chore(security,refactor): extract sanitization and improve code quality (#41)

* chore(security,refactor): extract sanitization and improve code quality

- [x] Extract sanitization functions to dedicated sanitization.go module
- [x] Add comprehensive golangci-lint v2 configuration with security rules
- [x] Replace interface{} with any type throughout codebase
- [x] Add admin API authentication security warning
- [x] Extract WebSocket and stats streaming constants
- [x] Add best-effort error handling comments for resource cleanup
- [x] Expand sensitive field patterns for improved PII redaction
- [x] Simplify safety checks and remove redundant nil validations
- [x] Improve test coverage for password field redaction patterns

* refactor: replace interface{} with any type alias

- [x] Replace all `map[string]interface{}` with `map[string]any`
- [x] Replace all `interface{}` with `any` in function signatures and type definitions
- [x] Update sync.Pool New function returns from `interface{}` to `any`
- [x] Add package documentation comments to 8 package files
- [x] Update type assertions and casts to work with `any` type

.golangci.yml

@@ -0,0 +1,116 @@
+# Project-specific golangci-lint configuration (v2)
+version: "2"
+
+linters:
+  default: none
+  enable:
+    # Code quality
+    - govet       # Go vet (suspicious constructs)
+    - staticcheck # Advanced static analysis
+    - unused      # Find unused code
+    - errcheck    # Check for unchecked errors
+
+    # Security
+    - gosec       # Security issues
+
+  settings:
+    unused:
+      field-writes-are-uses: true
+      post-statements-are-reads: true
+      exported-is-used: true
+      exported-fields-are-used: true
+
+    govet:
+      enable-all: true
+      disable:
+        # Field alignment is a micro-optimization that reduces readability
+        - fieldalignment
+        # Shadow warnings in this codebase are intentional and safe
+        - shadow
+
+    staticcheck:
+      checks:
+        - "all"
+        # Disable naming convention checks - existing codebase uses underscores
+        # and ALL_CAPS which would require significant refactoring
+        - "-ST1000"  # Package comments
+        - "-ST1003"  # Naming conventions (underscores, ALL_CAPS)
+        # Disable quickfix suggestions - these are style preferences, not errors
+        - "-QF1001"  # De Morgan's law
+        - "-QF1012"  # fmt.Fprintf suggestion
+
+    errcheck:
+      # Don't check error returns on these functions (best-effort cleanup)
+      exclude-functions:
+        - (*github.com/gorilla/websocket.Conn).Close
+        - (*github.com/gorilla/websocket.Conn).SetReadDeadline
+        - (*github.com/gorilla/websocket.Conn).WriteMessage
+        - (*github.com/redis/go-redis/v9.Client).Close
+        - (*github.com/redis/go-redis/v9.Pipeline).Exec
+        - (io.Closer).Close
+        - (*os.File).Close
+        - (*compress/gzip.Reader).Close
+        - (net.Conn).Close
+
+    gosec:
+      excludes:
+        # G104: Errors unhandled - covered by errcheck with proper exclusions
+        - G104
+        # G115: Integer overflow conversion - safe in this codebase
+        # These are uint64 counter values that will never exceed int64 max
+        - G115
+        # G402: TLS InsecureSkipVerify - this is a configurable option
+        # Users explicitly enable this via GMP_DISABLE_TLS_VERIFY env var
+        - G402
+
+  exclusions:
+    presets:
+      - common-false-positives
+    rules:
+      # Test files can have relaxed rules
+      - path: _test\.go
+        linters:
+          - unused
+          - errcheck
+          - gosec
+
+      # Specific file exclusions for known patterns
+      - path: api\.go
+        linters:
+          - gosec
+        text: "G306"
+        # File permissions 0644 for banned users file is intentional
+        # This is a non-sensitive configuration file that may be
+        # read by deployment tools
+
+      # Exclude enableApi naming (would be a breaking change)
+      - path: api\.go
+        text: "ST1003"
+
+      # Generated files
+      - path: \.pb\.go$
+        linters:
+          - all
+
+formatters:
+  enable:
+    - gofmt
+
+  settings:
+    gofmt:
+      simplify: true
+
+run:
+  timeout: 5m
+  tests: true
+  modules-download-mode: readonly
+  build-tags:
+    - ""
+  go: "1.23"
+
+output:
+  formats:
+    text:
+      path: stdout
+      colors: true
+  sort-results: true

admin_dashboard.go

@@ -9,9 +9,18 @@ import (
 	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/websocket/v2"
 	libpack_cache "github.com/lukaszraczylo/graphql-monitoring-proxy/cache"
+	libpack_config "github.com/lukaszraczylo/graphql-monitoring-proxy/config"
 	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
 )
 
+// Admin dashboard constants
+const (
+	// WebSocketReadDeadline is the read deadline for WebSocket connections
+	WebSocketReadDeadline = 60 * time.Second
+	// StatsStreamInterval is the interval for streaming stats updates
+	StatsStreamInterval = 2 * time.Second
+)
+
 //go:embed admin/dashboard.html
 var dashboardHTML embed.FS
 
@@ -60,7 +69,7 @@ func (ad *AdminDashboard) RegisterRoutes(app *fiber.App) {
 	if ad.logger != nil {
 		ad.logger.Info(&libpack_logger.LogMessage{
 			Message: "Admin dashboard routes registered",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"path": "/admin",
 			},
 		})
@@ -88,18 +97,18 @@ func (ad *AdminDashboard) getStats(c *fiber.Ctx) error {
 			if ad.logger != nil {
 				ad.logger.Error(&libpack_logger.LogMessage{
 					Message: "Failed to get aggregated metrics, falling back to local stats",
-					Pairs:   map[string]interface{}{"error": err.Error()},
+					Pairs:   map[string]any{"error": err.Error()},
 				})
 			}
 			// Fall through to local stats on error
 		} else {
 			// Return aggregated cluster stats
-			response := map[string]interface{}{
+			response := map[string]any{
 				"cluster_mode":      true,
 				"total_instances":   metrics.TotalInstances,
 				"healthy_instances": metrics.HealthyInstances,
 				"timestamp":         metrics.LastUpdate.Format(time.RFC3339),
-				"version":           "0.27.0",
+				"version":           libpack_config.PKG_VERSION,
 			}
 
 			// Add combined stats from aggregation
@@ -115,12 +124,12 @@ func (ad *AdminDashboard) getStats(c *fiber.Ctx) error {
 
 	// Local instance stats (fallback or non-cluster mode)
 	uptimeSeconds := time.Since(startTime).Seconds()
-	stats := map[string]interface{}{
+	stats := map[string]any{
 		"cluster_mode":   false,
 		"timestamp":      time.Now().Format(time.RFC3339),
 		"uptime_seconds": uptimeSeconds,
 		"uptime_human":   formatDuration(time.Since(startTime)),
-		"version":        "0.27.0", // TODO: Get from build info
+		"version":        libpack_config.PKG_VERSION,
 	}
 
 	if cfg != nil && cfg.Monitoring != nil {
@@ -130,7 +139,7 @@ func (ad *AdminDashboard) getStats(c *fiber.Ctx) error {
 		total := succeeded + failed + skipped
 
 		// Request statistics
-		requestStats := map[string]interface{}{
+		requestStats := map[string]any{
 			"total":     total,
 			"succeeded": succeeded,
 			"failed":    failed,
@@ -172,7 +181,7 @@ func (ad *AdminDashboard) getStats(c *fiber.Ctx) error {
 			if totalCacheRequests > 0 {
 				hitRate = float64(cacheStats.CacheHits) / float64(totalCacheRequests) * 100
 			}
-			stats["cache_summary"] = map[string]interface{}{
+			stats["cache_summary"] = map[string]any{
 				"hits":         cacheStats.CacheHits,
 				"misses":       cacheStats.CacheMisses,
 				"hit_rate_pct": hitRate,
@@ -205,16 +214,16 @@ func formatDuration(d time.Duration) string {
 func (ad *AdminDashboard) getHealth(c *fiber.Ctx) error {
 	healthMgr := GetBackendHealthManager()
 
-	health := map[string]interface{}{
+	health := map[string]any{
 		"status": "unknown",
-		"backend": map[string]interface{}{
+		"backend": map[string]any{
 			"healthy": false,
 		},
 	}
 
 	if healthMgr != nil {
 		isHealthy := healthMgr.IsHealthy()
-		health["backend"] = map[string]interface{}{
+		health["backend"] = map[string]any{
 			"healthy":              isHealthy,
 			"consecutive_failures": healthMgr.GetConsecutiveFailures(),
 			"last_check":           healthMgr.GetLastHealthCheck().Format(time.RFC3339),
@@ -232,7 +241,7 @@ func (ad *AdminDashboard) getHealth(c *fiber.Ctx) error {
 
 // getCircuitBreakerStatus returns circuit breaker status
 func (ad *AdminDashboard) getCircuitBreakerStatus(c *fiber.Ctx) error {
-	status := map[string]interface{}{
+	status := map[string]any{
 		"enabled": false,
 		"state":   "unknown",
 	}
@@ -247,14 +256,14 @@ func (ad *AdminDashboard) getCircuitBreakerStatus(c *fiber.Ctx) error {
 			cbMutex.RUnlock()
 
 			status["state"] = state.String()
-			status["counts"] = map[string]interface{}{
+			status["counts"] = map[string]any{
 				"requests":              counts.Requests,
 				"total_successes":       counts.TotalSuccesses,
 				"total_failures":        counts.TotalFailures,
 				"consecutive_successes": counts.ConsecutiveSuccesses,
 				"consecutive_failures":  counts.ConsecutiveFailures,
 			}
-			status["config"] = map[string]interface{}{
+			status["config"] = map[string]any{
 				"max_failures":           cfg.CircuitBreaker.MaxFailures,
 				"failure_ratio":          cfg.CircuitBreaker.FailureRatio,
 				"timeout":                cfg.CircuitBreaker.Timeout,
@@ -277,13 +286,13 @@ func (ad *AdminDashboard) getCacheStats(c *fiber.Ctx) error {
 			if ad.logger != nil {
 				ad.logger.Error(&libpack_logger.LogMessage{
 					Message: "Failed to get aggregated cache metrics, falling back to local stats",
-					Pairs:   map[string]interface{}{"error": err.Error()},
+					Pairs:   map[string]any{"error": err.Error()},
 				})
 			}
 			// Fall through to local stats on error
 		} else {
 			// Build aggregated cache stats from combined stats
-			response := map[string]interface{}{
+			response := map[string]any{
 				"cluster_mode":    true,
 				"total_instances": metrics.TotalInstances,
 			}
@@ -321,7 +330,7 @@ func (ad *AdminDashboard) getCacheStats(c *fiber.Ctx) error {
 	}
 
 	// Local instance stats (fallback or non-cluster mode)
-	stats := map[string]interface{}{
+	stats := map[string]any{
 		"cluster_mode": false,
 		"enabled":      false,
 	}
@@ -376,7 +385,7 @@ func (ad *AdminDashboard) getCacheStats(c *fiber.Ctx) error {
 func (ad *AdminDashboard) getConnectionStats(c *fiber.Ctx) error {
 	poolMgr := GetConnectionPoolManager()
 
-	stats := map[string]interface{}{
+	stats := map[string]any{
 		"available": false,
 	}
 
@@ -393,7 +402,7 @@ func (ad *AdminDashboard) getRetryBudgetStats(c *fiber.Ctx) error {
 	rb := GetRetryBudget()
 
 	if rb == nil {
-		return c.JSON(map[string]interface{}{
+		return c.JSON(map[string]any{
 			"enabled": false,
 		})
 	}
@@ -406,7 +415,7 @@ func (ad *AdminDashboard) getCoalescingStats(c *fiber.Ctx) error {
 	rc := GetRequestCoalescer()
 
 	if rc == nil {
-		return c.JSON(map[string]interface{}{
+		return c.JSON(map[string]any{
 			"enabled": false,
 		})
 	}
@@ -419,7 +428,7 @@ func (ad *AdminDashboard) getWebSocketStats(c *fiber.Ctx) error {
 	wsp := GetWebSocketProxy()
 
 	if wsp == nil {
-		return c.JSON(map[string]interface{}{
+		return c.JSON(map[string]any{
 			"enabled": false,
 		})
 	}
@@ -430,7 +439,7 @@ func (ad *AdminDashboard) getWebSocketStats(c *fiber.Ctx) error {
 // clearCache clears the cache
 func (ad *AdminDashboard) clearCache(c *fiber.Ctx) error {
 	libpack_cache.CacheClear()
-	return c.JSON(map[string]interface{}{
+	return c.JSON(map[string]any{
 		"success": true,
 		"message": "Cache cleared successfully",
 	})
@@ -443,7 +452,7 @@ func (ad *AdminDashboard) resetRetryBudget(c *fiber.Ctx) error {
 		rb.Reset()
 	}
 
-	return c.JSON(map[string]interface{}{
+	return c.JSON(map[string]any{
 		"success": true,
 		"message": "Retry budget statistics reset",
 	})
@@ -456,7 +465,7 @@ func (ad *AdminDashboard) resetCoalescing(c *fiber.Ctx) error {
 		rc.Reset()
 	}
 
-	return c.JSON(map[string]interface{}{
+	return c.JSON(map[string]any{
 		"success": true,
 		"message": "Coalescing statistics reset",
 	})
@@ -466,7 +475,7 @@ func (ad *AdminDashboard) resetCoalescing(c *fiber.Ctx) error {
 func (ad *AdminDashboard) getClusterStats(c *fiber.Ctx) error {
 	aggregator := GetMetricsAggregator()
 	if aggregator == nil {
-		return c.Status(503).JSON(map[string]interface{}{
+		return c.Status(503).JSON(map[string]any{
 			"error":        "Cluster mode not available",
 			"message":      "Redis-based metrics aggregation is not enabled",
 			"cluster_mode": false,
@@ -478,17 +487,17 @@ func (ad *AdminDashboard) getClusterStats(c *fiber.Ctx) error {
 		if ad.logger != nil {
 			ad.logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to get aggregated metrics",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 		}
-		return c.Status(500).JSON(map[string]interface{}{
+		return c.Status(500).JSON(map[string]any{
 			"error":   "Failed to retrieve cluster metrics",
 			"message": err.Error(),
 		})
 	}
 
 	// Format response similar to regular stats endpoint
-	response := map[string]interface{}{
+	response := map[string]any{
 		"cluster_mode":      true,
 		"total_instances":   metrics.TotalInstances,
 		"healthy_instances": metrics.HealthyInstances,
@@ -503,7 +512,7 @@ func (ad *AdminDashboard) getClusterStats(c *fiber.Ctx) error {
 func (ad *AdminDashboard) getClusterInstances(c *fiber.Ctx) error {
 	aggregator := GetMetricsAggregator()
 	if aggregator == nil {
-		return c.Status(503).JSON(map[string]interface{}{
+		return c.Status(503).JSON(map[string]any{
 			"error":        "Cluster mode not available",
 			"message":      "Redis-based metrics aggregation is not enabled",
 			"cluster_mode": false,
@@ -515,16 +524,16 @@ func (ad *AdminDashboard) getClusterInstances(c *fiber.Ctx) error {
 		if ad.logger != nil {
 			ad.logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to get instance metrics",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 		}
-		return c.Status(500).JSON(map[string]interface{}{
+		return c.Status(500).JSON(map[string]any{
 			"error":   "Failed to retrieve instance metrics",
 			"message": err.Error(),
 		})
 	}
 
-	return c.JSON(map[string]interface{}{
+	return c.JSON(map[string]any{
 		"cluster_mode":      true,
 		"total_instances":   metrics.TotalInstances,
 		"healthy_instances": metrics.HealthyInstances,
@@ -537,7 +546,7 @@ func (ad *AdminDashboard) getClusterInstances(c *fiber.Ctx) error {
 func (ad *AdminDashboard) getClusterDebug(c *fiber.Ctx) error {
 	aggregator := GetMetricsAggregator()
 
-	debug := map[string]interface{}{
+	debug := map[string]any{
 		"aggregator_initialized": aggregator != nil,
 		"redis_cache_enabled":    false,
 	}
@@ -562,7 +571,7 @@ func (ad *AdminDashboard) getClusterDebug(c *fiber.Ctx) error {
 			// Show first instance structure as example
 			if len(metrics.Instances) > 0 {
 				first := metrics.Instances[0]
-				debug["sample_instance"] = map[string]interface{}{
+				debug["sample_instance"] = map[string]any{
 					"instance_id":    first.InstanceID,
 					"hostname":       first.Hostname,
 					"uptime_seconds": first.UptimeSeconds,
@@ -573,7 +582,7 @@ func (ad *AdminDashboard) getClusterDebug(c *fiber.Ctx) error {
 				}
 
 				// Show requests structure if it exists
-				if requests, ok := first.Stats["requests"].(map[string]interface{}); ok {
+				if requests, ok := first.Stats["requests"].(map[string]any); ok {
 					debug["sample_requests"] = requests
 				}
 			}
@@ -584,7 +593,7 @@ func (ad *AdminDashboard) getClusterDebug(c *fiber.Ctx) error {
 }
 
 // Helper to get map keys
-func getMapKeys(m map[string]interface{}) []string {
+func getMapKeys(m map[string]any) []string {
 	keys := make([]string, 0, len(m))
 	for k := range m {
 		keys = append(keys, k)
@@ -596,7 +605,7 @@ func getMapKeys(m map[string]interface{}) []string {
 func (ad *AdminDashboard) forcePublish(c *fiber.Ctx) error {
 	aggregator := GetMetricsAggregator()
 	if aggregator == nil {
-		return c.Status(503).JSON(map[string]interface{}{
+		return c.Status(503).JSON(map[string]any{
 			"error":   "Aggregator not initialized",
 			"success": false,
 		})
@@ -605,7 +614,7 @@ func (ad *AdminDashboard) forcePublish(c *fiber.Ctx) error {
 	// Trigger publish in goroutine to avoid blocking
 	go aggregator.publishMetrics()
 
-	return c.JSON(map[string]interface{}{
+	return c.JSON(map[string]any{
 		"success":   true,
 		"triggered": true,
 		"message":   "Publish triggered in background",
@@ -634,7 +643,7 @@ func (ad *AdminDashboard) handleStatsWebSocket(c *websocket.Conn) {
 	if ad.logger != nil {
 		ad.logger.Info(&libpack_logger.LogMessage{
 			Message: "WebSocket client connected to stats stream",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"remote_addr": c.RemoteAddr().String(),
 			},
 		})
@@ -645,18 +654,18 @@ func (ad *AdminDashboard) handleStatsWebSocket(c *websocket.Conn) {
 		if ad.logger != nil {
 			ad.logger.Info(&libpack_logger.LogMessage{
 				Message: "WebSocket client disconnected from stats stream",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"remote_addr": c.RemoteAddr().String(),
 				},
 			})
 		}
-		c.Close()
+		_ = c.Close() // Best-effort cleanup
 	}()
 
 	// Set up ping/pong handlers
-	c.SetReadDeadline(time.Now().Add(60 * time.Second))
+	_ = c.SetReadDeadline(time.Now().Add(WebSocketReadDeadline))
 	c.SetPongHandler(func(string) error {
-		c.SetReadDeadline(time.Now().Add(60 * time.Second))
+		_ = c.SetReadDeadline(time.Now().Add(WebSocketReadDeadline))
 		return nil
 	})
 
@@ -674,14 +683,14 @@ func (ad *AdminDashboard) handleStatsWebSocket(c *websocket.Conn) {
 		}
 	}()
 
-	// Stream statistics every 2 seconds
+	// Stream statistics at configured interval
-	ticker := time.NewTicker(2 * time.Second)
+	ticker := time.NewTicker(StatsStreamInterval)
 	defer ticker.Stop()
 
 	// Send initial stats immediately (cluster-aware for dashboard)
 	if stats := ad.gatherAllStatsClusterAware(); stats != nil {
 		if data, err := json.Marshal(stats); err == nil {
-			c.WriteMessage(websocket.TextMessage, data)
+			_ = c.WriteMessage(websocket.TextMessage, data)
 		}
 	}
 
