Infrastructure Upgrade: PNPM Migration (#5)

* chore: migrate from npm to pnpm (Phase 1)

- Enable corepack with packageManager field (pnpm@10.27.0)

- Generate pnpm-lock.yaml from package-lock.json

- Add explicit zod dependency (phantom dep exposed by pnpm strict mode)

- Add MCPServer type annotation to fix TS2742 inference error

- Update CI workflow to use pnpm/action-setup

* refactor: clean up Server type annotation in index.ts

* security: implement supply chain protections

- Add minimumReleaseAge (24h) and store integrity checks in pnpm-workspace.yaml

- Enforce pnpm usage via only-allow preinstall script

- Add pnpm audit to CI workflow

- Resolve known vulnerabilities in @modelcontextprotocol/sdk and vitest/esbuild

Author: PatrickSys

.github/workflows/test.yml

@@ -11,10 +11,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+      
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 10
+
       - uses: actions/setup-node@v4
         with:
           node-version: '20'
-          cache: 'npm'
-      - run: npm ci
-      - run: npm run build
-      - run: npm test
+          cache: 'pnpm'
+
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm audit
+      - run: pnpm build
+      - run: pnpm test