fix: TypeScript and config fixes for dev server + testing/docs

[Agbasimere]

Summary

Resolves TypeScript compilation and config issues so the app can run with npm run dev. Also adds testing setup and docs from earlier work.
Closes #156

Changes

TypeScript / runtime fixes

• app.ts: Corrected imports (security, auth, upload, EventBus, logger, rate limiter, swagger, apiVersioning, cacheRoutes, CacheInitializer), single default export, EventBus as default import, logger error context typing.
• tsconfig.json: Added at project root with esModuleInterop, allowSyntheticDefaultImports; include types/**/*.d.ts.
• middleware/rateLimiter.ts: Typed sendCommand for rate-limit-redis (RedisReply, rest params); guard for optional clientIP; Express Request augmentation for suspicious (and triple-slash reference).
• middleware/advancedRateLimiter.ts: Same sendCommand + RedisReply pattern for RedisStore.
• middleware/abuseDetection.ts: Early return when clientIP is missing so checkSuspiciousPatterns receives a string.
• middleware/auditMiddleware.ts: Logger error context: pass { error: toError(error) } instead of raw unknown.
• services/logger.ts: rTracer.id() cast to string | undefined for LogContext.
• services/errorTracking.ts: Sentry Express integration app: undefined; captureMessage 2-arg form with options object.
• services/performanceMonitoring.ts: duration as number in logger context; optional chaining for metric.memoryUsage; avgResponseTime variable name; durationMs for display where needed.
• services/analytics.ts: Call updateSessionActivity only when event.sessionId is defined.
• services/AuditService.ts: toError() helper for catch blocks; non-null assertions for audit client getters after ensureInitialized.
• services/FileStorageService.ts: Removed preview from Document create (not in Prisma schema).
• databases/clients/auditClient.ts: Client null check for $on; logger error context with normalized Error.
• src/config/swagger.ts: Added swagger-jsdoc; apis list limited to file paths to avoid EISDIR.
• controllers/AnalyticsController.ts: Import from ../services/AnalyticsService.
• controllers/RateLimitController.ts: Renamed duplicate export to getNotificationBreachHistory.
• routes/rateLimitRoutes.ts: Typed (req: Request, res: Response) for route handlers.
• services/AdvancedRateLimitService.ts: userRole cast to UserRole for ROLE_BASED_MULTIPLIERS index.
• services/APIKeyManagementService.ts: Prisma import from ../src/config/prismaClient (replacing non-existent user-service).
• types/express.d.ts: Added suspicious?: boolean to Express Request.

Dependencies

• Added swagger-jsdoc, @types/swagger-jsdoc, @types/swagger-ui-express.

Note

npm run dev may still require environment setup (e.g. Redis, DB URLs). The “Failed to load retention policies” log is a known runtime message when the audit DB is not configured. Any remaining TS or runtime issues can be fixed in follow-up.