feat: typescript migration (#40)

* chore: initialize TypeScript configuration and build setup

- Add tsconfig.json for root and mcp-server with strict type checking
- Install typescript and @types/node as devDependencies
- Add npm build script for TypeScript compilation
- Update main entrypoint to compiled dist/shannon.js
- Update Dockerfile to build TypeScript before running
- Configure output directory and module resolution for Node.js

* refactor: migrate codebase from JavaScript to TypeScript

- Convert all 37 JavaScript files to TypeScript (.js -> .ts)
- Add type definitions in src/types/ for agents, config, errors, session
- Update mcp-server with proper TypeScript types
- Move entry point from shannon.mjs to src/shannon.ts
- Update tsconfig.json with rootDir: "./src" for cleaner dist output
- Update Dockerfile to build TypeScript before runtime
- Update package.json paths to use compiled dist/shannon.js

No runtime behavior changes - pure type safety migration.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: update CLI references from ./shannon.mjs to shannon

- Update help text in src/cli/ui.ts
- Update usage examples in src/cli/command-handler.ts
- Update setup message in src/shannon.ts
- Update CLAUDE.md documentation with TypeScript file structure
- Replace all ./shannon.mjs references with shannon command

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: remove unnecessary eslint-disable comments

ESLint is not configured in this project, making these comments redundant.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

src/types/agents.ts

@@ -0,0 +1,73 @@
+// Copyright (C) 2025 Keygraph, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+
+/**
+ * Agent type definitions
+ */
+
+export type AgentName =
+  | 'pre-recon'
+  | 'recon'
+  | 'injection-vuln'
+  | 'xss-vuln'
+  | 'auth-vuln'
+  | 'ssrf-vuln'
+  | 'authz-vuln'
+  | 'injection-exploit'
+  | 'xss-exploit'
+  | 'auth-exploit'
+  | 'ssrf-exploit'
+  | 'authz-exploit'
+  | 'report';
+
+export type PromptName =
+  | 'pre-recon-code'
+  | 'recon'
+  | 'vuln-injection'
+  | 'vuln-xss'
+  | 'vuln-auth'
+  | 'vuln-ssrf'
+  | 'vuln-authz'
+  | 'exploit-injection'
+  | 'exploit-xss'
+  | 'exploit-auth'
+  | 'exploit-ssrf'
+  | 'exploit-authz'
+  | 'report-executive';
+
+export type PlaywrightAgent =
+  | 'playwright-agent1'
+  | 'playwright-agent2'
+  | 'playwright-agent3'
+  | 'playwright-agent4'
+  | 'playwright-agent5';
+
+export type AgentValidator = (sourceDir: string) => Promise<boolean>;
+
+export type AgentValidatorMap = Record<AgentName, AgentValidator>;
+
+export type McpAgentMapping = Record<PromptName, PlaywrightAgent>;
+
+export type AgentPhase =
+  | 'pre-recon'
+  | 'recon'
+  | 'vuln'
+  | 'exploit'
+  | 'report';
+
+export interface AgentDefinition {
+  name: AgentName;
+  promptName: PromptName;
+  phase: AgentPhase;
+  dependencies?: AgentName[];
+}
+
+export type AgentStatus =
+  | 'pending'
+  | 'in_progress'
+  | 'completed'
+  | 'failed'
+  | 'rolled-back';

src/types/config.ts

@@ -0,0 +1,63 @@
+// Copyright (C) 2025 Keygraph, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+
+/**
+ * Configuration type definitions
+ */
+
+export type RuleType =
+  | 'path'
+  | 'subdomain'
+  | 'domain'
+  | 'method'
+  | 'header'
+  | 'parameter';
+
+export interface Rule {
+  description: string;
+  type: RuleType;
+  url_path: string;
+}
+
+export interface Rules {
+  avoid?: Rule[];
+  focus?: Rule[];
+}
+
+export type LoginType = 'form' | 'sso' | 'api' | 'basic';
+
+export type SuccessConditionType = 'url' | 'cookie' | 'element' | 'redirect';
+
+export interface SuccessCondition {
+  type: SuccessConditionType;
+  value: string;
+}
+
+export interface Credentials {
+  username: string;
+  password: string;
+  totp_secret?: string;
+}
+
+export interface Authentication {
+  login_type: LoginType;
+  login_url: string;
+  credentials: Credentials;
+  login_flow: string[];
+  success_condition: SuccessCondition;
+}
+
+export interface Config {
+  rules?: Rules;
+  authentication?: Authentication;
+  login?: unknown; // Deprecated
+}
+
+export interface DistributedConfig {
+  avoid: Rule[];
+  focus: Rule[];
+  authentication: Authentication | null;
+}

src/types/errors.ts

@@ -0,0 +1,49 @@
+// Copyright (C) 2025 Keygraph, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+
+/**
+ * Error type definitions
+ */
+
+export type PentestErrorType =
+  | 'config'
+  | 'network'
+  | 'tool'
+  | 'prompt'
+  | 'filesystem'
+  | 'validation'
+  | 'billing'
+  | 'unknown';
+
+export interface PentestErrorContext {
+  [key: string]: unknown;
+}
+
+export interface LogEntry {
+  timestamp: string;
+  context: string;
+  error: {
+    name: string;
+    message: string;
+    type: PentestErrorType;
+    retryable: boolean;
+    stack?: string;
+  };
+}
+
+export interface ToolErrorResult {
+  tool: string;
+  output: string;
+  status: 'error';
+  duration: number;
+  success: false;
+  error: Error;
+}
+
+export interface PromptErrorResult {
+  success: false;
+  error: Error;
+}

src/types/index.ts

@@ -0,0 +1,14 @@
+// Copyright (C) 2025 Keygraph, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+
+/**
+ * Type definitions barrel export
+ */
+
+export * from './errors.js';
+export * from './config.js';
+export * from './session.js';
+export * from './agents.js';

src/types/session.ts

@@ -0,0 +1,63 @@
+// Copyright (C) 2025 Keygraph, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+
+/**
+ * Session type definitions
+ */
+
+import type { AgentName, AgentStatus } from './agents.js';
+
+export type PhaseName =
+  | 'pre-reconnaissance'
+  | 'reconnaissance'
+  | 'vulnerability-analysis'
+  | 'exploitation'
+  | 'reporting';
+
+export interface AgentInfo {
+  name: AgentName;
+  displayName: string;
+  phase: PhaseName;
+  order: number;
+  prerequisites: AgentName[];
+}
+
+export type AgentDefinitions = Record<AgentName, AgentInfo>;
+
+export type PhaseDefinitions = Record<PhaseName, AgentName[]>;
+
+export interface AgentState {
+  status: AgentStatus;
+  startedAt?: string;
+  completedAt?: string;
+  error?: string;
+  attempts?: number;
+}
+
+export interface Session {
+  id: string;
+  targetUrl: string;
+  repoPath: string;
+  configPath?: string;
+  createdAt: string;
+  updatedAt: string;
+  completedAgents: AgentName[];
+  agentStates: Record<AgentName, AgentState>;
+  checkpoints: Record<AgentName, string>;
+}
+
+export interface SessionStore {
+  sessions: Record<string, Session>;
+}
+
+export interface SessionSummary {
+  id: string;
+  targetUrl: string;
+  repoPath: string;
+  createdAt: string;
+  completedAgents: number;
+  totalAgents: number;
+}