feat: Implement approvals workflow and notifications integration

- Added approvals orchestration with persistence and workflow scaffolding.
- Integrated notifications insights and staged resume hooks.
- Introduced approval coordinator and policy notification bridge with unit tests.
- Added approval decision API with resume requeue and persisted plan snapshots.
- Documented the Excitor consensus API beta and provided JSON sample payload.
- Created analyzers to flag usage of deprecated merge service APIs.
- Implemented logging for artifact uploads and approval decision service.
- Added tests for PackRunApprovalDecisionService and related components.

src/Concelier/StellaOps.Concelier.WebService/Program.cs

@@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Globalization;
@@ -98,9 +99,36 @@ builder.Services.AddConcelierLinksetMappers();
 builder.Services.AddAdvisoryRawServices();
 builder.Services.AddSingleton<IAdvisoryObservationQueryService, AdvisoryObservationQueryService>();
 
-builder.Services.AddMergeModule(builder.Configuration);
+var features = concelierOptions.Features ?? new ConcelierOptions.FeaturesOptions();
+
+if (!features.NoMergeEnabled)
+{
+#pragma warning disable CS0618, CONCELIER0001, CONCELIER0002 // Legacy merge service is intentionally supported behind a feature toggle.
+    builder.Services.AddMergeModule(builder.Configuration);
+#pragma warning restore CS0618, CONCELIER0001, CONCELIER0002
+}
+
 builder.Services.AddJobScheduler();
 builder.Services.AddBuiltInConcelierJobs();
+builder.Services.PostConfigure<JobSchedulerOptions>(options =>
+{
+    if (features.NoMergeEnabled)
+    {
+        options.Definitions.Remove("merge:reconcile");
+        return;
+    }
+
+    if (features.MergeJobAllowlist is { Count: > 0 })
+    {
+        var allowMergeJob = features.MergeJobAllowlist.Any(value =>
+            string.Equals(value, "merge:reconcile", StringComparison.OrdinalIgnoreCase));
+
+        if (!allowMergeJob)
+        {
+            options.Definitions.Remove("merge:reconcile");
+        }
+    }
+});
 builder.Services.AddSingleton<OpenApiDiscoveryDocumentProvider>();
 
 builder.Services.AddSingleton<ServiceStatus>(sp => new ServiceStatus(sp.GetRequiredService<TimeProvider>()));
@@ -183,7 +211,7 @@ if (authorityConfigured)
     builder.Services.AddAuthorization(options =>
     {
         options.AddStellaOpsScopePolicy(JobsPolicyName, concelierOptions.Authority.RequiredScopes.ToArray());
-        options.AddStellaOpsScopePolicy(ObservationsPolicyName, StellaOpsScopes.VulnRead);
+        options.AddStellaOpsScopePolicy(ObservationsPolicyName, StellaOpsScopes.VulnView);
         options.AddStellaOpsScopePolicy(AdvisoryIngestPolicyName, StellaOpsScopes.AdvisoryIngest);
         options.AddStellaOpsScopePolicy(AdvisoryReadPolicyName, StellaOpsScopes.AdvisoryRead);
         options.AddStellaOpsScopePolicy(AocVerifyPolicyName, StellaOpsScopes.AdvisoryRead, StellaOpsScopes.AocVerify);
@@ -197,6 +225,11 @@ builder.Services.AddEndpointsApiExplorer();
 
 var app = builder.Build();
 
+if (features.NoMergeEnabled)
+{
+    app.Logger.LogWarning("Legacy merge module disabled via concelier:features:noMergeEnabled; Link-Not-Merge mode active.");
+}
+
 var resolvedConcelierOptions = app.Services.GetRequiredService<IOptions<ConcelierOptions>>().Value;
 var resolvedAuthority = resolvedConcelierOptions.Authority ?? new ConcelierOptions.AuthorityOptions();
 authorityConfigured = resolvedAuthority.Enabled;