@@ -698,7 +707,7 @@ func (ad *AdminDashboard) handleStatsWebSocket(c *websocket.Conn) {
 				if ad.logger != nil {
 					ad.logger.Error(&libpack_logger.LogMessage{
 						Message: "Failed to marshal stats for WebSocket",
-						Pairs:   map[string]interface{}{"error": err.Error()},
+						Pairs:   map[string]any{"error": err.Error()},
 					})
 				}
 				return
@@ -709,7 +718,7 @@ func (ad *AdminDashboard) handleStatsWebSocket(c *websocket.Conn) {
 				if ad.logger != nil {
 					ad.logger.Debug(&libpack_logger.LogMessage{
 						Message: "Failed to write to WebSocket (client likely disconnected)",
-						Pairs:   map[string]interface{}{"error": err.Error()},
+						Pairs:   map[string]any{"error": err.Error()},
 					})
 				}
 				return
@@ -724,34 +733,34 @@ func (ad *AdminDashboard) handleStatsWebSocket(c *websocket.Conn) {
 
 // gatherAllStats collects all statistics into a single structure
 // This always returns LOCAL stats for this instance (used by metrics aggregator)
-func (ad *AdminDashboard) gatherAllStats() map[string]interface{} {
+func (ad *AdminDashboard) gatherAllStats() map[string]any {
 	return ad.gatherAllStatsWithMode(false)
 }
 
 // gatherAllStatsClusterAware collects statistics with cluster awareness
 // If cluster mode is available, returns aggregated stats from all instances
-func (ad *AdminDashboard) gatherAllStatsClusterAware() map[string]interface{} {
+func (ad *AdminDashboard) gatherAllStatsClusterAware() map[string]any {
 	return ad.gatherAllStatsWithMode(true)
 }
 
 // gatherAllStatsWithMode collects statistics with optional cluster mode
-func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string]interface{} {
+func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string]any {
 	// Check if cluster mode is requested and available
 	if useClusterMode {
 		if aggregator := GetMetricsAggregator(); aggregator != nil {
 			metrics, err := aggregator.GetAggregatedMetrics()
 			if err == nil && metrics != nil {
 				// Return aggregated cluster stats
-				result := map[string]interface{}{
+				result := map[string]any{
 					"cluster_mode":      true,
 					"total_instances":   metrics.TotalInstances,
 					"healthy_instances": metrics.HealthyInstances,
 				}
 
 				// Build stats section from combined stats
-				stats := map[string]interface{}{
+				stats := map[string]any{
 					"timestamp": metrics.LastUpdate.Format(time.RFC3339),
-					"version":   "0.27.0",
+					"version":   libpack_config.PKG_VERSION,
 				}
 
 				// Copy all combined stats
@@ -771,16 +780,16 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 	}
 
 	// Fall back to local stats
-	result := make(map[string]interface{})
+	result := make(map[string]any)
 	result["cluster_mode"] = false
 
 	// Main stats
 	uptimeSeconds := time.Since(startTime).Seconds()
-	stats := map[string]interface{}{
+	stats := map[string]any{
 		"timestamp":      time.Now().Format(time.RFC3339),
 		"uptime_seconds": uptimeSeconds,
 		"uptime_human":   formatDuration(time.Since(startTime)),
-		"version":        "0.27.0",
+		"version":        libpack_config.PKG_VERSION,
 	}
 
 	if cfg != nil && cfg.Monitoring != nil {
@@ -789,7 +798,7 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 		skipped := getAdminMetricValue("requests_skipped")
 		total := succeeded + failed + skipped
 
-		requestStats := map[string]interface{}{
+		requestStats := map[string]any{
 			"total":     total,
 			"succeeded": succeeded,
 			"failed":    failed,
@@ -828,7 +837,7 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 			if totalCacheRequests > 0 {
 				hitRate = float64(cacheStats.CacheHits) / float64(totalCacheRequests) * 100
 			}
-			stats["cache_summary"] = map[string]interface{}{
+			stats["cache_summary"] = map[string]any{
 				"hits":         cacheStats.CacheHits,
 				"misses":       cacheStats.CacheMisses,
 				"hit_rate_pct": hitRate,
@@ -841,16 +850,16 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 
 	// Health
 	healthMgr := GetBackendHealthManager()
-	health := map[string]interface{}{
+	health := map[string]any{
 		"status": "unknown",
-		"backend": map[string]interface{}{
+		"backend": map[string]any{
 			"healthy": false,
 		},
 	}
 
 	if healthMgr != nil {
 		isHealthy := healthMgr.IsHealthy()
-		health["backend"] = map[string]interface{}{
+		health["backend"] = map[string]any{
 			"healthy":              isHealthy,
 			"consecutive_failures": healthMgr.GetConsecutiveFailures(),
 			"last_check":           healthMgr.GetLastHealthCheck().Format(time.RFC3339),
@@ -865,7 +874,7 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 	result["health"] = health
 
 	// Circuit breaker
-	cbStatus := map[string]interface{}{
+	cbStatus := map[string]any{
 		"enabled": false,
 		"state":   "unknown",
 	}
@@ -880,14 +889,14 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 			cbMutex.RUnlock()
 
 			cbStatus["state"] = state.String()
-			cbStatus["counts"] = map[string]interface{}{
+			cbStatus["counts"] = map[string]any{
 				"requests":              counts.Requests,
 				"total_successes":       counts.TotalSuccesses,
 				"total_failures":        counts.TotalFailures,
 				"consecutive_successes": counts.ConsecutiveSuccesses,
 				"consecutive_failures":  counts.ConsecutiveFailures,
 			}
-			cbStatus["config"] = map[string]interface{}{
+			cbStatus["config"] = map[string]any{
 				"max_failures":           cfg.CircuitBreaker.MaxFailures,
 				"failure_ratio":          cfg.CircuitBreaker.FailureRatio,
 				"timeout":                cfg.CircuitBreaker.Timeout,
@@ -899,7 +908,7 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 	result["circuit_breaker"] = cbStatus
 
 	// Cache stats
-	cacheStats := map[string]interface{}{
+	cacheStats := map[string]any{
 		"enabled": false,
 	}
 
@@ -947,7 +956,7 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 
 	// Connection stats
 	poolMgr := GetConnectionPoolManager()
-	connStats := map[string]interface{}{
+	connStats := map[string]any{
 		"available": false,
 	}
 
@@ -960,7 +969,7 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 	// Retry budget
 	rb := GetRetryBudget()
 	if rb == nil {
-		result["retry_budget"] = map[string]interface{}{"enabled": false}
+		result["retry_budget"] = map[string]any{"enabled": false}
 	} else {
 		result["retry_budget"] = rb.GetStats()
 	}
@@ -968,7 +977,7 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 	// Coalescing
 	rc := GetRequestCoalescer()
 	if rc == nil {
-		result["coalescing"] = map[string]interface{}{"enabled": false}
+		result["coalescing"] = map[string]any{"enabled": false}
 	} else {
 		result["coalescing"] = rc.GetStats()
 	}
@@ -976,7 +985,7 @@ func (ad *AdminDashboard) gatherAllStatsWithMode(useClusterMode bool) map[string
 	// WebSocket
 	wsp := GetWebSocketProxy()
 	if wsp == nil {
-		result["websocket"] = map[string]interface{}{"enabled": false}
+		result["websocket"] = map[string]any{"enabled": false}
 	} else {
 		result["websocket"] = wsp.GetStats()
 	}

admin_dashboard_test.go

@@ -103,7 +103,7 @@ func TestAdminDashboard_GetStats(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var stats map[string]interface{}
+	var stats map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &stats)
 	assert.NoError(t, err)
@@ -116,7 +116,7 @@ func TestAdminDashboard_GetStats(t *testing.T) {
 	assert.NotNil(t, stats["requests"])
 
 	// Verify request stats structure
-	requests := stats["requests"].(map[string]interface{})
+	requests := stats["requests"].(map[string]any)
 	assert.NotNil(t, requests["total"])
 	assert.NotNil(t, requests["succeeded"])
 	assert.NotNil(t, requests["failed"])
@@ -139,7 +139,7 @@ func TestAdminDashboard_GetHealth(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var health map[string]interface{}
+	var health map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &health)
 	assert.NoError(t, err)
@@ -188,7 +188,7 @@ func TestAdminDashboard_GetCircuitBreakerStatus(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var status map[string]interface{}
+	var status map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &status)
 	assert.NoError(t, err)
@@ -236,7 +236,7 @@ func TestAdminDashboard_GetCacheStats(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var stats map[string]interface{}
+	var stats map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &stats)
 	assert.NoError(t, err)
@@ -260,7 +260,7 @@ func TestAdminDashboard_GetConnectionStats(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var stats map[string]interface{}
+	var stats map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &stats)
 	assert.NoError(t, err)
@@ -283,7 +283,7 @@ func TestAdminDashboard_GetRetryBudgetStats(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var stats map[string]interface{}
+	var stats map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &stats)
 	assert.NoError(t, err)
@@ -306,7 +306,7 @@ func TestAdminDashboard_GetCoalescingStats(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var stats map[string]interface{}
+	var stats map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &stats)
 	assert.NoError(t, err)
@@ -329,7 +329,7 @@ func TestAdminDashboard_GetWebSocketStats(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var stats map[string]interface{}
+	var stats map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &stats)
 	assert.NoError(t, err)
@@ -352,7 +352,7 @@ func TestAdminDashboard_ClearCache(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var result map[string]interface{}
+	var result map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &result)
 	assert.NoError(t, err)
@@ -383,7 +383,7 @@ func TestAdminDashboard_ResetRetryBudget(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var result map[string]interface{}
+	var result map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &result)
 	assert.NoError(t, err)
@@ -410,7 +410,7 @@ func TestAdminDashboard_ResetCoalescing(t *testing.T) {
 	assert.Equal(t, 200, resp.StatusCode)
 
 	// Parse response
-	var result map[string]interface{}
+	var result map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	err = json.Unmarshal(body, &result)
 	assert.NoError(t, err)
@@ -475,7 +475,7 @@ func TestAdminDashboard_IntegrationWithFeatures(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, 200, resp.StatusCode)
 
-	var rbStats map[string]interface{}
+	var rbStats map[string]any
 	body, _ := io.ReadAll(resp.Body)
 	json.Unmarshal(body, &rbStats)
 	assert.Equal(t, true, rbStats["enabled"])
@@ -486,7 +486,7 @@ func TestAdminDashboard_IntegrationWithFeatures(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, 200, resp.StatusCode)
 
-	var coalStats map[string]interface{}
+	var coalStats map[string]any
 	body, _ = io.ReadAll(resp.Body)
 	json.Unmarshal(body, &coalStats)
 	assert.Equal(t, true, coalStats["enabled"])
@@ -497,7 +497,7 @@ func TestAdminDashboard_IntegrationWithFeatures(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, 200, resp.StatusCode)
 
-	var wsStats map[string]interface{}
+	var wsStats map[string]any
 	body, _ = io.ReadAll(resp.Body)
 	json.Unmarshal(body, &wsStats)
 	assert.Equal(t, true, wsStats["enabled"])

api.go

@@ -37,7 +37,7 @@ func authMiddleware(c *fiber.Ctx) error {
 	if expectedKey == "" {
 		cfg.Logger.Debug(&libpack_logger.LogMessage{
 			Message: "Admin API authentication disabled - endpoints protected by network segmentation",
-			Pairs:   map[string]interface{}{"endpoint": c.Path()},
+			Pairs:   map[string]any{"endpoint": c.Path()},
 		})
 		return c.Next()
 	}
@@ -46,7 +46,7 @@ func authMiddleware(c *fiber.Ctx) error {
 	if subtle.ConstantTimeCompare([]byte(apiKey), []byte(expectedKey)) != 1 {
 		cfg.Logger.Warning(&libpack_logger.LogMessage{
 			Message: "Unauthorized API access attempt",
-			Pairs:   map[string]interface{}{"endpoint": c.Path(), "ip": c.IP()},
+			Pairs:   map[string]any{"endpoint": c.Path(), "ip": c.IP()},
 		})
 		return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
 			"error": "Unauthorized",
@@ -61,6 +61,23 @@ func enableApi(ctx context.Context) error {
 		return nil
 	}
 
+	// SECURITY WARNING: Check if API authentication is configured
+	adminAPIKey := os.Getenv("GMP_ADMIN_API_KEY")
+	if adminAPIKey == "" {
+		adminAPIKey = os.Getenv("ADMIN_API_KEY")
+	}
+	if adminAPIKey == "" {
+		cfg.Logger.Warning(&libpack_logger.LogMessage{
+			Message: "⚠️  Admin API enabled WITHOUT authentication - all endpoints are publicly accessible!",
+			Pairs: map[string]any{
+				"security_risk":  "HIGH - Admin API endpoints can be accessed without credentials",
+				"affected_ops":   "user-ban, user-unban, cache-clear, circuit-breaker controls",
+				"recommendation": "Set GMP_ADMIN_API_KEY environment variable or use network segmentation",
+				"api_port":       cfg.Server.ApiPort,
+			},
+		})
+	}
+
 	apiserver := fiber.New(fiber.Config{
 		DisableStartupMessage: true,
 		AppName:               fmt.Sprintf("GraphQL Monitoring Proxy - %s v%s", libpack_config.PKG_NAME, libpack_config.PKG_VERSION),
@@ -115,7 +132,7 @@ func periodicallyReloadBannedUsers(ctx context.Context) {
 			loadBannedUsers()
 			cfg.Logger.Debug(&libpack_logger.LogMessage{
 				Message: "Banned users reloaded",
-				Pairs:   map[string]interface{}{"users": bannedUsersIDs},
+				Pairs:   map[string]any{"users": bannedUsersIDs},
 			})
 		}
 	}
@@ -128,18 +145,18 @@ func checkIfUserIsBanned(c *fiber.Ctx, userID string) bool {
 
 	cfg.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Checking if user is banned",
-		Pairs:   map[string]interface{}{"user_id": userID, "banned": found},
+		Pairs:   map[string]any{"user_id": userID, "banned": found},
 	})
 
 	if found {
 		cfg.Logger.Info(&libpack_logger.LogMessage{
 			Message: "User is banned",
-			Pairs:   map[string]interface{}{"user_id": userID},
+			Pairs:   map[string]any{"user_id": userID},
 		})
 		if err := c.Status(fiber.StatusForbidden).SendString("User is banned"); err != nil {
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to send banned user response",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 		}
 	}
@@ -225,7 +242,7 @@ func apiBanUser(c *fiber.Ctx) error {
 	if err := c.BodyParser(&req); err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Can't parse the ban user request",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return c.Status(fiber.StatusBadRequest).SendString("Invalid request payload")
 	}
@@ -240,7 +257,7 @@ func apiBanUser(c *fiber.Ctx) error {
 
 	cfg.Logger.Info(&libpack_logger.LogMessage{
 		Message: "Banned user",
-		Pairs:   map[string]interface{}{"user_id": req.UserID, "reason": req.Reason},
+		Pairs:   map[string]any{"user_id": req.UserID, "reason": req.Reason},
 	})
 
 	if err := storeBannedUsers(); err != nil {
@@ -255,7 +272,7 @@ func apiUnbanUser(c *fiber.Ctx) error {
 	if err := c.BodyParser(&req); err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Can't parse the unban user request",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return c.Status(fiber.StatusBadRequest).SendString("Invalid request payload")
 	}
@@ -270,7 +287,7 @@ func apiUnbanUser(c *fiber.Ctx) error {
 
 	cfg.Logger.Info(&libpack_logger.LogMessage{
 		Message: "Unbanned user",
-		Pairs:   map[string]interface{}{"user_id": req.UserID},
+		Pairs:   map[string]any{"user_id": req.UserID},
 	})
 
 	if err := storeBannedUsers(); err != nil {
@@ -289,7 +306,7 @@ func storeBannedUsers() error {
 		if err := fileLock.Unlock(); err != nil {
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to unlock file",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 		}
 	}()
@@ -301,7 +318,7 @@ func storeBannedUsers() error {
 	if err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Can't marshal banned users",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return err
 	}
@@ -309,7 +326,7 @@ func storeBannedUsers() error {
 	if err := os.WriteFile(cfg.Api.BannedUsersFile, data, 0o644); err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Can't write banned users to file",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return err
 	}
@@ -321,12 +338,12 @@ func loadBannedUsers() {
 	if _, err := os.Stat(cfg.Api.BannedUsersFile); os.IsNotExist(err) {
 		cfg.Logger.Info(&libpack_logger.LogMessage{
 			Message: "Banned users file doesn't exist - creating it",
-			Pairs:   map[string]interface{}{"file": cfg.Api.BannedUsersFile},
+			Pairs:   map[string]any{"file": cfg.Api.BannedUsersFile},
 		})
 		if err := os.WriteFile(cfg.Api.BannedUsersFile, []byte("{}"), 0o644); err != nil {
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Can't create and write to the file",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 			return
 		}
@@ -336,7 +353,7 @@ func loadBannedUsers() {
 	if err := lockFileRead(fileLock); err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Can't lock the file [load]",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return
 	}
@@ -344,7 +361,7 @@ func loadBannedUsers() {
 		if err := fileLock.Unlock(); err != nil {
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to unlock file",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 		}
 	}()
@@ -353,7 +370,7 @@ func loadBannedUsers() {
 	if err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Can't read banned users from file",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return
 	}
@@ -362,7 +379,7 @@ func loadBannedUsers() {
 	if err := json.Unmarshal(data, &newBannedUsers); err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Can't unmarshal banned users",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return
 	}
@@ -388,7 +405,7 @@ func lockFile(fileLock *flock.Flock) error {
 		if err != nil {
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Can't lock the file",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 			return err
 		}
@@ -396,7 +413,7 @@ func lockFile(fileLock *flock.Flock) error {
 	case <-ctx.Done():
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "File lock timeout",
-			Pairs:   map[string]interface{}{"timeout": "30s"},
+			Pairs:   map[string]any{"timeout": "30s"},
 		})
 		return fmt.Errorf("file lock timeout after 30 seconds")
 	}
@@ -418,7 +435,7 @@ func lockFileRead(fileLock *flock.Flock) error {
 		if err != nil {
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Can't lock the file for reading",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 			return err
 		}
@@ -426,7 +443,7 @@ func lockFileRead(fileLock *flock.Flock) error {
 	case <-ctx.Done():
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "File read lock timeout",
-			Pairs:   map[string]interface{}{"timeout": "30s"},
+			Pairs:   map[string]any{"timeout": "30s"},
 		})
 		return fmt.Errorf("file read lock timeout after 30 seconds")
 	}

api_auth_security_test.go

@@ -87,7 +87,7 @@ func (suite *APIAuthSecurityTestSuite) TestOptionalAuthentication() {
 	os.Unsetenv("ADMIN_API_KEY")
 
 	tests := []struct {
-		body           map[string]interface{}
+		body           map[string]any
 		name           string
 		endpoint       string
 		method         string
@@ -131,7 +131,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 	os.Setenv("GMP_ADMIN_API_KEY", suite.validAPIKey)
 	defer os.Unsetenv("GMP_ADMIN_API_KEY")
 	tests := []struct {
-		body           map[string]interface{}
+		body           map[string]any
 		name           string
 		apiKey         string
 		endpoint       string
@@ -144,7 +144,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         "",
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject requests without API key",
 		},
@@ -153,7 +153,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         "wrong-key",
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject requests with invalid API key",
 		},
@@ -162,7 +162,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         "' OR '1'='1",
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject SQL injection attempts in API key",
 		},
@@ -171,7 +171,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         "<script>alert('xss')</script>",
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject XSS attempts in API key",
 		},
@@ -180,7 +180,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         "key; rm -rf /",
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject command injection attempts in API key",
 		},
@@ -189,7 +189,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         suite.validAPIKey,
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 200,
 			description:    "Should accept valid API key for user-ban endpoint",
 		},
@@ -198,7 +198,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         suite.validAPIKey,
 			endpoint:       "/api/user-unban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test unban"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test unban"},
 			expectedStatus: 200,
 			description:    "Should accept valid API key for user-unban endpoint",
 		},
@@ -225,7 +225,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         strings.ToUpper(suite.validAPIKey),
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject case-modified API key (case sensitive)",
 		},
@@ -234,7 +234,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         suite.validAPIKey + "extra",
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject API key with extra characters",
 		},
@@ -243,7 +243,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         suite.validAPIKey[5:],
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject partial API key",
 		},
@@ -262,7 +262,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 			apiKey:         suite.validAPIKey + "тест",
 			endpoint:       "/api/user-ban",
 			method:         "POST",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test reason"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test reason"},
 			expectedStatus: 401,
 			description:    "Should reject API key with unicode characters",
 		},
@@ -298,7 +298,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthentication() {
 				body, err := io.ReadAll(resp.Body)
 				suite.NoError(err)
 
-				var response map[string]interface{}
+				var response map[string]any
 				err = json.Unmarshal(body, &response)
 				suite.NoError(err)
 
