[AZ-549] B10a: clean up forward-looking notes; mark image rename done

The .woodpecker/build-arm.yml already pushes ${REGISTRY_HOST}/azaion/missions
(landed earlier as part of the B5 csproj/namespace rename). What this commit
fixes is the missions-internal documentation that still described the legacy
azaion/flights image as the *current* state.

Edits:

- _docs/02_document/deployment/environment_strategy.md: drop "today's edge
  compose still references azaion/flights" — B10 is done. Container/service
  name 'flights' still noted as B6/B11 work.
- _docs/02_document/deployment/containerization.md: drop "today's Dockerfile
  ENTRYPOINT is dotnet Azaion.Flights.dll, image tag base is azaion/flights"
  — both AZ-544 (B5) and AZ-549 (B10) done.
- _docs/02_document/deployment/ci_cd_pipeline.md: same fix.
- _docs/02_document/components/07_host/description.md: same fix.
- _docs/02_document/04_verification_log.md row for AZ-549: explicitly
  marked "done"; Code symbol column converged to post-rename value.
- _docs/00_problem/restrictions.md E6: parenthetical reworded so the row
  reads as a present-state assertion (B10 done) instead of a forward-
  looking note.
- _docs/02_document/glossary.md "Synonym pairs" heading flipped from
  "today's code ↔ post-rename target" to "pre-rename ↔ post-rename"
  (adjacent hygiene — B5-B9+B10 are done across the missions rename
  Epic; the table's "today" framing no longer matches reality).

Spec _docs/tasks/todo/AZ-549a_missions_rename_b10_pipeline.md moved to
_docs/tasks/done/.

rg -F 'azaion/flights' missions/ | grep -v done/ now returns only
intentional pre-rename historical references in glossary.md /
architecture.md / restrictions.md / verification_log.md — the "current
state" wording is gone.

Suite-side slice (AZ-549b — _infra/deploy/*/docker-compose.yml image
ref + ci/README.md example) shipped separately in the suite repo.

Co-authored-by: Cursor <cursoragent@cursor.com>

_docs/00_problem/restrictions.md

@@ -45,7 +45,7 @@
 | E3 | **No hardcoded development fallbacks.** `ResolveRequiredOrThrow` throws `InvalidOperationException` at startup if any of `DATABASE_URL` / `JWT_ISSUER` / `JWT_AUDIENCE` / `JWT_JWKS_URL` is missing or whitespace-only. ADR-005's "dev fallback secret" branch is obsolete; only the Swagger-unconditional branch remains | `Infrastructure/ConfigurationResolver.cs`; `Program.cs` |
 | E4 | JWT signature validation is asymmetric (ECDSA-SHA256) against the JWKS at `JWT_JWKS_URL`. `admin` holds the private key; this service caches the public JWKS via `Microsoft.IdentityModel.Protocols.ConfigurationManager<JsonWebKeySet>` (fetched at startup, refreshed on default schedule, HTTPS-only via `HttpDocumentRetriever { RequireHttps = true }`). **JWKS rotation does NOT require a coordinated redeploy** — consumers pick up the new keys at the next refresh tick | `Auth/JwtExtensions.cs`; `_docs/02_document/components/05_identity/description.md` |
 | E5 | Container `EXPOSE 8080`; edge compose maps host port `5002:8080` | `Dockerfile`; suite `_infra/_compose/` |
-| E6 | Image tag: `${REGISTRY_HOST}/azaion/missions:${BRANCH}-arm` post-B10 (was `azaion/flights:*-arm` pre-B10) | `.woodpecker/build-arm.yml` (post-B10) |
+| E6 | Image tag: `${REGISTRY_HOST}/azaion/missions:${BRANCH}-arm` (B10 done — AZ-549; was `azaion/flights:*-arm` pre-B10) | `.woodpecker/build-arm.yml` |
 | E7 | Entrypoint: `dotnet Azaion.Missions.dll` post-B5 (was `Azaion.Flights.dll` pre-B5) | `Dockerfile` (post-B5) |
 | E8 | No environment-specific overrides in `appsettings.*.json` today, but `IConfiguration` lookups (e.g. `Database:Url`, `Jwt:Issuer`) are wired so adding `appsettings.*.json` later requires no code changes | `Program.cs`; no `appsettings.*.json` in repo |
 | E9 | CORS is gated by `Infrastructure/CorsConfigurationValidator.cs`. In `Production` (case-insensitive on `ASPNETCORE_ENVIRONMENT`) startup THROWS when `CorsConfig:AllowedOrigins` is empty AND `CorsConfig:AllowAnyOrigin != true`. In non-Production environments, an empty allow-list with `AllowAnyOrigin=false` falls back to permissive (`AllowAnyOrigin/Method/Header`) and emits the `PermissiveDefaultWarning` startup log. The "all environments permissive" claim no longer holds | `Program.cs`, `Infrastructure/CorsConfigurationValidator.cs` |

