Gaps fill up, fixes, ui restructuring

2026-02-19 22:10:54 +02:00
parent b5829dce5c
commit 04cacdca8a
331 changed files with 42859 additions and 2174 deletions
--- a/docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md
+++ b/docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md
@@ -1,45 +1,132 @@
-# S00 Advisory Sources Specification
+# S00 Advisory Sources Specification

-Status: Draft (created for sprint planning pointer integrity)
-Date: 2026-02-18
+Status: Frozen (implemented backend contracts reconciled)
+Date: 2026-02-19
+Working directory: `docs/modules/ui/v2-rewire`
+Sprint: `20260218_005`, task `R0-02`

 ## Purpose
-Define `Security and Risk -> Advisory Sources` as the decision-impact view of advisory-source health.

-## Ownership split
- `Integrations` owns source connector configuration, credentials, and connectivity checks.
- `Platform Ops` owns mirror/freshness operation workflows.
- `Security and Risk` owns advisory decision impact (gate relevance, risk confidence impact).
+Define `Security and Risk -> Advisory Sources` as the decision-impact view of advisory-source health.
+This is the security gating interpretation surface; operations on connectors/mirrors belong to other domains.
+
+## Implementation reconciliation (2026-02-19)
+
+- Freshness routes are implemented in Concelier:
+  - `GET /api/v1/advisory-sources`
+  - `GET /api/v1/advisory-sources/summary`
+  - `GET /api/v1/advisory-sources/{id}/freshness`
+- Policy impact/conflict routes are implemented in Policy Gateway:
+  - `GET /api/v1/advisory-sources/{id}/impact`
+  - `GET /api/v1/advisory-sources/{id}/conflicts`
+- Persistence backing is implemented via:
+  - `src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Migrations/004_add_advisory_source_freshness_projection.sql`
+  - `src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Migrations/005_add_advisory_source_signature_projection.sql`
+  - `src/Policy/__Libraries/StellaOps.Policy.Persistence/Migrations/005_advisory_source_projection.sql`
+- Frontend Security & Risk consumption is implemented via:
+  - `src/Web/StellaOps.Web/src/app/features/security-risk/advisory-sources.api.ts`
+  - `src/Web/StellaOps.Web/src/app/features/security-risk/advisory-sources.component.ts`
+  - Endpoint-driven table/summary/detail state rendering (hard fail, degraded, conflict, and empty behaviors).
+  - Detail-panel advisory statistics now bind to backend contract fields (`totalAdvisories`, `signedAdvisories`, `unsignedAdvisories`, `signatureFailureCount`) instead of placeholders.
+
+## Ownership split (field-level)
+
+| Field / Action | Owner domain | Rationale |
+| --- | --- | --- |
+| Source name, family, description | Integrations | Connector catalog owner |
+| Credential / connectivity status | Integrations | Connector health owner |
+| Test connection action | Integrations | Links to Integrations connector detail |
+| Mirror and freshness operation actions | Platform Ops | Mirror workflow owner |
+| Last successful ingest, freshness age, freshness SLA | Platform Ops (source), Security & Risk (display) | Platform Ops publishes freshness facts; this screen reads and interprets for gating impact |
+| Signature / trust status | Administration (Trust & Signing, source), Security & Risk (display) | Administration manages trust keys; this screen shows effect on advisory verification |
+| Impacted decisions count | Security & Risk | Gate evaluation owner |
+| Impact severity | Security & Risk | Risk scoring owner |
+| Conflict detection / conflict diagnostics | Security & Risk | Conflict resolution belongs to security decision model |
+| Unsigned advisory ratio | Security & Risk | Advisory interpretation owner |

