docs(m4): CHANGELOG, README, lessons, spec drift fix, todo tick
- CHANGELOG: added M4 section listing endpoints, CLI, volume, persisted
settings, picker, and the post-spec-review fixes (custom-URL integrity
requirement + /diag/reset consistency + spec drift). Includes the
intentional decisions paragraph (seed-time download not image-baked, read
endpoints unauthenticated-perm-wise, stdlib over httpx).
- README: status bumped to M0–M4, added MITRE quickstart (make seed-mitre +
air-gapped path with --source /data/mitre/<file> + --skip-checksum),
testing-m<N>.md pointer updated to testing-m4.md, roadmap line.
- tasks/spec.md §10 #4: amended "14 tactics Enterprise" → "≥14 tactics
Enterprise (la v19 du pin actuel en ship 15)".
- tasks/lessons.md: 7 M4 lessons captured (stdlib STIX parsing, decoupling
DoD asserts from upstream versions, subtechnique parent resolution, single-
transaction safety, custom-URL footgun mitigation, /diag/reset consistency,
named-volume permission caveat, podman build cache surprise).
- tasks/todo.md: M4 marked ☑.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
37e9e03f02