chore: polish analytics API logging and typing

web/src/server.ts

@@ -60,7 +60,7 @@ export async function createWebServer(config: WebServerConfig = {}): Promise<Web
     let statsBroadcastInterval: Timer | undefined;
 
     // Cache for activity stats (heavy aggregation)
-    let activityPromise: Promise<any> | null = null;
+    let activityPromise: Promise<import("@shared/modules/dashboard/dashboard.types").ActivityData[]> | null = null;
     let lastActivityFetch: number = 0;
     const ACTIVITY_CACHE_TTL = 5 * 60 * 1000; // 5 minutes
 
@@ -108,6 +108,7 @@ export async function createWebServer(config: WebServerConfig = {}): Promise<Web
                     const { env } = await import("@shared/lib/env");
                     const authHeader = req.headers.get("Authorization");
                     if (authHeader !== `Bearer ${env.ADMIN_TOKEN}`) {
+                        console.warn(`⚠️ [API] Unauthorized activity analytics access attempt from ${req.headers.get("x-forwarded-for") || "unknown"}`);
                         return new Response("Unauthorized", { status: 401 });
                     }