Update docs, sprint plans, and compose configuration

Add 12 new sprint files (Integrations, Graph, JobEngine, FE, Router,
AdvisoryAI), archive completed scheduler UI sprint, update module
architecture docs (router, graph, jobengine, web, integrations),
and add Gitea entrypoint script for local dev.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

devops/compose/docker-compose.integrations.yml

@@ -8,12 +8,16 @@
 #   The main stellaops network must exist (started via docker-compose.stella-ops.yml).
 #
 # Usage:
-#   # Start all integration services
+#   # Start the default low-idle integration lane
 #   docker compose -f devops/compose/docker-compose.integrations.yml up -d
 #
 #   # Start specific services only
 #   docker compose -f devops/compose/docker-compose.integrations.yml up -d gitea jenkins vault
 #
+#   # Start optional higher-idle providers only when needed
+#   docker compose -f devops/compose/docker-compose.integrations.yml --profile consul up -d consul
+#   docker compose -f devops/compose/docker-compose.integrations.yml --profile heavy up -d gitlab
+#
 #   # Start integration services + mock fixtures together
 #   docker compose \
 #     -f devops/compose/docker-compose.integrations.yml \
@@ -42,8 +46,8 @@ networks:
 volumes:
   gitea-data:
     name: stellaops-gitea-data
-  gitea-db:
-    name: stellaops-gitea-db
+  gitea-config:
+    name: stellaops-gitea-config
   jenkins-data:
     name: stellaops-jenkins-data
   nexus-data:
@@ -60,6 +64,8 @@ volumes:
     name: stellaops-gitlab-data
   gitlab-logs:
     name: stellaops-gitlab-logs
+  consul-data:
+    name: stellaops-consul-data
 
 services:
   # ===========================================================================
@@ -67,39 +73,49 @@ services:
   # ===========================================================================
   # Integration type: SCM (Gitea provider)
   # URL: http://gitea.stella-ops.local:3000
-  # Admin: stellaops / Stella2026!
+  # Admin: stellaops / Stella2026! (fresh volumes auto-bootstrap on container start)
   # API: http://gitea.stella-ops.local:3000/api/v1
   # ===========================================================================
   gitea:
     image: gitea/gitea:1.22-rootless
     container_name: stellaops-gitea
     restart: unless-stopped
+    entrypoint: ["/bin/sh", "/stellaops-gitea-entrypoint.sh"]
     ports:
       - "127.1.2.1:3000:3000"
       - "127.1.2.1:2222:2222"
     environment:
       - GITEA__database__DB_TYPE=sqlite3
+      - GITEA__database__PATH=/var/lib/gitea/data/gitea.db
       - GITEA__server__ROOT_URL=http://gitea.stella-ops.local:3000
       - GITEA__server__DOMAIN=gitea.stella-ops.local
       - GITEA__server__HTTP_PORT=3000
       - GITEA__server__SSH_PORT=2222
       - GITEA__server__SSH_DOMAIN=gitea.stella-ops.local
-      - GITEA__service__DISABLE_REGISTRATION=false
+      - GITEA__service__DISABLE_REGISTRATION=true
       - GITEA__service__REQUIRE_SIGNIN_VIEW=false
       - GITEA__actions__ENABLED=true
       - GITEA__api__ENABLE_SWAGGER=true
       - GITEA__security__INSTALL_LOCK=true
       - GITEA__security__SECRET_KEY=stellaops-dev-secret-key-2026
       - GITEA__security__INTERNAL_TOKEN=stellaops-internal-token-2026-dev
+      - GITEA_LOCAL_ADMIN_USERNAME=stellaops
+      - GITEA_LOCAL_ADMIN_PASSWORD=Stella2026!
+      - GITEA_LOCAL_ADMIN_EMAIL=stellaops@gitea.stella-ops.local
     volumes:
       - gitea-data:/var/lib/gitea
-      - gitea-db:/var/lib/gitea/db
+      - gitea-config:/etc/gitea
+      - ./scripts/gitea-entrypoint.sh:/stellaops-gitea-entrypoint.sh:ro
     networks:
       stellaops:
         aliases:
           - gitea.stella-ops.local
     healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://localhost:3000/api/v1/version || exit 1"]
+      test:
+        [
+          "CMD-SHELL",
+          "wget -qO- http://localhost:3000/api/v1/version >/dev/null 2>&1 && test -f /var/lib/gitea/data/.local-admin-ready"
+        ]
       interval: 30s
       timeout: 10s
       retries: 5
@@ -114,7 +130,7 @@ services:
   # ===========================================================================
   # Integration type: CI/CD (Jenkins provider)
   # URL: http://jenkins.stella-ops.local:8080
-  # Admin: admin / Stella2026!
+  # Auth: anonymous access by default; create an admin user manually if you need authenticated API flows
   # API: http://jenkins.stella-ops.local:8080/api/json
   # ===========================================================================
   jenkins:
@@ -297,8 +313,12 @@ services:
   # ===========================================================================
   # Integration type: Secrets Manager (Consul provider)
   # URL: http://consul.stella-ops.local:8500
-  # No auth (dev mode)
+  # No auth (single-node local mode)
   # API: http://consul.stella-ops.local:8500/v1/status/leader
+  #
+  # Profile: consul - opt in only when validating the Consul connector.
+  # Runs as a single-node local server with the UI enabled. This preserves
+  # the HTTP KV surface while avoiding the higher idle CPU cost of `agent -dev`.
   # ===========================================================================
   consul:
     image: hashicorp/consul:1.19
@@ -306,21 +326,25 @@ services:
     restart: unless-stopped
     ports:
       - "127.1.2.8:8500:8500"
-    command: agent -dev -client=0.0.0.0
+    command: agent -server -bootstrap-expect=1 -ui -client=0.0.0.0 -data-dir=/consul/data -log-level=warn
+    volumes:
+      - consul-data:/consul/data
     networks:
       stellaops:
         aliases:
           - consul.stella-ops.local
     healthcheck:
       test: ["CMD-SHELL", "consul members || exit 1"]
-      interval: 15s
+      interval: 60s
       timeout: 5s
       retries: 5
       start_period: 10s
     labels:
       com.stellaops.integration: "secrets"
       com.stellaops.provider: "consul"
-      com.stellaops.profile: "integrations"
+      com.stellaops.profile: "integrations-optional"
+    profiles:
+      - consul
 
