result?: string;
   isError?: boolean;
 }

package/server/cli/improvisation-session-manager.ts

@@ -114,7 +114,7 @@ export class ImprovisationSessionManager extends EventEmitter {
   private currentRunner: HeadlessRunner | null = null;
   private options: ImprovisationOptions;
   private pendingApproval?: {
-    plan: any;
+    plan: unknown;
     resolve: (approved: boolean) => void;
   };
   private outputQueue: Array<{ text: string; timestamp: number }> = [];
@@ -129,7 +129,7 @@ export class ImprovisationSessionManager extends EventEmitter {
   /** Timestamp when current execution started (for accurate elapsed time across reconnects) */
   private _executionStartTimestamp: number | undefined;
   /** Buffered events during current execution, for replay on reconnect */
-  private executionEventLog: Array<{ type: string; data: any; timestamp: number }> = [];
+  private executionEventLog: Array<{ type: string; data: unknown; timestamp: number }> = [];
   /** Set by cancel() to signal the retry loop to exit */
   private _cancelled: boolean = false;
 
@@ -383,19 +383,20 @@ export class ImprovisationSessionManager extends EventEmitter {
       this.emitMovementComplete(movement, result, _execStart, sequenceNumber);
       return movement;
 
-    } catch (error: any) {
+    } catch (error: unknown) {
       this._isExecuting = false;
       this._executionStartTimestamp = undefined;
       this.executionEventLog = [];
       this.currentRunner = null;
       this.emit('onMovementError', error);
+      const errorMessage = error instanceof Error ? error.message : String(error);
       trackEvent(AnalyticsEvents.IMPROVISE_MOVEMENT_ERROR, {
-        error_message: error.message?.slice(0, 200),
+        error_message: errorMessage.slice(0, 200),
         sequence_number: this.history.movements.length + 1,
         duration_ms: Date.now() - _execStart,
         model: this.options.model || 'default',
       });
-      this.queueOutput(`\n❌ Error: ${error.message}\n`);
+      this.queueOutput(`\n❌ Error: ${errorMessage}\n`);
       this.flushOutputQueue();
       throw error;
     } finally {
@@ -1510,7 +1511,7 @@ export class ImprovisationSessionManager extends EventEmitter {
    * Request user approval for a plan
    * Returns a promise that resolves when the user approves/rejects
    */
-  async requestApproval(plan: any): Promise<boolean> {
+  async requestApproval(plan: unknown): Promise<boolean> {
     return new Promise((resolve) => {
       this.pendingApproval = { plan, resolve };
       this.emit('onApprovalRequired', plan);
@@ -1559,7 +1560,7 @@ export class ImprovisationSessionManager extends EventEmitter {
    * Get buffered execution events for replay on reconnect.
    * Only meaningful while isExecuting is true.
    */
-  getExecutionEventLog(): Array<{ type: string; data: any; timestamp: number }> {
+  getExecutionEventLog(): Array<{ type: string; data: unknown; timestamp: number }> {
     return this.executionEventLog;
   }
 

package/server/index.ts

@@ -7,11 +7,11 @@
 
 import { randomBytes } from 'node:crypto'
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
-import type { IncomingMessage } from 'node:http'
+import type { IncomingMessage, Server } from 'node:http'
 import { homedir } from 'node:os'
 import { basename, join } from 'node:path'
 import { serve } from '@hono/node-server'
-import { Hono } from 'hono'
+import { type Context, Hono, type Next } from 'hono'
 import { cors } from 'hono/cors'
 import { logger } from 'hono/logger'
 import { type WebSocket as NodeWebSocket, WebSocketServer } from 'ws'
@@ -26,10 +26,10 @@ import {
 import { AnalyticsEvents, initAnalytics, shutdownAnalytics, trackEvent } from './services/analytics.js'
 import { AuthService } from './services/auth.js'
 import { FileService } from './services/files.js'
-import { InstanceRegistry } from './services/instances.js'
+import { InstanceRegistry, type MstroInstance } from './services/instances.js'
 import { PlatformConnection } from './services/platform.js'
 import { captureException, flushSentry, initSentry } from './services/sentry.js'
-import { getPTYManager } from './services/terminal/pty-manager.js'
+import { getPTYManager, reloadPty } from './services/terminal/pty-manager.js'
 import { WebSocketImproviseHandler } from './services/websocket/index.js'
 import type { WSContext } from './services/websocket/types.js'
 import { findAvailablePort } from './utils/port.js'
@@ -126,7 +126,7 @@ const fileService = new FileService(WORKING_DIR)
 const wsHandler = new WebSocketImproviseHandler()
 
