feat(enforce): complete enforcement loop with script/CI generators and docs update

[kschlt]

Why

ADR enforcement currently requires manual setup of validation scripts and CI pipelines. Teams approve ADRs but have no automated path from policy definitions to running checks in CI. This closes the loop: approved ADRs automatically produce runnable enforcement infrastructure. Project documentation still referenced enforcement as planned — it now accurately reflects the current state.

Approach

Built in three layers:

1. Reporter + Architecture checks — A structured JSON reporter (EnforcementReport Pydantic model) gives CI and agents machine-readable output with fix suggestions and ADR references. Architecture layer boundary enforcement detects cross-layer imports in Python and JS/TS using regex-based import parsing with glob/directory-name file filtering. Enriched the Violation dataclass with adr_title and fix_suggestion across all check types.

2. Script + CI workflow generators — ScriptGenerator produces standalone stdlib-only Python validation scripts from ADR policies (import, pattern, architecture, structure checks) with a validate_all.py runner outputting JSON per the EnforcementReport schema. CIWorkflowGenerator produces GitHub Actions YAML that runs enforcement, posts structured PR comments, and fails on violations. Both use managed-file headers for safe regeneration.

3. Documentation update — Updated CHANGELOG, ROADMAP, README, and TECHNICAL to reflect the completed enforcement loop, staged enforcement, and DX polish as implemented (not planned). Restructured ROADMAP: moved 3 completed items to "Recently Completed", new "Up Next" = pattern linter adapters + config enforcement. Updated policy schema status table, added enforcement CLI commands to TECHNICAL, fixed test count (187→309), added 2 FAQ entries about staged enforcement and CI generation.

Key trade-off: generated scripts use only stdlib so they run anywhere without installing adr-kit as a dependency in the target project's CI.

What Was Tested

• Reporter serialization: round-trip JSON output with violations, fix suggestions, and ADR references
• Architecture layer checks: cross-layer import detection for Python and JS/TS, boundary rule parsing
• Script generator: 26 tests covering all check types via subprocess execution of generated scripts
• CI workflow generator: YAML structure, PR comment formatting, managed-file header detection
• Integration with approval workflow: script generation triggered on ADR approval
• Documentation: verified no remaining references to enforcement as "planned" or "on the roadmap"

Risks

• Regex-based import detection may miss aliased or dynamic imports — acceptable for a first pass, documented as a known limitation
• Generated scripts are standalone and may drift from the core validator logic over time