docs+code: close Theme 1 — 24 design-doc / XML-doc drift findings

Doc/XML-comment drift + small adherence fixes across 17 modules. Highlights:
- Host-017: site CoordinatedShutdown ordering — SiteStreamGrpcServer gains
  CancelAllStreams() (refuse new streams, cancel active), wired into
  Program.cs site branch via ApplicationStopping.
- InboundAPI-021: ParentExecutionId now travels on RouteToGet/SetAttributes
  symmetric with RouteToCallRequest; RouteHelper stamps from _parentExecutionId.
- ClusterInfra-012: ClusterOptionsValidator now requires both seed nodes.
- Comm-018: SiteCommunicationActor.HeartbeatMessage.IsActive derived from
  cluster leader check (was hardcoded true).
- DM-020: reconciliation audit row attributes the current user, not prior deployer.
- SEL-019: EventLogPurgeService early-exits on standby via active-node check.
- Plus comment/XML-doc accuracy fixes across AuditLog, ConfigurationDatabase,
  NotificationOutbox, SiteRuntime, SiteCallAudit; doc refreshes for Component-
  Commons / -ManagementService / -CLI / -ExternalSystemGateway / -HealthMonitoring
  / -Transport / -ConfigurationDatabase; CD-023 index-name doc alignment.

11 new regression tests (RouteHelper x4, SiteStreamGrpcServer x2,
ClusterOptionsValidator x1, SiteCommunicationActor x1, DeploymentService x1,
EventLogPurgeService x3). Build clean (0 warnings); InboundAPI/Communication/
Host suites all green. README regenerated: 112 open (was 136).

code-reviews/AuditLog/findings.md

@@ -8,7 +8,7 @@
 | Last reviewed | 2026-05-28 |
 | Reviewer | claude-agent |
 | Commit reviewed | `1eb6e97` |
-| Open findings | 11 |
+| Open findings | 9 |
 
 ## Summary
 
@@ -111,7 +111,7 @@ _Unresolved._
 |--|--|
 | Severity | Low |
 | Category | Akka.NET conventions |
-| Status | Open |
+| Status | Resolved |
 | Location | `src/ScadaLink.AuditLog/Central/AuditLogIngestActor.cs:99-103`, `src/ScadaLink.AuditLog/Central/AuditLogPurgeActor.cs:109-115`, `src/ScadaLink.AuditLog/Central/SiteAuditReconciliationActor.cs:315-321` |
 
 **Description**
@@ -144,9 +144,13 @@ as a forward-compat hedge — change the decider to `Decider.From(_ => Directive
 or similar to match the comment, AND add a clear note that the per-row catch is what
 keeps the actor running across handler throws, not the supervisor strategy.
 
-**Resolution**
+**Resolution (2026-05-28):**
 
-_Unresolved._
+Comment-only fix on all three actors (`AuditLogIngestActor`, `AuditLogPurgeActor`,
+`SiteAuditReconciliationActor`). XML doc remarks now correctly attribute alive-on-throw
+to the per-row/per-batch/per-site try/catch blocks, describe the `SupervisorStrategy`
+override as a children-only forward-compat placeholder, and state the actual
+`DefaultDecider` Restart semantics (no more "Resume" claim). Behaviour unchanged.
 
 ### AuditLog-003 — `AuditLogIngestActor.OnIngestAsync` uses `CreateScope`, but `OnCachedTelemetryAsync` uses `CreateAsyncScope` — and only one disposes asynchronously
 
@@ -394,7 +398,7 @@ _Unresolved._
 |--|--|
 | Severity | Low |
 | Category | Documentation & comments |
-| Status | Open |
+| Status | Resolved |
 | Location | `src/ScadaLink.AuditLog/Site/SqliteAuditWriter.cs:706-740` |
 
 **Description**
@@ -425,9 +429,12 @@ describe the actual ordering: the channel is completed first, the loop drains
 remaining items under the lock, and `_disposed = true` is set only after the loop
 exits. The current code is correct; the comment is wrong.
 
-**Resolution**
+**Resolution (2026-05-28):**
 
-_Unresolved._
+Comment-only fix on `SqliteAuditWriter.DisposeAsync`. Rewrote the misleading comment
+to describe the actual ordering: completing the channel writer is the shutdown signal,
+the writer loop drains buffered items, and `_disposed` is intentionally set only after
+the loop has drained (in the second lock block). Behaviour unchanged.
 
 ### AuditLog-010 — Actor drain paths accept a `CancellationToken` parameter but always pass `CancellationToken.None` downstream