Fix all mypy type errors (10 errors in 5 files)

- Use type: ignore for cbor2/json Any returns in serialization/deadman - Fix callable→Callable in killswitch.py and usb_monitor.py - Add Ed25519PrivateKey assertion in CLI chain-wrap path - Allow None for RotationResult fingerprints - Annotate channel key as str in manager.py Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 18:33:56 -04:00 · 2026-04-01 18:33:56 -04:00 · 384d7e89d9
commit 384d7e89d9
parent 17147856d1
7 changed files with 16 additions and 11 deletions
--- a/src/soosef/cli.py
+++ b/src/soosef/cli.py
@ -282,6 +282,7 @@ def _attest_file(
    """
    import hashlib

+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
    from cryptography.hazmat.primitives.serialization import (
        Encoding,
        PublicFormat,
@ -333,6 +334,7 @@ def _attest_file(

        priv_pem = IDENTITY_PRIVATE_KEY.read_bytes()
        chain_key = load_pem_private_key(priv_pem, password=None)
+        assert isinstance(chain_key, Ed25519PrivateKey)

        chain_metadata: dict = {}
        if caption:
--- a/src/soosef/federation/serialization.py
+++ b/src/soosef/federation/serialization.py
@ -51,7 +51,7 @@ def canonical_bytes(record: AttestationChainRecord) -> bytes:
        8: _entropy_to_cbor_map(record.entropy_witnesses) if record.entropy_witnesses else {},
        9: record.signer_pubkey,
    }
-    return cbor2.dumps(m, canonical=True)
+    return cbor2.dumps(m, canonical=True)  # type: ignore[no-any-return]


 def compute_record_hash(record: AttestationChainRecord) -> bytes:
@ -74,7 +74,7 @@ def serialize_record(record: AttestationChainRecord) -> bytes:
        9: record.signer_pubkey,
        10: record.signature,
    }
-    return cbor2.dumps(m, canonical=True)
+    return cbor2.dumps(m, canonical=True)  # type: ignore[no-any-return]


 def deserialize_record(data: bytes) -> AttestationChainRecord:
--- a/src/soosef/fieldkit/deadman.py
+++ b/src/soosef/fieldkit/deadman.py
@ -26,7 +26,7 @@ class DeadmanSwitch:
    def _load_state(self) -> dict:
        if self._state_file.exists():
            with open(self._state_file) as f:
-                return json.load(f)
+                return json.load(f)  # type: ignore[no-any-return]
        return {
            "armed": False,
            "last_checkin": None,
@ -64,7 +64,7 @@ class DeadmanSwitch:
        logger.info("Dead man's switch check-in recorded")

    def is_armed(self) -> bool:
-        return self._load_state()["armed"]
+        return self._load_state()["armed"]  # type: ignore[no-any-return]

    def is_overdue(self) -> bool:
        """Check if the switch has expired (past interval, ignoring grace)."""
--- a/src/soosef/fieldkit/killswitch.py
+++ b/src/soosef/fieldkit/killswitch.py
@ -15,6 +15,7 @@ import logging
 import platform
 import shutil
 import subprocess
+from collections.abc import Callable
 from dataclasses import dataclass, field
 from pathlib import Path

@ -84,7 +85,7 @@ def execute_purge(scope: PurgeScope = PurgeScope.ALL, reason: str = "manual") ->
    result = PurgeResult()
    logger.warning("KILLSWITCH ACTIVATED — reason: %s, scope: %s", reason, scope.value)

-    steps: list[tuple[str, callable]] = [
+    steps: list[tuple[str, Callable]] = [
        ("destroy_identity_keys", lambda: _secure_delete_dir(paths.IDENTITY_DIR)),
        ("destroy_channel_key", lambda: _secure_delete_file(paths.CHANNEL_KEY_FILE)),
        ("destroy_flask_secret", lambda: _secure_delete_file(paths.INSTANCE_DIR / ".secret_key")),
@ -142,7 +143,7 @@ except ImportError:
 def watch_hardware_button(
    pin: int = 17,
    hold_seconds: float = 5.0,
-    callback: callable | None = None,
+    callback: Callable | None = None,
 ) -> None:
    """
    Monitor GPIO pin for physical killswitch button.
--- a/src/soosef/fieldkit/usb_monitor.py
+++ b/src/soosef/fieldkit/usb_monitor.py
@ -9,7 +9,9 @@ from __future__ import annotations

 import json
 import logging
+from collections.abc import Callable
 from pathlib import Path
+from typing import Any

 from soosef.paths import USB_WHITELIST

@ -44,13 +46,13 @@ def save_whitelist(devices: set[str], path: Path | None = None) -> None:
 class USBMonitor:
    """Watch for USB device connections and check against whitelist."""

-    def __init__(self, on_violation: callable | None = None, whitelist_path: Path | None = None):
+    def __init__(self, on_violation: Callable | None = None, whitelist_path: Path | None = None):
        if not HAS_PYUDEV:
            raise RuntimeError("pyudev not available — USB monitoring requires Linux + pyudev")

        self.whitelist = load_whitelist(whitelist_path)
        self.on_violation = on_violation or self._default_violation
-        self._observer = None
+        self._observer: Any = None

    def start(self) -> None:
        """Start monitoring USB events in a background thread."""
--- a/src/soosef/keystore/manager.py
+++ b/src/soosef/keystore/manager.py
@ -217,7 +217,7 @@ class KeystoreManager:
        """Generate and store a new channel key."""
        from stegasoo import generate_channel_key

-        key = generate_channel_key()
+        key: str = generate_channel_key()
        self.set_channel_key(key)
        return key

--- a/src/soosef/keystore/models.py
+++ b/src/soosef/keystore/models.py
@ -29,6 +29,6 @@ class KeystoreStatus:
 class RotationResult:
    """Result of a key rotation operation."""

-    old_fingerprint: str
-    new_fingerprint: str
+    old_fingerprint: str | None
+    new_fingerprint: str | None
    archive_path: Path