feat: Add GitHub Actions CI for PR protection

- Add CI workflow with Python (ruff lint, security tests) and UI (ESLint, TypeScript, build) jobs
- Add ruff, mypy, pytest to requirements.txt
- Add pyproject.toml with ruff configuration
- Fix import sorting across Python files (ruff --fix)
- Fix test_security.py expectations to match actual security policy
- Remove invalid 'eof' command from ALLOWED_COMMANDS

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

server/services/assistant_chat_session.py

@@ -20,9 +20,8 @@ from typing import AsyncGenerator, Optional
 from claude_agent_sdk import ClaudeAgentOptions, ClaudeSDKClient
 
 from .assistant_database import (
-    create_conversation,
     add_message,
-    get_conversation,
+    create_conversation,
 )
 
 logger = logging.getLogger(__name__)

server/services/assistant_database.py

@@ -11,8 +11,8 @@ from datetime import datetime
 from pathlib import Path
 from typing import Optional
 
-from sqlalchemy import create_engine, Column, Integer, String, Text, DateTime, ForeignKey
-from sqlalchemy.orm import sessionmaker, relationship, declarative_base
+from sqlalchemy import Column, DateTime, ForeignKey, Integer, String, Text, create_engine
+from sqlalchemy.orm import declarative_base, relationship, sessionmaker
 
 logger = logging.getLogger(__name__)
 

server/services/process_manager.py

@@ -14,11 +14,10 @@ import sys
 import threading
 from datetime import datetime
 from pathlib import Path
-from typing import Literal, Callable, Awaitable, Set
+from typing import Awaitable, Callable, Literal, Set
 
 import psutil
 
-
 logger = logging.getLogger(__name__)
 
 # Patterns for sensitive data that should be redacted from output

server/services/spec_chat_session.py

@@ -6,7 +6,6 @@ Manages interactive spec creation conversation with Claude.
 Uses the create-spec.md skill to guide users through app spec creation.
 """
 
-import asyncio
 import json
 import logging
 import shutil