docs: remove ADR-006 drift tables, finalize all doc statuses to stable

docs/architecture/README.md

@@ -1,5 +1,5 @@
 ---
-status: draft
+status: stable
 last_updated: 2026-05-11
 ---
 

docs/architecture/adapters.md

@@ -1,5 +1,5 @@
 ---
-status: draft
+status: stable
 last_updated: 2026-05-11
 ---
 

docs/architecture/api-surface.md

@@ -1,5 +1,5 @@
 ---
-status: draft
+status: stable
 last_updated: 2026-05-11
 ---
 
@@ -367,22 +367,3 @@ See [adapters.md](adapters.md) for detailed adapter documentation.
 | `MCPClientLoader` | `from-mcp` sub-path | Manage multiple MCP servers |
 | `scanOperations` | Main barrel | Filesystem auto-discovery of operation specs |
 
-## Source vs. Spec Drift
-
-This section documents differences between the architecture spec (this document) and the current source code.
-
-### ADR-005 (Response Envelopes) — ✅ Implemented
-
-All ADR-005 changes have been implemented in source. No remaining drift.
-
-### ADR-006 (Unified Invocation Path) — ✅ Implemented in source
-
-| What | Spec says | Source now does |
-|------|----------|----------------|
-| `execute()` access control | Checks `accessControl` when `identity` present; `ACCESS_DENIED` when `requiredScopes` non-empty and no `identity` | ✅ Implemented — checks access control unless `context.trusted` |
-| `execute()` error type | Throws `CallError` | ✅ `CallError(OPERATION_NOT_FOUND)`, `CallError(ACCESS_DENIED)`, `CallError(VALIDATION_ERROR)` |
-| `buildEnv()` | Always uses `execute()`, no `callMap` option | ✅ `callMap` removed, always calls `registry.execute()` with `trusted: true` |
-| `CallHandler` | Thin adapter calling `registry.execute()` | ✅ Delegates to `registry.execute()`, publishes events |
-| `OperationContext.trusted` | New field for nested call auth bypass | ✅ Added to `OperationContextSchema` and type |
-| `subscribe()` access control | Checks access control when `identity` present | ✅ Implemented — same logic as `execute()` |
-| `checkAccess()` export | Available for external use | ✅ Exported from `call.ts` and `index.ts` |

docs/architecture/call-protocol.md

@@ -1,5 +1,5 @@
 ---
-status: draft
+status: stable
 last_updated: 2026-05-11
 ---
 
@@ -302,25 +302,6 @@ The `subscribe()` function looks up both spec and handler separately from the re
 
 This allows spec-only registration for scenarios where handlers are provided separately (e.g., ujsx host interpretation, dynamic handler injection).
 
-## Source vs. Spec Drift
-
-This section documents differences between the architecture spec (this document) and the current source code.
-
-### ADR-005 (Response Envelopes) — ✅ Implemented
-
-All ADR-005 changes have been implemented in source. No remaining drift.
-
-### ADR-006 (Unified Invocation Path) — ✅ Implemented in source
-
-| What | Spec says | Source now does |
-|------|----------|----------------|
-| `execute()` access control | Checks `accessControl` when `identity` present; `ACCESS_DENIED` when `requiredScopes` non-empty and no `identity` | ✅ Implemented — checks access control unless `context.trusted` |
-| `CallHandler` calls `execute()` | Thin adapter that calls `registry.execute()` internally | ✅ Delegates to `registry.execute()`, publishes events |
-| `buildEnv()` | Always uses `execute()`, no `callMap` option | ✅ `callMap` removed, always calls `registry.execute()` with `trusted: true` |
-| `OperationContext.trusted` | New field for nested call bypass | ✅ Added to `OperationContextSchema` and type |
-| `execute()` error type | Throws `CallError` | ✅ `CallError(OPERATION_NOT_FOUND)`, `CallError(ACCESS_DENIED)`, `CallError(VALIDATION_ERROR)` |
-| `subscribe()` access control | Checks access control when `identity` present; `ACCESS_DENIED` when `requiredScopes` non-empty and no `identity` | ✅ Implemented — same logic as `execute()` |
-
 ## References
 
 - [response-envelopes.md](response-envelopes.md) — `ResponseEnvelope` types, factory functions, detection, and integration points

docs/architecture/decisions/006-unified-invocation-path.md

@@ -1,5 +1,5 @@
 ---
-status: implemented
+status: accepted
 last_updated: 2026-05-11
 ---