feat: Production readiness — monitoring, alerting, SLOs, runbooks, data retention, pentest, UAT

[devin-ai-integration]

Summary

Adds the remaining 8 production readiness items: monitoring stack, alerting rules, SLO definitions, incident response runbooks, data retention policy, authenticated penetration testing, and UAT scenarios. 2,506 lines across 21 files.

New structure:

ops/
├── monitoring/
│   ├── docker-compose.monitoring.yml     # Prometheus + Grafana + Alertmanager stack
│   ├── prometheus/
│   │   ├── prometheus.yml                # Scrape config (API + Go + Rust + Python services)
│   │   └── alerts.yml                    # 20 alert rules in 5 groups
│   ├── alertmanager/alertmanager.yml     # PagerDuty/Opsgenie/Slack routing
│   └── grafana/
│       ├── dashboards/                   # Transfer Ops (14 panels) + Infra (11 panels)
│       └── provisioning/                 # Auto-load datasources + dashboards
├── runbooks/
│   ├── incident-response.md             # SEV1-4 classification + lifecycle
│   ├── ledger-imbalance.md              # Zero-tolerance TigerBeetle balance check
│   ├── stuck-transfers.md               # Decision tree + retry/compensate/failover
│   ├── rail-provider-down.md            # Backup rail matrix + failover commands
│   ├── low-success-rate.md              # Error code → action mapping
│   ├── slow-delivery.md                 # p95 latency investigation
│   └── sanctions-screening-down.md      # Regulatory hold procedure (mandatory)
├── slo/service-level-objectives.yml     # 12 SLOs with error budget policy
└── data-retention/data-retention-policy.yml  # GDPR/NDPR/POPIA/PDPA compliance

Key design decisions:

• Alerting routes critical financial alerts (ledger imbalance) to a separate PagerDuty escalation with 0s group wait and 15min repeat — money integrity is treated differently from latency/errors
• SLOs include error budget policy: 75%→25% remaining triggers increasing reliability work allocation, exhausted = production freeze
• Data retention distinguishes 8 categories with different periods: transactions 7yr (CBN), SARs 10yr (FATF), sessions 24hr, analytics 3yr (anonymized)
• Sanctions screening runbook mandates transfer hold (not bypass) — regulatory requirement

QA additions:

• qa/security/pentest-authenticated.sh — BOLA, privilege escalation, rate limiting, SSRF, XSS, financial limit bypass tests
• qa/uat/uat-scenarios.sh — 5 stakeholder journeys (diaspora worker, merchant, employer, DeFi user, agent)

Link to Devin session: https://app.devin.ai/sessions/64d054ae77da41e9a2b74d8593fa635c
Requested by: @munisp

[devin-ai-integration]

Original prompt from Patrick

https://drive.google.com/file/d/14K-94cZoOVgiYCUA-VympU-4_8IBqv2d/view?usp=sharing
extract the contents of the archive. List all the features of the platform

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring