Phase 1 WP-2–10: Repositories, audit service, security & auth (LDAP, JWT, roles, policies, data protection)

- WP-2: SecurityRepository + CentralUiRepository with audit log queries
- WP-3: AuditService with transactional guarantee (same SaveChangesAsync)
- WP-4: Optimistic concurrency tests (deployment records vs template last-write-wins)
- WP-5: Seed data (SCADA-Admins → Admin role mapping)
- WP-6: LdapAuthService (direct bind, TLS enforcement, group query)
- WP-7: JwtTokenService (HMAC-SHA256, 15-min refresh, 30-min idle timeout)
- WP-8: RoleMapper (LDAP groups → roles with site-scoped deployment)
- WP-9: Authorization policies (Admin/Design/Deployment + site scope handler)
- WP-10: Shared Data Protection keys via EF Core
141 tests pass, zero warnings.

src/ScadaLink.ConfigurationDatabase/ServiceCollectionExtensions.cs

@@ -1,5 +1,10 @@
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
+using ScadaLink.Commons.Interfaces.Repositories;
+using ScadaLink.Commons.Interfaces.Services;
+using ScadaLink.ConfigurationDatabase.Repositories;
+using ScadaLink.ConfigurationDatabase.Services;
 
 namespace ScadaLink.ConfigurationDatabase;
 
@@ -13,6 +18,13 @@ public static class ServiceCollectionExtensions
         services.AddDbContext<ScadaLinkDbContext>(options =>
             options.UseSqlServer(connectionString));
 
+        services.AddScoped<ISecurityRepository, SecurityRepository>();
+        services.AddScoped<ICentralUiRepository, CentralUiRepository>();
+        services.AddScoped<IAuditService, AuditService>();
+
+        services.AddDataProtection()
+            .PersistKeysToDbContext<ScadaLinkDbContext>();
+
         return services;
     }