refactor(semantics): migrate legacy @TIER to @COMPLEXITY annotations

- Replaced @TIER: TRIVIAL with @COMPLEXITY: 1
- Replaced @TIER: STANDARD with @COMPLEXITY: 3
- Replaced @TIER: CRITICAL with @COMPLEXITY: 5
- Manually elevated specific critical/complex components to levels 2 and 4
- Ignored legacy, specs, and node_modules directories
- Updated generated semantic map

backend/src/api/routes/admin.py

@@ -1,6 +1,6 @@
 # [DEF:backend.src.api.routes.admin:Module]
 #
-# @TIER:      STANDARD
+# @COMPLEXITY: 3
 # @SEMANTICS: api, admin, users, roles, permissions
 # @PURPOSE:   Admin API endpoints for user and role management.
 # @LAYER:     API
@@ -36,7 +36,7 @@ router = APIRouter(prefix="/api/admin", tags=["admin"])
 # [/DEF:router:Variable]
 
 # [DEF:list_users:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Lists all registered users.
 # @PRE:     Current user has 'Admin' role.
 # @POST:    Returns a list of UserSchema objects.
@@ -53,7 +53,7 @@ async def list_users(
 # [/DEF:list_users:Function]
 
 # [DEF:create_user:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Creates a new local user.
 # @PRE:     Current user has 'Admin' role.
 # @POST:    New user is created in the database.
@@ -91,7 +91,7 @@ async def create_user(
 # [/DEF:create_user:Function]
 
 # [DEF:update_user:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Updates an existing user.
 @router.put("/users/{user_id}", response_model=UserSchema)
 async def update_user(
@@ -126,7 +126,7 @@ async def update_user(
 # [/DEF:update_user:Function]
 
 # [DEF:delete_user:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Deletes a user.
 @router.delete("/users/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
 async def delete_user(
@@ -150,7 +150,7 @@ async def delete_user(
 # [/DEF:delete_user:Function]
 
 # [DEF:list_roles:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Lists all available roles.
 # @RETURN:  List[RoleSchema] - List of roles.
 # @RELATION: CALLS -> backend.src.models.auth.Role
@@ -164,7 +164,7 @@ async def list_roles(
 # [/DEF:list_roles:Function]
 
 # [DEF:create_role:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Creates a new system role with associated permissions.
 # @PRE:     Role name must be unique.
 # @POST:    New Role record is created in auth.db.
@@ -202,7 +202,7 @@ async def create_role(
 # [/DEF:create_role:Function]
 
 # [DEF:update_role:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Updates an existing role's metadata and permissions.
 # @PRE:     role_id must be a valid existing role UUID.
 # @POST:    Role record is updated in auth.db.
@@ -247,7 +247,7 @@ async def update_role(
 # [/DEF:update_role:Function]
 
 # [DEF:delete_role:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Removes a role from the system.
 # @PRE:     role_id must be a valid existing role UUID.
 # @POST:    Role record is removed from auth.db.
@@ -274,7 +274,7 @@ async def delete_role(
 # [/DEF:delete_role:Function]
 
 # [DEF:list_permissions:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Lists all available system permissions for assignment.
 # @POST:    Returns a list of all PermissionSchema objects.
 # @PARAM:   db (Session) - Auth database session.
@@ -300,7 +300,7 @@ async def list_permissions(
 # [/DEF:list_permissions:Function]
 
 # [DEF:list_ad_mappings:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Lists all AD Group to Role mappings.
 @router.get("/ad-mappings", response_model=List[ADGroupMappingSchema])
 async def list_ad_mappings(
@@ -312,7 +312,7 @@ async def list_ad_mappings(
 # [/DEF:list_ad_mappings:Function]
 
 # [DEF:create_ad_mapping:Function]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Creates a new AD Group mapping.
 @router.post("/ad-mappings", response_model=ADGroupMappingSchema)
 async def create_ad_mapping(