feat(apps): Add Apps subsystem: App and AppConnection models, managers, typed request handlers, web UI routes and documentation

stories/developer/DEV-004-app-id-setup.md

@@ -19,10 +19,26 @@ As a developer, I want to properly register my application with a unique App ID
 
 ## Technical Notes
 - Current client has `id: ''` placeholder (TODO in code)
-- Need Application model in database
-- App credentials similar to OAuth client credentials
+- App ID is now part of the unified Apps model (`IApp` discriminated union)
+- Three app types exist: Global Apps, Partner Apps, Custom OIDC Apps
+- For custom applications, use the Custom OIDC Apps flow (ORG-011)
+- App credentials stored as `IOAuthCredentials` with hashed client secret
 - Validate redirect URIs to prevent open redirector attacks
-- App ID should be included in JWT claims
+- App ID/Client ID is included in JWT claims
+
+## Apps Architecture
+
+The Apps system supports three types:
+1. **Global Apps** (ORG-009) - First-party platform apps (foss.global, task.vc)
+2. **Partner Apps** (ORG-010, DEV-008) - AppStore model for third-party apps
+3. **Custom OIDC Apps** (ORG-011) - Organization-created OAuth/OIDC clients
+
+## Related Stories
+- ORG-009: Connect Global Apps
+- ORG-010: Browse and Install Partner Apps
+- ORG-011: Create Custom OIDC Apps
+- DEV-005: Register OAuth Client App
+- DEV-008: Submit App to AppStore
 
 ## Related TODOs
 - `ts_idpclient/classes.idpclient.ts:30` - `id: '', // TODO`