Fix tenant-deploy contract (per-app ns/project) + appset-count docs

CLAUDE.md

@@ -7,7 +7,7 @@ EKS-specific GitOps configuration for ArgoCD addon lifecycle management. Part of
 ## Directory Structure
 
 ```
-applicationsets/       → ArgoCD ApplicationSets (App-of-Apps pattern, 10 total)
+applicationsets/       → ArgoCD ApplicationSets (App-of-Apps pattern, 16 total)
 addons/                → Addon configurations
   <category>/<addon>/
     # Helm addons (majority):
@@ -43,7 +43,7 @@ Environment-specific values files contain ONLY differences from base — not a f
 Three addons use pure Kustomize (no Helm): storage-classes, priority-classes, karpenter-resources. These use the `base/overlays` pattern with `kustomization.yaml` in each overlay directory. Kyverno policies also use pure Kustomize (resources + JSON patches for enforcement mode).
 
 ### ApplicationSet Generator
-All 10 ApplicationSets use `matrix` generator combining `clusters` selector with a `list` of addons. Two template styles: Helm multi-source (for Helm addons with `$values` ref) and single-source with Kustomize path (for Kustomize addons and policies). Environment is read from cluster secret labels: `{{ index .metadata.labels "environment" }}`.
+Most ApplicationSets use a `matrix` generator combining `clusters` selector with a `list` of addons. Two template styles: Helm multi-source (for Helm addons with `$values` ref) and single-source with Kustomize path (for Kustomize addons and policies). Environment is read from cluster secret labels: `{{ index .metadata.labels "environment" }}`.
 
 ## Making Changes
 

README.md

@@ -29,7 +29,7 @@ This repository is the EKS variant of a multi-cloud GitOps strategy. Infrastruct
                                 │
                                 ▼
 ┌─────────────────────────────────────────────────────────────────────┐
-│                    ApplicationSets (10)                             │
+│                    ApplicationSets (16)                             │
 ├─────────────────────────────────────────────────────────────────────┤
 │  ├── addons-bootstrap (cert-manager, external-secrets, ...)        │
 │  ├── addons-bootstrap-kustomize (storage-classes, priority-classes) │
@@ -48,7 +48,7 @@ This repository is the EKS variant of a multi-cloud GitOps strategy. Infrastruct
 
 ```
 eks-gitops/
-├── applicationsets/                    # ArgoCD ApplicationSets (10)
+├── applicationsets/                    # ArgoCD ApplicationSets (16)
 │   ├── addons-bootstrap.yaml
 │   ├── addons-bootstrap-kustomize.yaml
 │   ├── addons-networking.yaml

applicationsets/apps-tenants.yaml

@@ -22,30 +22,22 @@ spec:
                 - app: slack-knowledge-bot
                   repoURL: https://github.com/nanohype/slack-knowledge-bot.git
                   path: chart
-                  namespace: tenants-protohype
-                  project: tenant-protohype
                 - app: digest-pipeline
                   repoURL: https://github.com/nanohype/digest-pipeline.git
                   path: chart
-                  namespace: tenants-protohype
-                  project: tenant-protohype
                 - app: incident-response
                   repoURL: https://github.com/nanohype/incident-response.git
                   path: chart
-                  namespace: tenants-protohype
-                  project: tenant-protohype
                 - app: competitive-intelligence
                   repoURL: https://github.com/nanohype/competitive-intelligence.git
                   path: chart
-                  namespace: tenants-protohype
-                  project: tenant-protohype
   template:
     metadata:
       name: '{{ .app }}-{{ index .metadata.labels "environment" }}'
       annotations:
         argocd.argoproj.io/sync-wave: "100"
     spec:
-      project: '{{ .project }}'
+      project: '{{ .app }}'
       sources:
         - repoURL: '{{ .repoURL }}'
           targetRevision: main
@@ -59,7 +51,9 @@ spec:
           ref: values
       destination:
         server: https://kubernetes.default.svc
-        namespace: '{{ .namespace }}'
+        # Per-app tenant namespace the operator creates from the Platform name
+        # (PlatformNamespace = tenants-<platform>); CreateNamespace=false below.
+        namespace: 'tenants-{{ .app }}'
       syncPolicy:
         automated:
           prune: true

docs/architecture/overview.md

@@ -21,7 +21,7 @@ graph TD
 
 ## ApplicationSet Pattern
 
-All 10 ApplicationSets use the **matrix generator** combining:
+Most ApplicationSets use the **matrix generator** (addons-agent-operator, clusters-appset, and portal-tenants use other generators) combining:
 
 1. **Clusters generator** — selects clusters by label `argocd.argoproj.io/secret-type: cluster`
 2. **List generator** — defines addons with name, namespace, path, and sync wave