Remove develop branch references from CI, compose, env, and docs
now that all development uses trunk-based workflow on main.
- CI: remove develop branch filters and dev tag logic
- Compose: default IMAGE_TAG from dev to latest
- Env: update IMAGE_TAG default and comments
- Docs: update branching strategy, PR targets, and image tag docs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace single build.yml with split pipelines per the CI/CD guide:
- api.yml: API with postgres, prisma, Trivy scan
- web.yml: Web with Trivy scan
- orchestrator.yml: Orchestrator with Trivy scan
- coordinator.yml: Python with ruff/mypy/bandit/pip-audit/Trivy
- infra.yml: postgres + openbao builds with Trivy
Adds path filtering (only affected packages rebuild), Trivy container
scanning for all images, and scoped per-package quality gates.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds automated code quality and security review pipeline that runs on
pull requests using OpenAI Codex with structured output schemas.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
