refactor: migrate vendor APIs to token-based context and consolidate architecture

## Vendor-in-Token Architecture (Complete Migration)
- Migrate all vendor API endpoints from require_vendor_context() to token_vendor_id
- Update permission dependencies to extract vendor from JWT token
- Add vendor exceptions: VendorAccessDeniedException, VendorOwnerOnlyException,
  InsufficientVendorPermissionsException
- Shop endpoints retain require_vendor_context() for URL-based detection
- Add AUTH-004 architecture rule enforcing vendor context patterns
- Fix marketplace router missing /marketplace prefix

## Exception Pattern Fixes (API-003/API-004)
- Services raise domain exceptions, endpoints let them bubble up
- Add code_quality and content_page exception modules
- Move business logic from endpoints to services (admin, auth, content_page)
- Fix exception handling in admin, shop, and vendor endpoints

## Tailwind CSS Consolidation
- Consolidate CSS to per-area files (admin, vendor, shop, platform)
- Remove shared/cdn-fallback.html and shared/css/tailwind.min.css
- Update all templates to use area-specific Tailwind output files
- Remove Node.js config (package.json, postcss.config.js, tailwind.config.js)

## Documentation & Cleanup
- Update vendor-in-token-architecture.md with completed migration status
- Update architecture-rules.md with new rules
- Move migration docs to docs/development/migration/
- Remove duplicate/obsolete documentation files
- Merge pytest.ini settings into pyproject.toml

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/exceptions/__init__.py

@@ -14,7 +14,9 @@ from .admin import (
     CannotModifySelfException,
     ConfirmationRequiredException,
     InvalidAdminActionException,
+    UserCannotBeDeletedException,
     UserNotFoundException,
+    UserRoleChangeException,
     UserStatusChangeException,
     VendorVerificationException,
 )
@@ -44,6 +46,17 @@ from .base import (
     WizamartException,
 )
 
+# Code quality exceptions
+from .code_quality import (
+    InvalidViolationStatusException,
+    ScanExecutionException,
+    ScanNotFoundException,
+    ScanParseException,
+    ScanTimeoutException,
+    ViolationNotFoundException,
+    ViolationOperationException,
+)
+
 # Cart exceptions
 from .cart import (
     CartItemNotFoundException,
@@ -155,13 +168,16 @@ from .team import (
 
 # Vendor exceptions
 from .vendor import (
+    InsufficientVendorPermissionsException,
     InvalidVendorDataException,
     MaxVendorsReachedException,
     UnauthorizedVendorAccessException,
+    VendorAccessDeniedException,
     VendorAlreadyExistsException,
     VendorNotActiveException,
     VendorNotFoundException,
     VendorNotVerifiedException,
+    VendorOwnerOnlyException,
     VendorValidationException,
 )
 
@@ -245,13 +261,16 @@ __all__ = [
     "InvalidQuantityException",
     "LocationNotFoundException",
     # Vendor exceptions
-    "VendorNotFoundException",
-    "VendorAlreadyExistsException",
-    "VendorNotActiveException",
-    "VendorNotVerifiedException",
-    "UnauthorizedVendorAccessException",
+    "InsufficientVendorPermissionsException",
     "InvalidVendorDataException",
     "MaxVendorsReachedException",
+    "UnauthorizedVendorAccessException",
+    "VendorAccessDeniedException",
+    "VendorAlreadyExistsException",
+    "VendorNotActiveException",
+    "VendorNotFoundException",
+    "VendorNotVerifiedException",
+    "VendorOwnerOnlyException",
     "VendorValidationException",
     # Vendor Domain
     "VendorDomainNotFoundException",
@@ -334,4 +353,12 @@ __all__ = [
     "InvalidAdminActionException",
     "BulkOperationException",
     "ConfirmationRequiredException",
+    # Code quality exceptions
+    "ViolationNotFoundException",
+    "ScanNotFoundException",
+    "ScanExecutionException",
+    "ScanTimeoutException",
+    "ScanParseException",
+    "ViolationOperationException",
+    "InvalidViolationStatusException",
 ]