 // Instance registration deferred to startServer() when port is known
-let _currentInstance: any
+let _currentInstance: MstroInstance | undefined
 
 // Global middleware
 // In production, restrict CORS to block cross-origin browser requests to localhost.
@@ -149,7 +149,7 @@ app.use('*', logger())
 // Authentication Middleware
 // ========================================
 
-const authMiddleware = async (c: any, next: any) => {
+const authMiddleware = async (c: Context, next: Next) => {
   // Skip auth for health check and config
   const publicPaths = ['/health', '/api/config']
   if (publicPaths.some(path => c.req.path.startsWith(path))) {
@@ -207,6 +207,12 @@ app.route('/api/improvise', createImproviseRoutes(WORKING_DIR))
 app.route('/api/files', createFileRoutes(fileService))
 app.route('/api/notifications', createNotificationRoutes(WORKING_DIR))
 
+// Reload node-pty after setup-terminal compiles the native module
+app.post('/api/reload-pty', async (c) => {
+  const success = await reloadPty()
+  return c.json({ success, available: success })
+})
+
 // ========================================
 // Static File Serving (Production Only)
 // ========================================
@@ -257,7 +263,7 @@ function wrapWebSocket(ws: NodeWebSocket, workingDir: string): WSContext {
  * This allows messages from the web (via platform) to be handled by the same wsHandler
  */
 function createPlatformRelayContext(
-  platformSend: (message: any) => void,
+  platformSend: (message: unknown) => void,
   workingDir: string
 ): WSContext {
   return {
@@ -299,7 +305,7 @@ async function startServer() {
   })
 
   // Create WebSocket server attached to the HTTP server
-  const wss = new WebSocketServer({ server: server as any })
+  const wss = new WebSocketServer({ server: server as Server })
 
   wss.on('connection', (ws: NodeWebSocket, req: IncomingMessage) => {
     const url = new URL(req.url || '/', `http://localhost:${PORT}`)
@@ -354,7 +360,7 @@ async function startServer() {
 
   // Queue for messages that arrive before relay context is ready
   // This handles race conditions where initTab arrives before web_connected
-  let pendingRelayMessages: any[] = []
+  let pendingRelayMessages: unknown[] = []
 
   // Connect to platform
   const platformConnection = new PlatformConnection(WORKING_DIR, {

package/server/mcp/bouncer-cli.ts

@@ -18,11 +18,19 @@
 import { type BouncerReviewRequest, reviewOperation } from './bouncer-integration.js';
 
 interface HookInput {
+  // Tool identification (mstro: toolName, Claude Code: tool_name)
   tool_name?: string;
   toolName?: string;
-  input?: Record<string, any>;
-  toolInput?: Record<string, any>;
-  // Conversation context from Claude Code hooks
+  // Tool parameters (mstro: input/toolInput, Claude Code: tool_input)
+  input?: Record<string, unknown>;
+  toolInput?: Record<string, unknown>;
+  tool_input?: Record<string, unknown>;
+  // Claude Code hook metadata
+  hook_event_name?: string;
+  transcript_path?: string;
+  permission_mode?: string;
+  cwd?: string;
+  // Mstro conversation context
   session_id?: string;
   conversation?: {
     messages?: Array<{
@@ -31,7 +39,7 @@ interface HookInput {
     }>;
     last_user_message?: string;
   };
-  // Additional context fields Claude Code may provide
+  // Common fields
   tool_use_id?: string;
   working_directory?: string;
 }
@@ -48,7 +56,7 @@ async function readStdin(): Promise<string> {
   });
 }
 
-function buildOperationString(toolName: string, toolInput: Record<string, any>): string {
+function buildOperationString(toolName: string, toolInput: Record<string, unknown>): string {
   if (toolName === 'Bash' && toolInput.command) {
     return `${toolName}: ${toolInput.command}`;
   }
@@ -59,6 +67,55 @@ function buildOperationString(toolName: string, toolInput: Record<string, any>):
   return `${toolName}: ${JSON.stringify(toolInput)}`;
 }
 
