Rebrand STEAM → AEGIS, fix BU drift checker previous_bu bug

- Replace all STEAM branding with AEGIS (Advanced Engineering Group
  Intelligence System) across login, header, nav drawer, manifest, and
  browser title
- Add shield logo to login page, main header, and nav drawer
- Fix BU drift checker recording incorrect previous_bu values by
  building a previousBuMap snapshot BEFORE the upsert/delete cycle
  instead of querying the DB after rows are already gone
- Clean 526 bogus BU history entries generated by the broken logic
- Add docs and scripts from prior session

backend/routes/ivantiFindings.js

@@ -681,7 +681,7 @@ async function syncFPWorkflowCounts(openFindings, apiKey, clientId, skipTls) {
 const MANAGED_BUS_VALUE = process.env.IVANTI_MANAGED_BUS || 'NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM';
 const EXPECTED_BUS = new Set(MANAGED_BUS_VALUE.split(',').map(b => b.trim()).filter(Boolean));
 
-async function runBUDriftChecker(newlyArchivedIds, apiKey, clientId, skipTls) {
+async function runBUDriftChecker(newlyArchivedIds, apiKey, clientId, skipTls, previousBuMap) {
     const summary = { bu_reassignment: 0, severity_drift: 0, closed_on_platform: 0, decommissioned: 0 };
 
     if (!newlyArchivedIds || newlyArchivedIds.length === 0) return summary;
@@ -797,12 +797,8 @@ async function runBUDriftChecker(newlyArchivedIds, apiKey, clientId, skipTls) {
         // Record BU reassignment in ivanti_finding_bu_history for detail view
         if (classification === 'bu_reassignment' && found) {
             try {
-                // Determine previous BU — look up from the cached finding record
-                const { rows: prevRows } = await pool.query(
-                    `SELECT bu_ownership FROM ivanti_findings WHERE id = $1`,
-                    [id]
-                );
-                const previousBu = prevRows[0]?.bu_ownership || 'UNKNOWN';
+                // Determine previous BU from the pre-sync snapshot (passed in from syncFindings)
+                const previousBu = (previousBuMap && previousBuMap.get(id)) || 'UNKNOWN';
                 await pool.query(
                     `INSERT INTO ivanti_finding_bu_history (finding_id, finding_title, host_name, previous_bu, new_bu, detected_at)
                      VALUES ($1, $2, $3, $4, $5, NOW())`,
@@ -897,12 +893,14 @@ async function syncFindings() {
 
         // Read previous open findings from DB for archive detection
         let previousFindings = [];
+        let previousBuMap = new Map(); // id → bu_ownership snapshot BEFORE upsert
         try {
             const { rows } = await pool.query(
                 `SELECT id, title, host_name AS "hostName", ip_address AS "ipAddress", severity, bu_ownership AS "buOwnership"
                  FROM ivanti_findings WHERE state = 'open'`
             );
             previousFindings = rows;
+            previousBuMap = new Map(rows.map(f => [String(f.id), f.buOwnership || '']));
         } catch (err) {
             console.error('[Ivanti Findings] Failed to read previous findings for archive detection:', err.message);
         }
@@ -1004,7 +1002,7 @@ async function syncFindings() {
                 console.log(`[BU Drift Checker] ${idsToCheck.length} disappeared total, ${newlyArchivedOnly.length} genuinely new (${alreadyArchivedSet.size} already archived, skipped)`);
                 idsToCheck = newlyArchivedOnly;
             }
-            classificationBreakdown = await runBUDriftChecker(idsToCheck, apiKey, clientId, skipTls);
+            classificationBreakdown = await runBUDriftChecker(idsToCheck, apiKey, clientId, skipTls, previousBuMap);
         } catch (err) {
             console.error('[Ivanti Findings] BU drift checker failed (non-fatal):', err.message);
         }