release: v1.0.0 — clean README, changelog, full reference manual, dead code removal, package metadata

CHANGELOG.md

@@ -0,0 +1,59 @@
+# Changelog
+
+## v1.0.0 — 2026-05-01
+
+First official release. Consolidates all features developed since initial commit into a stable, documented, deployment-ready package.
+
+### Core Platform
+- CVE tracking with multi-vendor support, document storage, and NVD API auto-fill
+- Session-based authentication with four user groups (Admin, Standard_User, Leadership, Read_Only)
+- Full audit logging of all state-changing actions
+- Dark tactical intelligence UI theme with monospace typography
+
+### Ivanti Integration
+- Live sync of open host findings from Ivanti/RiskSense API (auto-sync every 24h)
+- Reporting page with donut metric charts, advanced per-column filtering, inline editing
+- FP workflow submission directly to Ivanti API with file attachments
+- Ivanti Queue — personal staging list for batch FP, Archer, CARD, and Granite workflows
+- Queue item redirect between workflow types after completion
+- Row visibility controls with localStorage persistence
+
+### Archive and Anomaly Tracking
+- Automatic detection of disappeared and returned findings across syncs
+- BU drift checker — classifies archived findings by reason (BU reassignment, severity drift, closed on platform, decommissioned)
+- Return classification — explains why findings came back (BU reassigned back, severity re-escalated, etc.)
+- Findings Trend chart with archive activity sparkline and shift reason tooltips
+- Anomaly banner for significant archive events
+
+### Compliance (AEO Posture)
+- Weekly NTS_AEO xlsx upload with diff preview (new, resolved, recurring)
+- Schema drift detection with breaking/silent-miss/cosmetic classification
+- Admin config reconciliation for parser updates
+- Per-team metric health cards with grouped categories and variant pills
+- Device-level violation tracking with timestamped notes history
+- Multi-metric note grouping
+- Upload rollback support
+
+### Integrations
+- Jira Data Center — create, sync, and track tickets linked to CVE/vendor pairs
+- Archer — risk acceptance exception tracking (EXC numbers)
+- Atlas InfoSec — action plan cache, bulk creation from row selection, metrics reporting
+- CARD API — Granite/CARD asset lookup for network device workflows
+- NVD API — auto-fill CVE metadata with bulk sync support
+
+### Knowledge Base
+- Internal document library with inline PDF and Markdown rendering
+- Category-based browsing and search
+
+### Admin
+- Full-page admin panel with user management, audit log, and system info tabs
+- Themed confirm modals replacing browser dialogs
+- User profile panel with self-service password change
+
+### Infrastructure
+- Consolidated `setup.js` with complete database schema (27 tables, all indexes and triggers)
+- systemd service files for persistent deployment
+- GitLab CI/CD pipeline (install, lint, test, build, deploy)
+- GPG-signed commits for code provenance
+- Organized documentation structure (api, design, guides, security, testing, troubleshooting)
+- Migration scripts documented and retained for existing deployment upgrades