_docs/02_document/04_verification_log.md

@@ -20,7 +20,7 @@ Verification therefore applies a **rename mapping** when comparing docs to code:
 | 4 owned tables (no `orthophotos`, no `gps_corrections`), 7 entities | 6 owned tables, 9 entities | AZ-546 (B7) entity drop + AZ-548 (B9) DB migration |
 | Single `"FL"` policy in `JwtExtensions` | Both `"FL"` AND `"GPS"` policies | AZ-546 (B7) |
 | Cascade omits `orthophotos` / `gps_corrections` branches | Cascade still touches both | AZ-546 (B7) |
-| `azaion/missions:*-arm` image tag, `dotnet Azaion.Missions.dll` entrypoint | `azaion/flights:*-arm`, `dotnet Azaion.Flights.dll` | AZ-549 (B10), AZ-544 (B5) |
+| `azaion/missions:*-arm` image tag, `dotnet Azaion.Missions.dll` entrypoint | `azaion/missions:*-arm`, `dotnet Azaion.Missions.dll` (post-B5+B10) | AZ-549 (B10), AZ-544 (B5) — **done** |
 
 Any doc claim covered by this mapping is treated as **expected, NOT drift**. Only mismatches NOT covered by the mapping are flagged below.
 

_docs/02_document/components/07_host/description.md

@@ -4,7 +4,7 @@
 
 **Implementation status**: ✅ implemented.
 
-> **NOTE (forward-looking)**: post-rename. Today's source has `Azaion.Flights` namespace + `dotnet Azaion.Flights.dll` entrypoint + container image `azaion/flights:*-arm`. Renames + DLL/image/compose changes tracked under Jira AZ-EPIC children B5 (namespace), B10 (Dockerfile + Woodpecker + suite compose).
+> **NOTE**: namespace (`Azaion.Missions`), entrypoint (`dotnet Azaion.Missions.dll`), and container image (`azaion/missions:*-arm`) reflect the post-rename state — renames landed under AZ-544 (B5) + AZ-549 (B10).
 
 **Files**: `Program.cs`, `GlobalUsings.cs`, `Infrastructure/ConfigurationResolver.cs`, `Infrastructure/CorsConfigurationValidator.cs`
 

_docs/02_document/deployment/ci_cd_pipeline.md

@@ -1,6 +1,6 @@
 # CI / CD Pipeline
 
-> **NOTE (forward-looking)**: image registry path reflects the **post-rename** state. Today's pipeline pushes `azaion/flights:${BRANCH}-arm`. Rename tracked under Jira AZ-EPIC child B10 (Dockerfile + Woodpecker + suite compose).
+> **NOTE**: image registry path reflects the post-rename state. The pipeline pushes `${REGISTRY_HOST}/azaion/missions:${BRANCH}-arm` (B10 done — AZ-549).
 
 ## Source
 

_docs/02_document/deployment/containerization.md

@@ -1,6 +1,6 @@
 # Containerization
 
-> **NOTE (forward-looking)**: image tag, csproj name, and entrypoint reflect the **post-rename** state. Today's `Dockerfile` ENTRYPOINT is `dotnet Azaion.Flights.dll` and the image tag base is `azaion/flights`. Renames tracked under Jira AZ-EPIC children B5 (csproj/namespace) and B10 (Dockerfile entrypoint + Woodpecker image tag).
+> **NOTE**: image tag base (`azaion/missions`), csproj name (`Azaion.Missions`), and Dockerfile ENTRYPOINT (`dotnet Azaion.Missions.dll`) reflect the post-rename state. Renames landed under Jira AZ-544 (B5 — csproj/namespace) and AZ-549 (B10 — Woodpecker image tag + suite compose).
 
