chore: implement instruction compliance remediation

- Replace Go interface{} with any (Go 1.18+ standard)
- Add database indexes to frequently queried model fields
- Add JSDoc documentation to frontend API client methods
- Remove deprecated docker-compose version keys
- Add concurrency groups to all 25 GitHub Actions workflows
- Add YAML front matter and fix H1→H2 headings in docs

Coverage: Backend 85.5%, Frontend 87.73%
Security: No vulnerabilities detected

Refs: docs/plans/instruction_compliance_spec.md

frontend/src/api/securityHeaders.ts

@@ -80,7 +80,9 @@ export interface ApplyPresetRequest {
 // API Functions
 export const securityHeadersApi = {
   /**
-   * List all security header profiles
+   * Lists all security header profiles.
+   * @returns Promise resolving to array of SecurityHeaderProfile objects
+   * @throws {AxiosError} If the request fails
    */
   async listProfiles(): Promise<SecurityHeaderProfile[]> {
     const response = await client.get<{profiles: SecurityHeaderProfile[]}>('/security/headers/profiles');
@@ -88,7 +90,10 @@ export const securityHeadersApi = {
   },
 
   /**
-   * Get a single profile by ID or UUID
+   * Gets a single security header profile by ID or UUID.
+   * @param id - The profile ID (number) or UUID (string)
+   * @returns Promise resolving to the SecurityHeaderProfile object
+   * @throws {AxiosError} If the request fails or profile not found
    */
   async getProfile(id: number | string): Promise<SecurityHeaderProfile> {
     const response = await client.get<{profile: SecurityHeaderProfile}>(`/security/headers/profiles/${id}`);
@@ -96,7 +101,10 @@ export const securityHeadersApi = {
   },
 
   /**
-   * Create a new security header profile
+   * Creates a new security header profile.
+   * @param data - CreateProfileRequest with profile configuration
+   * @returns Promise resolving to the created SecurityHeaderProfile
+   * @throws {AxiosError} If creation fails or validation errors occur
    */
   async createProfile(data: CreateProfileRequest): Promise<SecurityHeaderProfile> {
     const response = await client.post<{profile: SecurityHeaderProfile}>('/security/headers/profiles', data);
@@ -104,7 +112,11 @@ export const securityHeadersApi = {
   },
 
   /**
-   * Update an existing profile
+   * Updates an existing security header profile.
+   * @param id - The profile ID to update
+   * @param data - Partial CreateProfileRequest with fields to update
+   * @returns Promise resolving to the updated SecurityHeaderProfile
+   * @throws {AxiosError} If update fails or profile not found
    */
   async updateProfile(id: number, data: Partial<CreateProfileRequest>): Promise<SecurityHeaderProfile> {
     const response = await client.put<{profile: SecurityHeaderProfile}>(`/security/headers/profiles/${id}`, data);
@@ -112,14 +124,18 @@ export const securityHeadersApi = {
   },
 
   /**
-   * Delete a profile (not presets)
+   * Deletes a security header profile.
+   * @param id - The profile ID to delete (cannot delete preset profiles)
+   * @throws {AxiosError} If deletion fails, profile not found, or is a preset
    */
   async deleteProfile(id: number): Promise<void> {
     await client.delete(`/security/headers/profiles/${id}`);
   },
 
   /**
-   * Get built-in presets
+   * Gets all built-in security header presets.
+   * @returns Promise resolving to array of SecurityHeaderPreset objects
+   * @throws {AxiosError} If the request fails
    */
   async getPresets(): Promise<SecurityHeaderPreset[]> {
     const response = await client.get<{presets: SecurityHeaderPreset[]}>('/security/headers/presets');
@@ -127,7 +143,10 @@ export const securityHeadersApi = {
   },
 
   /**
-   * Apply a preset to create/update a profile
+   * Applies a preset to create or update a security header profile.
+   * @param data - ApplyPresetRequest with preset type and profile name
+   * @returns Promise resolving to the created/updated SecurityHeaderProfile
+   * @throws {AxiosError} If preset application fails
    */
   async applyPreset(data: ApplyPresetRequest): Promise<SecurityHeaderProfile> {
     const response = await client.post<{profile: SecurityHeaderProfile}>('/security/headers/presets/apply', data);
@@ -135,7 +154,10 @@ export const securityHeadersApi = {
   },
 
   /**
-   * Calculate security score for given settings
+   * Calculates the security score for given header settings.
+   * @param config - Partial CreateProfileRequest with settings to evaluate
+   * @returns Promise resolving to ScoreBreakdown with score, max, breakdown, and suggestions
+   * @throws {AxiosError} If calculation fails
    */
   async calculateScore(config: Partial<CreateProfileRequest>): Promise<ScoreBreakdown> {
     const response = await client.post<ScoreBreakdown>('/security/headers/score', config);
@@ -143,7 +165,10 @@ export const securityHeadersApi = {
   },
 
   /**
-   * Validate a CSP string
+   * Validates a Content Security Policy string.
+   * @param csp - The CSP string to validate
+   * @returns Promise resolving to object with validity status and any errors
+   * @throws {AxiosError} If validation request fails
    */
   async validateCSP(csp: string): Promise<{ valid: boolean; errors: string[] }> {
     const response = await client.post<{ valid: boolean; errors: string[] }>('/security/headers/csp/validate', { csp });
@@ -151,7 +176,10 @@ export const securityHeadersApi = {
   },
 
   /**
-   * Build a CSP string from directives
+   * Builds a Content Security Policy string from directives.
+   * @param directives - Array of CSPDirective objects to combine
+   * @returns Promise resolving to object containing the built CSP string
+   * @throws {AxiosError} If build request fails
    */
   async buildCSP(directives: CSPDirective[]): Promise<{ csp: string }> {
     const response = await client.post<{ csp: string }>('/security/headers/csp/build', { directives });