chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates

Bundled pre-session doc + ops work: - docs/modules/**: sync across advisory-ai, airgap, cli, excititor, export-center, findings-ledger, notifier, notify, platform, router, sbom-service, ui, web (architectural + operational updates) - docs/features/**: updates to checked excititor vex pipeline, developer workspace, quick verify drawer - docs top-level: README, quickstart, API_CLI_REFERENCE, UI_GUIDE, code-of-conduct/TESTING_PRACTICES updates - docs/qa/feature-checks/: FLOW.md + excititor state update - docs/implplan/: remaining sprint updates + new Concelier source credentials sprint (SPRINT_20260422_003) - docs-archived/implplan/: 30 sprint archival moves (ElkSharp series, misc completed sprints) - devops/compose: .env + services compose + env example + router gateway config updates File-level granularity preserved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:06:39 +03:00
parent ad77711ac2
commit 7943cfb3af
121 changed files with 10483 additions and 387 deletions
--- a/docs/modules/platform/architecture.md
+++ b/docs/modules/platform/architecture.md
@@ -14,6 +14,7 @@ This module aggregates cross-cutting contracts and guardrails that every StellaO
 - **AOC & provenance**: services ingest evidence without mutating/merging; provenance preserved; determinism required.
 - **Offline posture**: Offline Kit parity, sealed-mode defaults, deterministic bundles.
 - **Platform Service**: aggregation endpoints for health, quotas, onboarding, preferences, and global search.
+- **Compatibility truthfulness**: Platform-owned aliases may aggregate or proxy real module contracts, but Platform must not ship synthetic notify admin payloads or fabricated quota/report data on live runtime routes.
 - **Observability baseline**: metrics/logging/tracing patterns reused across modules; collectors documented under Telemetry module.
 - **Determinism**: stable ordering, UTC timestamps, content-addressed artifacts, reproducible exports.

@@ -46,7 +47,7 @@ Current implementation status (2026-03-05):
 - `RiskEngine`: Postgres-backed result store (`riskengine.risk_score_results`) with explicit in-memory test fallback.
 - `Replay`: Postgres snapshot index + seed-fs snapshot blob store; startup rejects `inmemory` outside `Testing`, rejects `rustfs`, and rejects unknown object-store drivers.
 - `OpsMemory`: connection precedence aligned to `ConnectionStrings:OpsMemory -> ConnectionStrings:Default`, with non-development fail-fast.
- `Platform`: Postgres-backed platform-owned state (`platform.*`, `release.*`) with explicit `Testing`-only in-memory fallback; startup rejects missing `Platform:Storage:PostgresConnectionString` outside `Testing`.
+- `Platform`: Postgres-backed platform-owned state (`platform.*`, `release.*`); startup rejects missing `Platform:Storage:PostgresConnectionString` outside `Testing`, and in-memory stores are injected only by explicit `Testing` harnesses.

 ## Platform Runtime Read-Model Boundary Policy (Point 4 / Sprint 20260305-005)

--- a/docs/modules/platform/platform-service.md
+++ b/docs/modules/platform/platform-service.md
@@ -38,6 +38,9 @@ Provide a single, deterministic aggregation layer for cross-service UX workflows
 - GET `/api/v1/platform/quotas/tenants/{tenantId}`
 - GET `/api/v1/platform/quotas/alerts`
 - POST `/api/v1/platform/quotas/alerts`
+- Legacy `/api/v1/authority/quotas/*` compatibility paths are served only from `PlatformEndpoints`; Platform no longer maps a second synthetic quota compatibility host.
+- `POST /api/v1/authority/quotas/reports` and `GET /api/v1/authority/quotas/reports/{reportId}` now fail closed until a durable report/export backend exists.
+- `/api/v1/jobengine/quotas` and `/api/v1/jobengine/quotas/summary` now return `501 Not Implemented` instead of fabricated JobEngine quota payloads.

 ### Onboarding
 - GET `/api/v1/platform/onboarding/status`
@@ -82,6 +85,12 @@ Provide a single, deterministic aggregation layer for cross-service UX workflows
 - Platform hosts `/api/v2/scripts*` against the real Release Orchestrator scripts backend on both runtime branches: direct library/schema binding when Platform has the scripts PostgreSQL connection, and an HTTP proxy to the owning Release Orchestrator WebApi when it does not.
 - The scripts facade no longer falls back to a local in-memory catalog; list/count/detail/version/validation/compatibility flows all resolve against the owning Release Orchestrator service or schema.

+### Notification admin routing
+- Platform no longer serves synthetic `/api/v1/notify/*` admin compatibility payloads for quiet-hours, throttles, escalation, localization, or digest schedule management.
+- Core notify toolkit flows remain on `/api/v1/notify/*` through the owning Notify surface.
+- Advanced notification admin flows are owned by the Notifier frontdoor `/api/v1/notifier/*`, which maps onto the service-local `/api/v2/notify/*` runtime.
+- Digest schedule CRUD remains unsupported in the live runtime; the Web console must present that surface as unavailable rather than fabricate records.
+
 ## API surface (v2)

 ### Global context
@@ -166,7 +175,7 @@ Provide a single, deterministic aggregation layer for cross-service UX workflows
 - `release.topology_workflow_inventory` (workflow template projection for topology routes)
 - `release.topology_gate_profile_inventory` (gate profile projection bound to region/environment inventory)
 - `release.topology_sync_watermarks` (projection synchronization watermark state for deterministic replay/cutover checks)
- Schema reference: `docs/db/schemas/platform.sql` (PostgreSQL; in-memory stores are `Testing`-only harnesses).
+- Schema reference: `docs/db/schemas/platform.sql` (PostgreSQL; the live host owns only durable stores, while `Testing` harnesses inject any required in-memory stores explicitly).

 ## Dependencies
 - Authority (tenant/user identity, quotas, RBAC)