app/exceptions/admin.py

@@ -236,3 +236,37 @@ class VendorVerificationException(BusinessLogicException):
             error_code="VENDOR_VERIFICATION_FAILED",
             details=details,
         )
+
+
+class UserCannotBeDeletedException(BusinessLogicException):
+    """Raised when a user cannot be deleted due to ownership constraints."""
+
+    def __init__(self, user_id: int, reason: str, owned_count: int = 0):
+        details = {
+            "user_id": user_id,
+            "reason": reason,
+        }
+        if owned_count > 0:
+            details["owned_companies_count"] = owned_count
+
+        super().__init__(
+            message=f"Cannot delete user {user_id}: {reason}",
+            error_code="USER_CANNOT_BE_DELETED",
+            details=details,
+        )
+
+
+class UserRoleChangeException(BusinessLogicException):
+    """Raised when user role cannot be changed."""
+
+    def __init__(self, user_id: int, current_role: str, target_role: str, reason: str):
+        super().__init__(
+            message=f"Cannot change user {user_id} role from {current_role} to {target_role}: {reason}",
+            error_code="USER_ROLE_CHANGE_FAILED",
+            details={
+                "user_id": user_id,
+                "current_role": current_role,
+                "target_role": target_role,
+                "reason": reason,
+            },
+        )

app/exceptions/code_quality.py

@@ -0,0 +1,95 @@
+# app/exceptions/code_quality.py
+"""
+Code Quality Domain Exceptions
+
+These exceptions are raised by the code quality service layer
+and converted to HTTP responses by the global exception handler.
+"""
+
+from app.exceptions.base import (
+    BusinessLogicException,
+    ExternalServiceException,
+    ResourceNotFoundException,
+    ValidationException,
+)
+
+
+class ViolationNotFoundException(ResourceNotFoundException):
+    """Raised when a violation is not found."""
+
+    def __init__(self, violation_id: int):
+        super().__init__(
+            resource_type="Violation",
+            identifier=str(violation_id),
+            error_code="VIOLATION_NOT_FOUND",
+        )
+
+
+class ScanNotFoundException(ResourceNotFoundException):
+    """Raised when a scan is not found."""
+
+    def __init__(self, scan_id: int):
+        super().__init__(
+            resource_type="Scan",
+            identifier=str(scan_id),
+            error_code="SCAN_NOT_FOUND",
+        )
+
+
+class ScanExecutionException(ExternalServiceException):
+    """Raised when architecture scan execution fails."""
+
+    def __init__(self, reason: str):
+        super().__init__(
+            service_name="ArchitectureValidator",
+            message=f"Scan execution failed: {reason}",
+            error_code="SCAN_EXECUTION_FAILED",
+        )
+
+
+class ScanTimeoutException(ExternalServiceException):
+    """Raised when architecture scan times out."""
+
+    def __init__(self, timeout_seconds: int = 300):
+        super().__init__(
+            service_name="ArchitectureValidator",
+            message=f"Scan timed out after {timeout_seconds} seconds",
+            error_code="SCAN_TIMEOUT",
+        )
+
+
+class ScanParseException(BusinessLogicException):
+    """Raised when scan results cannot be parsed."""
+
+    def __init__(self, reason: str):
+        super().__init__(
+            message=f"Failed to parse scan results: {reason}",
+            error_code="SCAN_PARSE_FAILED",
+        )
+
+
+class ViolationOperationException(BusinessLogicException):
+    """Raised when a violation operation fails."""
+
+    def __init__(self, operation: str, violation_id: int, reason: str):
+        super().__init__(
+            message=f"Failed to {operation} violation {violation_id}: {reason}",
+            error_code="VIOLATION_OPERATION_FAILED",
+            details={
+                "operation": operation,
+                "violation_id": violation_id,
+                "reason": reason,
+            },
+        )
+
+
+class InvalidViolationStatusException(ValidationException):
+    """Raised when a violation status transition is invalid."""
+
+    def __init__(self, violation_id: int, current_status: str, target_status: str):
+        super().__init__(
+            message=f"Cannot change violation {violation_id} from '{current_status}' to '{target_status}'",
+            field="status",
+            value=target_status,
+        )
+        self.error_code = "INVALID_VIOLATION_STATUS"