@@ -559,7 +559,7 @@ func (suite *APIAuthSecurityTestSuite) TestAPIAuthenticationErrorMessages() {
 			body, err := io.ReadAll(resp.Body)
 			suite.NoError(err)
 
-			var response map[string]interface{}
+			var response map[string]any
 			err = json.Unmarshal(body, &response)
 			suite.NoError(err)
 

backend_health.go

@@ -56,7 +56,7 @@ func (bhm *BackendHealthManager) WaitForBackendReady(timeout time.Duration) erro
 
 	bhm.logger.Info(&libpack_logger.LogMessage{
 		Message: "Waiting for GraphQL backend to become ready",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"backend_url": bhm.backendURL,
 			"timeout":     timeout.String(),
 		},
@@ -70,7 +70,7 @@ func (bhm *BackendHealthManager) WaitForBackendReady(timeout time.Duration) erro
 			bhm.mu.Unlock()
 			bhm.logger.Info(&libpack_logger.LogMessage{
 				Message: "GraphQL backend is ready",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"retry_count": retryCount,
 					"time_taken":  time.Since(deadline.Add(-timeout)).String(),
 				},
@@ -83,7 +83,7 @@ func (bhm *BackendHealthManager) WaitForBackendReady(timeout time.Duration) erro
 		if retryCount%5 == 0 {
 			bhm.logger.Warning(&libpack_logger.LogMessage{
 				Message: "Still waiting for GraphQL backend",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"retry_count":    retryCount,
 					"time_remaining": time.Until(deadline).String(),
 				},
@@ -185,7 +185,7 @@ func (bhm *BackendHealthManager) checkBackendHealth() bool {
 	if err != nil {
 		bhm.logger.Debug(&libpack_logger.LogMessage{
 			Message: "Backend health check failed",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error":     err.Error(),
 				"check_url": healthCheckURL,
 			},
@@ -199,7 +199,7 @@ func (bhm *BackendHealthManager) checkBackendHealth() bool {
 	if !isHealthy {
 		bhm.logger.Debug(&libpack_logger.LogMessage{
 			Message: "Backend returned unhealthy status",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"status_code": statusCode,
 				"check_url":   healthCheckURL,
 			},
@@ -226,14 +226,11 @@ func (bhm *BackendHealthManager) updateHealthStatus(isHealthy bool) {
 		if !previouslyHealthy {
 			bhm.logger.Info(&libpack_logger.LogMessage{
 				Message: "GraphQL backend recovered",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"consecutive_failures": bhm.consecutiveFails.Load(),
 				},
 			})
-			// Trigger circuit breaker reset if needed
+			// Note: Circuit breaker resets automatically based on its configured timeout
-			if cfg != nil && cfg.CircuitBreaker.Enable && cb != nil {
-				// The circuit breaker will automatically reset based on its timeout
-			}
 		}
 		bhm.consecutiveFails.Store(0)
 	} else {
@@ -241,7 +238,7 @@ func (bhm *BackendHealthManager) updateHealthStatus(isHealthy bool) {
 		if previouslyHealthy {
 			bhm.logger.Warning(&libpack_logger.LogMessage{
 				Message: "GraphQL backend became unhealthy",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"consecutive_failures": fails,
 				},
 			})

cache/cache.go

@@ -1,3 +1,6 @@
+// Package libpack_cache provides a unified caching interface that supports
+// both in-memory and Redis backends. It handles response caching for GraphQL
+// queries with automatic compression and TTL management.
 package libpack_cache
 
 import (
@@ -117,7 +120,7 @@ func EnableCache(cfg *CacheConfig) {
 		if err != nil {
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to create Redis client",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 			// Fall back to memory cache
 			cfg.Client = libpack_cache_memory.New(time.Duration(cfg.TTL) * time.Second)
@@ -143,7 +146,7 @@ func EnableCache(cfg *CacheConfig) {
 
 		cfg.Logger.Debug(&libpack_logger.LogMessage{
 			Message: "Using in-memory cache",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"type":                  cacheType,
 				"max_memory_size_bytes": maxMemory,
 				"max_entries":           maxEntries,
@@ -179,7 +182,7 @@ func CacheLookup(hash string) []byte {
 			if err != nil {
 				config.Logger.Error(&libpack_logger.LogMessage{
 					Message: "Failed to create gzip reader for cached data",
-					Pairs:   map[string]interface{}{"error": err.Error(), "hash": hash},
+					Pairs:   map[string]any{"error": err.Error(), "hash": hash},
 				})
 				return nil
 			}
@@ -188,7 +191,7 @@ func CacheLookup(hash string) []byte {
 				if closeErr := reader.Close(); closeErr != nil {
 					config.Logger.Error(&libpack_logger.LogMessage{
 						Message: "Failed to close gzip reader",
-						Pairs:   map[string]interface{}{"error": closeErr.Error(), "hash": hash},
+						Pairs:   map[string]any{"error": closeErr.Error(), "hash": hash},
 					})
 				}
 			}()
@@ -197,7 +200,7 @@ func CacheLookup(hash string) []byte {
 			if err != nil {
 				config.Logger.Error(&libpack_logger.LogMessage{
 					Message: "Failed to decompress cached data",
-					Pairs:   map[string]interface{}{"error": err.Error(), "hash": hash},
+					Pairs:   map[string]any{"error": err.Error(), "hash": hash},
 				})
 				return nil
 			}
@@ -215,7 +218,7 @@ func CacheDelete(hash string) {
 	}
 	config.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Deleting data from cache",
-		Pairs:   map[string]interface{}{"hash": hash},
+		Pairs:   map[string]any{"hash": hash},
 	})
 	// Use atomic operations with validation to prevent inconsistent statistics
 	for {
@@ -240,7 +243,7 @@ func CacheStore(hash string, data []byte) {
 	}
 	config.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Storing data in cache",
-		Pairs:   map[string]interface{}{"hash": hash},
+		Pairs:   map[string]any{"hash": hash},
 	})
 	atomic.AddInt64(&cacheStats.CachedQueries, 1)
 	config.Client.Set(hash, data, time.Duration(config.TTL)*time.Second)
@@ -252,7 +255,7 @@ func CacheStoreWithTTL(hash string, data []byte, ttl time.Duration) {
 	}
 	config.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Storing data in cache with TTL",
-		Pairs:   map[string]interface{}{"hash": hash, "ttl": ttl},
+		Pairs:   map[string]any{"hash": hash, "ttl": ttl},
 	})
 	atomic.AddInt64(&cacheStats.CachedQueries, 1)
 	config.Client.Set(hash, data, ttl)

cache/memory/lru_memory_cache.go

@@ -38,12 +38,12 @@ func NewLRUMemoryCache(maxMemorySize, maxEntries int64) *LRUMemoryCache {
 		entries:       make(map[string]*lruEntry),
 		evictList:     list.New(),
 		gzipWriterPool: &sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				return gzip.NewWriter(nil)
 			},
 		},
 		gzipReaderPool: &sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				return &gzip.Reader{}
 			},
 		},
@@ -257,11 +257,11 @@ func (c *LRUMemoryCache) decompress(data []byte) ([]byte, error) {
 }
 
 // GetStats returns cache statistics
-func (c *LRUMemoryCache) GetStats() map[string]interface{} {
+func (c *LRUMemoryCache) GetStats() map[string]any {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 
-	return map[string]interface{}{
+	return map[string]any{
 		"entries":      atomic.LoadInt64(&c.currentCount),
 		"memory_bytes": atomic.LoadInt64(&c.currentMemory),
 		"max_entries":  c.maxEntries,

cache/memory/memory.go

@@ -1,3 +1,6 @@
+// Package libpack_cache_memory provides an in-memory LRU cache implementation
+// with automatic compression for large values, memory limits, and background
+// eviction of expired entries.
 package libpack_cache_memory
 
 import (
@@ -61,12 +64,12 @@ func NewWithSize(globalTTL time.Duration, maxMemorySize int64, maxCacheSize int6
 		ctx:           ctx,
 		cancel:        cancel,
 		compressPool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				return gzip.NewWriter(nil)
 			},
 		},
 		decompressPool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				r, _ := gzip.NewReader(bytes.NewReader([]byte{}))
 				return r
 			},
@@ -204,7 +207,7 @@ func (c *Cache) Delete(key string) {
 }
 
 func (c *Cache) Clear() {
-	c.entries.Range(func(key, value interface{}) bool {
+	c.entries.Range(func(key, value any) bool {
 		c.entries.Delete(key)
 		return true
 	})
@@ -255,7 +258,7 @@ func (c *Cache) decompress(data []byte) ([]byte, error) {
 
 func (c *Cache) CleanExpiredEntries() {
 	now := time.Now()
-	c.entries.Range(func(key, value interface{}) bool {
+	c.entries.Range(func(key, value any) bool {
 		entry := value.(CacheEntry)
 		if entry.ExpiresAt.Before(now) {
 			if _, exists := c.entries.LoadAndDelete(key); exists {
@@ -276,7 +279,7 @@ func (c *Cache) evictOldest(n int) {
 
 	// Collect all entries with their expiry times
 	entries := make([]keyExpiry, 0, n*2)
-	c.entries.Range(func(k, v interface{}) bool {
+	c.entries.Range(func(k, v any) bool {
 		key := k.(string)
 		entry := v.(CacheEntry)
 		entries = append(entries, keyExpiry{entry.ExpiresAt, key})
@@ -316,7 +319,7 @@ func (c *Cache) evictToFreeMemory(bytesToFree int64) {
 
 	// Collect entries to consider for eviction
 	entries := make([]keyMemorySize, 0, int(c.maxCacheSize/5))
-	c.entries.Range(func(k, v interface{}) bool {
+	c.entries.Range(func(k, v any) bool {
 		key := k.(string)
 		entry := v.(CacheEntry)
 		entries = append(entries, keyMemorySize{entry.ExpiresAt, key, entry.MemorySize})

cache/redis/redis.go

@@ -1,3 +1,6 @@
+// Package libpack_cache_redis provides a Redis-backed cache implementation
+// for distributed caching across multiple proxy instances. Supports key
+// prefixing for multi-tenant isolation.
 package libpack_cache_redis
 
 import (
@@ -42,7 +45,7 @@ func New(redisClientConfig *RedisClientConfig) (*RedisConfig, error) {
 		ctx:    context.Background(),
 		prefix: redisClientConfig.Prefix,
 		builderPool: &sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				return &strings.Builder{}
 			},
 		},

cache/redis/wrapper.go

@@ -29,7 +29,7 @@ func (w *CacheWrapper) Set(key string, value []byte, ttl time.Duration) {
 	if err := w.redis.Set(key, value, ttl); err != nil {
 		w.logger.Error(&libpack_logger.LogMessage{
 			Message: "Redis set error",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error": err.Error(),
 				"key":   key,
 			},
@@ -43,7 +43,7 @@ func (w *CacheWrapper) Get(key string) ([]byte, bool) {
 	if err != nil {
 		w.logger.Error(&libpack_logger.LogMessage{
 			Message: "Redis get error",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error": err.Error(),
 				"key":   key,
 			},
@@ -58,7 +58,7 @@ func (w *CacheWrapper) Delete(key string) {
 	if err := w.redis.Delete(key); err != nil {
 		w.logger.Error(&libpack_logger.LogMessage{
 			Message: "Redis delete error",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error": err.Error(),
 				"key":   key,
 			},
@@ -71,7 +71,7 @@ func (w *CacheWrapper) Clear() {
 	if err := w.redis.Clear(); err != nil {
 		w.logger.Error(&libpack_logger.LogMessage{
 			Message: "Redis clear error",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error": err.Error(),
 			},
 		})
@@ -84,7 +84,7 @@ func (w *CacheWrapper) CountQueries() int64 {
 	if err != nil {
 		w.logger.Error(&libpack_logger.LogMessage{
 			Message: "Redis count queries error",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error": err.Error(),
 			},
 		})

circuit_breaker_fallback_test.go

@@ -44,7 +44,7 @@ func (suite *CircuitBreakerTestSuite) TestCircuitBreakerCacheFallback() {
 	// Trip the circuit by generating failures
 	testErr := errors.New("test error")
 	for i := 0; i < cfg.CircuitBreaker.MaxFailures; i++ {
-		_, err := cb.Execute(func() (interface{}, error) {
+		_, err := cb.Execute(func() (any, error) {
 			return nil, testErr
 		})
 		assert.Error(suite.T(), err, "Execute should return error")
@@ -108,7 +108,7 @@ func (suite *CircuitBreakerTestSuite) TestCircuitBreakerNoCacheFallback() {
 	// Trip the circuit by generating failures
 	testErr := errors.New("test error")
 	for i := 0; i < cfg.CircuitBreaker.MaxFailures; i++ {
-		_, err := cb.Execute(func() (interface{}, error) {
+		_, err := cb.Execute(func() (any, error) {
 			return nil, testErr
 		})
 		assert.Error(suite.T(), err, "Execute should return error")
@@ -168,7 +168,7 @@ func (suite *CircuitBreakerTestSuite) TestCacheDisabledFallback() {
 	// Trip the circuit by generating failures
 	testErr := errors.New("test error")
 	for i := 0; i < cfg.CircuitBreaker.MaxFailures; i++ {
-		_, err := cb.Execute(func() (interface{}, error) {
+		_, err := cb.Execute(func() (any, error) {
 			return nil, testErr
 		})
 		assert.Error(suite.T(), err, "Execute should return error")

circuit_breaker_state_test.go

@@ -25,7 +25,7 @@ func (suite *CircuitBreakerTestSuite) TestCircuitBreakerStateTransitions() {
 	// 2. Generate failures to trip the circuit
 	testErr := errors.New("test error")
 	for i := 0; i < cfg.CircuitBreaker.MaxFailures; i++ {
-		_, err := cb.Execute(func() (interface{}, error) {
+		_, err := cb.Execute(func() (any, error) {
 			return nil, testErr
 		})
 		assert.Error(suite.T(), err, "Execute should return error")
@@ -35,7 +35,7 @@ func (suite *CircuitBreakerTestSuite) TestCircuitBreakerStateTransitions() {
 	assert.Equal(suite.T(), gobreaker.StateOpen.String(), cb.State().String(), "Circuit should transition to open state after failures")
 
 	// Verify that requests are rejected during open state
-	_, err := cb.Execute(func() (interface{}, error) {
+	_, err := cb.Execute(func() (any, error) {
 		return "success", nil
 	})
 	assert.Equal(suite.T(), gobreaker.ErrOpenState.Error(), err.Error(), "Should return ErrOpenState when circuit is open")
@@ -55,7 +55,7 @@ func (suite *CircuitBreakerTestSuite) TestCircuitBreakerStateTransitions() {
 	// (Sony's gobreaker transitions to half-open on the next request after timeout)
 	tmpState := cb.State()
 	// Execute a successful request to check state
-	_, _ = cb.Execute(func() (interface{}, error) {
+	_, _ = cb.Execute(func() (any, error) {
 		return "success", nil
 	})
 
@@ -73,7 +73,7 @@ func (suite *CircuitBreakerTestSuite) TestCircuitBreakerStateTransitions() {
 
 	// 6. Execute successful requests in half-open state to transition back to closed
 	for i := 0; i < cfg.CircuitBreaker.MaxRequestsInHalfOpen; i++ {
-		_, err = cb.Execute(func() (interface{}, error) {
+		_, err = cb.Execute(func() (any, error) {
 			return "success", nil
 		})
 		assert.NoError(suite.T(), err, "Execute should not return error")
@@ -104,7 +104,7 @@ func (suite *CircuitBreakerTestSuite) TestCircuitBreakerHalfOpenToOpen() {
 	// 1. Generate failures to trip the circuit
 	testErr := errors.New("test error")
 	for i := 0; i < cfg.CircuitBreaker.MaxFailures; i++ {
-		_, err := cb.Execute(func() (interface{}, error) {
+		_, err := cb.Execute(func() (any, error) {
 			return nil, testErr
 		})
 		assert.Error(suite.T(), err, "Execute should return error")
@@ -119,7 +119,7 @@ func (suite *CircuitBreakerTestSuite) TestCircuitBreakerHalfOpenToOpen() {
 	// The next request should transition the circuit to half-open
 	tmpState := cb.State()
 	// Try a request that will fail
-	_, _ = cb.Execute(func() (interface{}, error) {
+	_, _ = cb.Execute(func() (any, error) {
 		return nil, testErr
 	})
 

circuit_breaker_test.go

@@ -193,7 +193,7 @@ func (suite *CircuitBreakerTestSuite) TestExecuteFunctionBehavior() {
 
 	// Test with success
 	result := "success"
-	execResult, err := cb.Execute(func() (interface{}, error) {
+	execResult, err := cb.Execute(func() (any, error) {
 		return result, nil
 	})
 
@@ -202,7 +202,7 @@ func (suite *CircuitBreakerTestSuite) TestExecuteFunctionBehavior() {
 
 	// Test with error
 	testErr := errors.New("test error")
-	_, err = cb.Execute(func() (interface{}, error) {
+	_, err = cb.Execute(func() (any, error) {
 		return nil, testErr
 	})
 

config/config.go

@@ -1,3 +1,6 @@
+// Package libpack_config provides build-time configuration variables
+// for package name and version, which are set during the build process
+// using ldflags.
 package libpack_config
 
 var (

connection_pool.go

@@ -118,7 +118,7 @@ func (cpm *ConnectionPoolManager) cleanIdleConnections() {
 		if cpm.logger != nil {
 			cpm.logger.Debug(&libpack_logging.LogMessage{
 				Message: "Cleaned idle HTTP connections",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"active_connections": cpm.activeConnections.Load(),
 					"total_connections":  cpm.totalConnections.Load(),
 				},
@@ -172,7 +172,7 @@ func (cpm *ConnectionPoolManager) performKeepAlive() {
 		if cpm.logger != nil {
 			cpm.logger.Debug(&libpack_logging.LogMessage{
 				Message: "Keep-alive request failed",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"error": err.Error(),
 				},
 			})
@@ -202,7 +202,7 @@ func (cpm *ConnectionPoolManager) checkAndRecover() {
 		if cpm.logger != nil {
 			cpm.logger.Warning(&libpack_logging.LogMessage{
 				Message: "Connection pool health degraded, attempting recovery",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"consecutive_failures": failures,
 				},
 			})
@@ -246,8 +246,8 @@ func (cpm *ConnectionPoolManager) RecordConnectionFailure() {
 }
 
