feat(alerts): Phase 13 — Operational Alert Engine

AlertRule + AlertInstance models (b041alerts migration), 8 pre-seeded system
rules (high_risk x2, stale_technique, coverage_regression, low_coverage,
expiry_wave, new_technique, orphan_spike), evaluation engine with per-rule
cooldown, full alert lifecycle (acknowledge/resolve/dismiss), custom rule CRUD,
and summary endpoint. Rules seeded at app startup.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/main.py

@@ -46,6 +46,7 @@ from app.routers import risk_intelligence as risk_router
 from app.routers import executive_dashboard as dashboard_router
 from app.routers import api_keys as api_keys_router
 from app.routers import sso as sso_router
+from app.routers import operational_alerts as alerts_router
 from app.domain.errors import DomainError
 from app.middleware.error_handler import domain_exception_handler
 from app.middleware.request_context import RequestContextMiddleware
@@ -76,6 +77,15 @@ async def lifespan(app: FastAPI):
         pass
     finally:
         db.close()
+    # Seed operational alert system rules
+    db2 = SessionLocal()
+    try:
+        from app.services.operational_alert_service import seed_system_rules
+        seed_system_rules(db2)
+    except Exception:
+        pass
+    finally:
+        db2.close()
     yield
     # Graceful shutdown of the background scheduler
     scheduler.shutdown(wait=False)
@@ -151,6 +161,7 @@ app.include_router(risk_router.router, prefix="/api/v1")
 app.include_router(dashboard_router.router, prefix="/api/v1")
 app.include_router(api_keys_router.router, prefix="/api/v1")
 app.include_router(sso_router.router, prefix="/api/v1")
+app.include_router(alerts_router.router, prefix="/api/v1")
 
 
 @app.get("/health", include_in_schema=False)