refactor(org): update container registry, FQDNs, and add agent UUIDs

- Migrate container registry from ghcr.io to git.farh.net
- Update environment FQDNs: cartsnitch.farh.net → cartsnitch.com, etc.
- Add UUIDs to all agent role references for handoff protocol accuracy
- Add Agent Roster table to CLAUDE.md for quick reference

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

skills/coding-standards/SKILL.md

@@ -56,7 +56,7 @@ CartSnitch CI uses **CalVer** (`YYYY.MM.DD[.N]`) for image tags. The CI also pub
 
 ## Container images
 
-Push to `ghcr.io/cartsnitch/<service>` only. Never Docker Hub for first-party images.
+Push to `git.farh.net/cartsnitch/<service>` only. Never Docker Hub for first-party images.
 
 ## Task decomposition (for delegators)
 

skills/sdlc/SKILL.md

@@ -63,14 +63,14 @@ Gitea branch protection requires CI checks (lint, test, build-and-push). Governa
 ## PR review & merge policy
 
 ### Dev branch (`dev`)
-- **QA** (Checkout Charlie) reviews the PR. Approve → hand to CTO. Fail → back to engineer directly with exact details.
-- **CTO** (Savannah Savings) reviews. Approve → CTO merges the `dev` PR. Fail → back to engineer.
+- **QA** (Checkout Charlie `9b6012d0-0406-417e-bb22-78266a6e7f77`) reviews the PR. Approve → hand to CTO. Fail → back to engineer directly with exact details.
+- **CTO** (Savannah Savings `6ec1a5a9-113c-430b-90e6-260d60d79e1d`) reviews. Approve → CTO merges the `dev` PR. Fail → back to engineer.
 
 ### UAT branch (`uat`)
 - **CTO** opens and merges a `dev` → `uat` PR (single approval).
 
 ### Main branch (`main`)
-- **CEO** (Coupon Carl) reviews and merges the `uat` → `main` PR.
+- **CEO** (Coupon Carl `cd91facf-8f4c-4cbd-b8d8-b48da5b50727`) reviews and merges the `uat` → `main` PR.
 
 `@cpfarhood` is cc'd for visibility on all PRs — never as a reviewer.
 
@@ -79,7 +79,7 @@ Gitea branch protection requires CI checks (lint, test, build-and-push). Governa
 ### Product analysis (feature intake)
 
 * Feature requests arrive at the CEO via Paperclip or Gitea Issues.
-* CEO delegates to CMO (Markdown Martha) for review.
+* CEO delegates to CMO (Markdown Martha `46614fb2-6d29-4ea3-bc46-4a3b94086e3c`) for review.
 * CMO: Accepted → CEO routes to CTO for work breakdown. Backlogged → CEO handles prioritization. Denied → closed as unplanned.
 * CTO breaks accepted work into atomic tasks and assigns to Engineering.
 
@@ -87,35 +87,35 @@ Gitea branch protection requires CI checks (lint, test, build-and-push). Governa
 
 1. **Engineer** branches from `dev`, writes code. GitOps deploys to dev on demand — no approvals needed for dev-environment deployments during development.
 2. **Engineer** opens a PR against `dev`. CI must pass.
-3. **QA (Checkout Charlie)** reviews the PR. Fail → back to engineer.
+3. **QA (Checkout Charlie `9b6012d0-0406-417e-bb22-78266a6e7f77`)** reviews the PR. Fail → back to engineer.
 4. QA approves and hands off to CTO.
-5. **CTO (Savannah Savings)** reviews the PR. Fail → back to engineer.
+5. **CTO (Savannah Savings `6ec1a5a9-113c-430b-90e6-260d60d79e1d`)** reviews the PR. Fail → back to engineer.
 6. **CTO** merges the dev PR.
-7. **CI** builds and deploys automatically to Dev (`https://cartsnitch.dev.farh.net`).
+7. **CI** builds and deploys automatically to Dev (`https://dev.cartsnitch.com`).
 
 ### Phase 2 — UAT promotion
 
 8. **CTO** opens and merges a PR from `dev` to `uat`.
-9. **CI** builds and deploys automatically to UAT (`https://cartsnitch.uat.farh.net`).
-10. **CTO** creates a UAT regression task for **Deal Dottie** immediately after promoting.
+9. **CI** builds and deploys automatically to UAT (`https://uat.cartsnitch.com`).
+10. **CTO** creates a UAT regression task for **Deal Dottie (`161fb3bb-0332-4381-b67d-7c4b92a91133`)** immediately after promoting.
 