 ## Screen structure
- Header: scope filters (region, env, source family, freshness severity).
- Summary cards: healthy sources, stale sources, unavailable sources, conflicting-source warnings.
- Source table columns:
- Source name
- Last successful ingest
- Freshness SLA
- Current freshness age
- Signature/trust status
- Impacted decisions count
- Impact severity
- Actions: open connector config, open mirror ops, open impacted findings/gates
- Detail panel:
- Source status timeline
- Conflict diagnostics
- Signed/unsigned advisory ratio
- Impacted release/approval/environment references
+
+### Header
+- Page title: `Advisory Sources`
+- Scope filters: region, environment, source family (feed type), freshness severity.
+- Quick stats bar: total sources, healthy count, stale count, unavailable count.
+
+### Summary cards (4 cards)
+- Healthy sources — count with trend.
+- Stale sources — count with worst freshness age and SLA breach delta.
+- Unavailable sources — count; includes sources with connectivity failure or mirror lag > threshold.
+- Conflicting-source warnings — count of active advisory conflicts with unresolved triage status.
+
+### Source table
+Required columns:
+
+| Column | Source | Notes |
+| --- | --- | --- |
+| Source name | Integrations | Link to Integrations connector detail with preserved source id |
+| Source family | Integrations | Feed type (NVD, OSV, GHSA, vendor, custom) |
+| Last successful ingest | Platform Ops | Timestamp |
+| Freshness age | Platform Ops | Age since last successful ingest |
+| Freshness SLA | Platform Ops | Configured SLA threshold |
+| Freshness status | Platform Ops | Healthy / Warning / Stale / Unavailable badge |
+| Signature / trust status | Administration | Signed / Unsigned / Untrusted |
+| Impacted decisions count | Security & Risk | Count of release/approval decisions gated by this source |
+| Impact severity | Security & Risk | Highest severity of active advisory in this source affecting decisions |
+
+### Table actions per row
+- Open connector config → navigates to Integrations connector detail (preserved source id).
+- Open mirror ops → navigates to Platform Ops feeds/freshness page (preserved source id).
+- View impacted findings/gates → navigates to Security & Risk findings filtered by source.
+
+### Detail panel (slide-in)
+Opened from row click. Sections:
+- Source status timeline — ingest events, gaps, and failure events.
+- Conflict diagnostics — conflicting statement list with source pair, advisory id, conflict type (severity mismatch, remediation mismatch, existence conflict).
+- Advisory statistics — total advisories, signed count, unsigned count, signature failure count.
+- Impacted release/approval/environment references — linked list of active decisions impacted by this source.

 ## State behavior
- Healthy: all freshness and signature checks pass.
- Stale: freshness age exceeds SLA; show gating confidence warning.
- Unavailable: source unreachable; mark impacted decisions as degraded confidence.
- Conflict: source statements disagree; show conflict badge and triage action.

-## Required links
- To `Integrations` connector detail with preserved source id.
- To `Platform Ops` feeds/mirror page with preserved source id.
- To `Security and Risk` findings filtered by source impact.
+### Per-source states

-## Contract notes
- This screen likely requires an aggregate endpoint composed from integrations + ops + security data.
- Initial classification expected: `MISSING_NEW` pending contract definition.
+| State | Trigger | UI treatment |
+| --- | --- | --- |
+| Healthy | Freshness within SLA, signature valid or source is unsigned-accepted | Green badge; no action surfaced |
+| Warning | Freshness age approaching SLA (configurable threshold, default 80%) | Yellow badge; show time-to-breach |
+| Stale | Freshness age exceeds SLA | Red badge; show gating confidence degraded warning; show Open mirror ops action |
+| Unavailable | No ingest activity in critical window or mirror failure | Critical badge; show Open connector config action; impacted decisions show degraded confidence |
+| Conflicting | Active unresolved advisory conflict involving this source | Conflict badge; show conflict count; triage link |
+
+### Page-level states
+
+| State | Trigger | UI treatment |
+| --- | --- | --- |
+| All healthy | All sources healthy or warning | No banner; summary cards show normal |
+| Degraded sources present | One or more stale or unavailable | Warning banner with count and quick action links |
+| Conflict active | One or more unresolved conflicts | Security banner with conflict count; link to filtered view |
+| Stale data | Advisory source API returns cached or stale data (> configured page-stale threshold) | Stale-data banner with last-refreshed timestamp; disable gating-critical actions |
+| Hard fail | Advisory source API unavailable | Error banner; page content unavailable; link to Platform Ops data-integrity page |
+| Empty | No advisory sources configured | Empty state with link to Integrations to configure first source |
+
+## Forbidden behaviors
+
+- This page must not expose connector credential editing (Integrations owns this).
+- This page must not expose freshness operation controls such as trigger sync, clear cache (Platform Ops owns this).
+- This page must not host trust key or issuer management (Administration owns this).
+- Conflict diagnostics is a read-only view; resolution actions are surfaced as links to owning triage surfaces.
+
+## API dependency list
+
+| API | Proposed endpoint | Owner module | Status class | Auth scope | Notes |
+| --- | --- | --- | --- | --- | --- |
+| Advisory source list with freshness | `GET /api/v1/advisory-sources` | `Concelier` | `EXISTS_COMPAT` | `advisory:read` | Implemented; requires tenant via `X-Stella-Tenant` or `tenant_id` claim |
+| Advisory source freshness detail | `GET /api/v1/advisory-sources/{id}/freshness` | `Concelier` | `EXISTS_COMPAT` | `advisory:read` | Implemented; supports source UUID/key lookup and includes advisory stats fields for detail diagnostics |
+| Advisory source gating impact | `GET /api/v1/advisory-sources/{id}/impact` | `Policy` | `EXISTS_COMPAT` | `findings:read` | Implemented; supports `region`, `environment`, and `sourceFamily` filters |
+| Advisory source conflict report | `GET /api/v1/advisory-sources/{id}/conflicts` | `Policy` | `EXISTS_COMPAT` | `findings:read` | Implemented; supports `status` plus deterministic `limit`/`offset` pagination |
+| Advisory source summary aggregate | `GET /api/v1/advisory-sources/summary` | `Concelier` | `EXISTS_COMPAT` | `advisory:read` | Implemented card aggregate (healthy/warning/stale/unavailable/disabled/conflicts placeholder) |
+| Security source freshness (existing) | `GET /api/v1/security/sources/freshness` (check Concelier) | `Concelier` | `EXISTS_ADAPT` | existing | May need freshness-SLA delta and impact-count additions |
+
+## Non-allowed implementations
+
+- A single combined API that merges connector config and freshness without a clear split contract.
+- Advisory Sources rendered as a sub-tab of Integrations or Platform Ops (Security & Risk is owner).
+- Freshness operation controls embedded in this page (must be deep-link to Platform Ops only).
--- a/docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md
+++ b/docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md
@@ -1,27 +1,50 @@
-# S00 Endpoint Contract Ledger v1 (Starter)
+# S00 Endpoint Contract Ledger v1

