refactor(graph): absorb Cartographer into graph-api + wire Graph Indexer

- Wire Graph Indexer library + Persistence into graph-api (csproj refs + DI)
- Add build/overlay endpoints matching Scheduler HTTP contracts
  (POST/GET /api/graphs/builds, POST/GET /api/graphs/overlays)
- Add PostgresGraphRepository for reading from graph.graph_nodes/edges
- Register SBOM ingest, analytics, change-stream, and inspector pipelines
- Comment out Cartographer container in compose (empty shell, Slot 21)
- Add cartographer.stella-ops.local as backwards-compat alias on graph-api
- Update Scheduler config to target graph.stella-ops.local
- Update services-matrix.env, hosts file, port-registry, module-matrix
- Update component-map, architecture docs, Scanner/Graph READMEs
- Eliminates 1 container (stellaops-cartographer)

All 133 existing tests pass (77 Api + 37 Indexer + 19 Core).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/technical/architecture/component-map.md

@@ -16,8 +16,8 @@ Concise descriptions of every top-level component under `src/`, summarising the
 - **SbomService** — SBOM inventory store and delta cache leveraged by Scanner, Policy Engine, Cartographer, and Export Center (`docs/modules/scanner/architecture.md`, SBOM sections). 
 - **RiskEngine** — Consolidates Policy verdicts, runtime signals, and graph overlays into prioritised risk views (`docs/modules/policy/architecture.md`, `docs/modules/graph/architecture.md`). 
 - **Findings** — Materialises effective findings from Policy Engine outputs and evidence. Feeds UI, CLI, Notify, and Governance dashboards (`docs/modules/policy/architecture.md`, findings sections). 
-- **Cartographer** — Builds identity graphs from SBOM/advisory data for Graph Explorer and RiskEngine (`docs/modules/graph/architecture.md`). 
-- **Graph** — Graph API + indexer, exposing relationship queries to UI/CLI/Scheduler (`docs/modules/graph/architecture.md`). 
+- **Cartographer** — _(merged into Graph API)_ Builds identity graphs from SBOM/advisory data. Endpoints now served by `src/Graph/StellaOps.Graph.Api` (`docs/modules/graph/architecture.md`). 
+- **Graph** — Graph API + indexer + Cartographer endpoints, exposing relationship queries and build/overlay operations to UI/CLI/Scheduler (`docs/modules/graph/architecture.md`). 
 - **VulnExplorer** — _(merged into Findings Ledger)_ Explorer for vulnerabilities that combines Concelier data, graph overlays, and Policy results for UI/CLI consumption. Endpoints now served by `src/Findings/StellaOps.Findings.Ledger.WebService`. 
 
 ## Policy & Governance

docs/technical/architecture/module-matrix.md

@@ -27,7 +27,7 @@ The solution contains **46 top-level modules** in `src/`. The architecture docum
 | Integration | 5 | CLI, Zastava, Web, API, Registry |
 | Infrastructure | 6 | Cryptography, Telemetry, Graph, Signals, AirGap, AOC |
 | Testing & Benchmarks | 2 | Benchmark, Bench |
-| Utility & Internal | 6+ | Cartographer, Findings, SrmRemote, Tools, PluginBinaries, etc. |
+| Utility & Internal | 5+ | Findings, SrmRemote, Tools, PluginBinaries, etc. (Cartographer merged into Graph API) |
 
 ---
 
@@ -54,7 +54,7 @@ The solution contains **46 top-level modules** in `src/`. The architecture docum
 
 | Module | Path | Purpose | WebService | Worker | Storage |
 |--------|------|---------|------------|--------|---------|
-| **Scanner** | `src/Scanner/` | Container scanning with SBOM generation (11 language analyzers), call graphs. Includes Cartographer (Sprint 201). | Yes | Yes | PostgreSQL (`scanner`) + RustFS |
+| **Scanner** | `src/Scanner/` | Container scanning with SBOM generation (11 language analyzers), call graphs. Cartographer retired (merged into Graph API). | Yes | Yes | PostgreSQL (`scanner`) + RustFS |
 | **BinaryIndex** | `src/BinaryIndex/` | Binary identity extraction and fingerprinting. Includes Symbols (Sprint 202). | Yes | No | PostgreSQL |
 | **AdvisoryAI** | `src/AdvisoryAI/` | AI-assisted advisory analysis and summarization. Includes OpsMemory (Sprint 213). | Yes | No | PostgreSQL |
 | **ReachGraph** | `src/ReachGraph/` | Reachability graph service, CVE reachability analysis | Yes | No | PostgreSQL |

docs/technical/architecture/port-registry.md

@@ -36,7 +36,7 @@ This page focuses on deterministic slot/port allocation and may include legacy o
 | 18 | 10180 | 10181 | ~~TaskRunner~~ (removed) | `taskrunner.stella-ops.local` | _removed_ | _removed_ |
 | 19 | 10190 | 10191 | Scheduler | `scheduler.stella-ops.local` | `src/JobEngine/StellaOps.Scheduler.WebService` | `STELLAOPS_SCHEDULER_URL` |
 | 20 | 10200 | 10201 | Graph API | `graph.stella-ops.local` | `src/Graph/StellaOps.Graph.Api` | `STELLAOPS_GRAPH_URL` |
-| 21 | 10210 | 10211 | Cartographer | `cartographer.stella-ops.local` | `src/Scanner/StellaOps.Scanner.Cartographer` | `STELLAOPS_CARTOGRAPHER_URL` |
+| 21 | 10210 | 10211 | _(Cartographer merged into Graph API)_ | `cartographer.stella-ops.local` (alias) | _(see Graph API)_ | `STELLAOPS_CARTOGRAPHER_URL` |
 | 22 | 10220 | 10221 | ReachGraph | `reachgraph.stella-ops.local` | `src/ReachGraph/StellaOps.ReachGraph.WebService` | `STELLAOPS_REACHGRAPH_URL` |
 | 23 | 10230 | 10231 | _(Timeline Indexer merged into Timeline)_ | `timelineindexer.stella-ops.local` (alias) | _(see Timeline)_ | `STELLAOPS_TIMELINEINDEXER_URL` |
 | 24 | 10240 | 10241 | Timeline | `timeline.stella-ops.local` | `src/Timeline/StellaOps.Timeline.WebService` | `STELLAOPS_TIMELINE_URL` |
@@ -131,7 +131,8 @@ Add the following to your hosts file (`C:\Windows\System32\drivers\etc\hosts` on
 # 127.1.0.18 taskrunner.stella-ops.local  # REMOVED
 127.1.0.19 scheduler.stella-ops.local
 127.1.0.20 graph.stella-ops.local
-127.1.0.21 cartographer.stella-ops.local
+# 127.1.0.21 cartographer.stella-ops.local  # RETIRED: merged into graph-api (alias on 127.1.0.20)
+127.1.0.20 cartographer.stella-ops.local
 127.1.0.22 reachgraph.stella-ops.local
 127.1.0.23 timelineindexer.stella-ops.local
 127.1.0.24 timeline.stella-ops.local