Eliminate legacy gateway container (consolidate into router-gateway)

The gateway service was a redundant deployment of the same
StellaOps.Gateway.WebService binary already running as router-gateway.
It served no unique purpose — all traffic is handled by router-gateway
(slot 0). This removes the container, its route table entries, nginx
proxy blocks, health/quota stubs, and redirects STELLAOPS_GATEWAY_URL
to router.stella-ops.local so the Angular frontend resolves API base
URLs through the canonical frontdoor.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

devops/compose/docker-compose.stella-ops.yml

@@ -410,7 +410,7 @@ services:
       STELLAOPS_ROUTER_URL: "http://router.stella-ops.local"
       STELLAOPS_PLATFORM_URL: "http://platform.stella-ops.local"
       STELLAOPS_AUTHORITY_URL: "http://authority.stella-ops.local"
-      STELLAOPS_GATEWAY_URL: "http://gateway.stella-ops.local"
+      STELLAOPS_GATEWAY_URL: "http://router.stella-ops.local"
       STELLAOPS_ATTESTOR_URL: "http://attestor.stella-ops.local"
       STELLAOPS_EVIDENCELOCKER_URL: "http://evidencelocker.stella-ops.local"
       STELLAOPS_SCANNER_URL: "http://scanner.stella-ops.local"
@@ -535,38 +535,7 @@ services:
       <<: *healthcheck-tcp
     labels: *release-labels
 
-  # --- Slot 3: Gateway -------------------------------------------------------
-  gateway:
-    <<: *resources-light
-    image: stellaops/gateway:dev
-    container_name: stellaops-gateway
-    restart: unless-stopped
-    depends_on: *depends-infra
-    environment:
-      ASPNETCORE_URLS: "http://+:80;http://+:8080"
-      <<: [*kestrel-cert, *router-microservice-defaults, *gc-light]
-      ConnectionStrings__Default: *postgres-connection
-      ConnectionStrings__Redis: "cache.stella-ops.local:6379"
-      Gateway__Auth__DpopEnabled: "false"
-      Gateway__Auth__Authority__Issuer: "https://authority.stella-ops.local/"
-      Gateway__Auth__Authority__RequireHttpsMetadata: "false"
-      Router__Enabled: "${GATEWAY_ROUTER_ENABLED:-true}"
-      Router__Messaging__ConsumerGroup: "gateway"
-    volumes:
-      - *cert-volume
-      - *ca-bundle
-      - *ca-bundle
-    ports:
-      - "127.1.0.5:80:80"
-    networks:
-      stellaops:
-        aliases:
-          - gateway.stella-ops.local
-      frontdoor: {}
-    healthcheck:
-      test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
-      <<: *healthcheck-tcp
-    labels: *release-labels
+  # --- Slot 3: (removed — Gateway consolidated into Router Gateway, slot 0) ---
 
   # --- Slot 4: Attestor ------------------------------------------------------
   attestor:

devops/compose/hosts.stellaops.local

@@ -12,7 +12,6 @@
 127.1.0.2  router.stella-ops.local
 127.1.0.3  platform.stella-ops.local
 127.1.0.4  authority.stella-ops.local
-127.1.0.5  gateway.stella-ops.local
 127.1.0.6  attestor.stella-ops.local
 127.1.0.7  evidencelocker.stella-ops.local
 127.1.0.8  scanner.stella-ops.local

devops/compose/openapi_routeprefix_smoke_microservice.csv

@@ -75,7 +75,6 @@
 "Microservice","/jwks","https://authority.stella-ops.local/jwks","/","200"
 "Microservice","/authority","https://authority.stella-ops.local/authority","/authority/audit/airgap","401"
 "Microservice","/console","https://authority.stella-ops.local/console","/console/filters","401"
-"Microservice","/gateway","http://gateway.stella-ops.local",,
 "Microservice","/scanner","http://scanner.stella-ops.local","/scanner/api/v1/agents","401"
 "Microservice","/policyGateway","http://policy-gateway.stella-ops.local","/policyGateway","302"
 "Microservice","/policyEngine","http://policy-engine.stella-ops.local","/policyEngine","302"

devops/compose/openapi_routeprefix_smoke_reverseproxy.csv

@@ -78,7 +78,6 @@
 "ReverseProxy","/console","https://authority.stella-ops.local/console","/console/vex","404"
 "ReverseProxy","/rekor","http://rekor.stella-ops.local:3322",,
 "ReverseProxy","/envsettings.json","http://platform.stella-ops.local/platform/envsettings.json","/","200"
-"ReverseProxy","/gateway","http://gateway.stella-ops.local",,
 "ReverseProxy","/scanner","http://scanner.stella-ops.local",,
 "ReverseProxy","/policyGateway","http://policy-gateway.stella-ops.local",,
 "ReverseProxy","/policyEngine","http://policy-engine.stella-ops.local",,

devops/compose/router-gateway-local.json

@@ -599,11 +599,6 @@
                                        "TranslatesTo":  "http://platform.stella-ops.local/platform/envsettings.json",
                                        "PreserveAuthHeaders":  true
                                    },
-                                   {
-                                       "Type":  "Microservice",
-                                       "Path":  "/gateway",
-                                       "TranslatesTo":  "http://gateway.stella-ops.local"
-                                   },
                                    {
                                        "Type":  "Microservice",
                                        "Path":  "/scanner",

devops/compose/router-gateway-local.reverseproxy.json

@@ -591,11 +591,6 @@
                                        "Path":  "/envsettings.json",
                                        "TranslatesTo":  "http://platform.stella-ops.local/platform/envsettings.json"
                                    },
-                                   {
-                                       "Type":  "ReverseProxy",
-                                       "Path":  "/gateway",
-                                       "TranslatesTo":  "http://gateway.stella-ops.local"
-                                   },
                                    {
                                        "Type":  "ReverseProxy",
                                        "Path":  "/scanner",