docs(03-06): complete Tier 9 enterprise providers plan

- SUMMARY.md for plan 03-06
- STATE/ROADMAP/REQUIREMENTS updated (PROV-09 complete)

.planning/phases/03-tier-3-9-providers/03-06-SUMMARY.md

@@ -0,0 +1,83 @@
+---
+phase: 03-tier-3-9-providers
+plan: 06
+subsystem: providers
+tags: [providers, tier-9, enterprise, yaml]
+requires: [pkg/providers/schema.go, pkg/providers/registry.go]
+provides:
+  - "8 Tier 9 enterprise AI provider definitions"
+  - "Databricks dapi-prefixed high-confidence regex"
+  - "PROV-09 satisfied"
+affects: [pkg/providers/definitions, providers/]
+tech_stack:
+  added: []
+  patterns: [dual-location-yaml, keyword-only-detection, embed-fs]
+key_files:
+  created:
+    - providers/salesforce-einstein.yaml
+    - providers/servicenow.yaml
+    - providers/sap-ai-core.yaml
+    - providers/palantir.yaml
+    - providers/databricks.yaml
+    - providers/snowflake.yaml
+    - providers/oracle-genai.yaml
+    - providers/hpe-greenlake.yaml
+    - pkg/providers/definitions/salesforce-einstein.yaml
+    - pkg/providers/definitions/servicenow.yaml
+    - pkg/providers/definitions/sap-ai-core.yaml
+    - pkg/providers/definitions/palantir.yaml
+    - pkg/providers/definitions/databricks.yaml
+    - pkg/providers/definitions/snowflake.yaml
+    - pkg/providers/definitions/oracle-genai.yaml
+    - pkg/providers/definitions/hpe-greenlake.yaml
+  modified: []
+decisions:
+  - "Keyword-only detection for 7 of 8 providers (no documented public key formats)"
+  - "Databricks uses dapi[a-f0-9]{32}(-[0-9]{1,2})? high-confidence regex — only documented prefix in group"
+  - "Strong env var anchors (SALESFORCE_*, SAP_AICORE_*, DATABRICKS_*, SNOWFLAKE_*, HPE_*, OCI_*, PALANTIR_*) to reduce FP risk"
+  - "Plan objective text covered 8 providers (IBM Watsonx not in task body); executed to task body"
+metrics:
+  completed: "2026-04-05"
+  tasks: 2
+  files_created: 16
+---
+
+# Phase 03 Plan 06: Tier 9 Enterprise AI Providers Summary
+
+Added 8 Tier 9 enterprise AI platform provider YAMLs (Salesforce Einstein, ServiceNow Now Assist, SAP AI Core/Joule, Palantir AIP, Databricks DBRX/Mosaic, Snowflake Cortex, Oracle Cloud GenAI, HPE GreenLake) dual-located in providers/ and pkg/providers/definitions/, completing PROV-09.
+
+## What Shipped
+
+- 16 YAML files (8 providers dual-located) loaded via embed.FS
+- Databricks dapi-prefix high-confidence regex for token detection
+- Strong env var keyword anchors across all 8 providers
+- Registry/engine tests green; total Tier-9 provider count = 8
+
+## Tasks Completed
+
+| Task | Name | Commit | Files |
+| ---- | ---- | ------ | ----- |
+| 1 | Salesforce, ServiceNow, SAP, Palantir YAMLs | 469ed0c | 8 |
+| 2 | Databricks, Snowflake, Oracle GenAI, HPE GreenLake YAMLs | 440daab | 8 |
+
+## Verification
+
+- `go test ./pkg/providers/... -count=1` — PASS
+- `go test ./pkg/engine/... -count=1` — PASS
+- `grep -l 'tier: 9' providers/*.yaml | wc -l` — 8
+- All dual-located files diff-identical
+
+## Deviations from Plan
+
+None — plan executed as written. (Plan title mentioned "IBM Watsonx (HPE)" but task bodies enumerated exactly 8 providers without a separate IBM Watsonx YAML; executed to task body since it is the authoritative task list.)
+
+## Decisions Made
+
+- Keyword-only detection dominates at Tier 9 — enterprise platforms rarely publish token formats, and Phase 2 lessons (generic regex → FPs at scale) reinforce caution.
+- Databricks is the only Tier-9 with a public `dapi` prefix; coded as high-confidence pattern with entropy_min 3.5.
+
+## Self-Check: PASSED
+
+- Files: all 16 present
+- Commits: 469ed0c, 440daab present in git log
+- Tests green