fixes save

docs/db/MIGRATION_STRATEGY.md

@@ -223,14 +223,61 @@ CREATE INDEX IF NOT EXISTS idx_schema_migrations_applied_at
 
 ## Module-Specific Schemas
 
-| Module | Schema | Lock Key | Tables |
-|--------|--------|----------|--------|
-| Authority | `auth` | `hashtext('auth')` | tenants, users, roles, tokens, sessions |
-| Scheduler | `scheduler` | `hashtext('scheduler')` | jobs, triggers, workers, locks |
-| Concelier | `vuln` | `hashtext('vuln')` | advisories, affected, aliases, sources |
-| Policy | `policy` | `hashtext('policy')` | packs, versions, rules, evaluations |
-| Notify | `notify` | `hashtext('notify')` | templates, channels, deliveries |
-| Excititor | `vex` | `hashtext('vex')` | statements, documents, products |
+Each module owns its database schema and controls its migrations independently.
+The owning WebService runs migrations automatically at startup.
+
+| Module | Schema | Owner WebService | Migration Style |
+|--------|--------|------------------|-----------------|
+| Authority | `auth` | Authority.WebService | Standard (NNN_) |
+| Concelier | `vuln` | Concelier.WebService | Standard (NNN_) |
+| Excititor | `vex` | Excititor.WebService | Standard (NNN_) |
+| Policy | `policy` | Policy.Gateway | Standard (NNN_) |
+| Scheduler | `scheduler` | Scheduler.WebService | Standard (NNN_) |
+| Notify | `notify` | Notify.WebService | Standard (NNN_) |
+| Scanner | `scanner` | Scanner.WebService | Standard (NNN_) |
+| Attestor | `proofchain` | Attestor.WebService | EF Core + SQL |
+| Signer | `signer` | Signer.WebService | EF Core + SQL |
+| Signals | `signals` | Signals | Flyway-style |
+| EvidenceLocker | `evidence` | EvidenceLocker.WebService | Standard (NNN_) |
+| ExportCenter | `export` | ExportCenter.WebService | Standard (NNN_) |
+| IssuerDirectory | `issuer` | IssuerDirectory.WebService | Standard (NNN_) |
+| Orchestrator | `orchestrator` | Orchestrator.WebService | Standard (NNN_) |
+| Findings | `findings` | Findings.Ledger.WebService | Standard (NNN_) |
+| VexHub | `vexhub` | VexHub.WebService | Standard (NNN_) |
+| BinaryIndex | `binaries` | Scanner.WebService | EF Core |
+| Unknowns | `unknowns` | Policy.Gateway | Standard (NNN_) |
+
+### Lock Key Computation
+
+Advisory lock keys are computed using a deterministic algorithm with a magic prefix
+to avoid collisions with other lock users:
+
+```csharp
+// High 32 bits: Magic prefix "Stel" (0x5374656C)
+// Low 32 bits: SHA256(schema_name)[0..4]
+long lockKey = (0x5374656C << 32) | SHA256(schema.ToLower())[0..4];
+```
+
+### Cross-Module Dependencies
+
+Some modules have soft dependencies on other schemas. These are handled with
+conditional DDL (e.g., `IF EXISTS`) to allow independent deployment:
+
+| Module | Depends On | Type | Description |
+|--------|------------|------|-------------|
+| Signer | Attestor | Soft | Optional FK to proofchain.trust_anchors |
+| Scanner | Concelier | Soft | Uses advisory linksets via API |
+| Policy | Concelier | Soft | Uses vulnerability data via API |
+| Policy | Excititor | Soft | Uses VEX data via API |
+
+### Migration Validation
+
+At startup, migrations are validated for:
+
+1. **Duplicate prefixes**: Multiple files with same number (e.g., two 009_.sql files) → ERROR
+2. **Non-standard naming**: Files not matching `NNN_description.sql` pattern → WARNING
+3. **Checksum mismatches**: Modified migration files → ERROR
+4. **Pending release migrations**: Category B migrations require manual execution → BLOCKS
 
 ## Release Workflow