 // GetConnectionStats returns current connection statistics
-func (cpm *ConnectionPoolManager) GetConnectionStats() map[string]interface{} {
+func (cpm *ConnectionPoolManager) GetConnectionStats() map[string]any {
-	return map[string]interface{}{
+	return map[string]any{
 		"active_connections":    cpm.activeConnections.Load(),
 		"total_connections":     cpm.totalConnections.Load(),
 		"connection_failures":   cpm.connectionFailures.Load(),
@@ -296,7 +296,7 @@ func InitializeConnectionPool(client *fasthttp.Client) {
 	connectionPoolMutex.Lock()
 	defer connectionPoolMutex.Unlock()
 	if connectionPoolManager != nil {
-		connectionPoolManager.Shutdown()
+		_ = connectionPoolManager.Shutdown() // Best-effort cleanup
 	}
 	connectionPoolManager = NewConnectionPoolManager(client)
 }
@@ -306,7 +306,7 @@ func ShutdownConnectionPool() {
 	connectionPoolMutex.Lock()
 	defer connectionPoolMutex.Unlock()
 	if connectionPoolManager != nil {
-		connectionPoolManager.Shutdown()
+		_ = connectionPoolManager.Shutdown() // Best-effort cleanup
 		connectionPoolManager = nil
 	}
 }

debug_routing.go

@@ -27,7 +27,7 @@ func debugParseGraphQLQuery(c *fiber.Ctx, query string) {
 
 	cfg.Logger.Info(&libpack_logger.LogMessage{
 		Message: "=== DEBUG: Parsing GraphQL Query ===",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"query_length":  len(query),
 			"query_preview": truncateString(query, 100),
 		},
@@ -43,14 +43,14 @@ func debugParseGraphQLQuery(c *fiber.Ctx, query string) {
 	if err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "DEBUG: Failed to parse query",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return
 	}
 
 	cfg.Logger.Info(&libpack_logger.LogMessage{
 		Message: "DEBUG: Query parsed successfully",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"definitions_count": len(p.Definitions),
 		},
 	})
@@ -72,7 +72,7 @@ func debugParseGraphQLQuery(c *fiber.Ctx, query string) {
 
 			cfg.Logger.Info(&libpack_logger.LogMessage{
 				Message: fmt.Sprintf("DEBUG: Definition #%d (OperationDefinition)", i),
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"operation_type":  operationType,
 					"operation_name":  operationName,
 					"selection_count": selectionCount,
@@ -87,7 +87,7 @@ func debugParseGraphQLQuery(c *fiber.Ctx, query string) {
 					if field, ok := sel.(*ast.Field); ok {
 						cfg.Logger.Info(&libpack_logger.LogMessage{
 							Message: fmt.Sprintf("DEBUG: Mutation field #%d", j),
-							Pairs: map[string]interface{}{
+							Pairs: map[string]any{
 								"field_name": field.Name.Value,
 							},
 						})
@@ -97,7 +97,7 @@ func debugParseGraphQLQuery(c *fiber.Ctx, query string) {
 		} else if frag, ok := d.(*ast.FragmentDefinition); ok {
 			cfg.Logger.Info(&libpack_logger.LogMessage{
 				Message: fmt.Sprintf("DEBUG: Definition #%d (FragmentDefinition)", i),
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"fragment_name": frag.Name.Value,
 				},
 			})
@@ -109,7 +109,7 @@ func debugParseGraphQLQuery(c *fiber.Ctx, query string) {
 
 	cfg.Logger.Info(&libpack_logger.LogMessage{
 		Message: "DEBUG: Final routing decision",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"operation_type":  result.operationType,
 			"operation_name":  result.operationName,
 			"active_endpoint": result.activeEndpoint,
@@ -125,7 +125,7 @@ func debugParseGraphQLQuery(c *fiber.Ctx, query string) {
 	if result.operationType == "mutation" && result.activeEndpoint != cfg.Server.HostGraphQL {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "DEBUG: ⚠️  BUG DETECTED: Mutation routed to wrong endpoint!",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"expected_endpoint": cfg.Server.HostGraphQL,
 				"actual_endpoint":   result.activeEndpoint,
 			},
@@ -135,7 +135,7 @@ func debugParseGraphQLQuery(c *fiber.Ctx, query string) {
 	if result.operationType == "mutation" && strings.Contains(strings.ToLower(result.activeEndpoint), "read") {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "DEBUG: ⚠️  CRITICAL: Mutation endpoint contains 'read' in URL!",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"endpoint": result.activeEndpoint,
 			},
 		})

details.go

@@ -20,19 +20,19 @@ func extractClaimsFromJWTHeader(authorization string) (usr, role string) {
 
 	tokenParts := strings.SplitN(authorization, ".", 3)
 	if len(tokenParts) != 3 {
-		handleError("Can't split the token", map[string]interface{}{"token": maskToken(authorization)})
+		handleError("Can't split the token", map[string]any{"token": maskToken(authorization)})
 		return
 	}
 
 	claim, err := base64.RawURLEncoding.DecodeString(tokenParts[1])
 	if err != nil {
-		handleError("Can't decode the token", map[string]interface{}{"token": maskToken(authorization)})
+		handleError("Can't decode the token", map[string]any{"token": maskToken(authorization)})
 		return
 	}
 
-	var claimMap map[string]interface{}
+	var claimMap map[string]any
 	if err = json.Unmarshal(claim, &claimMap); err != nil {
-		handleError("Can't unmarshal the claim", map[string]interface{}{"token": maskToken(authorization)})
+		handleError("Can't unmarshal the claim", map[string]any{"token": maskToken(authorization)})
 		return
 	}
 
@@ -42,20 +42,20 @@ func extractClaimsFromJWTHeader(authorization string) (usr, role string) {
 	return
 }
 
-func extractClaim(claimMap map[string]interface{}, claimPath, name string) string {
+func extractClaim(claimMap map[string]any, claimPath, name string) string {
 	if claimPath == "" {
 		return defaultValue
 	}
 
 	// Validate claim path to prevent injection attacks
 	if !isValidClaimPath(claimPath) {
-		handleError(fmt.Sprintf("Invalid claim path for %s", name), map[string]interface{}{"path": claimPath})
+		handleError(fmt.Sprintf("Invalid claim path for %s", name), map[string]any{"path": claimPath})
 		return defaultValue
 	}
 
 	value, ok := ask.For(claimMap, claimPath).String(defaultValue)
 	if !ok {
-		handleError(fmt.Sprintf("Can't find the %s", name), map[string]interface{}{"claim_map": sanitizeClaimMap(claimMap), "path": claimPath})
+		handleError(fmt.Sprintf("Can't find the %s", name), map[string]any{"claim_map": sanitizeClaimMap(claimMap), "path": claimPath})
 		return defaultValue
 	}
 
@@ -92,8 +92,8 @@ func isValidClaimPath(path string) bool {
 }
 
 // sanitizeClaimMap removes sensitive data from claim map for logging
-func sanitizeClaimMap(claimMap map[string]interface{}) map[string]interface{} {
+func sanitizeClaimMap(claimMap map[string]any) map[string]any {
-	sanitized := make(map[string]interface{})
+	sanitized := make(map[string]any)
 	sensitiveKeys := map[string]bool{
 		"password": true, "secret": true, "token": true, "key": true,
 		"auth": true, "credential": true, "private": true,
@@ -110,7 +110,7 @@ func sanitizeClaimMap(claimMap map[string]interface{}) map[string]interface{} {
 	return sanitized
 }
 
-func handleError(msg string, details map[string]interface{}) {
+func handleError(msg string, details map[string]any) {
 	cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, emptyMetrics)
 	cfg.Logger.Error(&libpack_logger.LogMessage{
 		Message: msg,

errors.go

@@ -29,15 +29,15 @@ const (
 
 // ProxyError represents a structured error response
 type ProxyError struct {
-	Code       string                 `json:"code"`               // Machine-readable error code
+	Code       string         `json:"code"`               // Machine-readable error code
-	Message    string                 `json:"message"`            // Human-readable error message
+	Message    string         `json:"message"`            // Human-readable error message
-	Details    string                 `json:"details,omitempty"`  // Additional error details
+	Details    string         `json:"details,omitempty"`  // Additional error details
-	Retryable  bool                   `json:"retryable"`          // Whether the request can be retried
+	Retryable  bool           `json:"retryable"`          // Whether the request can be retried
-	StatusCode int                    `json:"status_code"`        // HTTP status code
+	StatusCode int            `json:"status_code"`        // HTTP status code
-	Timestamp  time.Time              `json:"timestamp"`          // When the error occurred
+	Timestamp  time.Time      `json:"timestamp"`          // When the error occurred
-	TraceID    string                 `json:"trace_id,omitempty"` // Trace ID for correlation
+	TraceID    string         `json:"trace_id,omitempty"` // Trace ID for correlation
-	Metadata   map[string]interface{} `json:"metadata,omitempty"` // Additional context
+	Metadata   map[string]any `json:"metadata,omitempty"` // Additional context
-	Cause      error                  `json:"-"`                  // Original error (not serialized)
+	Cause      error          `json:"-"`                  // Original error (not serialized)
 }
 
 // Error implements the error interface
@@ -78,7 +78,7 @@ func NewProxyError(code, message string, statusCode int, retryable bool) *ProxyE
 		StatusCode: statusCode,
 		Retryable:  retryable,
 		Timestamp:  time.Now(),
-		Metadata:   make(map[string]interface{}),
+		Metadata:   make(map[string]any),
 	}
 }
 
@@ -101,7 +101,7 @@ func (e *ProxyError) WithTraceID(traceID string) *ProxyError {
 }
 
 // WithMetadata adds metadata
-func (e *ProxyError) WithMetadata(key string, value interface{}) *ProxyError {
+func (e *ProxyError) WithMetadata(key string, value any) *ProxyError {
 	e.Metadata[key] = value
 	return e
 }

events.go

@@ -48,7 +48,7 @@ func enableHasuraEventCleaner(ctx context.Context) error {
 
 	logger.Info(&libpack_logger.LogMessage{
 		Message: "Event cleaner enabled",
-		Pairs:   map[string]interface{}{"interval_in_days": clearOlderThan},
+		Pairs:   map[string]any{"interval_in_days": clearOlderThan},
 	})
 
 	// Parse pool configuration
@@ -67,7 +67,7 @@ func enableHasuraEventCleaner(ctx context.Context) error {
 	if err != nil {
 		logger.Error(&libpack_logger.LogMessage{
 			Message: "Failed to create connection pool",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return err
 	}
@@ -125,7 +125,7 @@ func cleanEvents(ctx context.Context, pool *pgxpool.Pool, clearOlderThan int, lo
 		} else {
 			logger.Debug(&libpack_logger.LogMessage{
 				Message: "Successfully executed query",
-				Pairs:   map[string]interface{}{"query": query, "interval": interval},
+				Pairs:   map[string]any{"query": query, "interval": interval},
 			})
 		}
 	}
@@ -137,7 +137,7 @@ func cleanEvents(ctx context.Context, pool *pgxpool.Pool, clearOlderThan int, lo
 		}
 		logger.Error(&libpack_logger.LogMessage{
 			Message: "Failed to execute some queries",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"failed_queries": failedQueries,
 				"errors":         errMsgs,
 			},

events_security_test.go

@@ -27,7 +27,7 @@ func TestEventsSecurityTestSuite(t *testing.T) {
 // TestEventCleanerSQLInjection tests various SQL injection attempts in the event cleaner
 func (suite *EventsSecurityTestSuite) TestEventCleanerSQLInjection() {
 	tests := []struct {
-		clearDays   interface{}
+		clearDays   any
 		name        string
 		description string
 		expectError bool
@@ -175,7 +175,7 @@ func (suite *EventsSecurityTestSuite) TestEventCleanerParameterizedQueries() {
 
 // TestEventCleanerConcurrentSQLInjection tests SQL injection under concurrent conditions
 func (suite *EventsSecurityTestSuite) TestEventCleanerConcurrentSQLInjection() {
-	maliciousInputs := []interface{}{
+	maliciousInputs := []any{
 		"1'; DROP TABLE events; --",
 		"1 OR 1=1",
 		"'; TRUNCATE events; --",
@@ -185,7 +185,7 @@ func (suite *EventsSecurityTestSuite) TestEventCleanerConcurrentSQLInjection() {
 		done := make(chan error, len(maliciousInputs))
 
 		for _, input := range maliciousInputs {
-			go func(val interface{}) {
+			go func(val any) {
 				err := validateClearDaysInput(val)
 				done <- err
 			}(input)
@@ -202,7 +202,7 @@ func (suite *EventsSecurityTestSuite) TestEventCleanerConcurrentSQLInjection() {
 // TestEventCleanerInputSanitization tests input sanitization effectiveness
 func (suite *EventsSecurityTestSuite) TestEventCleanerInputSanitization() {
 	tests := []struct {
-		input    interface{}
+		input    any
 		name     string
 		expected int
 		hasError bool
@@ -279,7 +279,7 @@ func (suite *EventsSecurityTestSuite) TestEventCleanerDatabaseInteraction() {
 // Helper functions that should be implemented in the main codebase
 
 // validateClearDaysInput validates and sanitizes the clearDays input
-func validateClearDaysInput(input interface{}) error {
+func validateClearDaysInput(input any) error {
 	// This function should be implemented in the main codebase
 	// to validate clearDays input before using it in SQL queries
 
@@ -319,7 +319,7 @@ func validateClearDaysInput(input interface{}) error {
 }
 
 // sanitizeAndValidateClearDays sanitizes and validates the input, returning the clean integer
-func sanitizeAndValidateClearDays(input interface{}) (int, error) {
+func sanitizeAndValidateClearDays(input any) (int, error) {
 	err := validateClearDaysInput(input)
 	if err != nil {
 		return 0, err

graphql.go

@@ -103,14 +103,14 @@ type parseGraphQLQueryResult struct {
 var (
 	// Pool for request/response maps during unmarshaling
 	queryPool = sync.Pool{
-		New: func() interface{} {
+		New: func() any {
-			return make(map[string]interface{}, 48)
+			return make(map[string]any, 48)
 		},
 	}
 
 	// Pool for parse result objects
 	resultPool = sync.Pool{
-		New: func() interface{} {
+		New: func() any {
 			return &parseGraphQLQueryResult{}
 		},
 	}
@@ -146,7 +146,7 @@ func initGraphQLParsing() {
 	if cfg != nil && cfg.Logger != nil {
 		cfg.Logger.Debug(&libpack_logger.LogMessage{
 			Message: "GraphQL query cache initialized",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"max_entries": maxQueryCacheSize,
 				"max_size_mb": 50,
 			},
@@ -244,7 +244,7 @@ func parseGraphQLQuery(c *fiber.Ctx) *parseGraphQLQueryResult {
 	res.activeEndpoint = cfg.Server.HostGraphQL
 
 	// Get a map from the pool for JSON unmarshaling
-	m := queryPool.Get().(map[string]interface{})
+	m := queryPool.Get().(map[string]any)
 	defer func() {
 		// Clear and return the map to the pool
 		for k := range m {

graphql_test.go

@@ -486,7 +486,7 @@ func (suite *Tests) Test_DeepIntrospectionQueries() {
 			for _, q := range tt.allowed {
 				introspectionAllowedQueries[strings.ToLower(q)] = struct{}{}
 			}
-			body := map[string]interface{}{
+			body := map[string]any{
 				"query": tt.query,
 			}
 			bodyBytes, _ := json.Marshal(body)

integration_security_test.go

@@ -116,9 +116,9 @@ func (suite *IntegrationSecurityTestSuite) setupTestApps() {
 		}
 
 		// Mock GraphQL response
-		response := map[string]interface{}{
+		response := map[string]any{
-			"data": map[string]interface{}{
+			"data": map[string]any{
-				"user": map[string]interface{}{
+				"user": map[string]any{
 					"id":    "12345",
 					"name":  "Test User",
 					"email": "test@example.com",
@@ -156,7 +156,7 @@ func (suite *IntegrationSecurityTestSuite) TestEndToEndSecurity() {
 		defer func() { cfg.LogLevel = originalLogLevel }()
 
 		// Create GraphQL request with sensitive data
-		graphqlQuery := map[string]interface{}{
+		graphqlQuery := map[string]any{
 			"query": `
 				mutation LoginUser($input: LoginInput!) {
 					login(input: $input) {
@@ -165,8 +165,8 @@ func (suite *IntegrationSecurityTestSuite) TestEndToEndSecurity() {
 					}
 				}
 			`,
-			"variables": map[string]interface{}{
+			"variables": map[string]any{
-				"input": map[string]interface{}{
+				"input": map[string]any{
 					"email":    "user@example.com",
 					"password": "secret123password",
 					"api_key":  "sk-sensitive-key-123",
@@ -194,7 +194,7 @@ func (suite *IntegrationSecurityTestSuite) TestEndToEndSecurity() {
 // TestAPISecurityFlow tests complete API security workflow
 func (suite *IntegrationSecurityTestSuite) TestAPISecurityFlow() {
 	tests := []struct {
-		body           map[string]interface{}
+		body           map[string]any
 		name           string
 		endpoint       string
 		method         string
@@ -207,7 +207,7 @@ func (suite *IntegrationSecurityTestSuite) TestAPISecurityFlow() {
 			endpoint:       "/api/user-ban",
 			method:         "POST",
 			apiKey:         "",
-			body:           map[string]interface{}{"user_id": "malicious-user", "reason": "test ban"},
+			body:           map[string]any{"user_id": "malicious-user", "reason": "test ban"},
 			expectedStatus: 401,
 			description:    "Should reject unauthorized ban attempts",
 		},
@@ -216,7 +216,7 @@ func (suite *IntegrationSecurityTestSuite) TestAPISecurityFlow() {
 			endpoint:       "/api/user-ban",
 			method:         "POST",
 			apiKey:         "' OR '1'='1 --",
-			body:           map[string]interface{}{"user_id": "test-user", "reason": "test ban"},
+			body:           map[string]any{"user_id": "test-user", "reason": "test ban"},
 			expectedStatus: 401,
 			description:    "Should reject SQL injection in API key",
 		},
@@ -225,7 +225,7 @@ func (suite *IntegrationSecurityTestSuite) TestAPISecurityFlow() {
 			endpoint:       "/api/user-ban",
 			method:         "POST",
 			apiKey:         suite.validAPIKey,
-			body:           map[string]interface{}{"user_id": "test-user-ban", "reason": "test ban reason"},
+			body:           map[string]any{"user_id": "test-user-ban", "reason": "test ban reason"},
 			expectedStatus: 200,
 			description:    "Should accept valid ban request",
 		},
@@ -488,9 +488,9 @@ func (suite *IntegrationSecurityTestSuite) TestDataSanitizationIntegration() {
 		defer func() { cfg.LogLevel = originalLogLevel }()
 
 		// Create request with sensitive data
-		sensitiveData := map[string]interface{}{
+		sensitiveData := map[string]any{
 			"query": "{ user { id name } }",
-			"variables": map[string]interface{}{
+			"variables": map[string]any{
 				"password":    "secret123",
 				"api_key":     "sk-sensitive-123",
 				"credit_card": "4111111111111111",
@@ -513,7 +513,7 @@ func (suite *IntegrationSecurityTestSuite) TestDataSanitizationIntegration() {
 		body, err := io.ReadAll(resp.Body)
 		suite.NoError(err)
 
-		var response map[string]interface{}
+		var response map[string]any
 		err = json.Unmarshal(body, &response)
 		suite.NoError(err)
 
@@ -587,7 +587,7 @@ func (suite *IntegrationSecurityTestSuite) TestErrorHandlingSecurityIntegration(
 func (suite *IntegrationSecurityTestSuite) TestComprehensiveSecurityScenario() {
 	suite.Run("Complete security workflow", func() {
 		// 1. Attempt SQL injection via GraphQL
-		maliciousGraphQL := map[string]interface{}{
+		maliciousGraphQL := map[string]any{
 			"query": "{ user(id: \"'; DROP TABLE users; --\") { id } }",
 		}
 
@@ -660,7 +660,7 @@ func BenchmarkSecurityOperations(b *testing.B) {
 	})
 
 	b.Run("Log Sanitization", func(b *testing.B) {
-		testData := map[string]interface{}{
+		testData := map[string]any{
 			"password": "secret123",
 			"api_key":  "sk-123456",
 			"data":     "normal data",

logging/logger.go

@@ -1,3 +1,6 @@
+// Package libpack_logger provides structured JSON logging with configurable
+// log levels, caller information, and automatic sensitive data redaction.
+// Supports debug, info, warning, and error log levels.
 package libpack_logger
 
 import (
@@ -47,13 +50,13 @@ type Logger struct {
 
 // LogMessage represents a log message with optional pairs.
 type LogMessage struct {
-	Pairs   map[string]interface{}
+	Pairs   map[string]any
 	Message string
 }
 
 // bufferPool is used to reuse bytes.Buffer for efficiency.
 var bufferPool = sync.Pool{
-	New: func() interface{} {
+	New: func() any {
 		return new(bytes.Buffer)
 	},
 }
@@ -132,7 +135,7 @@ func (l *Logger) shouldLog(level int) bool {
 // log writes the log message with the given level.
 func (l *Logger) log(level int, m *LogMessage) {
 	if m.Pairs == nil {
-		m.Pairs = make(map[string]interface{})
+		m.Pairs = make(map[string]any)
 	}
 
 	m.Pairs[fieldNames["timestamp"]] = time.Now().Format(l.timeFormat)

logging/logger_race_test.go

@@ -24,7 +24,7 @@ func TestLogConcurrentAccess(t *testing.T) {
 			defer wg.Done()
 			msg := &LogMessage{
 				Message: "concurrent log test",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"goroutine_id": id,
 				},
 			}

lru_cache.go

@@ -9,7 +9,7 @@ import (
 // LRUCacheEntry represents a cache entry with metadata
 type LRUCacheEntry struct {
 	timestamp time.Time
-	value     interface{}
+	value     any
 	element   *list.Element
 	key       string
 	size      int64
@@ -44,7 +44,7 @@ func NewLRUCache(maxEntries int, maxSize int64) *LRUCache {
 }
 
 // Get retrieves a value from the cache
-func (c *LRUCache) Get(key string) (interface{}, bool) {
+func (c *LRUCache) Get(key string) (any, bool) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -61,7 +61,7 @@ func (c *LRUCache) Get(key string) (interface{}, bool) {
 }
 
 // Set adds or updates a value in the cache
-func (c *LRUCache) Set(key string, value interface{}, size int64) {
+func (c *LRUCache) Set(key string, value any, size int64) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -211,11 +211,11 @@ func (c *LRUCache) CleanupExpired(maxAge time.Duration) int {
 }
 
 // GetStats returns cache statistics
-func (c *LRUCache) GetStats() map[string]interface{} {
+func (c *LRUCache) GetStats() map[string]any {
 	c.mu.RLock()
 	defer c.mu.RUnlock()
 
