fix: add background task to onboarding order sync + migrate to GitLab

Onboarding fixes:
- Add missing background task trigger for order sync (step 4)
- Import process_historical_import task in onboarding API

GitLab migration:
- Update audit rules to support both GitHub and GitLab paths
- Add .gitlab-ci.yml with lint, test, security, build stages
- Add merge request template (.gitlab/merge_request_templates/default.md)
- Update validate_audit.py to check for GitLab equivalents

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

scripts/validate_audit.py

@@ -265,22 +265,27 @@ class AuditValidator(BaseValidator):
                 str(self.project_root),
             )
 
-        # Check CI/CD exists
-        ci_workflow = self.project_root / ".github" / "workflows" / "ci.yml"
-        if not ci_workflow.exists():
+        # Check CI/CD exists (GitHub or GitLab)
+        github_ci = self.project_root / ".github" / "workflows" / "ci.yml"
+        gitlab_ci = self.project_root / ".gitlab-ci.yml"
+        if not github_ci.exists() and not gitlab_ci.exists():
             self.add_warning(
                 "COMP-EVID-001",
                 "CI workflow for automated testing recommended",
-                ".github/workflows/ci.yml",
+                ".gitlab-ci.yml or .github/workflows/ci.yml",
             )
 
-        # Check code review process
-        pr_template = self.project_root / ".github" / "PULL_REQUEST_TEMPLATE.md"
-        if not pr_template.exists():
+        # Check code review process (GitHub or GitLab)
+        github_pr_template = self.project_root / ".github" / "PULL_REQUEST_TEMPLATE.md"
+        gitlab_mr_templates = self.project_root / ".gitlab" / "merge_request_templates"
+        has_mr_template = github_pr_template.exists() or (
+            gitlab_mr_templates.exists() and any(gitlab_mr_templates.iterdir())
+        )
+        if not has_mr_template:
             self.add_warning(
                 "COMP-POL-001",
-                "Pull request template recommended for code review",
-                ".github/PULL_REQUEST_TEMPLATE.md",
+                "Merge request template recommended for code review",
+                ".gitlab/merge_request_templates/ or .github/PULL_REQUEST_TEMPLATE.md",
             )
 
     # ==================
@@ -367,13 +372,19 @@ class AuditValidator(BaseValidator):
                 "pyproject.toml",
             )
 
-        # Check for Dependabot
+        # Check for dependency scanning (GitHub Dependabot or GitLab)
         dependabot = self.project_root / ".github" / "dependabot.yml"
-        if not dependabot.exists():
+        gitlab_ci = self.project_root / ".gitlab-ci.yml"
+        has_dep_scanning = dependabot.exists()
+        if not has_dep_scanning and gitlab_ci.exists():
+            # Check if GitLab CI includes dependency scanning
+            ci_content = gitlab_ci.read_text()
+            has_dep_scanning = "dependency_scanning" in ci_content.lower()
+        if not has_dep_scanning:
             self.add_info(
                 "THIRD-VULN-002",
-                "Consider enabling Dependabot for security updates",
-                ".github/dependabot.yml",
+                "Consider enabling dependency scanning for security updates",
+                ".gitlab-ci.yml (include dependency_scanning) or .github/dependabot.yml",
             )
 
         # Check for insecure package sources