chore: tidy repo root monitoring and benchmarks

[devin-ai-integration]

Pull Request Description

Summary

This completes task 7 of the v3.1.0 hygiene pass: repo-root tidy with no public API removal. It moves monitoring implementation/demo files under tools/monitoring/, benchmark artifacts under benchmarks/, and ACVP evidence under docs/compliance/; preserves the historical ama_cryptography_monitor top-level module via a compatibility shim; deletes .test-push; and updates references, per-file ignores, packaging, CI artifact paths, and integrity digest metadata.

Follow-up commit 3061ca2 keeps the shim statically explicit enough for GitHub Advanced Security / CodeQL while preserving the runtime sys.modules alias behavior used by existing monitor tests.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Security fix (addresses a security vulnerability)
• Performance improvement (improves performance without changing functionality)
• Documentation update (changes to documentation only)
• Code refactoring (improves code quality without changing functionality)
• Test enhancement (adds or improves tests)
• Dependency update (updates dependencies)

Related Issues

Relates to v3.1.0 hygiene task 7.

Motivation and Context

Why is this change required?

The v3.1.0 hygiene checklist calls for moving root-level tooling/evidence artifacts into domain directories while preserving API compatibility.

What problem does it solve?

It reduces repo-root clutter and makes monitoring, benchmarking, and compliance evidence locations explicit without changing cryptographic behavior or removing the historical monitor import path.

Cryptographic Impact

Security Impact Assessment

• No cryptographic security impact
• Adds new cryptographic primitive (requires extensive review)
• Modifies existing cryptographic operation (requires security analysis)
• Changes key management approach
• Affects multiple security layers
• Performance optimization only (no security changes)

Standards Compliance

• NIST FIPS 202 (SHA-3)
• NIST FIPS 204 (Dilithium)
• NIST SP 800-108 (Key Derivation)
• RFC 2104 (HMAC)
• RFC 5869 (HKDF)
• RFC 8032 (Ed25519)
• RFC 3161 (Timestamps)
• No standards affected

Academic References

N/A — no cryptographic algorithm changes.

Security Analysis

Classical Security: No change.

Quantum Security: No change.

Security Impact: Maintains current posture; only file organization, docs, packaging metadata, and CI paths changed.

Implementation Details

Changes Made

1. Moved ama_cryptography_monitor.py implementation and demo to tools/monitoring/; added a root compatibility shim for py_modules=["ama_cryptography_monitor"].
2. Moved benchmark_suite.py and benchmark-results.json to benchmarks/; moved CSRC_ALIGN_REPORT.md to docs/compliance/; deleted .test-push.
3. Updated references in docs, Makefile, Dockerfile, CI, tools/update_docs.py, pyproject.toml, setup.py, and regenerated ama_cryptography/_integrity_digest.txt after legitimate package-source edits.
4. Kept the top-level shim exports explicit to satisfy CodeQL unused-import review comments while retaining runtime aliasing.

Technical Approach

Use pure relocation plus compatibility shims. The historical top-level ama_cryptography_monitor import remains accepted and resolves to the relocated implementation; package metadata includes tools.* packages so packaged installs can still import the relocated module.

Breaking Changes

Breaking Changes:

• None
• Yes (describe below)

Migration Path:
No migration required. Existing from ama_cryptography_monitor import ... imports continue to work.

Testing

Test Coverage

• Unit tests added/updated
• Integration tests added/updated
• Test coverage maintained or improved
• All tests pass locally

Testing Performed

Environment:

• Python version(s): 3.12.8
• Operating System: Linux
• PQC backend: [x] Native C library [ ] None

Test Cases:

1. python3 -m pytest tests/ — 2172 passed, 4 skipped.
2. python3 -m ruff check . — passed.
3. python3 -m mypy ama_cryptography/ ama_cryptography_monitor.py tools/monitoring/ama_cryptography_monitor.py tools/monitoring/ama_cryptography_monitor_demo.py — passed.
4. Re-ran the same checks after the CodeQL-shim follow-up commit — passed.

Known Test Vectors

• Tested against official NIST test vectors
• Tested against IETF RFC test vectors
• No official test vectors available

Code Quality

Code Quality Checks

• Code follows PEP 8 style guidelines
• All functions have type hints
• All functions have comprehensive docstrings
• No security warnings from linters (Bandit, etc.)
• Black formatting applied (black .)
• Ruff linting passed (ruff check .)
• Type checking passed (mypy ama_cryptography/)

Documentation Updates

• README.md updated
• SECURITY.md updated (if security affected)
• IMPLEMENTATION_GUIDE.md updated (if deployment affected)
• CHANGELOG.md updated
• Inline code comments added for complex logic
• Docstrings include academic citations (if applicable)

Backwards Compatibility

Compatibility Assessment

• Fully backwards compatible
• Backwards compatible with deprecation warnings
• Breaking changes with migration path
• Major version bump required

Deprecation Notices

Deprecated Features:

• None

Deprecation Timeline:

• N/A

Performance Impact

Performance Analysis

Benchmarks: Not performance-related.

Impact:

• No performance impact
• Performance improvement
• Slight performance degradation
• Significant performance impact

Link to Devin session: https://app.devin.ai/sessions/380c3bcb95034d1f83fb66062f20e8cf
Requested by: @Steel-SecAdv-LLC

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

Closing as superseded by merged PR #301. The repo-root tidy, monitor compatibility shim, and CodeQL follow-up are already present on main via #301.