Fix TypeScript compilation errors (Phase 1) (#79)

Merge critical fixes: SSH validation, data loss prevention, security updates, simplified README

This merge includes 7 commits with critical bug fixes and improvements:
- SSH key validation enforcement (security fix)
- Data persistence by default (UX fix)
- Security vulnerability fixes (3 CVEs)
- Simplified README documentation
- Comprehensive testing infrastructure
- TypeScript compilation fixes
- First-run success improvements

Author: remyluslosius

.gitignore

@@ -403,13 +403,12 @@ $RECYCLE.BIN/
 .nfs*
 
 # ======================================
-# TEST AND DOCUMENTATION DIRECTORIES - NEVER COMMIT
+# TEST DIRECTORIES - NEVER COMMIT
 # ======================================
 
-# Project-specific test and documentation directories
+# Project-specific test directories
 /test/
 /tests/
-/docs/
 backend/test/
 backend/tests/
 frontend/test/
@@ -597,7 +596,7 @@ test_comprehensive*.py
 
 # Test report and summary files
 *_TEST_REPORT.md
-*_SUMMARY.md
+*_TEST_SUMMARY.md
 COMPREHENSIVE_TEST_REPORT.md
 TROUBLESHOOTING_SUMMARY.md
 gitignore_recommendations.md
@@ -694,4 +693,22 @@ scripts/*phase*.py
 
 # Demo and phase files
 *phase*.py
-*demo*.py
+*demo*.py
+# ======================================
+# TEMPORARY AND DEBUG FILES
+# ======================================
+
+# Debug logs in docs
+docs/log_*.txt
+docs/*-output
+docs/*-log
+docs/*.log
+
+# Temporary CLI fix scripts
+backend/app/cli/*_fixed.py
+backend/app/cli/*_backup.py
+backend/app/cli/*_temp.py
+
+# Installation/migration outputs
+*-installation-output
+*-migration-output