 ### Phase 3 — UAT testing & security
 
-11. **UAT (Deal Dottie)** runs full regression against UAT — every feature, old and new, no exceptions.
+11. **UAT (Deal Dottie `161fb3bb-0332-4381-b67d-7c4b92a91133`)** runs full regression against UAT — every feature, old and new, no exceptions.
 12. UAT fail → CTO redistributes to engineer (return to Phase 1).
-13. UAT pass → **Security Engineer (Stockboy Steve)** performs a security code review of the changes.
+13. UAT pass → **Security Engineer (Stockboy Steve `d59d4b24-3cc3-4616-a23a-2b4776a489ca`)** performs a security code review of the changes.
 14. Security fail → CTO redistributes to engineer (return to Phase 1).
 
 ### Phase 4 — Production
 
-15. Security pass → **CEO (Coupon Carl)** reviews and merges the production PR (`uat → main`). Fail → back to CTO.
-16. **CI** deploys automatically to Production (`https://cartsnitch.farh.net`).
+15. Security pass → **CEO (Coupon Carl `cd91facf-8f4c-4cbd-b8d8-b48da5b50727`)** reviews and merges the production PR (`uat → main`). Fail → back to CTO.
+16. **CI** deploys automatically to Production (`https://cartsnitch.com`).
 
 ### Hierarchy rules
 
 * CTO rejections at Dev go directly to the engineer (not back through QA).
-* UAT failures (Deal Dottie) go to CTO — CTO cascades to engineer.
-* Security failures (Stockboy Steve) go to CTO — CTO cascades to engineer.
+* UAT failures (Deal Dottie `161fb3bb-0332-4381-b67d-7c4b92a91133`) go to CTO — CTO cascades to engineer.
+* Security failures (Stockboy Steve `d59d4b24-3cc3-4616-a23a-2b4776a489ca`) go to CTO — CTO cascades to engineer.
 * CEO rejections at Prod go to CTO.
 
 > **Note on penetration testing:** Stockboy Steve performs scheduled penetration testing against Prod independently of the PR workflow. Board-authorized. Not triggered per-PR.
@@ -156,12 +156,12 @@ Without this release, the receiving agent cannot check out the issue.
 
 ## Infrastructure
 
-* **Production:** namespace `cartsnitch`, FQDN `cartsnitch.farh.net`
-* **UAT:** namespace `cartsnitch-uat`, FQDN `cartsnitch.uat.farh.net`
-* **Dev:** namespace `cartsnitch-dev`, FQDN `cartsnitch.dev.farh.net`
+* **Production:** namespace `cartsnitch`, FQDN `cartsnitch.com`
+* **UAT:** namespace `cartsnitch-uat`, FQDN `uat.cartsnitch.com`
+* **Dev:** namespace `cartsnitch-dev`, FQDN `dev.cartsnitch.com`
 * **Cluster:** Kubernetes — cluster-wide read; read/write on `cartsnitch-dev` and `cartsnitch-uat`; read-only on `cartsnitch` (production).
 * **Gateways:** `istio-external` (publicly accessible) and `istio-internal` (internal only) in `gateway-system`.
-* **Container registry:** `ghcr.io/cartsnitch/<service>` only.
+* **Container registry:** `git.farh.net/cartsnitch/<service>` only.
 
 ## Authentication
 
@@ -175,7 +175,7 @@ Without this release, the receiving agent cannot check out the issue.
 **Stage 1 — CI (runs in each application repo):**
 - Triggered automatically on every merge to `main`
 - Builds and tags the Docker image: CalVer (`YYYY.MM.DD[.N]`), `latest`, and `sha-<hash>`
-- Pushes tagged images to `ghcr.io/cartsnitch/<service>`
+- Pushes tagged images to `git.farh.net/cartsnitch/<service>`
 - Creates a CalVer git tag in the source repo
 
 **Stage 2 — GitOps (Flux, managed externally):**
@@ -210,8 +210,8 @@ These are the only acceptable choices — alternatives are policy violations:
 * **Cache / pub-sub:** DragonflyDB Operator — no Redis.
 * **Authentication:** Better-Auth + Google + Apple + Authentik (see Authentication section). Never build custom auth.
 * **Dependency updates:** Mend Renovate. **Dependabot is not used and will not be used.** Do not configure it.
-* **Container registry:** `ghcr.io/cartsnitch/<service>` — no Docker Hub for first-party images.
-* **Browser automation:** the `playwright` MCP server (`http://playwright:8931/mcp`). Never run Playwright locally or install browser binaries. Target dev (`cartsnitch.dev.farh.net`) — never test production.
+* **Container registry:** `git.farh.net/cartsnitch/<service>` — no Docker Hub for first-party images.
+* **Browser automation:** the `playwright` MCP server (`http://playwright:8931/mcp`). Never run Playwright locally or install browser binaries. Target dev (`dev.cartsnitch.com`) — never test production.
 
 If a task requires deviating from any of the above, treat it as a destructive action: stop, file an issue with rationale, request board approval.