chore(openspec): archive engineering-docs and phase-2-production-ready changes

- engineering-docs → archive/2026-03-29-engineering-docs (63/63 tasks complete)
- phase-2-production-ready → archive/2026-03-29-phase-2-production-ready (89/89 tasks complete)
- openspec/specs/ synced with all Phase 1 + Phase 2 + engineering-docs capabilities (22 specs total)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

openspec/specs/web-dashboard/spec.md

@@ -0,0 +1,34 @@
+# Spec: Web Dashboard UI
+
+**Status**: Pending CEO approval
+**Workstream**: 6 of 8
+
+## Scope
+- `dashboard/` directory at project root
+- React 18 + TypeScript strict, built with Vite 5
+- TanStack Query v5 for server state
+- shadcn/ui (Radix UI + Tailwind CSS) for components
+- Four pages: Agents, Credentials, Audit Log, Health
+- Client-side auth: `clientId` + `clientSecret` → `TokenManager`
+- Served from AgentIdP server at `GET /dashboard` (static build)
+
+## Pages
+
+| Page | Route | Scope Required |
+|------|-------|---------------|
+| Login | `/dashboard/login` | None |
+| Agents | `/dashboard/agents` | `agents:read` |
+| Agent Detail | `/dashboard/agents/:id` | `agents:read` |
+| Credentials | `/dashboard/agents/:id/credentials` | `agents:read` |
+| Audit Log | `/dashboard/audit` | `audit:read` |
+| Health | `/dashboard/health` | None |
+
+## Acceptance Criteria
+- [ ] TypeScript strict — zero `any` across all dashboard files
+- [ ] `dashboard/tsconfig.json` with `strict: true`
+- [ ] Login form stores token in `sessionStorage` only (not `localStorage`)
+- [ ] All write operations (suspend, revoke, rotate) require confirmation dialog
+- [ ] OWASP Top 10 review: no XSS, no CSRF, no sensitive data in URL params
+- [ ] Vite build outputs to `dashboard/dist/`; AgentIdP serves it as static
+- [ ] `dashboard/README.md` — how to build and serve
+- [ ] Responsive layout — functional on desktop and tablet