+/**
+ * Detect whether the caller is Claude Code (vs mstro).
+ * Claude Code includes hook_event_name in its payload.
+ */
+function isClaudeCodeHook(hookInput: HookInput): boolean {
+  return hookInput.hook_event_name === 'PreToolUse';
+}
+
+/**
+ * Format a bouncer decision for the calling system.
+ * Claude Code expects: { hookSpecificOutput: { permissionDecision, ... } }
+ * Mstro expects: { decision, reason, confidence, threatLevel, alternative }
+ */
+function formatDecisionOutput(
+  decision: { decision: string; reasoning: string; confidence?: number; threatLevel?: string; alternative?: string },
+  claudeCode: boolean
+): string {
+  const mappedDecision = decision.decision === 'deny' ? 'deny' : 'allow';
+  if (claudeCode) {
+    return JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: 'PreToolUse',
+        permissionDecision: mappedDecision,
+        permissionDecisionReason: decision.reasoning,
+      },
+    });
+  }
+  return JSON.stringify({
+    decision: mappedDecision,
+    reason: decision.reasoning,
+    confidence: decision.confidence,
+    threatLevel: decision.threatLevel,
+    alternative: decision.alternative,
+  });
+}
+
+function formatSimpleOutput(d: 'allow' | 'deny', reason: string, claudeCode: boolean): string {
+  if (claudeCode) {
+    return JSON.stringify({
+      hookSpecificOutput: {
+        hookEventName: 'PreToolUse',
+        permissionDecision: d,
+        permissionDecisionReason: reason,
+      },
+    });
+  }
+  return JSON.stringify({ decision: d, reason });
+}
+
 function extractConversationContext(hookInput: HookInput): string | undefined {
   const lastUserMessage = hookInput.conversation?.last_user_message;
   if (lastUserMessage) return `User's request: "${lastUserMessage}"`;
@@ -74,6 +131,7 @@ async function main() {
   const inputStr = await readStdin();
 
   if (!inputStr) {
+    // Can't detect caller without input — output both-compatible allow
     console.log(JSON.stringify({ decision: 'allow', reason: 'Empty input, allowing' }));
     process.exit(0);
   }
@@ -87,8 +145,10 @@ async function main() {
     process.exit(0);
   }
 
+  const claudeCode = isClaudeCodeHook(hookInput);
   const toolName = hookInput.tool_name || hookInput.toolName || 'unknown';
-  const toolInput = hookInput.input || hookInput.toolInput || {};
+  // Claude Code: tool_input, mstro: input/toolInput
+  const toolInput = hookInput.tool_input || hookInput.input || hookInput.toolInput || {};
   const userRequestContext = extractConversationContext(hookInput);
   const lastUserMessage = hookInput.conversation?.last_user_message;
   const recentMessages = hookInput.conversation?.messages?.slice(-5);
@@ -97,7 +157,8 @@ async function main() {
     operation: buildOperationString(toolName, toolInput),
     context: {
       purpose: userRequestContext || 'Tool use request from Claude',
-      workingDirectory: hookInput.working_directory || process.cwd(),
+      // Claude Code: cwd, mstro: working_directory
+      workingDirectory: hookInput.cwd || hookInput.working_directory || process.cwd(),
       toolName,
       toolInput,
       userRequest: lastUserMessage,
@@ -108,19 +169,11 @@ async function main() {
 
   try {
     const decision = await reviewOperation(bouncerRequest);
-    console.log(JSON.stringify({
-      decision: decision.decision === 'deny' ? 'deny' : 'allow',
-      reason: decision.reasoning,
-      confidence: decision.confidence,
-      threatLevel: decision.threatLevel,
-      alternative: decision.alternative,
-    }));
-  } catch (error: any) {
-    console.error('[bouncer-cli] Error:', error.message);
-    console.log(JSON.stringify({
-      decision: 'allow',
-      reason: `Bouncer error: ${error.message}. Allowing to avoid blocking.`
-    }));
+    console.log(formatDecisionOutput(decision, claudeCode));
+  } catch (error: unknown) {
+    const message = error instanceof Error ? error.message : String(error);
+    console.error('[bouncer-cli] Error:', message);
+    console.log(formatSimpleOutput('allow', `Bouncer error: ${message}. Allowing to avoid blocking.`, claudeCode));
   }
 }
 

package/server/mcp/bouncer-integration.ts

@@ -42,6 +42,43 @@ import {
   SAFE_OPERATIONS
 } from './security-patterns.js';
 
