docs(code-review): record SMS-feature review findings + reconcile NotificationService doc

Per-module code review of the SMS notifications feature (reviewed at d6ead8ae) following
code-reviews/REVIEW-PROCESS.md. 19 findings across 7 modules — 1 High, 5 Medium, 13 Low:

- ManagementService-024 (High): provider-config updates Admin-gated to match the UI.
- ConfigurationDatabase-025, CentralUI-034/035, ManagementService-025 (Medium): migration
  data-safety guard, type-aware recipient badge, FromNumber-optional (Messaging-Service-only),
  empty-token-clear guard.
- Remaining Low: secret-encryption + diff + dispatch + factory + contract tests, truncation,
  ctor guard, reserved retry-field docs.
- Won't Fix: Transport-015/016 (shared repo-wide import patterns, not SMS-specific),
  Commons-026 (breaking ergonomics-only change). Deferred: ConfigurationDatabase-027 (live-SQL
  migration test).

All findings closed (0 pending). README.md regenerated; Component-NotificationService.md
updated for the FromNumber-optional + reserved-retry-fields outcomes.

code-reviews/Transport/findings.md

@@ -5,10 +5,10 @@
 | Module | `src/ZB.MOM.WW.ScadaBridge.Transport` |
 | Design doc | `docs/requirements/Component-Transport.md` |
 | Status | Reviewed |
-| Last reviewed | 2026-05-28 |
+| Last reviewed | 2026-06-19 |
 | Reviewer | claude-agent |
-| Commit reviewed | `1eb6e97` |
-| Open findings | 7 |
+| Commit reviewed | `d6ead8ae` |
+| Open findings | 0 |
 
 ## Summary
 
@@ -527,3 +527,90 @@ but the Audit-Log-Viewer UI surface — the dropdown + `BundleImported` hyperlin
 is a deferred UI follow-up. Operators have a workaround via the existing
 `audit query --bundle-import-id` CLI flag. The UI work belongs in the CentralUI
 backlog; implementing it here would expand scope beyond a doc fix.
+
+#### Re-review 2026-06-19 (commit `d6ead8ae`) — SMS notifications feature
+
+Per-module review of the Transport SMS surface: `SmsConfigDto`, the entity serializer round-trip,
+`ApplySmsConfigsAsync` (AccountSid-keyed upsert), and `CompareSmsConfiguration`. The secret isolation is
+correct — the AuthToken rides only the encrypted `SecretsBlock`, never the plaintext DTO/diff, and the
+diff is presence-only. Backward-compat with pre-SMS bundles holds (`SmsConfigs` defaults to empty). Two
+findings carried over as Won't Fix (shared/inherited patterns), one Low test gap Resolved.
+
+### Transport-015 — `ApplySmsConfigsAsync` Rename branch falls back to the original key when `RenameTo` is null
+
+| | |
+|--|--|
+| Severity | Medium |
+| Category | Correctness & logic bugs |
+| Status | Won't Fix |
+| Location | `src/ZB.MOM.WW.ScadaBridge.Transport/Import/BundleImporter.cs:2573` |
+
+**Description**
+
+The Rename branch uses `resolution.RenameTo ?? dto.AccountSid`; a null `RenameTo` on a Rename action
+would add a config under the original key, risking a duplicate. Flagged Medium by the reviewer.
+
+**Recommendation**
+
+Guard the Rename branch against a null `RenameTo`.
+
+**Resolution**
+
+Won't Fix (2026-06-19): on investigation this is the established repo-wide import pattern — every entity
+type's apply method uses the identical `resolution.RenameTo ?? <originalKey>` fallback (templates,
+folders, sites, data connections, instances, SMTP at line 2497, SMS at line 2573, ...). It is not
+SMS-specific, the import-wizard / CLI map step supplies `RenameTo` for a Rename action (the `??` is
+belt-and-suspenders), and the reviewer's proposed guard would merely relabel the duplicate as an Add. If
+the null-`RenameTo` edge is a real concern it is a Transport-wide question outside the SMS review scope;
+changing only the SMS branch would break the cross-entity consistency.
+
+### Transport-016 — New `SmsConfiguration` audit rows log entity id "0"
+
+| | |
+|--|--|
+| Severity | Low |
+| Category | Correctness & logic bugs |
+| Status | Won't Fix |
+| Location | `src/ZB.MOM.WW.ScadaBridge.Transport/Import/BundleImporter.cs:2576,2594` |
+
+**Description**
+
+Audit rows for newly created `SmsConfiguration` entities log `"0"` as the entity id (the surrogate key
+is unknown before EF assigns it), mirroring the SMTP path. Correlation is still possible by name
+(AccountSid), so the id is misleading but not lost.
+
+**Recommendation**
+
+Read back the assigned id after save and use it in the audit `LogAsync` call.
+
+**Resolution**
+
+Won't Fix (2026-06-19): this is the established inherited pattern (SMTP at lines 2500/2518 does the same)
+and is not a regression introduced by the SMS work. The audit row carries the AccountSid as
+`entityName`, so the row is correlatable. A cross-entity cleanup to log real ids is out of the SMS
+review scope.
+
+### Transport-017 — No unit tests for `CompareSmsConfiguration`
+
+| | |
+|--|--|
+| Severity | Low |
+| Category | Testing coverage |
+| Status | Resolved |
+| Location | `tests/ZB.MOM.WW.ScadaBridge.Transport.Tests/Import/ArtifactDiffTests.cs` |
+
+**Description**
+
+`CompareSmsConfiguration` (the new diff method) had no dedicated unit tests; in particular the
+secret presence-only invariant (the AuthToken value must never be echoed) relied on parallelism with the
+SMTP/DataConnection patterns rather than a direct assertion.
+
+**Recommendation**
+
+Add unit tests for New/Identical/Modified plus the AuthToken presence-only invariant.
+
+**Resolution**
+
+Resolved 2026-06-19 (commit `a9393c89`): added five `CompareSmsConfiguration` tests — existing-null→New,
+all-match→Identical, FromNumber-differs→Modified, and the two secret cases (value-changes-but-presence-
+preserved → no echo; presence-flip → `<present>` marker only, token never echoed).