feat: complete modular platform architecture (Phases 1-5)

Phase 1 - Vendor Router Integration:
- Wire up vendor module routers in app/api/v1/vendor/__init__.py
- Use lazy imports via __getattr__ to avoid circular dependencies

Phase 2 - Extract Remaining Modules:
- Create 6 new module directories: customers, cms, analytics, messaging,
  dev_tools, monitoring
- Each module has definition.py and route wrappers
- Update registry to import from extracted modules

Phase 3 - Database Table Migration:
- Add PlatformModule junction table for auditable module tracking
- Add migration zc2m3n4o5p6q7_add_platform_modules_table.py
- Add modules relationship to Platform model
- Update ModuleService with JSON-to-junction-table migration

Phase 4 - Module-Specific Configuration UI:
- Add /api/v1/admin/module-config/* endpoints
- Add module-config.html template and JS

Phase 5 - Integration Tests:
- Add tests/fixtures/module_fixtures.py
- Add tests/integration/api/v1/admin/test_modules.py
- Add tests/integration/api/v1/modules/test_module_access.py

Architecture fixes:
- Fix JS-003 errors: use ...data() directly in Alpine components
- Fix JS-005 warnings: add init() guards to prevent duplicate init
- Fix API-001 errors: add MenuActionResponse Pydantic model
- Add FE-008 noqa for dynamic number input in template

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

models/database/__init__.py

@@ -8,6 +8,7 @@ from .admin import (
     AdminSetting,
     PlatformAlert,
 )
+from .admin_menu_config import AdminMenuConfig, FrontendType, MANDATORY_MENU_ITEMS
 from .admin_platform import AdminPlatform
 from .architecture_scan import (
     ArchitectureScan,
@@ -19,6 +20,7 @@ from .base import Base
 from .company import Company
 from .content_page import ContentPage
 from .platform import Platform
+from .platform_module import PlatformModule
 from .vendor_platform import VendorPlatform
 from .customer import Customer, CustomerAddress
 from .password_reset_token import PasswordResetToken
@@ -83,9 +85,12 @@ from .vendor_theme import VendorTheme
 __all__ = [
     # Admin-specific models
     "AdminAuditLog",
+    "AdminMenuConfig",
+    "FrontendType",
     "AdminNotification",
     "AdminPlatform",
     "AdminSetting",
+    "MANDATORY_MENU_ITEMS",
     "PlatformAlert",
     "AdminSession",
     # Architecture/Code Quality
@@ -112,6 +117,7 @@ __all__ = [
     "ContentPage",
     # Platform
     "Platform",
+    "PlatformModule",
     "VendorPlatform",
     # Customer & Auth
     "Customer",

models/database/platform.py

@@ -199,6 +199,20 @@ class Platform(Base, TimestampMixin):
         cascade="all, delete-orphan",
     )
 
+    # Menu visibility configuration for platform admins
+    menu_configs = relationship(
+        "AdminMenuConfig",
+        back_populates="platform",
+        cascade="all, delete-orphan",
+    )
+
+    # Module enablement configuration
+    modules = relationship(
+        "PlatformModule",
+        back_populates="platform",
+        cascade="all, delete-orphan",
+    )
+
     # ========================================================================
     # Indexes
     # ========================================================================

models/database/platform_module.py

@@ -0,0 +1,162 @@
+# models/database/platform_module.py
+"""
+PlatformModule model for tracking module enablement per platform.
+
+This junction table provides:
+- Auditability: Track when modules were enabled/disabled and by whom
+- Configuration: Per-module settings specific to each platform
+- State tracking: Explicit enabled/disabled states with timestamps
+
+Replaces the simpler Platform.settings["enabled_modules"] JSON approach
+for better auditability and query capabilities.
+"""
+
+from sqlalchemy import (
+    JSON,
+    Boolean,
+    Column,
+    DateTime,
+    ForeignKey,
+    Index,
+    Integer,
+    String,
+    UniqueConstraint,
+)
+from sqlalchemy.orm import relationship
+
+from app.core.database import Base
+from models.database.base import TimestampMixin
+
+
+class PlatformModule(Base, TimestampMixin):
+    """
+    Junction table tracking module enablement per platform.
+
+    This provides a normalized, auditable way to track which modules
+    are enabled for each platform, with configuration options.
+
+    Example:
+        PlatformModule(
+            platform_id=1,
+            module_code="billing",
+            is_enabled=True,
+            enabled_at=datetime.now(),
+            enabled_by_user_id=42,
+            config={"stripe_mode": "live", "default_trial_days": 14}
+        )
+    """
+
+    __tablename__ = "platform_modules"
+
+    id = Column(Integer, primary_key=True, index=True)
+
+    # ========================================================================
+    # Identity
+    # ========================================================================
+
+    platform_id = Column(
+        Integer,
+        ForeignKey("platforms.id", ondelete="CASCADE"),
+        nullable=False,
+        comment="Platform this module configuration belongs to",
+    )
+
+    module_code = Column(
+        String(50),
+        nullable=False,
+        comment="Module code (e.g., 'billing', 'inventory', 'orders')",
+    )
+
+    # ========================================================================
+    # State
+    # ========================================================================
+
+    is_enabled = Column(
+        Boolean,
+        nullable=False,
+        default=True,
+        comment="Whether this module is currently enabled for the platform",
+    )
+
+    # ========================================================================
+    # Audit Trail - Enable
+    # ========================================================================
+
+    enabled_at = Column(
+        DateTime(timezone=True),
+        nullable=True,
+        comment="When the module was last enabled",
+    )
+
+    enabled_by_user_id = Column(
+        Integer,
+        ForeignKey("users.id", ondelete="SET NULL"),
+        nullable=True,
+        comment="User who enabled the module",
+    )
+
+    # ========================================================================
+    # Audit Trail - Disable
+    # ========================================================================
+
+    disabled_at = Column(
+        DateTime(timezone=True),
+        nullable=True,
+        comment="When the module was last disabled",
+    )
+
+    disabled_by_user_id = Column(
+        Integer,
+        ForeignKey("users.id", ondelete="SET NULL"),
+        nullable=True,
+        comment="User who disabled the module",
+    )
+
+    # ========================================================================
+    # Configuration
+    # ========================================================================
+
+    config = Column(
+        JSON,
+        nullable=False,
+        default=dict,
+        comment="Module-specific configuration for this platform",
+    )
+
+    # ========================================================================
+    # Relationships
+    # ========================================================================
+
+    platform = relationship(
+        "Platform",
+        back_populates="modules",
+    )
+
+    enabled_by = relationship(
+        "User",
+        foreign_keys=[enabled_by_user_id],
+    )
+
+    disabled_by = relationship(
+        "User",
+        foreign_keys=[disabled_by_user_id],
+    )
+
+    # ========================================================================
+    # Constraints & Indexes
+    # ========================================================================
+
+    __table_args__ = (
+        # Each platform can only have one configuration per module
+        UniqueConstraint("platform_id", "module_code", name="uq_platform_module"),
+        # Index for querying by platform
+        Index("idx_platform_module_platform_id", "platform_id"),
+        # Index for querying by module code
+        Index("idx_platform_module_code", "module_code"),
+        # Index for querying enabled modules
+        Index("idx_platform_module_enabled", "platform_id", "is_enabled"),
+    )
+
+    def __repr__(self) -> str:
+        status = "enabled" if self.is_enabled else "disabled"
+        return f"<PlatformModule(platform_id={self.platform_id}, module='{self.module_code}', {status})>"