-	return map[string]interface{}{
+	return map[string]any{
 		"entries":      c.evictList.Len(),
 		"size_bytes":   c.currentSize,
 		"max_entries":  c.maxEntries,

main.go

@@ -146,7 +146,7 @@ func parseConfig() {
 			if c.Logger != nil {
 				c.Logger.Warning(&libpack_logging.LogMessage{
 					Message: "⚠️  Per-user cache isolation is DISABLED - Users may see each other's cached data!",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"security_risk":  "CRITICAL - Do not use in multi-user applications",
 						"recommendation": "Remove CACHE_PER_USER_DISABLED or set it to false",
 					},
@@ -193,7 +193,7 @@ func parseConfig() {
 	if clientTimeout < 1 || clientTimeout > 3600 { // 1 second to 1 hour max
 		c.Logger.Warning(&libpack_logging.LogMessage{
 			Message: "Invalid client timeout, using default",
-			Pairs:   map[string]interface{}{"requested": clientTimeout, "default": 120},
+			Pairs:   map[string]any{"requested": clientTimeout, "default": 120},
 		})
 		clientTimeout = 120
 	}
@@ -205,7 +205,7 @@ func parseConfig() {
 	if maxConns < 1 || maxConns > 10000 { // Reasonable bounds
 		c.Logger.Warning(&libpack_logging.LogMessage{
 			Message: "Invalid max connections per host, using default",
-			Pairs:   map[string]interface{}{"requested": maxConns, "default": 1024},
+			Pairs:   map[string]any{"requested": maxConns, "default": 1024},
 		})
 		maxConns = 1024
 	}
@@ -241,7 +241,7 @@ func parseConfig() {
 			if c.Logger != nil {
 				c.Logger.Warning(&libpack_logging.LogMessage{
 					Message: "⚠️  TLS certificate verification is DISABLED - This is a security risk in production!",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"recommendation": "Enable TLS verification by removing CLIENT_DISABLE_TLS_VERIFY or setting it to false",
 					},
 				})
@@ -261,7 +261,7 @@ func parseConfig() {
 	if validatedPath, err := validateFilePath(bannedUsersFile); err != nil {
 		c.Logger.Error(&libpack_logging.LogMessage{
 			Message: "Invalid banned users file path, using default",
-			Pairs:   map[string]interface{}{"requested": bannedUsersFile, "error": err.Error()},
+			Pairs:   map[string]any{"requested": bannedUsersFile, "error": err.Error()},
 		})
 		c.Api.BannedUsersFile = "/go/src/app/banned_users.json"
 	} else {
@@ -331,12 +331,12 @@ func parseConfig() {
 		if err != nil {
 			cfg.Logger.Error(&libpack_logging.LogMessage{
 				Message: "Failed to initialize tracing",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 		} else {
 			cfg.Logger.Info(&libpack_logging.LogMessage{
 				Message: "Tracing initialized",
-				Pairs:   map[string]interface{}{"endpoint": cfg.Tracing.Endpoint},
+				Pairs:   map[string]any{"endpoint": cfg.Tracing.Endpoint},
 			})
 		}
 	}
@@ -346,7 +346,7 @@ func parseConfig() {
 	if cfg.Cache.CacheRedisEnable {
 		cfg.Logger.Info(&libpack_logging.LogMessage{
 			Message: "Initializing metrics aggregator for cluster mode",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"redis_url": cfg.Cache.CacheRedisURL,
 				"redis_db":  cfg.Cache.CacheRedisDB,
 			},
@@ -360,14 +360,14 @@ func parseConfig() {
 		); err != nil {
 			cfg.Logger.Error(&libpack_logging.LogMessage{
 				Message: "FAILED to initialize metrics aggregator - cluster mode will not work",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"error": err.Error(),
 				},
 			})
 		} else {
 			cfg.Logger.Info(&libpack_logging.LogMessage{
 				Message: "✓ Metrics aggregator successfully initialized",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"instance_id": GetMetricsAggregator().GetInstanceID(),
 				},
 			})
@@ -399,7 +399,7 @@ func parseConfig() {
 			}
 			cfg.Logger.Info(&libpack_logging.LogMessage{
 				Message: "Configuring memory cache with limits",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"type":          cacheType,
 					"max_memory_mb": cfg.Cache.CacheMaxMemorySize,
 					"max_entries":   cfg.Cache.CacheMaxEntries,
@@ -450,7 +450,7 @@ func parseConfig() {
 		detailedError := err.Error()
 		cfg.Logger.Error(&libpack_logging.LogMessage{
 			Message: "Failed to start service due to rate limit configuration error",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error": detailedError,
 			},
 		})
@@ -517,7 +517,7 @@ func main() {
 			if err := enableApi(ctx); err != nil {
 				cfg.Logger.Error(&libpack_logging.LogMessage{
 					Message: "API server error",
-					Pairs:   map[string]interface{}{"error": err.Error()},
+					Pairs:   map[string]any{"error": err.Error()},
 				})
 			}
 		})
@@ -527,7 +527,7 @@ func main() {
 			if err := enableHasuraEventCleaner(ctx); err != nil {
 				cfg.Logger.Error(&libpack_logging.LogMessage{
 					Message: "Event cleaner error",
-					Pairs:   map[string]interface{}{"error": err.Error()},
+					Pairs:   map[string]any{"error": err.Error()},
 				})
 			}
 		})
@@ -567,7 +567,7 @@ func main() {
 	// Start monitoring server
 	cfg.Logger.Info(&libpack_logging.LogMessage{
 		Message: "Starting monitoring server...",
-		Pairs:   map[string]interface{}{"port": cfg.Server.PortMonitoring},
+		Pairs:   map[string]any{"port": cfg.Server.PortMonitoring},
 	})
 
 	// Start monitoring server in a goroutine
@@ -585,7 +585,7 @@ func main() {
 	case err := <-monitoringErrCh:
 		cfg.Logger.Critical(&libpack_logging.LogMessage{
 			Message: "Failed to start monitoring server",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error": err.Error(),
 				"port":  cfg.Server.PortMonitoring,
 			},
@@ -600,7 +600,7 @@ func main() {
 		startupTimeout := time.Duration(getDetailsFromEnv("BACKEND_STARTUP_TIMEOUT", 300)) * time.Second
 		cfg.Logger.Info(&libpack_logging.LogMessage{
 			Message: "Waiting for GraphQL backend to be ready",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"timeout_seconds": int(startupTimeout.Seconds()),
 			},
 		})
@@ -608,7 +608,7 @@ func main() {
 		if err := healthMgr.WaitForBackendReady(startupTimeout); err != nil {
 			cfg.Logger.Critical(&libpack_logging.LogMessage{
 				Message: "GraphQL backend did not become ready in time",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"error":   err.Error(),
 					"timeout": startupTimeout.String(),
 				},
@@ -623,7 +623,7 @@ func main() {
 	// Start HTTP proxy
 	cfg.Logger.Info(&libpack_logging.LogMessage{
 		Message: "Starting HTTP proxy server...",
-		Pairs:   map[string]interface{}{"port": cfg.Server.PortGraphQL},
+		Pairs:   map[string]any{"port": cfg.Server.PortGraphQL},
 	})
 
 	// Start HTTP proxy in a goroutine
@@ -641,7 +641,7 @@ func main() {
 	case err := <-proxyErrCh:
 		cfg.Logger.Critical(&libpack_logging.LogMessage{
 			Message: "Failed to start HTTP proxy server",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"error": err.Error(),
 				"port":  cfg.Server.PortGraphQL,
 			},
@@ -670,7 +670,7 @@ func main() {
 	if err := shutdownManager.Shutdown(30 * time.Second); err != nil {
 		cfg.Logger.Error(&libpack_logging.LogMessage{
 			Message: "Error during shutdown",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 	}
 
@@ -751,7 +751,7 @@ func startCacheMemoryMonitoring(ctx context.Context) {
 			if percentUsed > 80.0 {
 				cfg.Logger.Warning(&libpack_logging.LogMessage{
 					Message: "Memory cache usage is high",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"memory_usage_bytes": memoryUsage,
 						"memory_limit_bytes": memoryLimit,
 						"percent_used":       percentUsed,

main_test.go

@@ -146,8 +146,8 @@ func (suite *Tests) Test_envVariableSetting() {
 
 func (suite *Tests) Test_getDetailsFromEnv() {
 	tests := []struct {
-		defaultValue interface{}
+		defaultValue any
-		expected     interface{}
+		expected     any
 		name         string
 		key          string
 		envValue     string

metrics_aggregator.go

@@ -29,19 +29,19 @@ type MetricsAggregator struct {
 
 // InstanceMetrics represents metrics for a single proxy instance
 type InstanceMetrics struct {
-	InstanceID     string                 `json:"instance_id"`
+	InstanceID     string         `json:"instance_id"`
-	Hostname       string                 `json:"hostname"`
+	Hostname       string         `json:"hostname"`
-	LastUpdate     time.Time              `json:"last_update"`
+	LastUpdate     time.Time      `json:"last_update"`
-	UptimeSeconds  float64                `json:"uptime_seconds"`
+	UptimeSeconds  float64        `json:"uptime_seconds"`
-	Stats          map[string]interface{} `json:"stats"`
+	Stats          map[string]any `json:"stats"`
-	Cache          map[string]interface{} `json:"cache,omitempty"`         // Full cache details including memory
+	Cache          map[string]any `json:"cache,omitempty"`         // Full cache details including memory
-	CacheSummary   map[string]interface{} `json:"cache_summary,omitempty"` // Deprecated: kept for compatibility
+	CacheSummary   map[string]any `json:"cache_summary,omitempty"` // Deprecated: kept for compatibility
-	Health         map[string]interface{} `json:"health"`
+	Health         map[string]any `json:"health"`
-	CircuitBreaker map[string]interface{} `json:"circuit_breaker,omitempty"`
+	CircuitBreaker map[string]any `json:"circuit_breaker,omitempty"`
-	RetryBudget    map[string]interface{} `json:"retry_budget,omitempty"`
+	RetryBudget    map[string]any `json:"retry_budget,omitempty"`
-	Coalescing     map[string]interface{} `json:"coalescing,omitempty"`
+	Coalescing     map[string]any `json:"coalescing,omitempty"`
-	WebSocketStats map[string]interface{} `json:"websocket,omitempty"`
+	WebSocketStats map[string]any `json:"websocket,omitempty"`
-	Connections    map[string]interface{} `json:"connections,omitempty"`
+	Connections    map[string]any `json:"connections,omitempty"`
 }
 
 // AggregatedMetrics represents combined metrics from all instances
@@ -49,7 +49,7 @@ type AggregatedMetrics struct {
 	TotalInstances   int                        `json:"total_instances"`
 	HealthyInstances int                        `json:"healthy_instances"`
 	LastUpdate       time.Time                  `json:"last_update"`
-	CombinedStats    map[string]interface{}     `json:"combined_stats"`
+	CombinedStats    map[string]any             `json:"combined_stats"`
 	Instances        []InstanceMetrics          `json:"instances"`
 	PerInstanceStats map[string]InstanceMetrics `json:"per_instance_stats"`
 }
@@ -96,7 +96,7 @@ func InitializeMetricsAggregator(redisURL, redisPassword string, redisDB int, lo
 		if logger != nil {
 			logger.Error(&libpack_logger.LogMessage{
 				Message: "❌ CRITICAL: Redis connection test FAILED during initialization",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"error":        err.Error(),
 					"redis_url":    redisURL,
 					"redis_db":     redisDB,
@@ -111,7 +111,7 @@ func InitializeMetricsAggregator(redisURL, redisPassword string, redisDB int, lo
 	if logger != nil {
 		logger.Info(&libpack_logger.LogMessage{
 			Message: "✓ Redis connection test PASSED",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"redis_url": redisURL,
 				"redis_db":  redisDB,
 			},
@@ -146,7 +146,7 @@ func InitializeMetricsAggregator(redisURL, redisPassword string, redisDB int, lo
 	if logger != nil {
 		logger.Info(&libpack_logger.LogMessage{
 			Message: "Metrics aggregator initialized",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"instance_id": instanceID,
 				"redis_url":   redisURL,
 				"publish_key": aggregator.publishKey,
@@ -199,7 +199,7 @@ func (ma *MetricsAggregator) publishMetrics() {
 		if ma.logger != nil {
 			ma.logger.Warning(&libpack_logger.LogMessage{
 				Message: "Cannot publish metrics - global config not initialized yet",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"instance_id": ma.instanceID,
 				},
 			})
@@ -215,7 +215,7 @@ func (ma *MetricsAggregator) publishMetrics() {
 		if ma.logger != nil {
 			ma.logger.Warning(&libpack_logger.LogMessage{
 				Message: "gatherAllStats returned empty/nil result",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"instance_id": ma.instanceID,
 				},
 			})
@@ -238,11 +238,11 @@ func (ma *MetricsAggregator) publishMetrics() {
 
 	// Extract specific sections - CRITICAL: we must set the correct structure
 	// Stats should contain the inner stats object with requests, cache_summary, etc.
-	if stats, ok := allStats["stats"].(map[string]interface{}); ok {
+	if stats, ok := allStats["stats"].(map[string]any); ok {
 		metrics.Stats = stats
 
 		// Also extract cache summary separately for easier access (deprecated but kept for compatibility)
-		if cacheSummary, ok := stats["cache_summary"].(map[string]interface{}); ok {
+		if cacheSummary, ok := stats["cache_summary"].(map[string]any); ok {
 			metrics.CacheSummary = cacheSummary
 		}
 
@@ -251,7 +251,7 @@ func (ma *MetricsAggregator) publishMetrics() {
 		if ma.logger != nil {
 			ma.logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to extract stats from allStats - using empty stats",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"instance_id": ma.instanceID,
 					"allStats_keys": func() []string {
 						keys := make([]string, 0, len(allStats))
@@ -263,32 +263,32 @@ func (ma *MetricsAggregator) publishMetrics() {
 				},
 			})
 		}
-		metrics.Stats = make(map[string]interface{})
+		metrics.Stats = make(map[string]any)
 	}
 
 	// Extract full cache details (includes memory usage)
-	if cache, ok := allStats["cache"].(map[string]interface{}); ok {
+	if cache, ok := allStats["cache"].(map[string]any); ok {
 		metrics.Cache = cache
 	}
 
-	if health, ok := allStats["health"].(map[string]interface{}); ok {
+	if health, ok := allStats["health"].(map[string]any); ok {
 		metrics.Health = health
 	} else {
-		metrics.Health = make(map[string]interface{})
+		metrics.Health = make(map[string]any)
 	}
-	if cb, ok := allStats["circuit_breaker"].(map[string]interface{}); ok {
+	if cb, ok := allStats["circuit_breaker"].(map[string]any); ok {
 		metrics.CircuitBreaker = cb
 	}
-	if rb, ok := allStats["retry_budget"].(map[string]interface{}); ok {
+	if rb, ok := allStats["retry_budget"].(map[string]any); ok {
 		metrics.RetryBudget = rb
 	}
-	if coal, ok := allStats["coalescing"].(map[string]interface{}); ok {
+	if coal, ok := allStats["coalescing"].(map[string]any); ok {
 		metrics.Coalescing = coal
 	}
-	if ws, ok := allStats["websocket"].(map[string]interface{}); ok {
+	if ws, ok := allStats["websocket"].(map[string]any); ok {
 		metrics.WebSocketStats = ws
 	}
-	if conn, ok := allStats["connections"].(map[string]interface{}); ok {
+	if conn, ok := allStats["connections"].(map[string]any); ok {
 		metrics.Connections = conn
 	}
 
@@ -298,7 +298,7 @@ func (ma *MetricsAggregator) publishMetrics() {
 		if ma.logger != nil {
 			ma.logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to marshal metrics for Redis",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 		}
 		return
@@ -321,7 +321,7 @@ func (ma *MetricsAggregator) publishMetrics() {
 		if ma.logger != nil {
 			ma.logger.Error(&libpack_logger.LogMessage{
 				Message: "❌ CRITICAL: Failed to publish metrics to Redis - cluster mode will not work!",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"error":       err.Error(),
 					"instance_id": ma.instanceID,
 					"key":         key,
@@ -348,7 +348,7 @@ func (ma *MetricsAggregator) removeInstanceMetrics() {
 	if err != nil && ma.logger != nil {
 		ma.logger.Warning(&libpack_logger.LogMessage{
 			Message: "Failed to remove instance metrics from Redis during shutdown",
-			Pairs:   map[string]interface{}{"instance_id": ma.instanceID, "error": err.Error()},
+			Pairs:   map[string]any{"instance_id": ma.instanceID, "error": err.Error()},
 		})
 		return
 	}
@@ -356,7 +356,7 @@ func (ma *MetricsAggregator) removeInstanceMetrics() {
 	if ma.logger != nil {
 		ma.logger.Info(&libpack_logger.LogMessage{
 			Message: "Removed instance metrics from Redis",
-			Pairs:   map[string]interface{}{"instance_id": ma.instanceID},
+			Pairs:   map[string]any{"instance_id": ma.instanceID},
 		})
 	}
 }
@@ -378,7 +378,7 @@ func (ma *MetricsAggregator) GetAggregatedMetrics() (*AggregatedMetrics, error)
 			TotalInstances:   0,
 			HealthyInstances: 0,
 			LastUpdate:       time.Now(),
-			CombinedStats:    make(map[string]interface{}),
+			CombinedStats:    make(map[string]any),
 			Instances:        []InstanceMetrics{},
 			PerInstanceStats: make(map[string]InstanceMetrics),
 		}, nil
@@ -391,7 +391,7 @@ func (ma *MetricsAggregator) GetAggregatedMetrics() (*AggregatedMetrics, error)
 		key := fmt.Sprintf("%s:%s", ma.publishKey, instanceID)
 		cmds[i] = pipe.Get(ctx, key)
 	}
-	pipe.Exec(ctx)
+	_, _ = pipe.Exec(ctx) // Errors handled per-command below
 
 	// Parse metrics
 	instances := make([]InstanceMetrics, 0, len(instanceIDs))
@@ -422,7 +422,7 @@ func (ma *MetricsAggregator) GetAggregatedMetrics() (*AggregatedMetrics, error)
 			if ma.logger != nil {
 				ma.logger.Warning(&libpack_logger.LogMessage{
 					Message: "Failed to unmarshal instance metrics",
-					Pairs:   map[string]interface{}{"error": err.Error()},
+					Pairs:   map[string]any{"error": err.Error()},
 				})
 			}
 			continue
@@ -440,7 +440,7 @@ func (ma *MetricsAggregator) GetAggregatedMetrics() (*AggregatedMetrics, error)
 				if ma.logger != nil {
 					ma.logger.Info(&libpack_logger.LogMessage{
 						Message: "Removed inactive instance",
-						Pairs: map[string]interface{}{
+						Pairs: map[string]any{
 							"instance_id":      instID,
 							"inactive_seconds": age.Seconds(),
 						},
@@ -463,7 +463,7 @@ func (ma *MetricsAggregator) GetAggregatedMetrics() (*AggregatedMetrics, error)
 	if ma.logger != nil && (staleCount > 0 || errorCount > 0) {
 		ma.logger.Info(&libpack_logger.LogMessage{
 			Message: "Cleaned up stale instance IDs from Redis",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"total_in_set":    len(instanceIDs),
 				"valid_instances": len(instances),
 				"stale_cleaned":   staleCount,
@@ -486,14 +486,14 @@ func (ma *MetricsAggregator) GetAggregatedMetrics() (*AggregatedMetrics, error)
 }
 
 // aggregateStats combines statistics from multiple instances
-func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[string]interface{} {
+func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[string]any {
 	if len(instances) == 0 {
 		if ma.logger != nil {
 			ma.logger.Warning(&libpack_logger.LogMessage{
 				Message: "No instances to aggregate",
 			})
 		}
-		return make(map[string]interface{})
+		return make(map[string]any)
 	}
 
 	// Initialize aggregated values
@@ -542,7 +542,7 @@ func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[str
 			if ma.logger != nil {
 				ma.logger.Warning(&libpack_logger.LogMessage{
 					Message: "Instance has nil Stats",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"instance_id": instance.InstanceID,
 						"index":       idx,
 					},
@@ -551,7 +551,7 @@ func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[str
 			continue
 		}
 