+/** Timeout for Haiku bouncer subprocess calls (ms). Configurable via env var. */
+const HAIKU_TIMEOUT_MS = parseInt(process.env.BOUNCER_HAIKU_TIMEOUT_MS || '10000', 10);
+
+// ========== Decision Cache ==========
+
+/** Cache TTL in ms (default 5 minutes) */
+const CACHE_TTL_MS = parseInt(process.env.BOUNCER_CACHE_TTL_MS || '300000', 10);
+const CACHE_MAX_SIZE = 200;
+
+interface CachedDecision {
+  decision: BouncerDecision;
+  expiresAt: number;
+}
+
+const decisionCache = new Map<string, CachedDecision>();
+
+function getCachedDecision(operation: string): BouncerDecision | null {
+  const entry = decisionCache.get(operation);
+  if (!entry) return null;
+  if (Date.now() > entry.expiresAt) {
+    decisionCache.delete(operation);
+    return null;
+  }
+  return entry.decision;
+}
+
+function cacheDecision(operation: string, decision: BouncerDecision): void {
+  // Don't cache low-confidence or error-fallback decisions
+  if (decision.confidence < 50) return;
+  // Evict oldest entries if cache is full
+  if (decisionCache.size >= CACHE_MAX_SIZE) {
+    const firstKey = decisionCache.keys().next().value;
+    if (firstKey !== undefined) decisionCache.delete(firstKey);
+  }
+  decisionCache.set(operation, { decision, expiresAt: Date.now() + CACHE_TTL_MS });
+}
+
 export interface BouncerReviewRequest {
   operation: string;
   context?: {
@@ -53,7 +90,7 @@ export interface BouncerReviewRequest {
     userRequest?: string;
     conversationHistory?: string[];
     sessionId?: string;
-    [key: string]: any;
+    [key: string]: unknown;
   };
 }
 
@@ -98,7 +135,7 @@ function tryExtractJsonBlock(text: string): string {
   return text;
 }
 
-function validateDecision(parsed: any): BouncerDecision {
+function validateDecision(parsed: Record<string, unknown>): BouncerDecision {
   if (!parsed || typeof parsed.decision !== 'string') {
     console.error('[Bouncer] Invalid parsed response:', parsed);
     throw new Error('Haiku returned invalid response: missing or invalid decision field');
@@ -111,11 +148,11 @@ function validateDecision(parsed: any): BouncerDecision {
   }
 
   return {
-    decision: parsed.decision,
-    confidence: parsed.confidence || 0,
-    reasoning: parsed.reasoning || 'No reasoning provided',
-    threatLevel: parsed.threat_level || 'medium',
-    alternative: parsed.alternative
+    decision: parsed.decision as BouncerDecision['decision'],
+    confidence: (parsed.confidence as number) || 0,
+    reasoning: (parsed.reasoning as string) || 'No reasoning provided',
+    threatLevel: (parsed.threat_level as BouncerDecision['threatLevel']) || 'medium',
+    alternative: parsed.alternative as string | undefined
   };
 }
 
@@ -195,7 +232,7 @@ or
     const timer = setTimeout(() => {
       timedOut = true;
       child.kill('SIGTERM');
-    }, 10000);
+    }, HAIKU_TIMEOUT_MS);
 
     child.stdout.on('data', (data) => {
       output += data.toString();
@@ -209,7 +246,7 @@ or
       clearTimeout(timer);
 
       if (timedOut) {
-        reject(new Error('Haiku analysis timeout after 10s'));
+        reject(new Error(`Haiku analysis timed out after ${HAIKU_TIMEOUT_MS}ms`));
         return;
       }
 
@@ -221,9 +258,9 @@ or
       try {
         const decision = parseHaikuResponse(output.trim());
         resolve(decision);
-      } catch (error: any) {
+      } catch (error: unknown) {
         console.error('[Bouncer] Parse error details:', error);
-        reject(new Error(`Failed to parse Haiku response: ${error.message}`));
+        reject(new Error(`Failed to parse Haiku response: ${error instanceof Error ? error.message : String(error)}`));
       }
     });
 