app/exceptions/content_page.py

@@ -0,0 +1,82 @@
+# app/exceptions/content_page.py
+"""
+Content Page Domain Exceptions
+
+These exceptions are raised by the content page service layer
+and converted to HTTP responses by the global exception handler.
+"""
+
+from app.exceptions.base import (
+    AuthorizationException,
+    BusinessLogicException,
+    ConflictException,
+    ResourceNotFoundException,
+    ValidationException,
+)
+
+
+class ContentPageNotFoundException(ResourceNotFoundException):
+    """Raised when a content page is not found."""
+
+    def __init__(self, identifier: str | int | None = None):
+        if identifier:
+            message = f"Content page not found: {identifier}"
+        else:
+            message = "Content page not found"
+        super().__init__(message=message, resource_type="content_page")
+
+
+class ContentPageAlreadyExistsException(ConflictException):
+    """Raised when a content page with the same slug already exists."""
+
+    def __init__(self, slug: str, vendor_id: int | None = None):
+        if vendor_id:
+            message = f"Content page with slug '{slug}' already exists for this vendor"
+        else:
+            message = f"Platform content page with slug '{slug}' already exists"
+        super().__init__(message=message)
+
+
+class ContentPageSlugReservedException(ValidationException):
+    """Raised when trying to use a reserved slug."""
+
+    def __init__(self, slug: str):
+        super().__init__(
+            message=f"Content page slug '{slug}' is reserved",
+            field="slug",
+            value=slug,
+        )
+
+
+class ContentPageNotPublishedException(BusinessLogicException):
+    """Raised when trying to access an unpublished content page."""
+
+    def __init__(self, slug: str):
+        super().__init__(message=f"Content page '{slug}' is not published")
+
+
+class UnauthorizedContentPageAccessException(AuthorizationException):
+    """Raised when a user tries to access/modify a content page they don't own."""
+
+    def __init__(self, action: str = "access"):
+        super().__init__(
+            message=f"Cannot {action} content pages from other vendors",
+            required_permission=f"content_page:{action}",
+        )
+
+
+class VendorNotAssociatedException(AuthorizationException):
+    """Raised when a user is not associated with a vendor."""
+
+    def __init__(self):
+        super().__init__(
+            message="User is not associated with a vendor",
+            required_permission="vendor:member",
+        )
+
+
+class ContentPageValidationException(ValidationException):
+    """Raised when content page data validation fails."""
+
+    def __init__(self, field: str, message: str, value: str | None = None):
+        super().__init__(message=message, field=field, value=value)

app/exceptions/vendor.py

@@ -148,3 +148,43 @@ class MaxVendorsReachedException(BusinessLogicException):
             error_code="MAX_VENDORS_REACHED",
             details=details,
         )
+
+
+class VendorAccessDeniedException(AuthorizationException):
+    """Raised when no vendor context is available for an authenticated endpoint."""
+
+    def __init__(self, message: str = "No vendor context available"):
+        super().__init__(
+            message=message,
+            error_code="VENDOR_ACCESS_DENIED",
+        )
+
+
+class VendorOwnerOnlyException(AuthorizationException):
+    """Raised when operation requires vendor owner role."""
+
+    def __init__(self, operation: str, vendor_code: str | None = None):
+        details = {"operation": operation}
+        if vendor_code:
+            details["vendor_code"] = vendor_code
+
+        super().__init__(
+            message=f"Operation '{operation}' requires vendor owner role",
+            error_code="VENDOR_OWNER_ONLY",
+            details=details,
+        )
+
+
+class InsufficientVendorPermissionsException(AuthorizationException):
+    """Raised when user lacks required vendor permission."""
+
+    def __init__(self, required_permission: str, vendor_code: str | None = None):
+        details = {"required_permission": required_permission}
+        if vendor_code:
+            details["vendor_code"] = vendor_code
+
+        super().__init__(
+            message=f"Permission required: {required_permission}",
+            error_code="INSUFFICIENT_VENDOR_PERMISSIONS",
+            details=details,
+        )