-		if stats, ok := instance.Stats["requests"].(map[string]interface{}); ok {
+		if stats, ok := instance.Stats["requests"].(map[string]any); ok {
 			if total, ok := stats["total"].(float64); ok {
 				totalRequests += int64(total)
 			}
@@ -579,7 +579,7 @@ func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[str
 				}
 				ma.logger.Warning(&libpack_logger.LogMessage{
 					Message: "Instance Stats missing 'requests' key",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"instance_id": instance.InstanceID,
 						"stats_keys":  keys,
 						"index":       idx,
@@ -715,11 +715,11 @@ func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[str
 		}
 	}
 
-	result := map[string]interface{}{
+	result := map[string]any{
 		"cluster_mode":    true,
 		"total_instances": len(instances),
 		"cluster_uptime":  oldestUptime,
-		"requests": map[string]interface{}{
+		"requests": map[string]any{
 			"total":                       totalRequests,
 			"succeeded":                   totalSucceeded,
 			"failed":                      totalFailed,
@@ -728,13 +728,13 @@ func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[str
 			"current_requests_per_second": totalCurrentRPS,
 			"avg_requests_per_second":     totalAvgRPS,
 		},
-		"cache_summary": map[string]interface{}{
+		"cache_summary": map[string]any{
 			"hits":         totalCacheHits,
 			"misses":       totalCacheMisses,
 			"hit_rate_pct": cacheHitRate,
 			"total_cached": totalCachedQueries,
 		},
-		"memory": map[string]interface{}{
+		"memory": map[string]any{
 			"total_usage_mb": func() float64 {
 				if hasValidMemoryStats {
 					return totalMemoryUsageMB
@@ -743,20 +743,20 @@ func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[str
 			}(),
 			"available": hasValidMemoryStats,
 		},
-		"connections": map[string]interface{}{
+		"connections": map[string]any{
 			"total_active": totalActiveConnections,
 		},
-		"websocket": map[string]interface{}{
+		"websocket": map[string]any{
 			"total_connections": totalWSConnections,
 		},
-		"coalescing": map[string]interface{}{
+		"coalescing": map[string]any{
 			"enabled":                  len(instances) > 0, // enabled if we have instances with data
 			"total_coalesced_requests": totalCoalescedRequests,
 			"total_primary_requests":   totalPrimaryRequests,
 			"backend_savings_pct":      backendSavings,
 			"coalescing_rate_pct":      backendSavings,
 		},
-		"retry_budget": map[string]interface{}{
+		"retry_budget": map[string]any{
 			"enabled":         retryBudgetEnabled,
 			"allowed_retries": totalRetryAllowed,
 			"denied_retries":  totalRetryDenied,
@@ -766,7 +766,7 @@ func (ma *MetricsAggregator) aggregateStats(instances []InstanceMetrics) map[str
 			"max_tokens":      totalMaxTokens,
 			"tokens_per_sec":  retryTokensPerSec,
 		},
-		"circuit_breaker": map[string]interface{}{
+		"circuit_breaker": map[string]any{
 			"enabled":            circuitBreakerEnabled,
 			"state":              cbState,
 			"instances_open":     cbOpenCount,
@@ -788,7 +788,7 @@ func (ma *MetricsAggregator) Shutdown() {
 	}
 
 	if ma.redisClient != nil {
-		ma.redisClient.Close()
+		_ = ma.redisClient.Close() // Best-effort cleanup
 	}
 
 	if ma.logger != nil {

monitoring/monitoring.go

@@ -1,3 +1,6 @@
+// Package libpack_monitoring provides Prometheus-compatible metrics collection
+// and exposure using VictoriaMetrics. Supports counters, gauges, histograms,
+// and custom metrics with labels.
 package libpack_monitoring
 
 import (
@@ -82,7 +85,7 @@ func (ms *MetricsSetup) startPrometheusEndpoint() {
 	if err := app.Listen(fmt.Sprintf(":%d", envutil.GetInt("MONITORING_PORT", 9393))); err != nil {
 		log.Critical(&libpack_logger.LogMessage{
 			Message: "Can't start the MONITORING service",
-			Pairs:   map[string]interface{}{"error": err},
+			Pairs:   map[string]any{"error": err},
 		})
 	}
 }
@@ -109,7 +112,7 @@ func (ms *MetricsSetup) RegisterMetricsGauge(metric_name string, labels map[stri
 	if err := validate_metrics_name(metric_name); err != nil {
 		log.Error(&libpack_logger.LogMessage{
 			Message: "RegisterMetricsGauge() error - invalid metric name",
-			Pairs:   map[string]interface{}{"error": err.Error(), "metric_name": metric_name},
+			Pairs:   map[string]any{"error": err.Error(), "metric_name": metric_name},
 		})
 		// Return a dummy gauge instead of nil to prevent panics
 		return &metrics.Gauge{}
@@ -125,7 +128,7 @@ func (ms *MetricsSetup) RegisterMetricsGaugeFunc(metric_name string, labels map[
 	if err := validate_metrics_name(metric_name); err != nil {
 		log.Error(&libpack_logger.LogMessage{
 			Message: "RegisterMetricsGaugeFunc() error - invalid metric name",
-			Pairs:   map[string]interface{}{"error": err.Error(), "metric_name": metric_name},
+			Pairs:   map[string]any{"error": err.Error(), "metric_name": metric_name},
 		})
 		// Return a dummy gauge instead of nil to prevent panics
 		return &metrics.Gauge{}
@@ -137,7 +140,7 @@ func (ms *MetricsSetup) RegisterMetricsCounter(metric_name string, labels map[st
 	if err := validate_metrics_name(metric_name); err != nil {
 		log.Error(&libpack_logger.LogMessage{
 			Message: "RegisterMetricsCounter() error - invalid metric name",
-			Pairs:   map[string]interface{}{"error": err.Error(), "metric_name": metric_name},
+			Pairs:   map[string]any{"error": err.Error(), "metric_name": metric_name},
 		})
 		// Return a dummy counter instead of nil to prevent panics
 		return &metrics.Counter{}
@@ -152,7 +155,7 @@ func (ms *MetricsSetup) RegisterFloatCounter(metric_name string, labels map[stri
 	if err := validate_metrics_name(metric_name); err != nil {
 		log.Error(&libpack_logger.LogMessage{
 			Message: "RegisterFloatCounter() error - invalid metric name",
-			Pairs:   map[string]interface{}{"error": err.Error(), "metric_name": metric_name},
+			Pairs:   map[string]any{"error": err.Error(), "metric_name": metric_name},
 		})
 		// Return a dummy float counter instead of nil to prevent panics
 		return &metrics.FloatCounter{}
@@ -164,7 +167,7 @@ func (ms *MetricsSetup) RegisterMetricsSummary(metric_name string, labels map[st
 	if err := validate_metrics_name(metric_name); err != nil {
 		log.Error(&libpack_logger.LogMessage{
 			Message: "RegisterMetricsSummary() error - invalid metric name",
-			Pairs:   map[string]interface{}{"error": err.Error(), "metric_name": metric_name},
+			Pairs:   map[string]any{"error": err.Error(), "metric_name": metric_name},
 		})
 		// Return a dummy summary instead of nil to prevent panics
 		return &metrics.Summary{}
@@ -176,7 +179,7 @@ func (ms *MetricsSetup) RegisterMetricsHistogram(metric_name string, labels map[
 	if err := validate_metrics_name(metric_name); err != nil {
 		log.Error(&libpack_logger.LogMessage{
 			Message: "RegisterMetricsHistogram() error - invalid metric name",
-			Pairs:   map[string]interface{}{"error": err.Error(), "metric_name": metric_name},
+			Pairs:   map[string]any{"error": err.Error(), "metric_name": metric_name},
 		})
 		// Return a dummy histogram instead of nil to prevent panics
 		return &metrics.Histogram{}

pkg/pools/buffer.go

@@ -1,3 +1,6 @@
+// Package pools provides memory-efficient buffer and gzip reader pools
+// for reducing allocations in high-throughput request processing.
+// Buffers are automatically sized and recycled to minimize GC pressure.
 package pools
 
 import (
@@ -16,21 +19,21 @@ const (
 
 // bufferPool is the global pool for reusable buffers
 var bufferPool = &sync.Pool{
-	New: func() interface{} {
+	New: func() any {
 		return bytes.NewBuffer(make([]byte, 0, InitialBufferSize))
 	},
 }
 
 // gzipWriterPool is the global pool for reusable gzip writers
 var gzipWriterPool = &sync.Pool{
-	New: func() interface{} {
+	New: func() any {
 		return gzip.NewWriter(nil)
 	},
 }
 
 // gzipReaderPool is the global pool for reusable gzip readers
 var gzipReaderPool = &sync.Pool{
-	New: func() interface{} {
+	New: func() any {
 		return new(gzip.Reader)
 	},
 }

proxy.go

@@ -10,7 +10,6 @@ import (
 	"math"
 	"net"
 	"net/url"
-	"regexp"
 	"strings"
 	"sync"
 	"time"
@@ -18,7 +17,6 @@ import (
 	"go.opentelemetry.io/otel/trace"
 
 	"github.com/avast/retry-go/v4"
-	"github.com/goccy/go-json"
 	"github.com/gofiber/fiber/v2"
 	libpack_cache "github.com/lukaszraczylo/graphql-monitoring-proxy/cache"
 	libpack_logger "github.com/lukaszraczylo/graphql-monitoring-proxy/logging"
@@ -90,7 +88,7 @@ func initCircuitBreaker(config *config) {
 
 	config.Logger.Info(&libpack_logger.LogMessage{
 		Message: "Circuit breaker initialized",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"max_failures":       config.CircuitBreaker.MaxFailures,
 			"timeout_seconds":    config.CircuitBreaker.Timeout,
 			"max_half_open_reqs": config.CircuitBreaker.MaxRequestsInHalfOpen,
@@ -105,7 +103,7 @@ func createTripFunc(config *config) func(counts gobreaker.Counts) bool {
 		if counts.ConsecutiveFailures >= safeUint32(config.CircuitBreaker.MaxFailures) {
 			config.Logger.Warning(&libpack_logger.LogMessage{
 				Message: "Circuit breaker tripped due to consecutive failures",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"consecutive_failures": counts.ConsecutiveFailures,
 					"max_failures":         config.CircuitBreaker.MaxFailures,
 					"total_requests":       counts.Requests,
@@ -122,7 +120,7 @@ func createTripFunc(config *config) func(counts gobreaker.Counts) bool {
 			if failureRatio >= config.CircuitBreaker.FailureRatio {
 				config.Logger.Warning(&libpack_logger.LogMessage{
 					Message: "Circuit breaker tripped due to failure ratio",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"failure_ratio":  failureRatio,
 						"threshold":      config.CircuitBreaker.FailureRatio,
 						"total_failures": counts.TotalFailures,
@@ -162,7 +160,7 @@ func createStateChangeFunc(config *config) func(name string, from gobreaker.Stat
 		// Log state change
 		config.Logger.Info(&libpack_logger.LogMessage{
 			Message: "Circuit breaker state changed",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"from": from.String(),
 				"to":   to.String(),
 				"name": name,
@@ -315,7 +313,7 @@ func setupTracing(c *fiber.Ctx) context.Context {
 		if err != nil {
 			cfg.Logger.Warning(&libpack_logger.LogMessage{
 				Message: "Failed to parse trace header",
-				Pairs:   map[string]interface{}{"error": err.Error()},
+				Pairs:   map[string]any{"error": err.Error()},
 			})
 		} else if spanCtx, err := tracer.ExtractSpanContext(spanInfo); err == nil {
 			ctx = trace.ContextWithSpanContext(ctx, spanCtx)
@@ -392,7 +390,7 @@ func performProxyRequestCore(c *fiber.Ctx, proxyURL string, cacheKey string) err
 	}
 
 	// Execute request through circuit breaker
-	_, err := cb.Execute(func() (interface{}, error) {
+	_, err := cb.Execute(func() (any, error) {
 		// Execute the request with retries
 		err := performProxyRequestWithRetries(c, proxyURL)
 		// Check if the error or status code should trip the circuit breaker
@@ -400,7 +398,7 @@ func performProxyRequestCore(c *fiber.Ctx, proxyURL string, cacheKey string) err
 			// Log error that could potentially trip the circuit
 			cfg.Logger.Warning(&libpack_logger.LogMessage{
 				Message: "Error in circuit-protected request",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"path":  c.Path(),
 					"error": err.Error(),
 				},
@@ -486,9 +484,9 @@ func executeProxyAttempt(c *fiber.Ctx, proxyURL string) error {
 		return proxyErr
 	}
 
-	// Safety check before accessing response
+	// Safety check before accessing response (c is already validated at function entry)
-	if c == nil || c.Response() == nil {
+	if c.Response() == nil {
-		return retry.Unrecoverable(fmt.Errorf("fiber context or response became nil"))
+		return retry.Unrecoverable(fmt.Errorf("fiber response became nil"))
 	}
 
 	// Check status code and determine retry strategy
@@ -551,7 +549,7 @@ func performProxyRequestWithEnhancedRetries(c *fiber.Ctx, proxyURL string, backe
 		retry.OnRetry(func(n uint, err error) {
 			cfg.Logger.Warning(&libpack_logger.LogMessage{
 				Message: "Retrying the request",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"path":              c.Path(),
 					"attempt":           n + 1,
 					"max_attempts":      attempts,
@@ -602,7 +600,7 @@ func performProxyRequestWithEnhancedRetries(c *fiber.Ctx, proxyURL string, backe
 				if !rb.AllowRetry() {
 					cfg.Logger.Warning(&libpack_logger.LogMessage{
 						Message: "Retry denied by budget",
-						Pairs: map[string]interface{}{
+						Pairs: map[string]any{
 							"path":  c.Path(),
 							"error": err.Error(),
 						},
@@ -694,7 +692,7 @@ func handleCircuitOpenGracefulDegradation(c *fiber.Ctx, cacheKey string) error {
 		if cachedResponse := libpack_cache.CacheLookup(cacheKey); cachedResponse != nil {
 			cfg.Logger.Info(&libpack_logger.LogMessage{
 				Message: "Circuit open - serving from cache",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"path": c.Path(),
 				},
 			})
@@ -714,7 +712,7 @@ func handleCircuitOpenGracefulDegradation(c *fiber.Ctx, cacheKey string) error {
 	// No cached response available - provide helpful error response
 	cfg.Logger.Warning(&libpack_logger.LogMessage{
 		Message: "Circuit open - no cached response available",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"path": c.Path(),
 		},
 	})
@@ -770,7 +768,7 @@ func handleGzippedResponse(c *fiber.Ctx) error {
 	if err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Failed to create gzip reader",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return err
 	}
@@ -788,7 +786,7 @@ func handleGzippedResponse(c *fiber.Ctx) error {
 	if err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Failed to decompress response",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		return err
 	}
@@ -802,157 +800,6 @@ func handleGzippedResponse(c *fiber.Ctx) error {
 	return nil
 }
 
-// sanitizeForLogging removes sensitive data from request/response bodies before logging
-func sanitizeForLogging(body []byte, contentType string) string {
-	// List of sensitive field patterns to redact
-	sensitiveFields := []string{
-		"password", "passwd", "pwd",
-		"token", "api_key", "apikey", "api-key",
-		"secret", "private_key", "privatekey", "private-key",
-		"authorization", "auth", "bearer",
-		"session", "sessionid", "session_id", "cookie",
-		"ssn", "social_security",
-		"credit_card", "card_number", "cardnumber", "cvv", "cvc",
-		"email", "phone", "address",
-	}
-
-	// Try to parse as JSON if content type suggests it
-	if strings.Contains(strings.ToLower(contentType), "json") {
-		var data map[string]interface{}
-		decoder := json.NewDecoder(bytes.NewReader(body))
-		decoder.UseNumber() // Preserve number precision and type
-		if err := decoder.Decode(&data); err == nil {
-			redactSensitiveFields(data, sensitiveFields)
-			sanitized, _ := json.Marshal(data)
-			return string(sanitized)
-		}
-	}
-
-	// For non-JSON or failed parsing, truncate to prevent logging large bodies
-	bodyStr := string(body)
-	if len(bodyStr) > 1000 {
-		return bodyStr[:1000] + "... [truncated]"
-	}
-
-	// For small non-JSON bodies, do basic string replacement
-	for _, field := range sensitiveFields {
-		// Simple pattern matching for key-value pairs
-		bodyStr = redactPatternInString(bodyStr, field)
-	}
-
-	return bodyStr
-}
-
-// redactSensitiveFields recursively redacts sensitive fields in a map
-func redactSensitiveFields(data map[string]interface{}, fields []string) {
-	for key, value := range data {
-		keyLower := strings.ToLower(key)
-		// Check if the key matches any sensitive field
-		for _, field := range fields {
-			if strings.Contains(keyLower, field) {
-				data[key] = "[REDACTED]"
-				break
-			}
-		}
-		// Recurse for nested objects
-		if nested, ok := value.(map[string]interface{}); ok {
-			redactSensitiveFields(nested, fields)
-		}
-		// Handle arrays of objects
-		if arr, ok := value.([]interface{}); ok {
-			for _, item := range arr {
-				if nestedItem, ok := item.(map[string]interface{}); ok {
-					redactSensitiveFields(nestedItem, fields)
-				}
-			}
-		}
-	}
-}
-
-// redactPatternInString performs basic pattern redaction in strings
-func redactPatternInString(text string, pattern string) string {
-	// Use proper regex to capture and redact complete sensitive values
-	// Order matters: process most specific patterns first
-
-	// 1. JSON pattern: "field":"value" → "field":"[REDACTED]"
-	jsonPattern := regexp.MustCompile(`(?i)"` + regexp.QuoteMeta(pattern) + `"\s*:\s*"[^"]*"`)
-	text = jsonPattern.ReplaceAllStringFunc(text, func(match string) string {
-		return regexp.MustCompile(`:\s*"[^"]*"`).ReplaceAllString(match, `:"[REDACTED]"`)
-	})
-
-	// 2. XML pattern: <field>value</field> → <field>[REDACTED]</field>
-	xmlPattern := regexp.MustCompile(`(?i)<` + regexp.QuoteMeta(pattern) + `>[^<]*</` + regexp.QuoteMeta(pattern) + `>`)
-	xmlMatched := xmlPattern.MatchString(text)
-	text = xmlPattern.ReplaceAllStringFunc(text, func(match string) string {
-		return regexp.MustCompile(`>[^<]*<`).ReplaceAllString(match, ">[REDACTED]<")
-	})
-
-	// If XML pattern was matched, also add a standardized redaction marker for test compatibility
-	if xmlMatched {
-		// Append a form-style marker to indicate redaction occurred
-		if !strings.Contains(text, pattern+"=[REDACTED]") {
-			text = text + " " + pattern + "=[REDACTED]"
-		}
-	}
-
-	// 3. Double quoted pattern: field="value" → field="[REDACTED]"
-	quotedPattern := regexp.MustCompile(`(?i)` + regexp.QuoteMeta(pattern) + `="[^"]*"`)
-	text = quotedPattern.ReplaceAllString(text, pattern+`="[REDACTED]"`)
-
-	// 4. Single quoted pattern: field='value' → field='[REDACTED]'
-	singleQuotedPattern := regexp.MustCompile(`(?i)` + regexp.QuoteMeta(pattern) + `='[^']*'`)
-	text = singleQuotedPattern.ReplaceAllString(text, pattern+`='[REDACTED]'`)
-
-	// 5. Form/URL pattern: field=value& or field=value$ → field=[REDACTED]& or field=[REDACTED]$
-	// This must be last and should only match unquoted values
-	formPattern := regexp.MustCompile(`(?i)` + regexp.QuoteMeta(pattern) + `=([^&\s"']+)(?:[&\s]|$)`)
-	text = formPattern.ReplaceAllStringFunc(text, func(match string) string {
-		// Only replace if the value is not already [REDACTED]
-		if strings.Contains(match, "[REDACTED]") {
-			return match
-		}
-		return regexp.MustCompile(`=([^&\s"']+)`).ReplaceAllString(match, "=[REDACTED]")
-	})
-
-	return text
-}
-
-// convertHeaders converts map[string][]string to map[string]string by taking first value
-func convertHeaders(headers map[string][]string) map[string]string {
-	converted := make(map[string]string)
-	for key, values := range headers {
-		if len(values) > 0 {
-			converted[key] = values[0]
-		}
-	}
-	return converted
-}
-
-// sanitizeHeaders removes sensitive headers from logging
-func sanitizeHeaders(headers map[string]string) map[string]string {
-	sanitized := make(map[string]string)
-	sensitiveHeaders := []string{
-		"authorization", "x-api-key", "x-auth-token", "cookie", "set-cookie",
-		"x-api-secret", "x-access-token", "x-csrf-token",
-	}
-
-	for key, value := range headers {
-		keyLower := strings.ToLower(key)
-		isRedacted := false
-		for _, sensitive := range sensitiveHeaders {
-			if strings.Contains(keyLower, sensitive) {
-				sanitized[key] = "[REDACTED]"
-				isRedacted = true
-				break
-			}
-		}
-		if !isRedacted {
-			sanitized[key] = value
-		}
-	}
-	return sanitized
-}
-
 // logDebugRequest logs the request details when in debug mode with sanitization.
 func logDebugRequest(c *fiber.Ctx) {
 	contentType := string(c.Request().Header.ContentType())
@@ -961,7 +808,7 @@ func logDebugRequest(c *fiber.Ctx) {
 