@@ -245,6 +282,13 @@ export async function reviewOperation(request: BouncerReviewRequest): Promise<Bo
 
   const { operation } = request;
 
+  // Check cache first (pattern-layer decisions and prior Haiku results)
+  const cached = getCachedDecision(operation);
+  if (cached) {
+    console.error(`[Bouncer] ⚡ Cache hit: ${cached.decision} (${cached.confidence}%)`);
+    return cached;
+  }
+
   console.error('[Bouncer] Analyzing operation...');
   console.error(`[Bouncer] Operation: ${operation}`);
   if (request.context?.userRequest) {
@@ -276,6 +320,7 @@ export async function reviewOperation(request: BouncerReviewRequest): Promise<Bo
       { context: request.context, threatLevel: decision.threatLevel, layer: 'pattern-noop', latencyMs }
     );
 
+    cacheDecision(operation, decision);
     return decision;
   }
 
@@ -312,6 +357,7 @@ export async function reviewOperation(request: BouncerReviewRequest): Promise<Bo
       latency_ms: latencyMs,
     });
 
+    cacheDecision(operation, decision);
     return decision;
   }
 
@@ -346,6 +392,7 @@ export async function reviewOperation(request: BouncerReviewRequest): Promise<Bo
       latency_ms: latencyMs,
     });
 
+    cacheDecision(operation, decision);
     return decision;
   }
 
@@ -381,6 +428,7 @@ export async function reviewOperation(request: BouncerReviewRequest): Promise<Bo
       latency_ms: latencyMs,
     });
 
+    cacheDecision(operation, decision);
     return decision;
   }
 
@@ -439,18 +487,53 @@ export async function reviewOperation(request: BouncerReviewRequest): Promise<Bo
       latency_ms: latencyMs,
     });
 
+    cacheDecision(operation, decision);
     return decision;
 
-  } catch (error: any) {
+  } catch (error: unknown) {
     const latencyMs = Math.round(performance.now() - startTime);
-    console.error(`[Bouncer] ⚠️  Haiku analysis failed: ${error.message}`);
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    const isTimeout = errorMessage.includes('timed out');
+
+    if (isTimeout) {
+      // Timeout: default to ALLOW — prefer availability over security stall,
+      // since the user drove the interaction
+      console.error(`[Bouncer] ⚠️  Haiku analysis timed out after ${HAIKU_TIMEOUT_MS}ms — defaulting to ALLOW`);
+      captureException(error, { context: 'bouncer.haiku_timeout', operation });
+
+      const decision: BouncerDecision = {
+        decision: 'allow',
+        confidence: 50,
+        reasoning: `Security analysis timed out after ${HAIKU_TIMEOUT_MS}ms. Defaulting to allow — user initiated the action.`,
+        threatLevel: 'medium'
+      };
+
+      logBouncerDecision(
+        operation,
+        decision.decision,
+        decision.confidence,
+        decision.reasoning,
+        { context: request.context, threatLevel: decision.threatLevel, layer: 'haiku-timeout', latencyMs, error: errorMessage }
+      );
+      trackEvent(AnalyticsEvents.BOUNCER_TOOL_ALLOWED, {
+        layer: 'haiku-timeout',
+        operation_length: operation.length,
+        threat_level: 'medium',
+        confidence: 50,
+        latency_ms: latencyMs,
+      });
+
+      return decision;
+    }
+
+    console.error(`[Bouncer] ⚠️  Haiku analysis failed: ${errorMessage}`);
     captureException(error, { context: 'bouncer.haiku_analysis', operation });
 
-    // Fail-safe: deny on AI failure
+    // Fail-safe: deny on non-timeout AI failure
     const decision: BouncerDecision = {
       decision: 'deny',
       confidence: 0,
-      reasoning: `Security analysis failed: ${error.message}. Denying for safety.`,
+      reasoning: `Security analysis failed: ${errorMessage}. Denying for safety.`,
       threatLevel: 'critical'
     };
 
