diff --git a/app/auth/jwt.py b/app/auth/jwt.py
index a3e7a03..a810b0f 100644
--- a/app/auth/jwt.py
+++ b/app/auth/jwt.py
@@ -31,7 +31,7 @@ def create_access_token(data: dict, expires_delta: timedelta | None = None) -> s
         }
     )
     return cast(
-        str,
+        "str",
         jwt.encode(
             to_encode,
             settings.jwt_secret_key or "dev-insecure",
@@ -52,7 +52,7 @@ def create_refresh_token(username: str) -> str:
         "aud": "neurobank-clients",
     }
     return cast(
-        str,
+        "str",
         jwt.encode(
             payload,
             settings.jwt_secret_key or "dev-insecure",
diff --git a/app/config.py b/app/config.py
index e238f7e..4099bb3 100644
--- a/app/config.py
+++ b/app/config.py
@@ -94,7 +94,8 @@ def __init__(self, **kwargs: object) -> None:
         # En modo test o CI, asegurar que tenemos una API key
         if is_testing and not self.api_key:
             self.api_key = "test_secure_key_for_testing_only_not_production"
-            logging.info(
+            logger = logging.getLogger(__name__)
+            logger.info(
                 "🔧 Auto-configured API_KEY for testing environment (CI=%s, GITHUB_ACTIONS=%s, ENVIRONMENT=%s)",
                 os.getenv("CI"),
                 os.getenv("GITHUB_ACTIONS"),
diff --git a/app/routers/operator.py b/app/routers/operator.py
index b5aeadc..a6af943 100644
--- a/app/routers/operator.py
+++ b/app/routers/operator.py
@@ -1,5 +1,4 @@
 from fastapi import APIRouter, Depends, Path
-from typing import Optional
 from pydantic import BaseModel, Field
 
 from app.auth.dependencies import get_current_user_flexible, verify_api_key
@@ -295,7 +294,7 @@ async def invoice(
     invoice_id: str = Path(
         ..., description="ID de la factura a generar", examples=["INV-2025-789012"]
     ),
-    data: Optional[InvoiceRequest] = None,
+    data: InvoiceRequest | None = None,
     _current_user: User | None = current_user_flexible_dep,
 ) -> InvoiceResponse:
     """
diff --git a/app/schemas.py b/app/schemas.py
index 1c1fde4..ef0e1ce 100644
--- a/app/schemas.py
+++ b/app/schemas.py
@@ -114,10 +114,13 @@ class Config:
 
 # ---------- Auth Schemas ----------
 
+# Token type constant (OAuth2 specification, not a secret)
+TOKEN_TYPE_BEARER = "bearer"  # noqa: S105
+
 
 class Token(BaseModel):
     access_token: str
-    token_type: str = "bearer"
+    token_type: str = TOKEN_TYPE_BEARER
     refresh_token: str | None = None