finalize M06-M12 with Go/SQLite/Synology NAS implementation decisions

DEV_PORTAL_M09_REVIEW.md

@@ -1,8 +1,60 @@
 # Milestone 9: App Review System
 
-**Status**: Planning
+**Status**: Decided
 **Goal**: Automated and manual review process for app submissions.
 
+## Decision
+
+**Go validation workers + SQLite** for self-hosted review pipeline:
+
+```
+Validation:   Go workers with concurrent file processing
+Storage:      SQLite (review state in portal.db)
+Queue:        In-memory channel + SQLite persistence
+UI:           htmx server-rendered pages (admin section)
+```
+
+### Rationale
+
+1. **Go concurrency** - Process multiple files in parallel with goroutines
+2. **Single binary** - No separate queue service needed
+3. **Simple state** - Review state in SQLite alongside app data
+4. **htmx admin UI** - Server-rendered review queue, no SPA needed
+
+### Architecture
+
+```
+┌─────────────────────────────────────────────────────────────────┐
+│                     mosis-portal container                       │
+│  ┌────────────────────────────────────────────────────────────┐ │
+│  │                      Go Binary                              │ │
+│  │  ┌─────────────┐    ┌────────────────┐                     │ │
+│  │  │ Upload API  │───►│ Review Service │                     │ │
+│  │  │ POST /v1/   │    │ - Queue submit │                     │ │
+│  │  │ versions    │    │ - Track state  │                     │ │
+│  │  └─────────────┘    └───────┬────────┘                     │ │
+│  │                             │                               │ │
+│  │  ┌─────────────────────────▼────────────────────────────┐  │ │
+│  │  │           Validation Worker Pool                      │  │ │
+│  │  │  • Tier 1: Package validation (ZIP, manifest, sig)   │  │ │
+│  │  │  • Tier 2: Content validation (RML, RCSS, Lua)       │  │ │
+│  │  │  • Tier 3: Security analysis (patterns, perms)       │  │ │
+│  │  │  • Tier 4: Quality checks (description, icons)       │  │ │
+│  │  └───────────────────────────────────────────────────────┘  │ │
+│  │                             │                               │ │
+│  │  ┌─────────────────────────▼────────────────────────────┐  │ │
+│  │  │              Admin Review UI (htmx)                   │  │ │
+│  │  │  • /admin/review-queue                                │  │ │
+│  │  │  • /admin/review/:id                                  │  │ │
+│  │  └───────────────────────────────────────────────────────┘  │ │
+│  └──────────────────────────────┬─────────────────────────────┘ │
+│                                  │                               │
+│  /volume1/mosis/                 │                               │
+│  ├── data/portal.db  ◄───────────┘                               │
+│  └── packages/{dev}/{app}/{ver}/ (validation target)             │
+└─────────────────────────────────────────────────────────────────┘
+```
+
 ---
 
 ## Overview
@@ -448,23 +500,23 @@ GROUP BY week;
 
 ## Deliverables
 
-- [ ] Validation worker implementation
-- [ ] Dangerous pattern database
-- [ ] Review queue UI
-- [ ] Reviewer tools
+- [x] Review approach decided (Go workers + SQLite + htmx admin)
+- [ ] Validation worker implementation (Go concurrent file processing)
+- [ ] Dangerous pattern database (regex patterns in code)
+- [ ] Review queue UI (htmx server-rendered)
+- [ ] Reviewer tools (file browser, source viewer)
 - [ ] Rejection feedback system
 - [ ] Appeal workflow
-- [ ] Review metrics dashboard
-- [ ] SLA monitoring
+- [ ] Review metrics queries
 
 ---
 
 ## Open Questions
 
-1. Automated approval for trusted developers?
-2. Community moderators?
-3. Content policy document?
-4. Rate limiting resubmissions?
+1. ~~Automated approval for trusted developers?~~ → Yes, after 3+ approved apps
+2. ~~Community moderators?~~ → Defer to post-MVP (single admin for now)
+3. Content policy document? → Create during M12 Docs
+4. ~~Rate limiting resubmissions?~~ → Max 3 resubmits per day per app
 
 ---