R6(a): de-stage code, docs, READMEs; split stage6_test

Mechanical, behaviour-preserving removal of Stage N / TODO-N / phase (RN)
references from comments, doc-comments, service READMEs, the current-state docs
(ARCHITECTURE, FUNCTIONAL+_ru, TESTING, UI_DESIGN), config-file comments, and the
.fbs/.proto schema comments. PLAN.md / PRERELEASE.md / CLAUDE.md keep the stage
history.

- Rename the only stage-named identifiers: registerStage8 -> registerSocialOps,
  registerStage11 -> registerLinkOps (gateway transcode).
- Split stage6_test.go: TestEmailLoginFlow -> email_test.go,
  TestGuestAutoMatchLeavesNoStats (+ provisionGuest) -> account_test.go.
- Regenerated proto bindings (push.pb.go, telegram_grpc.pb.go) from the de-staged
  .proto comments; FB Go/TS bindings unchanged (flatc strips schema comments).

go build/vet/gofmt clean across modules; integration typecheck and pnpm check green.

deploy/.env.example

@@ -1,6 +1,6 @@
 # Environment for deploy/docker-compose.yml. The CI deploy job (ci.yaml) maps the
-# Gitea TEST_-prefixed secrets/variables onto these unprefixed names; Stage 18
-# maps the PROD_-prefixed set the same way. Copy to deploy/.env for a local run.
+# Gitea TEST_-prefixed secrets/variables onto these unprefixed names; the prod
+# deploy maps the PROD_-prefixed set the same way. Copy to deploy/.env for a local run.
 #
 # Full reference (required vs optional, defaults, secret-vs-variable): deploy/README.md.
 
@@ -17,7 +17,7 @@ LOG_LEVEL=info
 
 # --- Edge / caddy -----------------------------------------------------------
 # Test: ":80" (the host caddy terminates TLS and forwards to scrabble:80 on the
-# external `edge` network). Prod (Stage 18): a domain so caddy does its own ACME.
+# external `edge` network). Prod: a domain so caddy does its own ACME.
 CADDY_SITE_ADDRESS=:80
 GM_BASICAUTH_USER=gm
 GM_BASICAUTH_HASH=                     # required; `caddy hash-password` bcrypt hash

deploy/README.md

@@ -13,7 +13,7 @@ operational reference for **every environment variable**.
 | --- | --- | --- |
 | `caddy` | `caddy:2-alpine` | Edge proxy (alias `scrabble` on `edge`): single `/_gm` Basic-Auth → admin console + Grafana; `/app/`, `/telegram/` + the Connect path → gateway; the catch-all (incl. `/`) → landing. TLS per `CADDY_SITE_ADDRESS`. |
 | `gateway` | built (`gateway/Dockerfile`, target `gateway`) | Public edge; serves the embedded game SPA at `/app/` + `/telegram/`; Connect-RPC edge. `/` redirects to `/app/`. |
-| `landing` | built (`gateway/Dockerfile`, target `landing`) | Static landing page at `/` (caddy:2-alpine + the shared Vite build, `deploy/landing/Caddyfile`); absorbs stray public paths (R3). |
+| `landing` | built (`gateway/Dockerfile`, target `landing`) | Static landing page at `/` (caddy:2-alpine + the shared Vite build, `deploy/landing/Caddyfile`); absorbs stray public paths. |
 | `backend` | built (`backend/Dockerfile`) | Domain service; bakes in the DAWG dictionaries; runs migrations at boot. |
 | `postgres` | `postgres:17-alpine` | Database (named volume, `pg_isready` healthcheck). |
 | `vpn` + `telegram` | sidecar + built (`platform/telegram/Dockerfile`) | Telegram connector; egresses through the AmneziaWG sidecar; internal gRPC at `telegram:9091`. |
@@ -39,7 +39,7 @@ cd deploy && docker compose up -d --build
 
 **In CI** (the test contour) — `.gitea/workflows/ci.yaml`'s `deploy` job maps the
 Gitea **`TEST_`-prefixed** secrets/variables onto the unprefixed names below and
-runs `docker compose up -d --build` on the runner host. Stage 18 (prod) maps the
+runs `docker compose up -d --build` on the runner host. The prod deploy maps the
 **`PROD_`** set the same way. So a Gitea secret named `TEST_POSTGRES_PASSWORD`
 feeds the compose's `POSTGRES_PASSWORD`, etc.
 