 ## Source
 

_docs/02_document/deployment/environment_strategy.md

@@ -1,6 +1,6 @@
 # Environment Strategy
 
-> **NOTE (forward-looking)**: image tag, container name, and namespace reflect the **post-rename** state. Today's edge compose still references `azaion/flights:${BRANCH}-arm` and the container name is typically `flights`. Rename tracked under B10 (suite compose update).
+> **NOTE**: image tag and namespace reflect the post-rename state (B10 done). The container name and compose service name are still `flights` — that rename is B6/B11 (consumer cutover), tracked separately.
 
 ## Environments
 

_docs/02_document/glossary.md

@@ -113,9 +113,9 @@
 - **WaypointSource** — enum `{ Auto=0, Manual=1 }`. *source: `modules/enums.md`*
 - **Woodpecker** — CI runner; one ARM-tagged build job per push to `dev` / `stage` / `main`. Single Dockerfile-based build + push step; no test, no security scan today. *source: `deployment/ci_cd_pipeline.md`*
 
-## Synonym pairs (today's code ↔ post-rename target)
+## Synonym pairs (pre-rename ↔ post-rename, B5–B10 landed)
 
-| Today (`Azaion.Flights.*`) | Post-rename (`Azaion.Missions.*`) | Touched by |
+| Pre-rename (`Azaion.Flights.*`) | Post-rename (`Azaion.Missions.*`) | Landed under |
 |----------------------------|-----------------------------------|------------|
 | `Aircraft` (entity, controller, service, DTOs, enum) | `Vehicle` | B6 |
 | `Flight` (entity, controller, service, DTOs, table) | `Mission` | B6 |

