feat(i7): async webhook delivery queue, OPS RBAC, UI role routing; docs and runbook

- Architect: I7_DESIGN.md, I7_IMPLEMENTATION_REVIEW.md; parallel index + track B
- Backend: @EnableMethodSecurity; OPS login; CallbackInbox PreAuthorize; IntegrationCatalog triple role
- Webhook: V2 webhook_platform_delivery; planner + scheduler + single-shot forwarder; tests
- Frontend: Pinia hasAnyRole; MainLayout/HomeView/router for OPS vs dev
- Runbook §10.5 delivery config

Made-with: Cursor

services/delivery-platform-api/src/test/java/cn/craftlabs/platform/api/auth/AuthControllerTest.java

@@ -28,6 +28,17 @@ class AuthControllerTest {
                 .andExpect(jsonPath("$.token").exists());
     }
 
+    @Test
+    void opsLoginReturnsOpsRole() throws Exception {
+        mockMvc.perform(
+                        post("/api/v1/auth/login")
+                                .contentType(MediaType.APPLICATION_JSON)
+                                .content("{\"username\":\"ops\",\"password\":\"ops\"}"))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$.token").exists())
+                .andExpect(jsonPath("$.roles[0]").value("OPS"));
+    }
+
     @Test
     void loginFail() throws Exception {
         mockMvc.perform(

services/delivery-platform-api/src/test/java/cn/craftlabs/platform/api/callback/CallbackInboxControllerTest.java

@@ -108,6 +108,17 @@ class CallbackInboxControllerTest {
                 .andExpect(status().isNotFound());
     }
 
+    @Test
+    void developerCannotAccessCallbackInbox() throws Exception {
+        String token = JwtTestSupport.obtainBearerToken(mockMvc, objectMapper, "dev", "dev");
+        mockMvc.perform(
+                        get("/api/v1/callback-inbox")
+                                .header("Authorization", "Bearer " + token)
+                                .param("page", "0")
+                                .param("size", "10"))
+                .andExpect(status().isForbidden());
+    }
+
     private String minimalIngestJson(String externalMessageId) throws Exception {
         ObjectNode root = objectMapper.createObjectNode();
         root.put("schemaVersion", "1.0");

services/delivery-platform-api/src/test/java/cn/craftlabs/platform/api/support/JwtTestSupport.java

@@ -12,11 +12,21 @@ public final class JwtTestSupport {
     private JwtTestSupport() {}
 
     public static String obtainBearerToken(MockMvc mockMvc, ObjectMapper objectMapper) throws Exception {
+        return obtainBearerToken(mockMvc, objectMapper, "admin", "admin");
+    }
+
+    public static String obtainBearerToken(
+            MockMvc mockMvc, ObjectMapper objectMapper, String username, String password) throws Exception {
         MvcResult login =
                 mockMvc.perform(
                                 post("/api/v1/auth/login")
                                         .contentType(MediaType.APPLICATION_JSON)
-                                        .content("{\"username\":\"admin\",\"password\":\"admin\"}"))
+                                        .content(
+                                                "{\"username\":\""
+                                                        + username
+                                                        + "\",\"password\":\""
+                                                        + password
+                                                        + "\"}"))
                         .andReturn();
         String body = login.getResponse().getContentAsString();
         return objectMapper.readTree(body).get("token").asText();