docs: README + component cross-references for Transport (#24)

CLAUDE.md

@@ -41,7 +41,7 @@ When a change is requested, the default assumption is: update the design doc *an
 - Commit related changes together with a descriptive message summarizing the design decision and the implementation slice.
 - After non-trivial code changes, build (`dotnet build ScadaLink.slnx`) and run relevant tests before declaring done; for cluster-runtime changes, rebuild the image with `bash docker/deploy.sh`.
 
-## Current Component List (23 components)
+## Current Component List (24 components)
 
 1. Template Engine — Template modeling, inheritance, composition, validation, flattening, diffs.
 2. Deployment Manager — Central-side deployment pipeline, system-wide artifact deployment, instance lifecycle.
@@ -66,6 +66,7 @@ When a change is requested, the default assumption is: update the design doc *an
 21. Notification Outbox — Central component ingesting store-and-forwarded notifications, `Notifications` audit table, dispatcher loop, retry/parking, delivery KPIs.
 22. Site Call Audit — Central component auditing site cached calls (`CachedCall`/`CachedWrite`); `SiteCalls` audit table, telemetry ingest, reconciliation, KPIs, central→site Retry/Discard relay; sites remain the source of truth.
 23. Audit Log — Central append-only AuditLog table spanning every script-trust-boundary action (outbound API sync+cached, outbound DB sync+cached, notifications, inbound API). Site SQLite hot-path + gRPC telemetry + reconciliation; combined telemetry with Site Call Audit; central direct-write for Notification Outbox dispatch + Inbound API; monthly partitioning, 365-day retention.
+24. Transport — File-based, encrypted bundle export/import via Central UI. Templates, system artifacts, central-only configuration. Per-conflict resolution. Correlated audit via `BundleImportId`. No site involvement.
 
 ## Key Design Decisions (for context across sessions)
 

README.md

@@ -57,6 +57,7 @@ This document serves as the master index for the SCADA system design. The system
 | 21 | Notification Outbox | [docs/requirements/Component-NotificationOutbox.md](docs/requirements/Component-NotificationOutbox.md) | Central component ingesting store-and-forwarded notifications into the `Notifications` audit table, with `NotificationOutboxActor` singleton dispatcher, per-type delivery adapters, retry/parking, status tracking, daily purge, and delivery KPIs. |
 | 22 | Site Call Audit | [docs/requirements/Component-SiteCallAudit.md](docs/requirements/Component-SiteCallAudit.md) | Central component auditing site cached calls (`ExternalSystem.CachedCall`/`Database.CachedWrite`) into the `SiteCalls` audit table, with `SiteCallAuditActor` singleton, telemetry ingest, periodic reconciliation, point-in-time KPIs, daily purge, and central→site Retry/Discard relay for parked calls. |
 | 23 | Audit Log | [docs/requirements/Component-AuditLog.md](docs/requirements/Component-AuditLog.md) | New central append-only AuditLog spanning every script-trust-boundary action (outbound API sync+cached, outbound DB sync+cached, notifications, inbound API). Site-local SQLite hot-path append + gRPC telemetry + central reconciliation; combined telemetry packet with Site Call Audit; central direct-write for Notification Outbox dispatch + Inbound API middleware; monthly partitioning, 365-day default retention. |
+| 24 | Transport | [docs/requirements/Component-Transport.md](docs/requirements/Component-Transport.md) | Bundle export/import for templates, shared scripts, external systems, central-only artifacts. AES-256-GCM encryption; per-conflict resolution on import; correlated audit trail. |
 
 ### Reference Documentation
 

docs/requirements/Component-CentralUI.md

@@ -81,6 +81,10 @@ Central cluster only. Sites have no user interface.
 - Manage inbound API keys (create, enable / disable, delete) and define API methods (name, parameters, return values, approved keys, implementation script).
 - The API key detail page includes a **"Recent calls"** link that opens the Audit Log page pre-filtered to `Actor = <key name>` and `Channel = ApiInbound` — surfacing the key's recent inbound-call audit history.
 
+### Bundle Export / Import (Design Role for export, Admin Role for import)
+- `Export Bundle` (`/design/transport/export`) — multi-step wizard for exporting a `.scadabundle` artifact containing templates, shared scripts, external systems, and central-only configuration. Visible to users with `RequireDesign`.
+- `Import Bundle` (`/design/transport/import`) — multi-step wizard for uploading and applying a `.scadabundle` into the current environment, with per-artifact diff review and conflict resolution. Visible to users with `RequireAdmin`.
+
 ### Area Management (Admin Role)
 - Define hierarchical area structures per site.
 - Parent-child area relationships.

docs/requirements/Component-ConfigurationDatabase.md

@@ -183,6 +183,7 @@ Template Engine: Update Template
 | **EntityId** | String | Unique identifier of the entity. |
 | **EntityName** | String | Human-readable name (for display without deserializing state). |
 | **State** | nvarchar(max) | Entity state after the change, serialized as JSON. Null for deletes. |
+| **BundleImportId** | uniqueidentifier NULL | Correlation column threading every per-entity audit row written during a Transport bundle import back to the parent `BundleImported` event. Indexed via `IX_AuditLogEntries_BundleImportId`. Null for all rows not written as part of a bundle import. |
 
 ### State Serialization
 

docs/requirements/Component-DeploymentManager.md

@@ -151,3 +151,4 @@ The Deployment Manager sends the following commands to sites via the Communicati
 - **Template Engine**: Provides resolved and validated configurations.
 - **Site Runtime**: Receives and applies configurations and lifecycle commands.
 - **Health Monitoring**: Deployment failures contribute to site health status.
+- **Transport (#24)**: Does not invoke Deployment Manager directly. Transport-driven template changes propagate to deployed instances through the existing revision-hash drift detection in `DeploymentService.CompareAsync`; the Deployments page surfaces affected instances as stale automatically.

docs/requirements/Component-Security.md

@@ -121,3 +121,4 @@ Central cluster. Sites do not have user-facing interfaces and do not perform ind
 - **Deployment Manager**: Deployment role enforcement with site scoping.
 - **All central components**: Role checks are a cross-cutting concern applied at the API layer.
 - **Management Service**: The ManagementActor enforces role-based authorization on every incoming command using the authenticated user identity carried in the message envelope. The CLI authenticates users via the same LDAP bind mechanism and passes the user's identity (username, roles, permitted sites) in every request message. The ManagementActor applies the same role and site-scoping rules as the Central UI — no separate authentication path exists on the server side.
+- **Transport (#24)**: Provides the `RequireDesign` policy (export) and `RequireAdmin` policy (import) enforced at both the Razor page layer and inside the `ScadaLink.Transport` service entrypoints.

docs/requirements/Component-TemplateEngine.md

@@ -184,3 +184,4 @@ For shared scripts, pre-compilation validation is performed before deployment. S
 
 - **Deployment Manager**: Requests flattened configurations, diffs, and validation results from the Template Engine.
 - **Central UI**: Provides the data model for template authoring, instance management, and on-demand validation.
+- **Transport (#24)**: Reads templates, attributes, alarms, scripts, and composition relationships for bundle export; writes the same via repositories during bundle import.