fix: critical production hardening — retry, logging, security, error boundary, settings validation

CRITICAL FIXES:
- Add retry logic with exponential backoff to provider client (3 retries, 1s/3s/8s delays)
- Add structured logging framework (~/.localcode/logs/) with levels (debug/info/warn/error)
- Enforce blocked commands in shell executor — prevents dangerous commands like 'rm -rf /'
- Add ErrorBoundary to App.tsx — React errors no longer crash the entire terminal UI
- Fix session save to be synchronous instead of fire-and-forget setTimeout

HIGH PRIORITY FIXES:
- Remove 14 dead dependencies (node-pty, axios, zod, opentelemetry, lodash, ws, glob, node-fetch)
  Reduces install size by ~10x, 0 vulnerabilities
- Fix plugin loader for Windows paths using pathToFileURL instead of manual file:// URLs
- Add settings validation — corrupt settings files no longer crash the app
- Add settings caching (5s TTL) — avoids re-reading from disk on every getSetting call
- Add sessionFiles cleanup method to prevent memory leak in tool executor
- Add maxBuffer (10MB) to shell command execution

MEDIUM PRIORITY FIXES:
- Add logging to tool executor, plugin loader, and settings manager
- Fix getSettingsSummary to handle partial settings without throwing
- Add logger import to provider client for retry logging

Author: thegreatalxx

dist/bin/localcode.js

@@ -19,5 +19,14 @@ export declare class ToolExecutor {
     getSessionFiles(): Record<string, string>;
     undoLastChange(): string | null;
     unifiedDiff(filePath: string): string | null;
+    /**
+     * Clear tracked session files to free memory.
+     * Call this after a session is saved or compacted.
+     */
+    clearSessionFiles(): void;
+    /**
+     * Get the number of tracked session files.
+     */
+    getSessionFileCount(): number;
 }
 //# sourceMappingURL=executor.d.ts.map