DATA_LOSS_FIX_SUMMARY.md

@@ -0,0 +1,241 @@
+# Data Loss Fix Summary
+
+## Problem
+
+User reported all configuration data disappeared after running:
+```bash
+./stop-openwatch.sh
+./start-openwatch.sh --force-build --runtime docker
+```
+
+All hosts, system credentials, and compliance rules were lost, despite Docker volumes being properly configured.
+
+## Root Cause
+
+The `stop-openwatch.sh` script defaulted to **CLEAN_MODE=true**, which executed:
+```bash
+docker-compose down --volumes --remove-orphans
+```
+
+This deleted all Docker volumes, including:
+- `openwatch_postgres_data` - User accounts, hosts, scan history
+- `openwatch_mongodb_data` - Compliance rules (1,387 SCAP rules)
+- `openwatch_app_data` - Uploaded SCAP content and scan results
+
+**Critical code (line 21 of stop-openwatch.sh):**
+```bash
+CLEAN_MODE=${OPENWATCH_CLEAN_STOP:-true}  # Default to clean stop for development
+```
+
+The script was designed for rapid development iteration, but users expected "stop" to preserve data.
+
+## Solution
+
+Changed default behavior from **destructive** to **safe**:
+
+### Changes to stop-openwatch.sh
+
+1. **Changed default to safe mode** (line 21):
+```bash
+# Before:
+CLEAN_MODE=${OPENWATCH_CLEAN_STOP:-true}  # Default to clean stop for development
+
+# After:
+CLEAN_MODE=${OPENWATCH_CLEAN_STOP:-false}  # Default to SAFE stop - preserves data
+```
+
+2. **Added prominent warnings** when clean mode is active:
+```bash
+log_warning "⚠️  CLEAN MODE: Will DELETE ALL DATA (volumes will be removed)"
+log_warning "⚠️  This includes hosts, credentials, scan results, and SCAP content"
+```
+
+3. **Updated help documentation** to clarify safe vs clean behavior
+
+4. **Updated default messaging**:
+```bash
+log_info "Safe mode: Stopping containers but preserving data volumes"
+log_info "Use OPENWATCH_CLEAN_STOP=true for clean development environment"
+```
+
+### New Behavior
+
+**Safe stop (default):**
+```bash
+./stop-openwatch.sh
+# Containers stopped, data preserved
+```
+
+**Clean stop (explicit):**
+```bash
+OPENWATCH_CLEAN_STOP=true ./stop-openwatch.sh
+# Containers stopped, ALL DATA DELETED
+```
+
+**Nuclear option (unchanged):**
+```bash
+./stop-openwatch.sh --deep-clean
+# Removes containers, volumes, networks, orphans
+```
+
+## Documentation
+
+Created comprehensive documentation:
+
+1. **docs/DATA_PERSISTENCE.md** - Complete guide covering:
+   - Volume mappings and data storage
+   - Safe vs clean mode comparison
+   - Common scenarios with examples
+   - Troubleshooting data issues
+   - Backup procedures
+   - Best practices
+
+2. **README.md updates**:
+   - Added warning about data preservation
+   - Updated container runtime examples
+   - Added "Data disappeared after restart" troubleshooting section
+
+## Testing
+
+Verified changes:
+```bash
+# Test help message
+./stop-openwatch.sh --help
+# ✅ Shows safe mode as default
+# ✅ Shows warnings about data deletion
+# ✅ Shows correct usage examples
+
+# Test safe mode
+./stop-openwatch.sh
+# ✅ Shows "Safe mode: Preserving data volumes"
+# ✅ Does NOT pass --volumes to docker-compose
+
+# Test clean mode
+OPENWATCH_CLEAN_STOP=true ./stop-openwatch.sh
+# ✅ Shows "CLEAN MODE: Will DELETE ALL DATA"
+# ✅ Shows warning about data types
+```
+
+## Impact
+
+**Positive:**
+- Users' data will be preserved across restarts
+- Principle of least surprise - "stop" no longer deletes data
+- Explicit opt-in required for destructive operations
+- Clear warnings when data will be deleted
+
+**Neutral:**
+- Developers need to use `OPENWATCH_CLEAN_STOP=true` for clean environments
+- Adds one extra step for development workflow
+- Disk space usage may increase (volumes not automatically cleaned)
+
+**No Breaking Changes:**
+- All existing flags still work (`--simple`, `--deep-clean`)
+- Environment variable still works (just inverted default)
+- Docker volume behavior unchanged
+- Container runtime detection unchanged
+
+## User Impact
+
+**For the reporting user:**
+- Data already lost (must re-enter hosts, credentials, SCAP content)
+- Future restarts will preserve data
+- Update to latest `stop-openwatch.sh` via `git pull`
+
+**For all users:**
+- Safer default behavior prevents accidental data loss
+- Must explicitly request data deletion
+- Better matches user expectations
+
+## Migration Notes
+
+**Scripts that relied on automatic cleanup:**
+
+Before:
+```bash
+./stop-openwatch.sh  # Deleted all data
+```
+
+After (equivalent behavior):
+```bash
+OPENWATCH_CLEAN_STOP=true ./stop-openwatch.sh  # Deletes all data
+```
+
+**Scripts that preserved data:**
+
+Before:
+```bash
+./stop-openwatch.sh --simple  # Preserved data
+```
+
+After (unchanged):
+```bash
+./stop-openwatch.sh           # Preserves data (now default)
+./stop-openwatch.sh --simple  # Also preserves data (unchanged)
+```
+
+## Verification Checklist
+
+- [x] Default mode changed from clean to safe
+- [x] Warnings added for destructive operations
+- [x] Help text updated with correct examples
+- [x] Documentation created (DATA_PERSISTENCE.md)
+- [x] README updated with troubleshooting
+- [x] Tested help message output
+- [x] Verified volume preservation behavior
+- [x] No breaking changes to existing flags
+- [x] Environment variable behavior inverted but working
+
+## Files Changed
+
+1. `stop-openwatch.sh` - 5 edits to default behavior and messaging
+2. `docs/DATA_PERSISTENCE.md` - New comprehensive guide (350+ lines)
+3. `README.md` - Updated container runtime section and troubleshooting
+4. `DATA_LOSS_FIX_SUMMARY.md` - This document
+
+## Commit Message
+
+```
+Fix data loss: Change stop-openwatch.sh default to safe mode
+
+BREAKING CHANGE for development workflows:
+- Default behavior now PRESERVES data volumes (was: delete)
+- Must use OPENWATCH_CLEAN_STOP=true for clean development environment
+
+Problem:
+Users reported all data (hosts, credentials, SCAP content) disappeared
+after running ./stop-openwatch.sh. Root cause: script defaulted to
+CLEAN_MODE=true which runs "docker-compose down --volumes".
+
+Solution:
+- Changed CLEAN_MODE default from true to false
+- Added prominent warnings when clean mode is active
+- Updated help text to clarify safe vs destructive behavior
+- Created comprehensive DATA_PERSISTENCE.md documentation
+
+Impact:
+- Safe by default: "stop" no longer deletes data
+- Explicit opt-in required for destructive operations
+- Principle of least surprise: matches user expectations
+
+Migration:
+Old: ./stop-openwatch.sh                    # Deleted data
+New: OPENWATCH_CLEAN_STOP=true ./stop-openwatch.sh  # Equivalent
+
+Files changed:
+- stop-openwatch.sh: Default to safe mode with warnings
+- docs/DATA_PERSISTENCE.md: Complete data persistence guide
+- README.md: Updated usage examples and troubleshooting
+- DATA_LOSS_FIX_SUMMARY.md: Technical documentation
+
+🤖 Generated with Claude Code
+Co-Authored-By: Claude <noreply@anthropic.com>
+```
+
+## Lessons Learned
+
+1. **Default to safe** - Destructive operations should require explicit opt-in
+2. **Warn prominently** - Critical operations need visual warnings
+3. **Document behavior** - Users need clear documentation of data handling
+4. **Test user assumptions** - "Stop" should not delete data
+5. **Fail safe** - Better to waste disk space than lose user data