feat: production hardening — encryption, whitelist security, integration tests, coverage, error handling

CRITICAL SECURITY FIXES:
- Encrypt stored credentials with AES-256-GCM (machine-specific key)
- Replace blocklist with whitelist-based command security
- Allowed commands: git, npm, node, python, ls, cat, grep, find, echo, etc.
- Unknown commands require explicit approval
- Blocked patterns: eval(), exec(), rm -rf /, curl|sh, fork bombs, etc.

CODE QUALITY:
- Remove ALL silent error swallowing (30 instances replaced with proper logging)
- Added logger imports to all files that needed them
- Removed placeholder files (state.json, mcp.json)
- Added vitest.config.ts with coverage thresholds (60% lines, 50% branches)
- Added @vitest/coverage-v8 dependency

TESTING:
- Created comprehensive E2E integration tests (41 new tests)
- Tests cover: tool executor, security whitelist, encryption, session manager,
  settings manager, rate limiter, MCP manager, file lock, plugin loader
- Total: 403 tests across 13 test files, 100% pass rate
- Coverage enforcement in CI workflow

CI/CD:
- Updated CI to run tests with coverage
- Upload coverage reports as artifacts
- Updated release workflow with coverage step

All changes maintain backward compatibility.

Author: thegreatalxx

.github/workflows/ci.yml

@@ -32,8 +32,15 @@ jobs:
       - name: Build
         run: npm run build
 
-      - name: Run tests
-        run: npm test
+      - name: Run tests with coverage
+        run: npm run test:coverage
+
+      - name: Upload coverage report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: coverage-report
+          path: coverage/
 
       - name: Verify dist output
         run: |