stable-v1.0.7 — doc batch (6 MRs since stable-v1.0.6) Stability checkpoint covering 6 svc docs MRs after stable-v1.0.6. UI unchanged. doc: - !114 — README "two windows" metaphor clarified + TASKS.md retire stable-v1.0.6 batch + audit refresh. - !115 — technologies.md: Temurin per-distribution justification table (vs Oracle JDK / Corretto / Zulu CE / Liberica / MS Build / Semeru / GraalVM CE) + Maven Central duplicate dedup + Redis/Caffeine/Kafka stack consolidation (one entry per stack: service + Spring integration co-located) + Zipkin ghost cleanup (5 dangling refs, 4 pedagogical "not used" mentions kept) + README Caffeine vs Redis vs Postgres decision matrix. - !116 — Trivy + Grype + syft 3-tool sandwich block (replaces 3 siloed entries with one unified chain explaining DBs differ + matchers differ → both run, ~30s each). - !117 — technologies.md schema: Pairs-with optional 4th field documented; Concreteness rule for "Why it's pertinent" (no battle-tested / industry-standard filler — measured benefit OR named alternative rejected OR failure mode prevented OR ADR); Passive voice rule (no "we picked / we did NOT" — "X has been rejected because…"). First-pass on 4 entries (Spring Boot 4, Spring MVC, HikariCP, Redis). README rewrite: Step-by-step (manual) was buggy (port-8080 collision between docker compose app + ./run.sh app) + stale (./run.sh obs missing --profile observability) — fixed. Running locally bash code block → table to fix the "test" syntax-highlighter colour leak. - !118 — README ADR consolidation: one canonical "Architecture Decision Records (ADRs)" subsection (39 ADRs, Michael Nygard format, links to glossaries). 5 redundant filler mentions trimmed; trade-offs table per-row ADR-NNNN links kept. Mirror in README.fr.md. - !119 — technologies.md cert/PKI regrouping: Fulcio moved from Auth → CI/CD next to cosign (new "Image signing chain" block); JWKS moved from Networking → Auth next to JWT; new 3-flow Auth intro (built-in HS256 / IdP RS256+JWKS / WIF); Pairs-with cross-refs across the cert axis (JWT↔JWKS↔JJWT↔OAuth2RS; IdP↔JWKS↔OIDC; WIF↔Fulcio parallel pattern; cosign↔Fulcio↔3-tool sandwich). No code changes. No CI changes (the !117 sonar-only-main fix was already in stable-v1.0.6).