   # ===========================================================================
   # GITLAB CE — Full Git SCM + CI/CD + Container Registry (optional, heavy)
@@ -332,7 +356,10 @@ services:
   # Requires: ~4 GB RAM, ~2 min startup
   #
   # Profile: heavy — only start when explicitly requested:
-  #   docker compose -f docker-compose.integrations.yml up -d gitlab
+  #   docker compose -f docker-compose.integrations.yml --profile heavy up -d gitlab
+  #
+  # Local defaults bias for lower idle CPU. SCM/API coverage remains available,
+  # while registry/KAS extras stay disabled unless you opt in via env vars.
   # ===========================================================================
   gitlab:
     image: gitlab/gitlab-ce:17.8.1-ce.0
@@ -348,12 +375,20 @@ services:
         gitlab_rails['initial_root_password'] = 'Stella2026!'
         gitlab_rails['gitlab_shell_ssh_port'] = 2224
         registry_external_url 'http://gitlab.stella-ops.local:5050'
-        registry['enable'] = true
+        registry['enable'] = ${GITLAB_ENABLE_REGISTRY:-false}
+        registry_nginx['enable'] = ${GITLAB_ENABLE_REGISTRY:-false}
+        gitlab_kas['enable'] = false
         prometheus_monitoring['enable'] = false
-        sidekiq['max_concurrency'] = 5
-        puma['workers'] = 2
-        puma['min_threads'] = 1
-        puma['max_threads'] = 2
+        gitlab_rails['usage_ping_enabled'] = false
+        gitlab_rails['runners_registration_enabled'] = false
+        gitlab_rails['packages_enabled'] = ${GITLAB_ENABLE_PACKAGES:-false}
+        sidekiq['concurrency'] = ${GITLAB_SIDEKIQ_CONCURRENCY:-2}
+        sidekiq['metrics_enabled'] = false
+        sidekiq['health_checks_enabled'] = false
+        puma['worker_processes'] = ${GITLAB_PUMA_WORKERS:-1}
+        puma['min_threads'] = ${GITLAB_PUMA_MIN_THREADS:-1}
+        puma['max_threads'] = ${GITLAB_PUMA_MAX_THREADS:-2}
+        nginx['worker_processes'] = 1
         postgresql['shared_buffers'] = '128MB'
         gitlab_rails['env'] = { 'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000' }
     volumes: