refactor: extract services layer, Result type, and ErrorCode classification

- Add DI container (src/services/) with AgentExecutionService, ConfigLoaderService, and ExploitationCheckerService — pure domain logic with no Temporal dependencies
- Introduce Result<T, E> type and ErrorCode enum for code-based error classification in classifyErrorForTemporal, replacing scattered string matching
- Consolidate billing/spending cap detection into utils/billing-detection.ts with shared pattern lists across message-handlers, claude-executor, and error-handling
- Extract LogStream abstraction for append-only logging with backpressure, used by both AgentLogger and WorkflowLogger
- Simplify activities.ts from inline lifecycle logic to thin wrappers delegating to services, with heartbeat and error classification
- Expand config-parser with human-readable AJV errors, security validation, and rule type-specific checks

src/types/agents.ts

@@ -34,21 +34,6 @@ export const ALL_AGENTS = [
  */
 export type AgentName = typeof ALL_AGENTS[number];
 
-export type PromptName =
-  | 'pre-recon-code'
-  | 'recon'
-  | 'vuln-injection'
-  | 'vuln-xss'
-  | 'vuln-auth'
-  | 'vuln-ssrf'
-  | 'vuln-authz'
-  | 'exploit-injection'
-  | 'exploit-xss'
-  | 'exploit-auth'
-  | 'exploit-ssrf'
-  | 'exploit-authz'
-  | 'report-executive';
-
 export type PlaywrightAgent =
   | 'playwright-agent1'
   | 'playwright-agent2'
@@ -69,52 +54,6 @@ export interface AgentDefinition {
   name: AgentName;
   displayName: string;
   prerequisites: AgentName[];
-}
-
-/**
- * Maps an agent name to its corresponding prompt file name.
- */
-export function getPromptNameForAgent(agentName: AgentName): PromptName {
-  const mappings: Record<AgentName, PromptName> = {
-    'pre-recon': 'pre-recon-code',
-    'recon': 'recon',
-    'injection-vuln': 'vuln-injection',
-    'xss-vuln': 'vuln-xss',
-    'auth-vuln': 'vuln-auth',
-    'ssrf-vuln': 'vuln-ssrf',
-    'authz-vuln': 'vuln-authz',
-    'injection-exploit': 'exploit-injection',
-    'xss-exploit': 'exploit-xss',
-    'auth-exploit': 'exploit-auth',
-    'ssrf-exploit': 'exploit-ssrf',
-    'authz-exploit': 'exploit-authz',
-    'report': 'report-executive',
-  };
-
-  return mappings[agentName];
-}
-
-/**
- * Maps an agent name to its deliverable file path.
- * Must match mcp-server/src/types/deliverables.ts:DELIVERABLE_FILENAMES
- */
-export function getDeliverablePath(agentName: AgentName, repoPath: string): string {
-  const deliverableMap: Record<AgentName, string> = {
-    'pre-recon': 'code_analysis_deliverable.md',
-    'recon': 'recon_deliverable.md',
-    'injection-vuln': 'injection_analysis_deliverable.md',
-    'xss-vuln': 'xss_analysis_deliverable.md',
-    'auth-vuln': 'auth_analysis_deliverable.md',
-    'ssrf-vuln': 'ssrf_analysis_deliverable.md',
-    'authz-vuln': 'authz_analysis_deliverable.md',
-    'injection-exploit': 'injection_exploitation_evidence.md',
-    'xss-exploit': 'xss_exploitation_evidence.md',
-    'auth-exploit': 'auth_exploitation_evidence.md',
-    'ssrf-exploit': 'ssrf_exploitation_evidence.md',
-    'authz-exploit': 'authz_exploitation_evidence.md',
-    'report': 'comprehensive_security_assessment_report.md',
-  };
-
-  const filename = deliverableMap[agentName];
-  return `${repoPath}/deliverables/${filename}`;
+  promptTemplate: string;
+  deliverableFilename: string;
 }