refactor: clean up unused variables and empty blocks in routes

Routes updated:
- credentials.ts: Remove 12 unused variables/imports
- alerts.ts: Remove 1 unused variable
- users.ts: Remove 9 unused variables/imports

Changes:
- Remove unused imports (NextFunction, jwt, UserCrypto, detectKeyType)
- Fix empty catch blocks with descriptive comments
- Prefix reserved parameters with underscore
- Clean up unused error variables in catch blocks

Reduced errors from 913 to 886 (27 fixes)

src/backend/database/routes/alerts.ts

@@ -170,7 +170,7 @@ router.post("/dismiss", authenticateJWT, async (req, res) => {
       return res.status(409).json({ error: "Alert already dismissed" });
     }
 
-    const result = await db.insert(dismissedAlerts).values({
+    await db.insert(dismissedAlerts).values({
       userId,
       alertId,
     });

src/backend/database/routes/credentials.ts

@@ -2,15 +2,13 @@ import express from "express";
 import { db } from "../db/index.js";
 import { sshCredentials, sshCredentialUsage, sshData } from "../db/schema.js";
 import { eq, and, desc, sql } from "drizzle-orm";
-import type { Request, Response, NextFunction } from "express";
+import type { Request, Response } from "express";
-import jwt from "jsonwebtoken";
 import { authLogger } from "../../utils/logger.js";
 import { SimpleDBOps } from "../../utils/simple-db-ops.js";
 import { AuthManager } from "../../utils/auth-manager.js";
 import {
   parseSSHKey,
   parsePublicKey,
-  detectKeyType,
   validateKeyPair,
 } from "../../utils/ssh-key-utils.js";
 import crypto from "crypto";
@@ -1093,7 +1091,9 @@ router.post(
           finalPublicKey = `${keyType} ${base64Data}`;
           formatType = "ssh";
         }
-      } catch (sshError) {}
+      } catch {
+        // Ignore validation errors
+      }
 
       const response = {
         success: true,
@@ -1119,7 +1119,8 @@ router.post(
 async function deploySSHKeyToHost(
   hostConfig: any,
   publicKey: string,
-  credentialData: any,
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  _credentialData: any,
 ): Promise<{ success: boolean; message?: string; error?: string }> {
   return new Promise((resolve) => {
     const conn = new Client();
@@ -1158,7 +1159,9 @@ async function deploySSHKeyToHost(
                 }
               });
 
-              stream.on("data", (data) => {});
+              stream.on("data", () => {
+                // Ignore output
+              });
             },
           );
         });
@@ -1175,7 +1178,9 @@ async function deploySSHKeyToHost(
               if (parsed.data) {
                 actualPublicKey = parsed.data;
               }
-            } catch (e) {}
+            } catch {
+              // Ignore parse errors
+            }
 
             const keyParts = actualPublicKey.trim().split(" ");
             if (keyParts.length < 2) {
@@ -1202,7 +1207,7 @@ async function deploySSHKeyToHost(
                   output += data.toString();
                 });
 
-                stream.on("close", (code) => {
+                stream.on("close", () => {
                   clearTimeout(checkTimeout);
                   const exists = output.trim() === "0";
                   resolveCheck(exists);
@@ -1229,7 +1234,9 @@ async function deploySSHKeyToHost(
             if (parsed.data) {
               actualPublicKey = parsed.data;
             }
-          } catch (e) {}
+          } catch {
+            // Ignore parse errors
+          }
 
           const escapedKey = actualPublicKey
             .replace(/\\/g, "\\\\")
@@ -1269,7 +1276,9 @@ async function deploySSHKeyToHost(
               if (parsed.data) {
                 actualPublicKey = parsed.data;
               }
-            } catch (e) {}
+            } catch {
+              // Ignore parse errors
+            }
 
             const keyParts = actualPublicKey.trim().split(" ");
             if (keyParts.length < 2) {
@@ -1295,7 +1304,7 @@ async function deploySSHKeyToHost(
                   output += data.toString();
                 });
 
-                stream.on("close", (code) => {
+                stream.on("close", () => {
                   clearTimeout(verifyTimeout);
                   const verified = output.trim() === "0";
                   resolveVerify(verified);
@@ -1571,7 +1580,7 @@ router.post(
               error: "Host credential not found",
             });
           }
-        } catch (error) {
+        } catch {
           return res.status(500).json({
             success: false,
             error: "Failed to resolve host credentials",

src/backend/database/routes/users.ts

@@ -18,7 +18,6 @@ import QRCode from "qrcode";
 import type { Request, Response } from "express";
 import { authLogger } from "../../utils/logger.js";
 import { AuthManager } from "../../utils/auth-manager.js";
-import { UserCrypto } from "../../utils/user-crypto.js";
 import { DataCrypto } from "../../utils/data-crypto.js";
 import { LazyFieldEncryption } from "../../utils/lazy-field-encryption.js";
 
@@ -60,7 +59,6 @@ async function verifyOIDCToken(
     }
 
     let jwks: any = null;
-    let jwksUrl: string | null = null;
 
     for (const url of jwksUrls) {
       try {
@@ -69,7 +67,6 @@ async function verifyOIDCToken(
           const jwksData = (await response.json()) as any;
           if (jwksData && jwksData.keys && Array.isArray(jwksData.keys)) {
             jwks = jwksData;
-            jwksUrl = url;
             break;
           } else {
             authLogger.error(
@@ -77,8 +74,9 @@ async function verifyOIDCToken(
             );
           }
         } else {
+          // Non-200 response
         }
-      } catch (error) {
+      } catch {
         continue;
       }
     }
@@ -125,15 +123,8 @@ function isNonEmptyString(val: any): val is string {
   return typeof val === "string" && val.trim().length > 0;
 }
 
-interface JWTPayload {
-  userId: string;
-  iat?: number;
-  exp?: number;
-}
-
 const authenticateJWT = authManager.createAuthMiddleware();
 const requireAdmin = authManager.createAdminMiddleware();
-const requireDataAccess = authManager.createDataAccessMiddleware();
 
 // Route: Create traditional user (username/password)
 // POST /users/create
@@ -451,7 +442,7 @@ router.get("/oidc-config", async (req, res) => {
                 } else {
                   config.client_secret = "[ENCRYPTED - PASSWORD REQUIRED]";
                 }
-              } catch (decryptError) {
+              } catch {
                 authLogger.warn("Failed to decrypt OIDC config for admin", {
                   operation: "oidc_config_decrypt_failed",
                   userId,
@@ -651,7 +642,8 @@ router.get("/oidc/callback", async (req, res) => {
           config.issuer_url,
           config.client_id,
         );
-      } catch (error) {
+      } catch {
+        // Fallback to manual decoding
         try {
           const parts = tokenData.id_token.split(".");
           if (parts.length === 3) {
@@ -894,7 +886,7 @@ router.post("/login", async (req, res) => {
       if (kekSalt.length === 0) {
         await authManager.registerUser(userRecord.id, password);
       }
-    } catch (setupError) {
+    } catch {
       // Continue if setup fails - authenticateUser will handle it
     }
 
@@ -1561,7 +1553,7 @@ router.post("/totp/verify-login", async (req, res) => {
         backupCodes = userRecord.totp_backup_codes
           ? JSON.parse(userRecord.totp_backup_codes)
           : [];
-      } catch (parseError) {
+      } catch {
         backupCodes = [];
       }