@@ -459,7 +542,7 @@ export async function reviewOperation(request: BouncerReviewRequest): Promise<Bo
       decision.decision,
       decision.confidence,
       decision.reasoning,
-      { context: request.context, threatLevel: decision.threatLevel, layer: 'ai-error', latencyMs, error: error.message }
+      { context: request.context, threatLevel: decision.threatLevel, layer: 'ai-error', latencyMs, error: errorMessage }
     );
 
     return decision;

package/server/mcp/security-audit.ts

@@ -19,7 +19,7 @@ export interface AuditLogEntry {
   timestamp: string;
   sessionId?: string;
   operation: string;
-  context?: any;
+  context?: unknown;
   decision: 'allow' | 'deny' | 'warn_allow';
   confidence: number;
   reasoning: string;
@@ -68,7 +68,7 @@ export class SecurityAuditLogger {
     confidence: number,
     reasoning: string,
     metadata?: {
-      context?: any;
+      context?: unknown;
       threatLevel?: string;
       layer?: BouncerLayer;
       latencyMs?: number;
@@ -109,14 +109,14 @@ export function logBouncerDecision(
   decision: 'allow' | 'deny' | 'warn_allow' | undefined,
   confidence: number,
   reasoning: string,
-  metadata?: any
+  metadata?: Record<string, unknown>
 ): void {
   // Defensive: handle undefined or invalid decision
   const safeDecision = decision ?? 'deny';
   const validDecisions = ['allow', 'deny', 'warn_allow'];
   const normalizedDecision = validDecisions.includes(safeDecision) ? safeDecision : 'deny';
 
-  const workingDir = metadata?.context?.workingDirectory;
+  const workingDir = (metadata?.context as Record<string, unknown> | undefined)?.workingDirectory as string | undefined;
   const logger = getAuditLogger(workingDir);
   logger.logDecision(operation, normalizedDecision as 'allow' | 'deny' | 'warn_allow', confidence, reasoning, metadata);
 

package/server/mcp/server.ts

@@ -73,7 +73,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
 
   const { tool_name, input } = request.params.arguments as {
     tool_name: string;
-    input: Record<string, any>;
+    input: Record<string, unknown>;
   };
 
   console.error(`[MCP Bouncer] Analyzing ${tool_name} request...`);
@@ -84,7 +84,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
 
   // Extract file path with multiple property name support
   // Claude Code may use file_path, filePath, or path depending on context
-  const getFilePath = (inp: Record<string, any>) =>
+  const getFilePath = (inp: Record<string, unknown>) =>
     inp.file_path || inp.filePath || inp.path;
 
   if (tool_name === 'Bash' && input.command) {
@@ -141,8 +141,9 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         },
       ],
     };
-  } catch (error: any) {
-    console.error(`[MCP Bouncer] Error: ${error.message}`);
+  } catch (error: unknown) {
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    console.error(`[MCP Bouncer] Error: ${errorMessage}`);
 
     // Fail-safe: deny on error
     return {
@@ -151,7 +152,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
           type: 'text',
           text: JSON.stringify({
             behavior: 'deny',
-            message: `Security analysis failed: ${error.message}. Denying for safety.`,
+            message: `Security analysis failed: ${errorMessage}. Denying for safety.`,
           }),
         },
       ],

package/server/services/analytics.ts

@@ -158,7 +158,7 @@ function getDistinctId(): string {
 /**
  * Get common properties included with all events
  */
-function getCommonProperties(): Record<string, any> {
+function getCommonProperties(): Record<string, unknown> {
   return {
     os: platform(),
     arch: arch(),
@@ -171,7 +171,7 @@ function getCommonProperties(): Record<string, any> {
 /**
  * Track a custom event
  */
-export function trackEvent(event: string, properties?: Record<string, any>): void {
+export function trackEvent(event: string, properties?: Record<string, unknown>): void {
   if (!client || !isTelemetryEnabled()) return
 
   client.capture({
@@ -187,7 +187,7 @@ export function trackEvent(event: string, properties?: Record<string, any>): voi
 /**
  * Identify a user (call after login)
  */
-export function identifyUser(userId: string, properties?: Record<string, any>): void {
+export function identifyUser(userId: string, properties?: Record<string, unknown>): void {
   if (!client || !isTelemetryEnabled()) return
 
   // Link the client ID to the user ID