refactor(lint): type tool factories and runtime helpers

src/agents/bash-tools.exec.ts

@@ -1167,8 +1167,7 @@ export function describeExecTool(params?: { agentId?: string; hasCronTool?: bool
 }
 export function createExecTool(
   defaults?: ExecToolDefaults,
-  // oxlint-disable-next-line typescript/no-explicit-any
-): AgentToolWithMeta<any, ExecToolDetails> {
+): AgentToolWithMeta<typeof execSchema, ExecToolDetails> {
   const defaultBackgroundMs = clampWithDefault(
     defaults?.backgroundMs ?? readEnvInt("PI_BASH_YIELD_MS"),
     10_000,

src/agents/bash-tools.process.ts

@@ -133,8 +133,7 @@ export function describeProcessTool(params?: { hasCronTool?: boolean }): string
 
 export function createProcessTool(
   defaults?: ProcessToolDefaults,
-  // oxlint-disable-next-line typescript/no-explicit-any
-): AgentToolWithMeta<any, unknown> {
+): AgentToolWithMeta<typeof processSchema, unknown> {
   if (defaults?.cleanupMs !== undefined) {
     setJobTtlMs(defaults.cleanupMs);
   }

src/gateway/client.ts

@@ -71,6 +71,10 @@ type StoredDeviceAuth = {
   scopes?: string[];
 };
 
+type FingerprintCheckingClientOptions = Omit<ClientOptions, "checkServerIdentity"> & {
+  checkServerIdentity?: (servername: string, cert: CertMeta) => Error | undefined;
+};
+
 class GatewayClientRequestError extends Error {
   readonly gatewayCode: string;
   readonly details?: unknown;
@@ -229,15 +233,12 @@ export class GatewayClient {
       return;
     }
     // Allow node screen snapshots and other large responses.
-    const wsOptions: ClientOptions = {
+    const wsOptions: FingerprintCheckingClientOptions = {
       maxPayload: 25 * 1024 * 1024,
     };
     if (url.startsWith("wss://") && this.opts.tlsFingerprint) {
       wsOptions.rejectUnauthorized = false;
-      const checkServerIdentity: NonNullable<ClientOptions["checkServerIdentity"]> = (
-        _host: string,
-        cert: CertMeta,
-      ) => {
+      wsOptions.checkServerIdentity = (_host: string, cert: CertMeta) => {
         const fingerprintValue =
           typeof cert === "object" && cert && "fingerprint256" in cert
             ? ((cert as { fingerprint256?: string }).fingerprint256 ?? "")
@@ -257,9 +258,8 @@ export class GatewayClient {
         }
         return undefined;
       };
-      wsOptions.checkServerIdentity = checkServerIdentity;
     }
-    const ws = new WebSocket(url, wsOptions);
+    const ws = new WebSocket(url, wsOptions as ClientOptions);
     this.ws = ws;
 
     ws.on("open", () => {

src/hooks/bundled/session-memory/transcript.ts

@@ -1,9 +1,8 @@
 import fs from "node:fs/promises";
 import path from "node:path";
-import type { AgentMessage } from "@mariozechner/pi-agent-core";
 import { hasInterSessionUserProvenance } from "../../../sessions/input-provenance.js";
 
-function extractTextMessageContent(content: AgentMessage["content"]): string | undefined {
+function extractTextMessageContent(content: unknown): string | undefined {
   if (typeof content === "string") {
     return content;
   }