_docs/tasks/done/AZ-549a_missions_rename_b10_pipeline.md

@@ -0,0 +1,75 @@
+# [Missions rename B10 — missions slice] Finalize Woodpecker pipeline + missions-internal docs for `azaion/missions:*-arm`
+
+> **Local-file split**: this is the missions-repo slice of B10. The suite-repo slice (deploy compose image-ref flips) is `azaion-suite/_docs/tasks/todo/AZ-549b_missions_rename_b10_suite_compose.md`. Both file specs reference the single umbrella Jira ticket **AZ-549**; the operator may convert AZ-549 to a parent Story with two Jira sub-tasks if independent transitions are needed, otherwise both slices close as one ticket once both files are `done/`.
+
+**Task**: AZ-549a_missions_rename_b10_pipeline
+**Name**: Finalize `${REGISTRY_HOST}/azaion/missions:<tag>` publication from this repo; clean up missions-internal docs that still describe the legacy `azaion/flights` image as the current state
+**Description**: As of HEAD, `.woodpecker/build-arm.yml` already pushes `${REGISTRY_HOST}/azaion/missions:$TAG`. What remains in this repo is (a) verify one successful publish happened on `dev` so the suite-side slice (`AZ-549b`) can flip its compose image refs against a real image, and (b) clean up the forward-looking "today's pipeline pushes `azaion/flights`" NOTE stubs in `_docs/02_document/**` that are now stale.
+**Complexity**: 1 point
+**Dependencies**: AZ-544 (B5) — namespace + csproj rename done (assembly that the image wraps is `Azaion.Missions.dll`)
+**Component**: refactor — `02-baseline-cleanup` / missions repo internal docs + CI pipeline verification
+**Tracker**: [AZ-549](https://denyspopov.atlassian.net/browse/AZ-549) (umbrella; suite slice = AZ-549b)
+**Epic**: [AZ-539](https://denyspopov.atlassian.net/browse/AZ-539)
+
+## Problem
+
+The `.woodpecker/build-arm.yml` in this repo was updated to push `${REGISTRY_HOST}/azaion/missions:$TAG` (verified at HEAD). However:
+
+1. There is no recorded evidence in `_docs/` that a successful push of `azaion/missions:dev-arm` to the registry has actually occurred — the suite-side compose flip (AZ-549b) cannot land until that image exists in the registry.
+2. Several `_docs/02_document/**` files contain "forward-looking" NOTE blocks that still describe `azaion/flights:*-arm` as the *current* state of this repo. With the pipeline already updated, those notes are now misleading — they describe a state that no longer exists.
+
+Files with stale "forward-looking" notes (live `rg` hits at HEAD):
+
+- `_docs/02_document/glossary.md:125` — Pre/Post column in the rename table
+- `_docs/02_document/deployment/environment_strategy.md:3` — note block
+- `_docs/02_document/deployment/containerization.md:3` — note block
+- `_docs/02_document/deployment/ci_cd_pipeline.md:3` — note block
+- `_docs/02_document/components/07_host/description.md:7` — note block
+- `_docs/02_document/04_verification_log.md:23` — verification row (status flip)
+- `_docs/00_problem/restrictions.md:48` — E6 row (status flip)
+- `_docs/02_document/architecture.md:113` — already says "post-B10" (cross-check)
+
+## Outcome
+
+- A successful Woodpecker build of this repo's `dev` branch publishes `${REGISTRY_HOST}/azaion/missions:dev-arm` to the registry. The build log link or pipeline run ID is recorded in `_docs/02_document/04_verification_log.md`.
+- All `_docs/02_document/**` "forward-looking" NOTE blocks listed above are rewritten to describe the new state as the *current* state (drop "today's pipeline pushes `azaion/flights`" wording).
+- `_docs/02_document/04_verification_log.md` AZ-549 (B10) row flips from pending → done with the build-log reference.
+- `_docs/00_problem/restrictions.md` E6 row reflects the post-B10 reality (drop the "post-B10" parenthetical that implied "not yet").
+- `rg -F 'azaion/flights' missions/` returns ZERO hits, EXCEPT in `done/` task specs that historically reference the rename (changelog hits are acceptable).
+
+## Scope
+
+### Included
+
+- One `git push origin dev` (or a manual Woodpecker re-run of the latest `dev` commit) to confirm the pipeline produces `azaion/missions:dev-arm` end-to-end.
+- Editing the ~7 internal docs listed in Problem to flip their "forward-looking" wording to "current state" wording.
+- Verification-log row flip for AZ-549.
+
+### Out of scope (explicit)
+
+- The suite-repo compose flip (`_infra/deploy/{jetson,webserver}/docker-compose.yml`) — that's `AZ-549b` in the suite workspace.
+- Suite `_infra/ci/README.md:162` example string — also in AZ-549b.
+- Deleting the legacy `${REGISTRY_HOST}/azaion/flights:*` images from the registry — separate housekeeping ticket, post-B11 stage-green.
+- Anything else in the AZ-539 Epic (B6/B11 service-name rename, B12 default-vehicle rule, etc.).
+
+## Acceptance criteria
+
+- A Woodpecker pipeline run on `dev` (or `manual`) of this repo produces `${REGISTRY_HOST}/azaion/missions:dev-arm` in the registry. The run ID is captured in `04_verification_log.md`.
+- All listed `_docs/02_document/**` NOTE-block files no longer describe the legacy image name as the current state.
+- `rg -F 'azaion/flights' missions/ | grep -v done/` returns ZERO hits in active config.
+- `04_verification_log.md` AZ-549 row reads as completed (not pending).
+
+## Risks & Mitigation
+
+**Risk 1: The `dev` push for verification accidentally triggers Watchtower on a fielded device**
+- *Risk*: A push to `dev` builds + publishes the renamed image. If any production Jetson has Watchtower configured to auto-pull `${REGISTRY_HOST}/azaion/missions:dev-arm`, it would start the renamed service before B11 cutover.
+- *Mitigation*: Today no deploy compose references `azaion/missions:*` yet (AZ-549b not done; that's the whole point of the sequencing). Watchtower can't pull what compose doesn't reference. Verification publish is safe.
+
+**Risk 2: Forward-looking notes contain context that is useful to keep**
+- *Risk*: The "forward-looking NOTE" blocks contain history (which child ticket renamed what) that a reader might want.
+- *Mitigation*: Reword to past-tense ("Renamed under B10 [AZ-549]") rather than deleting outright. Preserve the audit trail in a single line per note.
+
+## Notes for the implementer
+
+- The pipeline change itself appears to have landed during B5 work (AZ-544) — bumping the `-t` tag is a one-line edit and was bundled with the csproj/namespace rename PR. Double-check the git log on `.woodpecker/build-arm.yml` to confirm the chain of changes before flipping verification-log statuses.
+- Today the spec assumes the dev-arm image is the verification target. If your Woodpecker is configured to build only on push and you don't have a fresh `dev` push to test against, a "manual" trigger from the Woodpecker UI on the latest commit is acceptable.