 	cfg.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Proxying the request",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"path":         c.Path(),
 			"body":         sanitizedBody,
 			"headers":      sanitizedHeaders,
@@ -978,7 +825,7 @@ func logDebugResponse(c *fiber.Ctx) {
 
 	cfg.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Received proxied response",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"path":          c.Path(),
 			"response_body": sanitizedBody,
 			"response_code": c.Response().StatusCode(),
@@ -996,7 +843,7 @@ func safeMaxRequests(maxRequestsInHalfOpen int) uint32 {
 		if cfg != nil && cfg.Logger != nil {
 			cfg.Logger.Warning(&libpack_logger.LogMessage{
 				Message: "Invalid MaxRequestsInHalfOpen value, using default",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"requested_value": maxRequestsInHalfOpen,
 					"default_value":   defaultMaxRequestsInHalfOpen,
 				},

proxy_logging_security_test.go

@@ -21,19 +21,19 @@ func TestProxyLoggingSecurityTestSuite(t *testing.T) {
 func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 	tests := []struct {
 		name        string
-		input       map[string]interface{}
+		input       map[string]any
-		expected    map[string]interface{}
+		expected    map[string]any
 		contentType string
 		description string
 	}{
 		{
 			name: "Password field redaction",
-			input: map[string]interface{}{
+			input: map[string]any{
 				"username": "user123",
 				"password": "secret123",
 				"email":    "user@example.com",
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"username": "user123",
 				"password": "[REDACTED]",
 				"email":    "[REDACTED]",
@@ -43,13 +43,13 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 		},
 		{
 			name: "API key and token redaction",
-			input: map[string]interface{}{
+			input: map[string]any{
 				"data":    "normal data",
 				"api_key": "sk-123456789",
 				"token":   "bearer-token-123",
 				"auth":    "auth-value",
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"data":    "normal data",
 				"api_key": "[REDACTED]",
 				"token":   "[REDACTED]",
@@ -60,22 +60,22 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 		},
 		{
 			name: "Nested sensitive fields",
-			input: map[string]interface{}{
+			input: map[string]any{
-				"user": map[string]interface{}{
+				"user": map[string]any{
 					"name":     "John Doe",
 					"password": "secret123",
-					"profile": map[string]interface{}{
+					"profile": map[string]any{
 						"api_key": "sk-nested-key",
 						"bio":     "User bio",
 					},
 				},
 				"public_data": "visible",
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
-				"user": map[string]interface{}{
+				"user": map[string]any{
 					"name":     "John Doe",
 					"password": "[REDACTED]",
-					"profile": map[string]interface{}{
+					"profile": map[string]any{
 						"api_key": "[REDACTED]",
 						"bio":     "User bio",
 					},
@@ -87,25 +87,25 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 		},
 		{
 			name: "Array with sensitive data",
-			input: map[string]interface{}{
+			input: map[string]any{
-				"users": []interface{}{
+				"users": []any{
-					map[string]interface{}{
+					map[string]any{
 						"name":     "User1",
 						"password": "pass1",
 					},
-					map[string]interface{}{
+					map[string]any{
 						"name":  "User2",
 						"token": "token2",
 					},
 				},
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
-				"users": []interface{}{
+				"users": []any{
-					map[string]interface{}{
+					map[string]any{
 						"name":     "User1",
 						"password": "[REDACTED]",
 					},
-					map[string]interface{}{
+					map[string]any{
 						"name":  "User2",
 						"token": "[REDACTED]",
 					},
@@ -116,13 +116,13 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 		},
 		{
 			name: "Credit card and financial data",
-			input: map[string]interface{}{
+			input: map[string]any{
 				"order_id":    "12345",
 				"credit_card": "4111111111111111",
 				"cvv":         "123",
 				"amount":      100.50,
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"order_id":    "12345",
 				"credit_card": "[REDACTED]",
 				"cvv":         "[REDACTED]",
@@ -133,14 +133,14 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 		},
 		{
 			name: "Personal identifiable information",
-			input: map[string]interface{}{
+			input: map[string]any{
 				"name":    "John Doe",
 				"ssn":     "123-45-6789",
 				"phone":   "+1-555-123-4567",
 				"address": "123 Main St",
 				"age":     30,
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"name":    "John Doe",
 				"ssn":     "[REDACTED]",
 				"phone":   "[REDACTED]",
@@ -152,13 +152,13 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 		},
 		{
 			name: "Mixed case field names",
-			input: map[string]interface{}{
+			input: map[string]any{
 				"UserName": "john",
 				"PASSWORD": "secret",
 				"Api_Key":  "key123",
 				"Bearer":   "token",
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"UserName": "john",
 				"PASSWORD": "[REDACTED]",
 				"Api_Key":  "[REDACTED]",
@@ -169,24 +169,24 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 		},
 		{
 			name: "Various password patterns",
-			input: map[string]interface{}{
+			input: map[string]any{
 				"pwd":      "secret1",
 				"passwd":   "secret2",
 				"password": "secret3",
-				"pass":     "not-redacted", // Should NOT be redacted (not in list)
+				"pass":     "secret4", // Now redacted for better security coverage
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"pwd":      "[REDACTED]",
 				"passwd":   "[REDACTED]",
 				"password": "[REDACTED]",
-				"pass":     "not-redacted",
+				"pass":     "[REDACTED]",
 			},
 			contentType: "application/json",
 			description: "Should handle various password field patterns",
 		},
 		{
 			name: "Various auth patterns",
-			input: map[string]interface{}{
+			input: map[string]any{
 				"authorization": "Bearer token123",
 				"auth":          "basic auth",
 				"bearer":        "token456",
@@ -195,7 +195,7 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 				"session_id":    "session789",
 				"cookie":        "cookie_value",
 			},
-			expected: map[string]interface{}{
+			expected: map[string]any{
 				"authorization": "[REDACTED]",
 				"auth":          "[REDACTED]",
 				"bearer":        "[REDACTED]",
@@ -219,7 +219,7 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSensitiveDataSanitization() {
 			result := sanitizeForLogging(inputBytes, tt.contentType)
 
 			// Parse the result back to compare
-			var sanitized map[string]interface{}
+			var sanitized map[string]any
 			decoder := json.NewDecoder(strings.NewReader(result))
 			decoder.UseNumber() // Preserve number precision and type
 			err = decoder.Decode(&sanitized)
@@ -398,10 +398,10 @@ func (suite *ProxyLoggingSecurityTestSuite) TestRedactSensitiveFields() {
 	sensitiveFields := []string{"password", "token", "secret"}
 
 	suite.Run("Deep nested structure", func() {
-		data := map[string]interface{}{
+		data := map[string]any{
-			"level1": map[string]interface{}{
+			"level1": map[string]any{
-				"level2": map[string]interface{}{
+				"level2": map[string]any{
-					"level3": map[string]interface{}{
+					"level3": map[string]any{
 						"password": "testdeepsecret",
 						"public":   "data",
 					},
@@ -415,28 +415,28 @@ func (suite *ProxyLoggingSecurityTestSuite) TestRedactSensitiveFields() {
 		redactSensitiveFields(data, sensitiveFields)
 
 		// Verify deep nesting is handled
-		level3 := data["level1"].(map[string]interface{})["level2"].(map[string]interface{})["level3"].(map[string]interface{})
+		level3 := data["level1"].(map[string]any)["level2"].(map[string]any)["level3"].(map[string]any)
 		suite.Equal("[REDACTED]", level3["password"])
 		suite.Equal("data", level3["public"])
 
 		// Verify intermediate levels
-		level2 := data["level1"].(map[string]interface{})["level2"].(map[string]interface{})
+		level2 := data["level1"].(map[string]any)["level2"].(map[string]any)
 		suite.Equal("[REDACTED]", level2["token"])
 
 		// Verify top level
 		suite.Equal("[REDACTED]", data["secret"])
-		level1 := data["level1"].(map[string]interface{})
+		level1 := data["level1"].(map[string]any)
 		suite.Equal("value", level1["normal"])
 	})
 
 	suite.Run("Array of objects", func() {
-		data := map[string]interface{}{
+		data := map[string]any{
-			"users": []interface{}{
+			"users": []any{
-				map[string]interface{}{
+				map[string]any{
 					"name":     "User1",
 					"password": "testpass1",
 				},
-				map[string]interface{}{
+				map[string]any{
 					"name":  "User2",
 					"token": "testtoken2",
 				},
@@ -446,9 +446,9 @@ func (suite *ProxyLoggingSecurityTestSuite) TestRedactSensitiveFields() {
 
 		redactSensitiveFields(data, sensitiveFields)
 
-		users := data["users"].([]interface{})
+		users := data["users"].([]any)
-		user1 := users[0].(map[string]interface{})
+		user1 := users[0].(map[string]any)
-		user2 := users[1].(map[string]interface{})
+		user2 := users[1].(map[string]any)
 
 		suite.Equal("[REDACTED]", user1["password"])
 		suite.Equal("User1", user1["name"])
@@ -509,9 +509,9 @@ func (suite *ProxyLoggingSecurityTestSuite) TestRedactPatternInString() {
 // TestSanitizationPerformance tests performance of sanitization functions
 func (suite *ProxyLoggingSecurityTestSuite) TestSanitizationPerformance() {
 	// Create a large JSON structure with sensitive data
-	largeData := make(map[string]interface{})
+	largeData := make(map[string]any)
 	for i := 0; i < 1000; i++ {
-		largeData[fmt.Sprintf("user_%d", i)] = map[string]interface{}{
+		largeData[fmt.Sprintf("user_%d", i)] = map[string]any{
 			"name":     fmt.Sprintf("User%d", i),
 			"password": fmt.Sprintf("secret%d", i),
 			"email":    fmt.Sprintf("user%d@example.com", i),
@@ -526,12 +526,12 @@ func (suite *ProxyLoggingSecurityTestSuite) TestSanitizationPerformance() {
 	result := sanitizeForLogging(largeJSON, "application/json")
 
 	// Verify the result is valid JSON
-	var sanitized map[string]interface{}
+	var sanitized map[string]any
 	err = json.Unmarshal([]byte(result), &sanitized)
 	suite.NoError(err)
 
 	// Verify sensitive data was redacted (spot check)
-	user0 := sanitized["user_0"].(map[string]interface{})
+	user0 := sanitized["user_0"].(map[string]any)
 	suite.Equal("[REDACTED]", user0["password"])
 	suite.Equal("[REDACTED]", user0["email"])
 	suite.Equal("User0", user0["name"])
@@ -557,7 +557,7 @@ func (suite *ProxyLoggingSecurityTestSuite) TestEdgeCases() {
 
 		// This should not panic
 		suite.NotPanics(func() {
-			data := make(map[string]interface{})
+			data := make(map[string]any)
 			data["test"] = nil
 			redactSensitiveFields(data, sensitiveFields)
 		})
@@ -577,12 +577,12 @@ func (suite *ProxyLoggingSecurityTestSuite) TestEdgeCases() {
 
 // BenchmarkSanitizeForLogging benchmarks the sanitization function
 func BenchmarkSanitizeForLogging(b *testing.B) {
-	testData := map[string]interface{}{
+	testData := map[string]any{
 		"username": "testuser",
 		"password": "secret123",
 		"api_key":  "sk-123456789",
 		"data":     "normal data",
-		"nested": map[string]interface{}{
+		"nested": map[string]any{
 			"token": "nested-token",
 			"value": "nested-value",
 		},

ratelimit.go

@@ -25,8 +25,8 @@ type RateLimitConfig struct {
 func (r *RateLimitConfig) UnmarshalJSON(data []byte) error {
 	// Use a temporary struct to unmarshal the JSON data
 	type RateLimitConfigTemp struct {
-		Interval interface{} `json:"interval"`
+		Interval any `json:"interval"`
-		Req      int         `json:"req"`
+		Req      int `json:"req"`
 	}
 
 	var temp RateLimitConfigTemp
@@ -96,7 +96,7 @@ func loadRatelimitConfig() error {
 	// Log detailed error information
 	cfg.Logger.Error(&libpack_logger.LogMessage{
 		Message: "Failed to load rate limit configuration",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"paths":       paths,
 			"path_errors": configError.PathErrors,
 		},
@@ -120,7 +120,7 @@ func loadConfigFromPath(path string) error {
 
 		cfg.Logger.Debug(&libpack_logger.LogMessage{
 			Message: "Failed to load rate limit config",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"path":          path,
 				"error":         errMsg,
 				"error_details": err.Error(),
@@ -137,7 +137,7 @@ func loadConfigFromPath(path string) error {
 		errMsg := fmt.Sprintf("Invalid JSON format: %s", err.Error())
 		cfg.Logger.Debug(&libpack_logger.LogMessage{
 			Message: "Failed to parse rate limit config",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"path":  path,
 				"error": errMsg,
 			},
@@ -150,7 +150,7 @@ func loadConfigFromPath(path string) error {
 		errMsg := "Empty rate limit configuration"
 		cfg.Logger.Debug(&libpack_logger.LogMessage{
 			Message: "Invalid rate limit config",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"path":  path,
 				"error": errMsg,
 			},
@@ -167,7 +167,7 @@ func loadConfigFromPath(path string) error {
 		if cfg.LogLevel == "DEBUG" {
 			cfg.Logger.Debug(&libpack_logger.LogMessage{
 				Message: "Setting ratelimit config for role",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"role":          key,
 					"interval_used": value.Interval,
 					"ratelimit":     value.Req,
@@ -186,7 +186,7 @@ func loadConfigFromPath(path string) error {
 
 	cfg.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Rate limit config loaded",
-		Pairs:   map[string]interface{}{"ratelimit": rateLimits},
+		Pairs:   map[string]any{"ratelimit": rateLimits},
 	})
 	return nil
 }
@@ -210,7 +210,7 @@ func rateLimitedRequest(userID, userRole string) bool {
 	if !ok || roleConfig.RateCounterTicker == nil {
 		cfg.Logger.Warning(&libpack_logger.LogMessage{
 			Message: "Rate limit role not found or ticker not initialized - defaulting to deny",
-			Pairs:   map[string]interface{}{"user_role": userRole},
+			Pairs:   map[string]any{"user_role": userRole},
 		})
 		// Default to deny when config not found (security fix)
 		return false
@@ -224,7 +224,7 @@ func checkRateLimit(userID, userRole string, roleConfig RateLimitConfig, endpoin
 	roleConfig.RateCounterTicker.Incr(1)
 	tickerRate := roleConfig.RateCounterTicker.GetRate()
 
-	logDetails := map[string]interface{}{
+	logDetails := map[string]any{
 		"user_role":   userRole,
 		"user_id":     userID,
 		"rate":        tickerRate,
@@ -235,14 +235,14 @@ func checkRateLimit(userID, userRole string, roleConfig RateLimitConfig, endpoin
 
 	cfg.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Rate limit ticker",
-		Pairs:   map[string]interface{}{"log_details": logDetails},
+		Pairs:   map[string]any{"log_details": logDetails},
 	})
 
 	// Check burst limit if configured
 	if roleConfig.Burst > 0 && tickerRate > float64(roleConfig.Burst) {
 		cfg.Logger.Debug(&libpack_logger.LogMessage{
 			Message: "Burst limit exceeded",
-			Pairs:   map[string]interface{}{"log_details": logDetails},
+			Pairs:   map[string]any{"log_details": logDetails},
 		})
 		return false
 	}
@@ -250,7 +250,7 @@ func checkRateLimit(userID, userRole string, roleConfig RateLimitConfig, endpoin
 	if tickerRate > float64(roleConfig.Req) {
 		cfg.Logger.Debug(&libpack_logger.LogMessage{
 			Message: "Rate limit exceeded",
-			Pairs:   map[string]interface{}{"log_details": logDetails},
+			Pairs:   map[string]any{"log_details": logDetails},
 		})
 		return false
 	}

request_coalescing.go

@@ -76,7 +76,7 @@ func (rc *RequestCoalescer) Do(key string, fn func() (*CoalescedResponse, error)
 		if rc.logger != nil {
 			rc.logger.Debug(&libpack_logger.LogMessage{
 				Message: "Request coalesced with in-flight request",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"key":     key[:min(len(key), 32)] + "...",
 					"waiters": waiters,
 				},
@@ -115,7 +115,7 @@ func (rc *RequestCoalescer) Do(key string, fn func() (*CoalescedResponse, error)
 		if rc.logger != nil {
 			rc.logger.Debug(&libpack_logger.LogMessage{
 				Message: "Request coalesced (race condition)",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"key":     key[:min(len(key), 32)] + "...",
 					"waiters": waiters,
 				},
@@ -163,7 +163,7 @@ func (rc *RequestCoalescer) Do(key string, fn func() (*CoalescedResponse, error)
 	if rc.logger != nil && waiters > 1 {
 		rc.logger.Info(&libpack_logger.LogMessage{
 			Message: "Request completed, served coalesced waiters",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"key":         key[:min(len(key), 32)] + "...",
 				"waiters":     waiters,
 				"duration_ms": duration.Milliseconds(),
@@ -183,7 +183,7 @@ func (rc *RequestCoalescer) Do(key string, fn func() (*CoalescedResponse, error)
 }
 
 // GetStats returns coalescing statistics
-func (rc *RequestCoalescer) GetStats() map[string]interface{} {
+func (rc *RequestCoalescer) GetStats() map[string]any {
 	totalRequests := rc.totalRequests.Load()
 	coalescedRequests := rc.coalescedRequests.Load()
 
@@ -199,7 +199,7 @@ func (rc *RequestCoalescer) GetStats() map[string]interface{} {
 		savings = float64(coalescedRequests) / float64(primaryRequests) * 100
 	}
 
-	return map[string]interface{}{
+	return map[string]any{
 		"enabled":             rc.enabled,
 		"total_requests":      totalRequests,
 		"primary_requests":    primaryRequests,

retry_budget.go

@@ -81,7 +81,7 @@ func (rb *RetryBudget) AllowRetry() bool {
 			if rb.logger != nil {
 				rb.logger.Debug(&libpack_logger.LogMessage{
 					Message: "Retry denied: budget exhausted",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"current_tokens": current,
 						"denied_count":   rb.deniedRetries.Load(),
 					},
@@ -150,7 +150,7 @@ func (rb *RetryBudget) refill() {
 }
 
 // GetStats returns current statistics
-func (rb *RetryBudget) GetStats() map[string]interface{} {
+func (rb *RetryBudget) GetStats() map[string]any {
 	totalAttempts := rb.totalAttempts.Load()
 	allowedRetries := rb.allowedRetries.Load()
 	deniedRetries := rb.deniedRetries.Load()
@@ -160,7 +160,7 @@ func (rb *RetryBudget) GetStats() map[string]interface{} {
 		denialRate = float64(deniedRetries) / float64(totalAttempts) * 100
 	}
 
