feat: Enterprise DSS architecture implementation

Complete implementation of enterprise design system validation:

Phase 1 - @dss/rules npm package:
- CLI with validate and init commands
- 16 rules across 5 categories (colors, spacing, typography, components, a11y)
- dss-ignore support (inline and next-line)
- Break-glass [dss-skip] for emergency merges
- CI workflow templates (Gitea, GitHub, GitLab)

Phase 2 - Metrics dashboard:
- FastAPI metrics API with SQLite storage
- Portfolio-wide metrics aggregation
- Project drill-down with file:line:column violations
- Trend charts and history tracking

Phase 3 - Local analysis cache:
- LocalAnalysisCache for offline-capable validation
- Mode detection (LOCAL/REMOTE/CI)
- Stale cache warnings with recommendations

Phase 4 - Project onboarding:
- dss-init command for project setup
- Creates ds.config.json, .dss/ folder structure
- Updates .gitignore and package.json scripts
- Optional CI workflow setup

Architecture decisions:
- No commit-back: CI uploads to dashboard, not git
- Three-tier: Dashboard (read-only) → CI (authoritative) → Local (advisory)
- Pull-based rules via npm for version control

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

packages/dss-rules/templates/gitea-workflow.yml

@@ -0,0 +1,122 @@
+name: DSS Design System Validation
+
+on:
+  push:
+    branches: ['*']
+  pull_request:
+    branches: [main, develop]
+
+env:
+  DSS_MODE: ci
+  DSS_DASHBOARD_URL: ${{ vars.DSS_DASHBOARD_URL || 'https://dss.overbits.luz.uy/api/metrics' }}
+
+jobs:
+  dss-validate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Check for [dss-skip] in commit message
+        id: skip-check
+        run: |
+          COMMIT_MSG=$(git log -1 --pretty=%B)
+          if echo "$COMMIT_MSG" | grep -q "\[dss-skip\]"; then
+            echo "skip=true" >> $GITHUB_OUTPUT
+            echo "::warning::DSS validation skipped via [dss-skip] flag"
+          else
+            echo "skip=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run DSS Rules Validation
+        if: steps.skip-check.outputs.skip != 'true'
+        id: validate
+        run: |
+          # Run validation and capture output
+          npx dss-rules --ci --json src/ > dss-report.json 2>&1 || true
+
+          # Check results
+          ERRORS=$(jq '.totalErrors' dss-report.json)
+          WARNINGS=$(jq '.totalWarnings' dss-report.json)
+
+          echo "errors=$ERRORS" >> $GITHUB_OUTPUT
+          echo "warnings=$WARNINGS" >> $GITHUB_OUTPUT
+
+          # Print summary
+          echo "## DSS Validation Results" >> $GITHUB_STEP_SUMMARY
+          echo "- Errors: $ERRORS" >> $GITHUB_STEP_SUMMARY
+          echo "- Warnings: $WARNINGS" >> $GITHUB_STEP_SUMMARY
+
+          if [ "$ERRORS" -gt 0 ]; then
+            echo "::error::DSS validation failed with $ERRORS errors"
+            exit 1
+          fi
+
+      - name: Check for version drift
+        if: steps.skip-check.outputs.skip != 'true'
+        run: |
+          CURRENT_VERSION=$(npm list @dss/rules --json 2>/dev/null | jq -r '.dependencies["@dss/rules"].version // "unknown"')
+          LATEST_VERSION=$(npm view @dss/rules version 2>/dev/null || echo "unknown")
+
+          if [ "$CURRENT_VERSION" != "$LATEST_VERSION" ] && [ "$LATEST_VERSION" != "unknown" ]; then
+            echo "::warning::@dss/rules version drift detected: using $CURRENT_VERSION, latest is $LATEST_VERSION"
+          fi
+
+      - name: Upload metrics to dashboard
+        if: steps.skip-check.outputs.skip != 'true' && always()
+        run: |
+          if [ -f dss-report.json ]; then
+            # Extract metrics for upload
+            jq '{
+              project: "${{ github.repository }}",
+              branch: "${{ github.ref_name }}",
+              commit: "${{ github.sha }}",
+              timestamp: now | todate,
+              metrics: {
+                totalFiles: .totalFiles,
+                passedFiles: .passedFiles,
+                failedFiles: .failedFiles,
+                totalErrors: .totalErrors,
+                totalWarnings: .totalWarnings,
+                rulesVersion: .rulesVersion
+              },
+              fileResults: [.fileResults[] | {
+                file: .file,
+                errors: (.errors | length),
+                warnings: (.warnings | length),
+                violations: [.errors[], .warnings[] | {
+                  rule: .rule,
+                  line: .line,
+                  column: .column
+                }]
+              }]
+            }' dss-report.json > metrics-payload.json
+
+            # Upload to dashboard (non-blocking)
+            curl -X POST \
+              -H "Content-Type: application/json" \
+              -H "Authorization: Bearer ${{ secrets.DSS_API_TOKEN }}" \
+              -d @metrics-payload.json \
+              "$DSS_DASHBOARD_URL/upload" \
+              --fail-with-body || echo "::warning::Failed to upload metrics to dashboard"
+          fi
+
+      - name: Upload validation report artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dss-validation-report
+          path: dss-report.json
+          retention-days: 30