docs consolidation

docs/modules/signer/architecture.md

@@ -41,7 +41,7 @@
 * **Fulcio** (Sigstore) *or* **KMS/HSM**: to obtain certs or perform signatures.
 * **OCI Registry (Referrers API)**: to verify **scanner** image release signature.
 * **Attestor**: downstream service that writes DSSE bundles to **Rekor v2**.
-* **Config/state stores**: Redis (caches, rate buckets), PostgreSQL (audit log).
+* **Config/state stores**: Valkey (caches, rate buckets), PostgreSQL (audit log).
 
 ---
 
@@ -191,7 +191,7 @@ sequenceDiagram
 **DPoP nonce dance (when enabled for high‑value ops):**
 
 * If DPoP proof lacks a valid nonce, Signer replies `401` with `WWW-Authenticate: DPoP error="use_dpop_nonce", dpop_nonce="<nonce>"`.
-* Client retries with new proof including the nonce; Signer validates nonce and `jti` uniqueness (Redis TTL cache).
+* Client retries with new proof including the nonce; Signer validates nonce and `jti` uniqueness (Valkey TTL cache).
 
 ---
 
@@ -210,7 +210,7 @@ sequenceDiagram
 * **Enforcements**:
 
   * Reject if **revoked**, **expired**, **plan mismatch** or **release outside window** (`stellaops_version` in predicate exceeds `max_version` or release date beyond `valid_release_year`).
-  * Apply plan **throttles** (QPS/concurrency/artifact bytes) via token‑bucket in Redis keyed by `license_id`.
+  * Apply plan **throttles** (QPS/concurrency/artifact bytes) via token‑bucket in Valkey keyed by `license_id`.
 
 ---
 
@@ -277,7 +277,7 @@ Per `license_id` (from PoE):
 
 ## 10) Storage & caches
 
-* **Redis**:
+* **Valkey**:
 
   * DPoP nonce & `jti` replay cache (TTL ≤ 10 min).
   * PoE introspection cache (short TTL, e.g., 60–120 s).
@@ -399,7 +399,7 @@ signer:
 ## 16) Deployment & HA
 
 * Run ≥ 2 replicas; front with L7 LB; **sticky** not required.
-* Redis for replay/quota caches (HA).
+* Valkey for replay/quota caches (HA).
 * Audit sink (PostgreSQL) in primary region; asynchronous write with local fallback buffer.
 * Fulcio/KMS clients configured with retries/backoff; circuit breakers.