Write ADR for module integration patterns

[monkeypants]

Context

The architecture documentation (docs/architecture/solutions/modules.rst and 3rd-party.rst) describes two important patterns with no ADR or doctrine test:

1. Embedded vs Dispatched modules — classifying whether code runs in-process or calls external services, with implications for supply chain trust, latency, and control
2. Integration patterns — protocol-based integration, adapter pattern, factory pattern for swapping implementations

These are well-documented conceptual patterns but exist only as guidance. A developer could violate them (e.g., calling a 3rd-party API directly from a use case without a protocol boundary) and nothing would catch it.

Acceptance criteria

• ADR drafted covering module integration classification (embedded vs dispatched)
• ADR covers the supply chain actor model (who controls what code)
• ADR covers required patterns: protocol boundary for external services, adapter pattern
• Evaluate whether a doctrine test is feasible (e.g., use cases MUST NOT import from known 3rd-party SDK packages directly)

Related

• docs/architecture/solutions/modules.rst
• docs/architecture/solutions/3rd-party.rst
• test_dependency_rule.py (related — already enforces layer isolation)
• Tier 3 priority (documented pattern, no formal decision or enforcement)