refactor: migrate vendor APIs to token-based context and consolidate architecture

## Vendor-in-Token Architecture (Complete Migration)
- Migrate all vendor API endpoints from require_vendor_context() to token_vendor_id
- Update permission dependencies to extract vendor from JWT token
- Add vendor exceptions: VendorAccessDeniedException, VendorOwnerOnlyException,
  InsufficientVendorPermissionsException
- Shop endpoints retain require_vendor_context() for URL-based detection
- Add AUTH-004 architecture rule enforcing vendor context patterns
- Fix marketplace router missing /marketplace prefix

## Exception Pattern Fixes (API-003/API-004)
- Services raise domain exceptions, endpoints let them bubble up
- Add code_quality and content_page exception modules
- Move business logic from endpoints to services (admin, auth, content_page)
- Fix exception handling in admin, shop, and vendor endpoints

## Tailwind CSS Consolidation
- Consolidate CSS to per-area files (admin, vendor, shop, platform)
- Remove shared/cdn-fallback.html and shared/css/tailwind.min.css
- Update all templates to use area-specific Tailwind output files
- Remove Node.js config (package.json, postcss.config.js, tailwind.config.js)

## Documentation & Cleanup
- Update vendor-in-token-architecture.md with completed migration status
- Update architecture-rules.md with new rules
- Move migration docs to docs/development/migration/
- Remove duplicate/obsolete documentation files
- Merge pytest.ini settings into pyproject.toml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/api/v1/vendor/profile.py

@@ -1,45 +1,54 @@
 # app/api/v1/vendor/profile.py
 """
 Vendor profile management endpoints.
+
+Vendor Context: Uses token_vendor_id from JWT token (authenticated vendor API pattern)
 """
 
 import logging
 
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends
 from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_vendor_api
 from app.core.database import get_db
+from app.exceptions import InsufficientPermissionsException, InvalidTokenException
 from app.services.vendor_service import vendor_service
-from middleware.vendor_context import require_vendor_context
 from models.database.user import User
-from models.database.vendor import Vendor
 from models.schema.vendor import VendorResponse, VendorUpdate
 
 router = APIRouter(prefix="/profile")
 logger = logging.getLogger(__name__)
 
 
+def _get_vendor_from_token(current_user: User, db: Session):
+    """Helper to get vendor from JWT token."""
+    if not hasattr(current_user, "token_vendor_id"):
+        raise InvalidTokenException("Token missing vendor information. Please login again.")
+    return vendor_service.get_vendor_by_id(db, current_user.token_vendor_id)
+
+
 @router.get("", response_model=VendorResponse)
 def get_vendor_profile(
-    vendor: Vendor = Depends(require_vendor_context()),
     current_user: User = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Get current vendor profile information."""
+    vendor = _get_vendor_from_token(current_user, db)
     return vendor
 
 
 @router.put("", response_model=VendorResponse)
 def update_vendor_profile(
     vendor_update: VendorUpdate,
-    vendor: Vendor = Depends(require_vendor_context()),
     current_user: User = Depends(get_current_vendor_api),
     db: Session = Depends(get_db),
 ):
     """Update vendor profile information."""
+    vendor = _get_vendor_from_token(current_user, db)
+
     # Verify user has permission to update vendor
     if not vendor_service.can_update_vendor(vendor, current_user):
-        raise HTTPException(status_code=403, detail="Insufficient permissions")
+        raise InsufficientPermissionsException(required_permission="vendor:profile:update")
 
     return vendor_service.update_vendor(db, vendor.id, vendor_update)