Fix mypy type annotation errors

src/edb/api/dependencies.py

@@ -92,7 +92,12 @@ async def get_current_user(
     return payload
 
 
-def require_permission(permission: Permission):
+def require_permission(
+    permission: Permission,
+) -> Callable[
+    [AppState, dict[str, Any]],
+    Coroutine[Any, Any, dict[str, Any]],
+]:
     """Create a dependency that checks for a specific permission."""
 
     async def check(
@@ -110,6 +115,6 @@ async def check(
     return check
 
 
-def require_admin():
+def require_admin() -> Callable:
     """Dependency that requires admin role."""
     return require_permission(Permission.ADMIN_USERS)

src/edb/api/routes/auth.py

@@ -115,7 +115,7 @@ def change_password(
     body: dict[str, str],
     user: Annotated[dict[str, Any], Depends(get_current_user)],
     state: Annotated[AppState, Depends(get_app_state)],
-):
+) -> dict[str, str]:
     """Change the current user's password."""
     result = state.user_manager.change_password(
         user["sub"], body["current_password"], body["new_password"]
@@ -131,6 +131,6 @@ def change_password(
 @router.post("/logout")
 def logout(
     user: Annotated[dict[str, Any], Depends(get_current_user)],
-):
+) -> dict[str, str]:
     """Log out the current user (client should discard tokens)."""
     return {"message": "Logged out successfully"}

src/edb/auth/jwt_handler.py

@@ -92,7 +92,7 @@ def create_token_pair(
             "access_token": self.create_access_token(user_id, username, role),
             "refresh_token": self.create_refresh_token(user_id),
             "token_type": "bearer",
-            "expires_in": self._access_expire * 60,
+            "expires_in": str(self._access_expire * 60),
         }
 
     @property

src/edb/auth/token_blacklist.py

@@ -60,7 +60,7 @@ def revoke_all_for_user(self, user_id: str) -> int:
             (f"user_revoke_{user_id}_{now}", user_id, now),
         )
         self._engine.commit()
-        return cursor.rowcount
+        return int(cursor.rowcount)
 
     def cleanup_expired(self) -> int:
         """Remove expired entries from the blacklist."""
@@ -70,4 +70,4 @@ def cleanup_expired(self) -> int:
             (now,),
         )
         self._engine.commit()
-        return cursor.rowcount
+        return int(cursor.rowcount)

src/edb/auth/users.py

@@ -112,7 +112,7 @@ def update_role(self, user_id: str, role: Role) -> bool:
             (role.value, now, user_id),
         )
         self._engine.commit()
-        return cursor.rowcount > 0
+        return bool(cursor.rowcount > 0)
 
     def deactivate_user(self, user_id: str) -> bool:
         """Deactivate a user account."""
@@ -122,7 +122,7 @@ def deactivate_user(self, user_id: str) -> bool:
             (now, user_id),
         )
         self._engine.commit()
-        return cursor.rowcount > 0
+        return bool(cursor.rowcount > 0)
 
     def ensure_admin_exists(self) -> None:
         """Create a default admin user if no admins exist."""
@@ -150,7 +150,7 @@ def change_password(self, user_id: str, current_password: str, new_password: str
             (new_hash, now, user_id),
         )
         self._engine.commit()
-        return cursor.rowcount > 0
+        return bool(cursor.rowcount > 0)
 
     def _hash_password(self, password: str) -> str:
         salt = bcrypt.gensalt()

src/edb/security/input_validation.py

@@ -114,7 +114,7 @@ def validate_query_input(self, query_dict: dict[str, Any]) -> list[str]:
 
         Returns a list of warning messages (empty if clean).
         """
-        warnings = []
+        warnings: list[str] = []
         self._check_dict_recursive(query_dict, warnings, "query")
         return warnings