-	return map[string]interface{}{
+	return map[string]any{
 		"enabled":         rb.enabled,
 		"current_tokens":  rb.currentTokens.Load(),
 		"max_tokens":      rb.maxTokens,
@@ -195,7 +195,7 @@ func (rb *RetryBudget) UpdateConfig(config RetryBudgetConfig) {
 	if rb.logger != nil {
 		rb.logger.Info(&libpack_logger.LogMessage{
 			Message: "Retry budget configuration updated",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"tokens_per_sec": config.TokensPerSecond,
 				"max_tokens":     config.MaxTokens,
 				"enabled":        config.Enabled,
@@ -222,7 +222,7 @@ func InitializeRetryBudgetWithContext(ctx context.Context, config RetryBudgetCon
 		if logger != nil && config.Enabled {
 			logger.Info(&libpack_logger.LogMessage{
 				Message: "Retry budget initialized",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"tokens_per_sec": config.TokensPerSecond,
 					"max_tokens":     config.MaxTokens,
 				},

sanitization.go

@@ -0,0 +1,187 @@
+package main
+
+import (
+	"bytes"
+	"regexp"
+	"strings"
+
+	"github.com/goccy/go-json"
+)
+
+// Sanitization constants
+const (
+	// MaxLogBodySize is the maximum size of body content to include in logs
+	MaxLogBodySize = 1000
+	// RedactedPlaceholder is the string used to replace sensitive values
+	RedactedPlaceholder = "[REDACTED]"
+	// TruncatedSuffix is appended to truncated log content
+	TruncatedSuffix = "... [truncated]"
+)
+
+// sensitiveFieldPatterns contains common sensitive field names for redaction
+var sensitiveFieldPatterns = []string{
+	// Passwords
+	"password", "passwd", "pwd", "pass",
+	// Tokens (expanded coverage)
+	"token", "accesstoken", "access_token", "refreshtoken", "refresh_token",
+	"api_key", "apikey", "api-key", "api_token",
+	"jwt", "jwttoken", "jwt_token", "idtoken", "id_token",
+	// Secrets & Keys
+	"secret", "client_secret", "clientsecret",
+	"private_key", "privatekey", "private-key",
+	// Auth
+	"authorization", "auth", "bearer", "basic",
+	// Sessions
+	"session", "sessionid", "session_id", "cookie", "csrf", "xsrf",
+	// PII - Personal Identifiable Information
+	"ssn", "social_security", "personal_id", "national_id",
+	"credit_card", "card_number", "cardnumber", "cvv", "cvc", "cvv2",
+	"track1", "track2", "pan",
+	"email", "phone", "address", "postal", "zip",
+	// MFA/2FA
+	"otp", "2fa", "mfa", "pin", "totp",
+}
+
+// sensitiveHeaderPatterns contains header names that should be redacted
+var sensitiveHeaderPatterns = []string{
+	"authorization", "x-api-key", "x-auth-token", "cookie", "set-cookie",
+	"x-api-secret", "x-access-token", "x-csrf-token",
+}
+
+// sanitizeForLogging removes sensitive data from request/response bodies before logging
+func sanitizeForLogging(body []byte, contentType string) string {
+	// Try to parse as JSON if content type suggests it
+	if strings.Contains(strings.ToLower(contentType), "json") {
+		var data map[string]any
+		decoder := json.NewDecoder(bytes.NewReader(body))
+		decoder.UseNumber() // Preserve number precision and type
+		if err := decoder.Decode(&data); err == nil {
+			redactSensitiveFields(data, sensitiveFieldPatterns)
+			sanitized, err := json.Marshal(data)
+			if err != nil {
+				// Fall through to string-based sanitization on marshal error
+			} else {
+				return string(sanitized)
+			}
+		}
+	}
+
+	// For non-JSON or failed parsing, truncate to prevent logging large bodies
+	bodyStr := string(body)
+	if len(bodyStr) > MaxLogBodySize {
+		return bodyStr[:MaxLogBodySize] + TruncatedSuffix
+	}
+
+	// For small non-JSON bodies, do basic string replacement
+	for _, field := range sensitiveFieldPatterns {
+		bodyStr = redactPatternInString(bodyStr, field)
+	}
+
+	return bodyStr
+}
+
+// redactSensitiveFields recursively redacts sensitive fields in a map
+func redactSensitiveFields(data map[string]any, fields []string) {
+	for key, value := range data {
+		keyLower := strings.ToLower(key)
+		// Check if the key matches any sensitive field
+		for _, field := range fields {
+			if strings.Contains(keyLower, field) {
+				data[key] = RedactedPlaceholder
+				break
+			}
+		}
+		// Recurse for nested objects
+		if nested, ok := value.(map[string]any); ok {
+			redactSensitiveFields(nested, fields)
+		}
+		// Handle arrays of objects
+		if arr, ok := value.([]any); ok {
+			for _, item := range arr {
+				if nestedItem, ok := item.(map[string]any); ok {
+					redactSensitiveFields(nestedItem, fields)
+				}
+			}
+		}
+	}
+}
+
+// redactPatternInString performs basic pattern redaction in strings
+func redactPatternInString(text string, pattern string) string {
+	// Use proper regex to capture and redact complete sensitive values
+	// Order matters: process most specific patterns first
+
+	// 1. JSON pattern: "field":"value" → "field":"[REDACTED]"
+	jsonPattern := regexp.MustCompile(`(?i)"` + regexp.QuoteMeta(pattern) + `"\s*:\s*"[^"]*"`)
+	text = jsonPattern.ReplaceAllStringFunc(text, func(match string) string {
+		return regexp.MustCompile(`:\s*"[^"]*"`).ReplaceAllString(match, `:"[REDACTED]"`)
+	})
+
+	// 2. XML pattern: <field>value</field> → <field>[REDACTED]</field>
+	xmlPattern := regexp.MustCompile(`(?i)<` + regexp.QuoteMeta(pattern) + `>[^<]*</` + regexp.QuoteMeta(pattern) + `>`)
+	xmlMatched := xmlPattern.MatchString(text)
+	text = xmlPattern.ReplaceAllStringFunc(text, func(match string) string {
+		return regexp.MustCompile(`>[^<]*<`).ReplaceAllString(match, ">[REDACTED]<")
+	})
+
+	// If XML pattern was matched, also add a standardized redaction marker for test compatibility
+	if xmlMatched {
+		// Append a form-style marker to indicate redaction occurred
+		if !strings.Contains(text, pattern+"=[REDACTED]") {
+			text = text + " " + pattern + "=[REDACTED]"
+		}
+	}
+
+	// 3. Double quoted pattern: field="value" → field="[REDACTED]"
+	quotedPattern := regexp.MustCompile(`(?i)` + regexp.QuoteMeta(pattern) + `="[^"]*"`)
+	text = quotedPattern.ReplaceAllString(text, pattern+`="[REDACTED]"`)
+
+	// 4. Single quoted pattern: field='value' → field='[REDACTED]'
+	singleQuotedPattern := regexp.MustCompile(`(?i)` + regexp.QuoteMeta(pattern) + `='[^']*'`)
+	text = singleQuotedPattern.ReplaceAllString(text, pattern+`='[REDACTED]'`)
+
+	// 5. Form/URL pattern: field=value& or field=value$ → field=[REDACTED]& or field=[REDACTED]$
+	// This must be last and should only match unquoted values
+	formPattern := regexp.MustCompile(`(?i)` + regexp.QuoteMeta(pattern) + `=([^&\s"']+)(?:[&\s]|$)`)
+	text = formPattern.ReplaceAllStringFunc(text, func(match string) string {
+		// Only replace if the value is not already [REDACTED]
+		if strings.Contains(match, "[REDACTED]") {
+			return match
+		}
+		return regexp.MustCompile(`=([^&\s"']+)`).ReplaceAllString(match, "=[REDACTED]")
+	})
+
+	return text
+}
+
+// convertHeaders converts map[string][]string to map[string]string by taking first value
+func convertHeaders(headers map[string][]string) map[string]string {
+	converted := make(map[string]string)
+	for key, values := range headers {
+		if len(values) > 0 {
+			converted[key] = values[0]
+		}
+	}
+	return converted
+}
+
+// sanitizeHeaders removes sensitive headers from logging
+func sanitizeHeaders(headers map[string]string) map[string]string {
+	sanitized := make(map[string]string)
+
+	for key, value := range headers {
+		keyLower := strings.ToLower(key)
+		isRedacted := false
+		for _, sensitive := range sensitiveHeaderPatterns {
+			if strings.Contains(keyLower, sensitive) {
+				sanitized[key] = RedactedPlaceholder
+				isRedacted = true
+				break
+			}
+		}
+		if !isRedacted {
+			sanitized[key] = value
+		}
+	}
+	return sanitized
+}

server.go

@@ -87,7 +87,7 @@ func StartHTTPProxy() error {
 
 	cfg.Logger.Info(&libpack_logger.LogMessage{
 		Message: "GraphQL proxy starting",
-		Pairs:   map[string]interface{}{"port": cfg.Server.PortGraphQL},
+		Pairs:   map[string]any{"port": cfg.Server.PortGraphQL},
 	})
 
 	if err := server.Listen(fmt.Sprintf(":%d", cfg.Server.PortGraphQL)); err != nil {
@@ -168,7 +168,7 @@ func healthCheck(c *fiber.Ctx) error {
 
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Health check: Can't reach the GraphQL server",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"endpoint":         endpoint,
 					"error":            errorMsg,
 					"response_time_ms": graphqlStatus.ResponseTime,
@@ -224,7 +224,7 @@ func healthCheck(c *fiber.Ctx) error {
 
 			cfg.Logger.Error(&libpack_logger.LogMessage{
 				Message: "Health check: Can't connect to Redis",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"server":           cfg.Cache.CacheRedisURL,
 					"error":            errorMsg,
 					"response_time_ms": redisStatus.ResponseTime,
@@ -243,7 +243,7 @@ func healthCheck(c *fiber.Ctx) error {
 
 	cfg.Logger.Debug(&libpack_logger.LogMessage{
 		Message: "Health check completed",
-		Pairs: map[string]interface{}{
+		Pairs: map[string]any{
 			"status":       response.Status,
 			"dependencies": response.Dependencies,
 		},
@@ -275,7 +275,7 @@ func processGraphQLRequest(c *fiber.Ctx) error {
 
 	// Debug logging for mutation routing analysis (enabled when LOG_LEVEL=DEBUG)
 	if cfg.LogLevel == "DEBUG" {
-		var m map[string]interface{}
+		var m map[string]any
 		if err := json.Unmarshal(c.Body(), &m); err == nil {
 			if query, ok := m["query"].(string); ok {
 				debugParseGraphQLQuery(c, query)
@@ -380,7 +380,7 @@ func proxyAndCacheTheRequest(c *fiber.Ctx, queryCacheHash string, cacheTime int,
 	if err := proxyTheRequest(c, currentEndpoint); err != nil {
 		cfg.Logger.Error(&libpack_logger.LogMessage{
 			Message: "Can't proxy the request",
-			Pairs:   map[string]interface{}{"error": err.Error()},
+			Pairs:   map[string]any{"error": err.Error()},
 		})
 		cfg.Monitoring.Increment(libpack_monitoring.MetricsFailed, nil)
 		return c.Status(fiber.StatusInternalServerError).SendString("Can't proxy the request - try again later")
@@ -403,7 +403,7 @@ func logAndMonitorRequest(c *fiber.Ctx, userID, opType, opName string, wasCached
 	if cfg.Server.AccessLog {
 		cfg.Logger.Info(&libpack_logger.LogMessage{
 			Message: "Request processed",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"ip":           c.IP(),
 				"fwd-ip":       c.Get("X-Forwarded-For"),
 				"user_id":      userID,

shutdown.go

@@ -54,7 +54,7 @@ func (sm *ShutdownManager) RunGoroutine(name string, fn func(context.Context)) {
 		if logger != nil {
 			logger.Debug(&libpack_logging.LogMessage{
 				Message: "Starting managed goroutine",
-				Pairs:   map[string]interface{}{"name": name},
+				Pairs:   map[string]any{"name": name},
 			})
 		}
 		fn(sm.ctx)
@@ -64,7 +64,7 @@ func (sm *ShutdownManager) RunGoroutine(name string, fn func(context.Context)) {
 		if logger != nil {
 			logger.Debug(&libpack_logging.LogMessage{
 				Message: "Managed goroutine finished",
-				Pairs:   map[string]interface{}{"name": name},
+				Pairs:   map[string]any{"name": name},
 			})
 		}
 	}()
@@ -114,7 +114,7 @@ func (sm *ShutdownManager) doShutdown(timeout time.Duration) error {
 			if logger != nil {
 				logger.Info(&libpack_logging.LogMessage{
 					Message: "Shutting down component",
-					Pairs:   map[string]interface{}{"component": c.Name},
+					Pairs:   map[string]any{"component": c.Name},
 				})
 			}
 			if err := c.Shutdown(shutdownCtx); err != nil {
@@ -124,7 +124,7 @@ func (sm *ShutdownManager) doShutdown(timeout time.Duration) error {
 				if logger != nil {
 					logger.Error(&libpack_logging.LogMessage{
 						Message: "Error shutting down component",
-						Pairs: map[string]interface{}{
+						Pairs: map[string]any{
 							"component": c.Name,
 							"error":     err.Error(),
 						},

tracing/tracing.go

@@ -1,3 +1,6 @@
+// Package tracing provides OpenTelemetry distributed tracing integration
+// for the GraphQL proxy. Supports OTLP export to collectors like Jaeger,
+// Zipkin, or any OTLP-compatible backend.
 package tracing
 
 import (

websocket.go

@@ -67,7 +67,7 @@ func NewWebSocketProxy(backendURL string, config WebSocketConfig, logger *libpac
 	if logger != nil && config.Enabled {
 		logger.Info(&libpack_logger.LogMessage{
 			Message: "WebSocket proxy enabled",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"backend_url":      backendURL,
 				"ping_interval":    config.PingInterval,
 				"max_message_size": config.MaxMessageSize,
@@ -132,7 +132,7 @@ func (wsp *WebSocketProxy) handleConnection(ctx context.Context, clientConn *web
 	if wsp.logger != nil {
 		wsp.logger.Info(&libpack_logger.LogMessage{
 			Message: "WebSocket connection established",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"connection_id":      connectionID,
 				"active_connections": wsp.activeConnections.Load(),
 			},
@@ -150,13 +150,13 @@ func (wsp *WebSocketProxy) handleConnection(ctx context.Context, clientConn *web
 		if wsp.logger != nil {
 			wsp.logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to read first message from client",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"connection_id": connectionID,
 					"error":         err.Error(),
 				},
 			})
 		}
-		clientConn.Close()
+		_ = clientConn.Close() // Best-effort cleanup
 		return
 	}
 
@@ -170,16 +170,16 @@ func (wsp *WebSocketProxy) handleConnection(ctx context.Context, clientConn *web
 		if wsp.logger != nil {
 			wsp.logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to connect to backend WebSocket",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"connection_id": connectionID,
 					"error":         err.Error(),
 				},
 			})
 		}
-		clientConn.Close()
+		_ = clientConn.Close() // Best-effort cleanup
 		return
 	}
-	defer backendConn.Close()
+	defer func() { _ = backendConn.Close() }() // Best-effort cleanup
 
 	// Forward the first message (connection_init) to backend
 	if err := backendConn.WriteMessage(messageType, message); err != nil {
@@ -187,7 +187,7 @@ func (wsp *WebSocketProxy) handleConnection(ctx context.Context, clientConn *web
 		if wsp.logger != nil {
 			wsp.logger.Error(&libpack_logger.LogMessage{
 				Message: "Failed to forward connection_init to backend",
-				Pairs: map[string]interface{}{
+				Pairs: map[string]any{
 					"connection_id": connectionID,
 					"error":         err.Error(),
 				},
@@ -199,7 +199,7 @@ func (wsp *WebSocketProxy) handleConnection(ctx context.Context, clientConn *web
 	if wsp.logger != nil {
 		wsp.logger.Debug(&libpack_logger.LogMessage{
 			Message: "Backend WebSocket connection established",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"connection_id":     connectionID,
 				"subprotocol":       backendConn.Subprotocol(),
 				"has_authorization": headers.Get("Authorization") != "",
@@ -231,7 +231,7 @@ func (wsp *WebSocketProxy) handleConnection(ctx context.Context, clientConn *web
 	if wsp.logger != nil {
 		wsp.logger.Info(&libpack_logger.LogMessage{
 			Message: "WebSocket connection closed",
-			Pairs: map[string]interface{}{
+			Pairs: map[string]any{
 				"connection_id":     connectionID,
 				"duration_seconds":  duration.Seconds(),
 				"messages_sent":     wsp.messagesSent.Load(),
@@ -258,7 +258,7 @@ func (wsp *WebSocketProxy) proxyClientToBackend(ctx context.Context, client *web
 					if wsp.logger != nil {
 						wsp.logger.Debug(&libpack_logger.LogMessage{
 							Message: "Client WebSocket closed normally",
-							Pairs: map[string]interface{}{
+							Pairs: map[string]any{
 								"connection_id": connectionID,
 							},
 						})
@@ -268,7 +268,7 @@ func (wsp *WebSocketProxy) proxyClientToBackend(ctx context.Context, client *web
 					if wsp.logger != nil {
 						wsp.logger.Error(&libpack_logger.LogMessage{
 							Message: "Error reading from client WebSocket",
-							Pairs: map[string]interface{}{
+							Pairs: map[string]any{
 								"connection_id": connectionID,
 								"error":         err.Error(),
 							},
@@ -286,7 +286,7 @@ func (wsp *WebSocketProxy) proxyClientToBackend(ctx context.Context, client *web
 				if wsp.logger != nil {
 					wsp.logger.Error(&libpack_logger.LogMessage{
 						Message: "Error writing to backend WebSocket",
-						Pairs: map[string]interface{}{
+						Pairs: map[string]any{
 							"connection_id": connectionID,
 							"error":         err.Error(),
 						},
@@ -298,7 +298,7 @@ func (wsp *WebSocketProxy) proxyClientToBackend(ctx context.Context, client *web
 			if wsp.logger != nil {
 				wsp.logger.Debug(&libpack_logger.LogMessage{
 					Message: "Message proxied to backend",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"connection_id": connectionID,
 						"message_type":  messageType,
 						"message_size":  len(message),
@@ -322,7 +322,7 @@ func (wsp *WebSocketProxy) proxyBackendToClient(ctx context.Context, backend *go
 					if wsp.logger != nil {
 						wsp.logger.Debug(&libpack_logger.LogMessage{
 							Message: "Backend WebSocket closed normally",
-							Pairs: map[string]interface{}{
+							Pairs: map[string]any{
 								"connection_id": connectionID,
 							},
 						})
@@ -332,7 +332,7 @@ func (wsp *WebSocketProxy) proxyBackendToClient(ctx context.Context, backend *go
 					if wsp.logger != nil {
 						wsp.logger.Error(&libpack_logger.LogMessage{
 							Message: "Error reading from backend WebSocket",
-							Pairs: map[string]interface{}{
+							Pairs: map[string]any{
 								"connection_id": connectionID,
 								"error":         err.Error(),
 							},
@@ -350,7 +350,7 @@ func (wsp *WebSocketProxy) proxyBackendToClient(ctx context.Context, backend *go
 				if wsp.logger != nil {
 					wsp.logger.Error(&libpack_logger.LogMessage{
 						Message: "Error writing to client WebSocket",
-						Pairs: map[string]interface{}{
+						Pairs: map[string]any{
 							"connection_id": connectionID,
 							"error":         err.Error(),
 						},
@@ -362,7 +362,7 @@ func (wsp *WebSocketProxy) proxyBackendToClient(ctx context.Context, backend *go
 			if wsp.logger != nil {
 				wsp.logger.Debug(&libpack_logger.LogMessage{
 					Message: "Message proxied to client",
-					Pairs: map[string]interface{}{
+					Pairs: map[string]any{
 						"connection_id": connectionID,
 						"message_type":  messageType,
 						"message_size":  len(message),
@@ -383,7 +383,7 @@ func (wsp *WebSocketProxy) extractAuthFromPayload(message []byte, originalHeader
 	}
 
 	// Try to parse as JSON to extract headers from payload
-	var msg map[string]interface{}
+	var msg map[string]any
 	if err := json.Unmarshal(message, &msg); err != nil {
 		// Not JSON or parse error, return original headers
 		return enrichedHeaders
@@ -397,13 +397,13 @@ func (wsp *WebSocketProxy) extractAuthFromPayload(message []byte, originalHeader
 	}
 
 	// Extract payload
-	payload, ok := msg["payload"].(map[string]interface{})
+	payload, ok := msg["payload"].(map[string]any)
 	if !ok {
 		return enrichedHeaders
 	}
 
 	// Try to extract headers from payload.headers (graphql-ws format)
-	if payloadHeaders, ok := payload["headers"].(map[string]interface{}); ok {
+	if payloadHeaders, ok := payload["headers"].(map[string]any); ok {
 		for key, value := range payloadHeaders {
 			if strValue, ok := value.(string); ok {
 				enrichedHeaders.Set(key, strValue)
@@ -462,8 +462,8 @@ func (wsp *WebSocketProxy) dialBackend(ctx context.Context, headers http.Header)
 }
 
 // GetStats returns WebSocket statistics
-func (wsp *WebSocketProxy) GetStats() map[string]interface{} {
+func (wsp *WebSocketProxy) GetStats() map[string]any {
-	return map[string]interface{}{
+	return map[string]any{
 		"enabled":            wsp.enabled,
 		"active_connections": wsp.activeConnections.Load(),
 		"total_connections":  wsp.totalConnections.Load(),