refactor: rename ScadaLink → ZB.MOM.WW.ScadaBridge (code + projects + namespaces)

Solution + 23 src projects + 26 test projects renamed; folders, csproj,
namespaces, and ScadaLinkDbContext/ScadaBridgeDbContext class updated.
ActorSystem "scadalink" → "scadabridge", Akka seed-node URLs migrated.
SQL roles/logins, LDAP domains, CLI command name, and CLI config dir
(~/.scadalink → ~/.scadabridge) also renamed.

Build green; 5 Host.Tests fail awaiting SQL login rename in next commit.
Pre-existing StaleTagMonitor timing flakes unchanged.

Rename script committed at tools/rename-to-scadabridge.sh.

tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Design/ExternalSystemFormAuditDrillinTests.cs

@@ -0,0 +1,70 @@
+using System.Security.Claims;
+using Bunit;
+using Microsoft.AspNetCore.Components;
+using Microsoft.AspNetCore.Components.Authorization;
+using Microsoft.Extensions.DependencyInjection;
+using NSubstitute;
+using ZB.MOM.WW.ScadaBridge.Commons.Entities.ExternalSystems;
+using ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Repositories;
+using ZB.MOM.WW.ScadaBridge.Security;
+using ExternalSystemForm = ZB.MOM.WW.ScadaBridge.CentralUI.Components.Pages.Design.ExternalSystemForm;
+
+namespace ZB.MOM.WW.ScadaBridge.CentralUI.Tests.Design;
+
+/// <summary>
+/// Bundle D drill-in test (#23 M7-T12) for the External Systems edit page.
+/// The page-header chip routes operators into the central Audit Log
+/// pre-filtered by Target = external-system name. Create mode has nothing
+/// to drill into yet, so the link is suppressed.
+/// </summary>
+public class ExternalSystemFormAuditDrillinTests : BunitContext
+{
+    private readonly IExternalSystemRepository _repo = Substitute.For<IExternalSystemRepository>();
+
+    public ExternalSystemFormAuditDrillinTests()
+    {
+        Services.AddSingleton(_repo);
+
+        var claims = new[]
+        {
+            new Claim("Username", "tester"),
+            new Claim(JwtTokenService.RoleClaimType, "Design"),
+        };
+        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
+        Services.AddSingleton<AuthenticationStateProvider>(new TestAuthStateProvider(user));
+        Services.AddAuthorizationCore();
+        AuthorizationPolicies.AddScadaBridgeAuthorization(Services);
+    }
+
+    [Fact]
+    public void EditPage_HasRecentAuditActivityLink_WithTargetEqualToSystemName()
+    {
+        _repo.GetExternalSystemByIdAsync(7, Arg.Any<CancellationToken>())
+            .Returns(new ExternalSystemDefinition("ERP-Alpha", "https://erp.example.test", "ApiKey")
+            {
+                Id = 7,
+            });
+
+        var cut = Render<ExternalSystemForm>(p => p.Add(c => c.Id, 7));
+
+        cut.WaitForAssertion(() =>
+        {
+            var link = cut.Find("a[data-test=\"audit-link\"]");
+            Assert.Equal("/audit/log?target=ERP-Alpha", link.GetAttribute("href"));
+            Assert.Contains("Recent audit activity", link.TextContent);
+        });
+    }
+
+    [Fact]
+    public void CreatePage_HasNoRecentAuditActivityLink()
+    {
+        // Create mode (Id is null) — there's no real external system to drill into,
+        // so the link must not render.
+        var cut = Render<ExternalSystemForm>();
+
+        cut.WaitForAssertion(() =>
+        {
+            Assert.Empty(cut.FindAll("a[data-test=\"audit-link\"]"));
+        });
+    }
+}

tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Design/TestRunWarningTests.cs

@@ -0,0 +1,58 @@
+namespace ZB.MOM.WW.ScadaBridge.CentralUI.Tests.Design;
+
+/// <summary>
+/// Regression tests for CentralUI-014. Test Run wires <c>External</c>,
+/// <c>Database</c>, and <c>Notify</c> to central's real services, so a Test Run
+/// has production-equivalent side effects. The finding asked, at minimum, that
+/// this blast radius be surfaced to the user. The Test Run panels in
+/// <c>SharedScriptForm</c> and <c>TemplateEdit</c> carry a prominent
+/// <c>Real I/O</c> badge and an <c>alert-warning</c> block stating the side
+/// effects are real and permanent; <c>ApiMethodForm</c> (Inbound API kind) has
+/// no real-I/O surface at all and correctly omits the badge. These tests pin
+/// that warning so it cannot silently regress.
+/// </summary>
+public class TestRunWarningTests
+{
+    private static string SrcRoot
+    {
+        get
+        {
+            // tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/bin/Debug/net10.0 → repo root.
+            var dir = AppContext.BaseDirectory;
+            for (var i = 0; i < 6 && dir is not null; i++)
+                dir = Directory.GetParent(dir)?.FullName;
+            return Path.Combine(dir!, "src", "ZB.MOM.WW.ScadaBridge.CentralUI",
+                "Components", "Pages", "Design");
+        }
+    }
+
+    private static string Read(string fileName)
+        => File.ReadAllText(Path.Combine(SrcRoot, fileName));
+
+    [Theory]
+    [InlineData("SharedScriptForm.razor")]
+    [InlineData("TemplateEdit.razor")]
+    public void TestRunPanel_WithRealIoSurface_ShowsRealIoBadgeAndWarning(string razorFile)
+    {
+        var markup = Read(razorFile);
+
+        // The "Real I/O" badge on the Test Run panel header.
+        Assert.Contains("Real I/O", markup);
+        // The explicit warning that side effects hit real systems and are permanent.
+        Assert.Contains("alert-warning", markup);
+        Assert.Contains("fire for real", markup);
+        Assert.Contains("Side effects are permanent", markup);
+    }
+
+    [Fact]
+    public void ApiMethodForm_TestRun_HasNoRealIoBadge_BecauseInboundApiHasNoSideEffectSurface()
+    {
+        // The Inbound API sandbox host exposes only Parameters / Route (Route
+        // throws) — there is no External/Database/Notify, so no "Real I/O".
+        var markup = Read("ApiMethodForm.razor");
+
+        Assert.DoesNotContain("Real I/O", markup);
+        // It still warns that Route calls throw.
+        Assert.Contains("alert-warning", markup);
+    }
+}