feat(foundation): FOUNDATION_UPDATE implementation

## Documentation (20 files)
- DAARION Ontology Core v1 (Agent → MicroDAO → Node → District)
- User Onboarding & Identity Layer (DAIS)
- Data Model UPDATE, Event Catalog, Governance & Permissions
- Rooms Layer, City/MicroDAO/Agents/Nodes Interface Architecture
- Helper files: ontology-summary, lifecycles, event-schemas

## Database Migration (027)
- DAIS tables: dais_identities, dais_emails, dais_wallets, dais_keys
- agent_assignments table for Assignment Layer
- rooms table for Rooms Layer
- event_outbox for NATS event delivery
- New enums: agent_role, microdao_type, node_kind, node_status, etc.
- Updated agents, microdaos, nodes tables with ontology fields

## Backend
- DAIS service & routes (/api/v1/dais/*)
- Assignment service & routes (/api/v1/assignments/*)
- Domain types for DAIS and Ontology

## Frontend
- Ontology types (Agent, MicroDAO, Node, DAIS, Assignments)
- API clients for DAIS and Assignments
- UI components: DaisProfileCard, AssignmentsPanel, OntologyBadge

Non-breaking update - all existing functionality preserved.

backend/http/dais.routes.ts

@@ -0,0 +1,219 @@
+/**
+ * DAIS API Routes
+ * Based on: docs/foundation/DAARION_Identity_And_Access_Draft_v1.md
+ */
+
+import { Router, Request, Response } from 'express';
+import { daisService } from '../services/dais/dais.service';
+import { logger } from '../infra/logger/logger';
+
+const router = Router();
+
+/**
+ * POST /api/dais/identity
+ * Create a new DAIS identity
+ */
+router.post('/identity', async (req: Request, res: Response) => {
+  try {
+    const { email, walletAddress, network } = req.body;
+    
+    const result = await daisService.createIdentity({
+      email,
+      walletAddress,
+      network,
+    });
+
+    res.status(201).json({
+      success: true,
+      data: result,
+    });
+  } catch (error) {
+    logger.error('Failed to create DAIS identity', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to create identity',
+    });
+  }
+});
+
+/**
+ * GET /api/dais/:id
+ * Get DAIS profile
+ */
+router.get('/:id', async (req: Request, res: Response) => {
+  try {
+    const { id } = req.params;
+    const profile = await daisService.getProfile(id);
+
+    if (!profile) {
+      return res.status(404).json({
+        success: false,
+        error: 'DAIS identity not found',
+      });
+    }
+
+    res.json({
+      success: true,
+      data: profile,
+    });
+  } catch (error) {
+    logger.error('Failed to get DAIS profile', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to get profile',
+    });
+  }
+});
+
+/**
+ * GET /api/dais/agent/:agentId
+ * Get DAIS profile by agent ID
+ */
+router.get('/agent/:agentId', async (req: Request, res: Response) => {
+  try {
+    const { agentId } = req.params;
+    const profile = await daisService.getByAgentId(agentId);
+
+    if (!profile) {
+      return res.status(404).json({
+        success: false,
+        error: 'DAIS identity not found for agent',
+      });
+    }
+
+    res.json({
+      success: true,
+      data: profile,
+    });
+  } catch (error) {
+    logger.error('Failed to get DAIS by agent', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to get profile',
+    });
+  }
+});
+
+/**
+ * POST /api/dais/:id/email
+ * Add email to DAIS
+ */
+router.post('/:id/email', async (req: Request, res: Response) => {
+  try {
+    const { id } = req.params;
+    const { email } = req.body;
+
+    const result = await daisService.addEmail(id, email);
+
+    res.status(201).json({
+      success: true,
+      data: result,
+    });
+  } catch (error) {
+    logger.error('Failed to add email', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to add email',
+    });
+  }
+});
+
+/**
+ * POST /api/dais/:id/email/verify
+ * Verify email
+ */
+router.post('/:id/email/verify', async (req: Request, res: Response) => {
+  try {
+    const { id } = req.params;
+    const { email, otp } = req.body;
+
+    // TODO: Validate OTP
+    await daisService.verifyEmail(id, email);
+
+    res.json({
+      success: true,
+      message: 'Email verified',
+    });
+  } catch (error) {
+    logger.error('Failed to verify email', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to verify email',
+    });
+  }
+});
+
+/**
+ * POST /api/dais/:id/wallet
+ * Add wallet to DAIS
+ */
+router.post('/:id/wallet', async (req: Request, res: Response) => {
+  try {
+    const { id } = req.params;
+    const { walletAddress, network } = req.body;
+
+    const result = await daisService.addWallet(id, walletAddress, network);
+
+    res.status(201).json({
+      success: true,
+      data: result,
+    });
+  } catch (error) {
+    logger.error('Failed to add wallet', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to add wallet',
+    });
+  }
+});
+
+/**
+ * POST /api/dais/:id/wallet/verify
+ * Verify wallet (SIWE)
+ */
+router.post('/:id/wallet/verify', async (req: Request, res: Response) => {
+  try {
+    const { id } = req.params;
+    const { walletAddress, signature, message } = req.body;
+
+    // TODO: Validate SIWE signature
+    await daisService.verifyWallet(id, walletAddress);
+
+    res.json({
+      success: true,
+      message: 'Wallet verified',
+    });
+  } catch (error) {
+    logger.error('Failed to verify wallet', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to verify wallet',
+    });
+  }
+});
+
+/**
+ * POST /api/dais/:id/promote-to-orchestrator
+ * Promote DAIS to orchestrator level
+ */
+router.post('/:id/promote-to-orchestrator', async (req: Request, res: Response) => {
+  try {
+    const { id } = req.params;
+
+    await daisService.promoteToOrchestrator(id);
+
+    res.json({
+      success: true,
+      message: 'Promoted to orchestrator',
+    });
+  } catch (error) {
+    logger.error('Failed to promote to orchestrator', error);
+    res.status(500).json({
+      success: false,
+      error: 'Failed to promote',
+    });
+  }
+});
+
+export default router;
+