Fix TypeScript errors in sanitizeStats XSS security fix

[Copilot]

The sanitizeStats function introduced to fix code scanning alert #45 (client-side XSS) had incorrect field names and missing required properties, causing the TypeScript build to fail.

Changes

• sanitizeContextRefs: Added all missing ContextReferenceUsage fields (terminal, vscode, terminalLastCommand, terminalSelection, clipboard, changes, outputPanel, problemsPanel, byKind, copilotInstructions, agentsMd, byPath)
• Field name corrections: toolUsage → toolCalls, mcpToolUsage → mcpTools to match UsageAnalysisPeriod
• Extracted sanitizePeriod helper to eliminate duplication and add the missing sessions and modelSwitching fields per period
• UsageAnalysisStats object: Added required month and lastUpdated fields; removed erroneous repoAnalysis field not present in the type

const sanitizePeriod = (period: any): UsageAnalysisPeriod => ({
    sessions: coerceNumber(period?.sessions),
    modeUsage: sanitizeModeUsage(period?.modeUsage ?? {}),
    contextReferences: sanitizeContextRefs(period?.contextReferences ?? {}),
    toolCalls: { total: coerceNumber(period?.toolCalls?.total), byTool: period?.toolCalls?.byTool ?? {} },
    mcpTools: { ... },
    modelSwitching: period?.modelSwitching ?? { /* safe defaults */ },
});

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.