fix: docs audit Phase 1 — remove ghost APIs, fix stale versions, correct scoring model

[beonde]

Summary

Phase 1 of the documentation audit (DOCS-AUDIT-001). Every change verified against actual source code in capiscio-sdk-python, capiscio-core, and capiscio-server.

19 files changed across landing page, overview, getting-started, CLI reference, SDK reference, server reference, identity, trust, and scoring pages.

---

What was wrong

Ghost APIs (non-existent functions documented as working)

• sign_request() / verify_request() — never existed as top-level SDK imports
• @guard.protect decorator — doesn't exist on SimpleGuard
• guard.get_caller_identity(request) — doesn't exist
• SimpleGuard(min_trust_level=2) — no such constructor parameter
• capiscio identity resolve — command doesn't exist
• capiscio key did — command doesn't exist
• capiscio version — not a subcommand; use --version flag
• SecurityConfig.production(trusted_issuers=..., min_trust_level=...) — not accepted params
• CapiscioMiddleware imported from root package — lives in capiscio_sdk.integrations.fastapi

Wrong CLI flags

• --ttl on badge request documented as duration (5m) — actually integer seconds (300)
• --method on badge dv create — actual flag is --challenge-type (http-01 / dns-01)
• badge dv status/finalize took positional [challenge-id] — actual flag is --order-id
• --ca-url on badge keep — actual flag is --ca
• badge request --level --domain — these flags don't exist on badge request

Wrong values

• Server version: v0.1.0 (pre-release) → v2.5.0
• SDK version: 0.2.0 → 2.5.0
• CLI version: 2.1.x → 2.5.0
• Wrapper versions: 2.3.1 → 2.5.0
• API key prefix: cpsc_live_ → sk_live_
• A2A protocolVersion in samples: 0.2.0 → 0.3.0 (matches capiscio init)

Wrong scoring model

• Compliance: claimed 60/20/15/5 weighted categories — actual: penalty-based (start at 100, deduct per violation)
• Trust: claimed 40/25/20/15 weighted categories + confidence multiplier (1.0x/0.6x/0.4x) — actual: discrete fixed scores (100/80/60/20/0 based on signature state)

Missing SDK params

• verify_badge() missing fail_open and stale_threshold_seconds params
• VerifyOptions missing same fields
• BadgeClaims.ial shown as not-implemented — it IS implemented
• BadgeClaims missing has_key_binding and confirmation_key properties

---

Verification method

All changes verified by reading actual source code:

• SDK: capiscio-sdk-python/capiscio_sdk/__init__.py, simple_guard.py, badge.py, config.py, integrations/fastapi.py
• CLI: capiscio-core/cmd/capiscio/*.go (all Cobra command definitions and flag bindings)
• Server: capiscio-server/internal/version/version.go, internal/api/router.go, internal/api/middleware.go
• Scoring: capiscio-core/pkg/scoring/compliance.go, trust.go, engine.go

Docs build verified clean: mkdocs build succeeds with no new warnings.

[github-actions]

✅ Documentation Build Successful

The documentation build completed successfully and passed validation checks.

• ✅ Build completed without errors
• ✅ Critical files present (index.html, sitemap.xml, robots.txt)
• ✅ Link validation completed

This PR will deploy to dev-docs.capisc.io when merged to main.

[github-actions]

✅ Documentation Build Successful

The documentation build completed successfully and passed validation checks.

• ✅ Build completed without errors
• ✅ Critical files present (index.html, sitemap.xml, robots.txt)
• ✅ Link validation completed

This PR will deploy to dev-docs.capisc.io when merged to main.