refactor(semantics): migrate legacy @TIER to @COMPLEXITY annotations

- Replaced @TIER: TRIVIAL with @COMPLEXITY: 1
- Replaced @TIER: STANDARD with @COMPLEXITY: 3
- Replaced @TIER: CRITICAL with @COMPLEXITY: 5
- Manually elevated specific critical/complex components to levels 2 and 4
- Ignored legacy, specs, and node_modules directories
- Updated generated semantic map

backend/src/services/llm_provider.py

@@ -1,5 +1,5 @@
 # [DEF:backend.src.services.llm_provider:Module]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @SEMANTICS: service, llm, provider, encryption
 # @PURPOSE: Service for managing LLM provider configurations with encrypted API keys.
 # @LAYER: Domain
@@ -19,7 +19,7 @@ if TYPE_CHECKING:
 MASKED_API_KEY_PLACEHOLDER = "********"
 
 # [DEF:_require_fernet_key:Function]
-# @TIER: CRITICAL
+# @COMPLEXITY: 5
 # @PURPOSE: Load and validate the Fernet key used for secret encryption.
 # @PRE: ENCRYPTION_KEY environment variable must be set to a valid Fernet key.
 # @POST: Returns validated key bytes ready for Fernet initialization.
@@ -34,7 +34,7 @@ def _require_fernet_key() -> bytes:
 # [/DEF:_require_fernet_key:Function]
 
 # [DEF:EncryptionManager:Class]
-# @TIER: CRITICAL
+# @COMPLEXITY: 5
 # @PURPOSE: Handles encryption and decryption of sensitive data like API keys.
 # @INVARIANT: Uses only a validated secret key from environment.
 #
@@ -79,7 +79,7 @@ class EncryptionManager:
 # [/DEF:EncryptionManager:Class]
 
 # [DEF:LLMProviderService:Class]
-# @TIER: STANDARD
+# @COMPLEXITY: 3
 # @PURPOSE: Service to manage LLM provider lifecycle.
 class LLMProviderService:
     # [DEF:LLMProviderService.__init__:Function]
@@ -92,7 +92,7 @@ class LLMProviderService:
     # [/DEF:LLMProviderService.__init__:Function]
 
     # [DEF:get_all_providers:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
     # @PURPOSE: Returns all configured LLM providers.
     # @PRE: Database connection must be active.
     # @POST: Returns list of all LLMProvider records.
@@ -102,7 +102,7 @@ class LLMProviderService:
     # [/DEF:get_all_providers:Function]
 
     # [DEF:get_provider:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
     # @PURPOSE: Returns a single LLM provider by ID.
     # @PRE: provider_id must be a valid string.
     # @POST: Returns LLMProvider or None if not found.
@@ -112,7 +112,7 @@ class LLMProviderService:
     # [/DEF:get_provider:Function]
 
     # [DEF:create_provider:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
     # @PURPOSE: Creates a new LLM provider with encrypted API key.
     # @PRE: config must contain valid provider configuration.
     # @POST: New provider created and persisted to database.
@@ -134,7 +134,7 @@ class LLMProviderService:
     # [/DEF:create_provider:Function]
 
     # [DEF:update_provider:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
     # @PURPOSE: Updates an existing LLM provider.
     # @PRE: provider_id must exist, config must be valid.
     # @POST: Provider updated and persisted to database.
@@ -163,7 +163,7 @@ class LLMProviderService:
     # [/DEF:update_provider:Function]
 
     # [DEF:delete_provider:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
     # @PURPOSE: Deletes an LLM provider.
     # @PRE: provider_id must exist.
     # @POST: Provider removed from database.
@@ -178,7 +178,7 @@ class LLMProviderService:
     # [/DEF:delete_provider:Function]
 
     # [DEF:get_decrypted_api_key:Function]
-    # @TIER: STANDARD
+    # @COMPLEXITY: 3
     # @PURPOSE: Returns the decrypted API key for a provider.
     # @PRE: provider_id must exist with valid encrypted key.
     # @POST: Returns decrypted API key or None on failure.