Add CVE services Mermaid architecture diagrams

[taladrane]

The branch adds 3 new files under the docs/ directory. No existing files are modified or deleted. All changes are documentation-only.

New Files

1. docs/architecture-diagram.md

This is the primary deliverable — a comprehensive architecture documentation page for CVE Services. It includes:

• Table of Contents with anchored navigation links
• CPASS (CVE Program Automation Support System) — A Mermaid flowchart showing the end-to-end data flow from vulnerability ingress (vendors/researchers → CNAs/ADPs) through CVE Services (IDR, RSUS, Authorized Data Publishing) to storage and public access (cve.org, JSON records, search GUI), along with a summary table
• High-Level Architecture Overview — A detailed Mermaid graph showing actors (CNA Personnel, OAs, ADPs, Secretariat), clients (Vulnogram, cveClient, cvelib, custom), API endpoints (production & test), core services (IDR, RSUS, User Registry), data stores (cve-schema, cvelistV5), and public-facing websites (cve.org, test.cve.org), with color-coded tiers
• Component Descriptions — Tables describing core components, clients, community-developed tools (cvelint, CVE CNA Bot), data & schema resources, and environments (production vs. test), including an important note about CVE Secretariat elevated privileges
• CVE Record Workflow (Sequence Diagram) — A Mermaid sequence diagram showing the full lifecycle: authentication → CVE ID reservation → record submission & validation → publication to cvelistV5 → hourly publish to cve.org → optional update
• ADP Workflow — A Mermaid sequence diagram contrasting CNA vs. ADP workflows, with a comparison table of key differences (endpoints, relationship to record, data container, lifecycle, example orgs)
• Organizational Roles — Two Mermaid diagrams covering account onboarding (TLRs/Roots → OA credentials → user creation) and ongoing account management (OA → User Registry → CNA Users)
• Additional Resources — Links to CVE Services, cve-schema, cvelistV5, API docs, and AWG Charter

2. docs/charts.md

A supplementary document by contributor @dwelch2344 containing two additional Mermaid diagrams:

• Data Flow — A more implementation-focused flowchart showing CNA tools → CVE Services API (Node.js + Mongoose) → MongoDB → CVE Publisher → cvelistV5 GitHub, plus downstream consumers (CVE.org, scanners/defenders)
• Process Flow — A higher-level ecosystem view showing CNA organizations, security researchers, the CVE Services subsystem (API, auth, workflow engine), CVE Records Repository, and downstream consumers (NVD, threat intelligence providers, security tools)

3. docs/inspiration.png

A referenceimage (likely a screenshot or mockup used during the design of the diagrams - thank you Dave!).

The work progressed from an initial architecture diagram commit through iterative refinements including URL casing normalization (CVE.ORG → cve.org), detailed CPASS data flow additions, typo fixes, diagram color/style updates, ADP workflow additions, table of contents with navigation links, removal of the IDR→CVELIST connection, and merging of supplementary charts.

Please review for accuracy and completeness!

More information about mermaid:

• https://mermaid.ai/open-source/
• https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-diagrams
• https://github.com/Mermaid-Chart/vscode-mermaid-chart