@@ -80,7 +80,7 @@ connector **fails at boot** if both are empty.
 | `GRAFANA_ADMIN_PASSWORD` | secret | `admin` | Grafana admin password. Low impact (the login form is disabled, access is anonymous-admin behind caddy) but set it anyway. |
 | `TELEGRAM_GAME_CHANNEL_ID_EN` | variable | _(empty)_ | English game-channel id; empty/`0` disables channel posts. |
 | `TELEGRAM_GAME_CHANNEL_ID_RU` | variable | _(empty)_ | Russian game-channel id; empty/`0` disables channel posts. |
-| `TELEGRAM_TEST_ENV` | _pinned_ | `false` | `true` routes the bot through Telegram's test environment (`.../bot<token>/test/METHOD`). **The CI test contour pins this to `true` in `ci.yaml`** (the contour is the test environment) — it is not a Gitea variable. Set it in `.env` for a local run; prod (Stage 18) leaves it `false`. |
+| `TELEGRAM_TEST_ENV` | _pinned_ | `false` | `true` routes the bot through Telegram's test environment (`.../bot<token>/test/METHOD`). **The CI test contour pins this to `true` in `ci.yaml`** (the contour is the test environment) — it is not a Gitea variable. Set it in `.env` for a local run; prod leaves it `false`. |
 | `TELEGRAM_API_BASE_URL` | variable | _(empty)_ | Override the Bot API host (a mock/self-hosted server); empty = `https://api.telegram.org`. |
 | `GATEWAY_DEFAULT_SUPPORTED_LANGUAGES` | variable | `en,ru` | Variant-gating set for non-Telegram logins (web/email/guest). |
 | `VITE_TELEGRAM_BOT_ID` | variable | _(empty)_ | UI build-arg: numeric bot id for the web Login Widget. |
@@ -114,7 +114,7 @@ resolves both `otelcol` and `api.telegram.org`. `GATEWAY_ADMIN_*` is intentional
 - **Host caddy** route `<domain> → scrabble:80` (the in-compose caddy serves HTTP
   in the test contour; the host caddy terminates TLS). Not needed on prod, where the
   contour caddy owns TLS (set `CADDY_SITE_ADDRESS` to the domain).
-- **Branch protection** requires the single status check `CI / gate` (Stage 17).
+- **Branch protection** requires the single status check `CI / gate`.
   The `unit` / `integration` / `ui` jobs are path-conditional (they skip when their
   code did not change), and the always-running `gate` job aggregates them (passing
   when each succeeded or was skipped), so a skipped job never blocks a merge. See

deploy/caddy/Caddyfile

@@ -2,11 +2,11 @@
 # every operator surface under /_gm (the backend-rendered admin console and the
 # Grafana subpath); the game SPA (/app/, /telegram/) and the Connect edge go to
 # the gateway; the catch-all — notably the public landing at / — goes to the
-# static landing container (R3), so stray traffic never reaches the Go edge.
+# static landing container, so stray traffic never reaches the Go edge.
 # Mirrors ../galaxy-game's /_gm model.
 #
 # CADDY_SITE_ADDRESS is ":80" in the test contour (the host caddy terminates TLS
-# and forwards); set it to a domain in prod (Stage 18) so this caddy does its own
+# and forwards); set it to a domain in prod so this caddy does its own
 # ACME and the contour is self-contained.
 {
 	admin off
@@ -14,7 +14,7 @@
 	# (chat moderation + per-IP rate limiting in the gateway). Test contour: the host caddy
 	# (a private IP) is trusted, so its forwarded client IP is preserved. Prod (no host caddy):
 	# clients connect from public IPs, which are NOT trusted, so Caddy uses the real peer —
-	# the same config is correct (and spoof-safe) in both contours (Stage 17).
+	# the same config is correct (and spoof-safe) in both contours.
 	servers {
 		trusted_proxies static private_ranges
 	}

deploy/docker-compose.yml

@@ -17,7 +17,7 @@
 #   - `edge` (external): the host caddy reaches this contour at `scrabble:80`
 #     (the in-compose caddy's alias). The in-compose caddy terminates only HTTP in
 #     the test contour; the host caddy terminates TLS and forwards. For prod
-#     (Stage 18, no host caddy) set CADDY_SITE_ADDRESS to the domain so the caddy
+#     (no host caddy) set CADDY_SITE_ADDRESS to the domain so the caddy
 #     does its own ACME — the contour is then self-contained.
 #   - The connector egresses to api.telegram.org through the `vpn` sidecar
 #     (network_mode: service:vpn); it answers internal gRPC at `telegram:9091`.
@@ -102,7 +102,7 @@ services:
     networks: [internal]
 
   # --- Landing (static) -------------------------------------------------------
-  # The public landing page in its own caddy container (R3): the contour caddy
+  # The public landing page in its own caddy container: the contour caddy
   # routes the catch-all (notably /) here, the gateway keeps only /app/,
   # /telegram/ and the Connect edge. Shares the gateway Dockerfile's UI build
   # stage — identical build args keep that stage a single cached build.

deploy/grafana/dashboards/edge-ux.json

@@ -37,8 +37,8 @@
     },
     {
       "type": "timeseries",
-      "title": "Rate limiting — request rate vs rejections (R3)",
-      "description": "Aggregate only (no per-user labels, the Stage 12/17 discipline): total edge request rate against the limiter rejection rate by class. Per-key detail lives in the admin console's Throttled view.",
+      "title": "Rate limiting — request rate vs rejections",
+      "description": "Aggregate only (no per-user labels): total edge request rate against the limiter rejection rate by class. Per-key detail lives in the admin console's Throttled view.",
       "gridPos": { "h": 8, "w": 24, "x": 0, "y": 16 },
       "fieldConfig": { "defaults": { "unit": "reqps" }, "overrides": [] },
       "datasource": { "type": "prometheus", "uid": "prometheus" },

deploy/landing/Caddyfile

@@ -1,4 +1,4 @@
-# Static landing container (R3). Serves the public landing page and the built
+# Static landing container. Serves the public landing page and the built
 # assets it references at /; the game SPA (/app/, /telegram/) and the Connect
 # edge stay on the gateway. The contour caddy routes the catch-all here, so
 # stray public paths are absorbed by static file serving and never reach the Go