-Status: Starter sheet
-Instructions: replace placeholder values with discovered implementation reality.
+Status: Frozen baseline (reconciled with backend implementation)
+Date: 2026-02-19
+Working directory: `docs/modules/ui/v2-rewire`
 Template source: `S00_contract_ledger_template.md`
+Sprint: `20260218_005`, task `R0-06`
+
+## Reconciliation note (2026-02-19)
+
+- Frontend shell structure was reverified in `SPRINT_20260219_002` to `SPRINT_20260219_007`.
+- Backend dependency rows `S00-T05-RC-01` and `S00-T05-SEC-02` are shipped and reclassified to `EXISTS_COMPAT`; frontend endpoint consumption for both rows is now implemented in UI surfaces.
+- Backend contract-enrichment adapters were implemented in `SPRINT_20260219_016` for `S00-T05-DASH-01`, `S00-T05-RC-02`, `S00-T05-RUN-01`, `S00-T05-APR-01`, `S00-T05-ENV-01`, `S00-T05-SEC-01`, `S00-T05-EVID-01`, `S00-T05-INT-01`, and `S00-T05-OPS-01`; these rows are now reclassified to `EXISTS_COMPAT`.
+- Backend administration adapters now cover Pack-21 A0-A7 (`/api/v1/administration/{summary,identity-access,tenant-branding,notifications,usage-limits,policy-governance,trust-signing,system}`), so `S00-T05-ADM-01` is reclassified to `EXISTS_COMPAT`.
+- Trust owner mutation routes for keys/issuers/certificates/transparency log are implemented under `/api/v1/administration/trust-signing/*` with `platform.trust.write` / `platform.trust.admin`, backed by Platform DB migration `046_TrustSigningAdministration.sql`.
+- Readiness reconciliation is recorded in `S16_release_readiness_package.md`.
+
+## Status class definitions
+
+| Status class | Meaning |
+| --- | --- |
+| `EXISTS_COMPAT` | Endpoint exists and is compatible with v2 screen needs without schema change. |
+| `EXISTS_ADAPT` | Endpoint exists but requires schema additions, filter/sort extensions, or composition changes for v2. |
+| `MISSING_NEW` | No endpoint exists; must be designed and implemented before the consuming sprint can complete. |
+
+## Ledger

 | Domain | Screen/Page | Canonical source refs | Current route/page | Current endpoint candidate(s) | Status | Owner module | Auth scope impact | Schema delta summary | Decision/risk notes | Action ticket |
 | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
-| Dashboard | Dashboard v3 mission board | `source-of-truth.md 3.2`, `authority-matrix.md A: Dashboard`, `pack-16.md` | `/` (control-plane/dashboard variants) | `TBD` | `EXISTS_ADAPT` | `Web` | `TBD` | aggregate model for CritR, SBOM freshness, B/I/R, data integrity likely needs composition changes | route naming and model aggregation not finalized | `S00-T05-DASH-01` |
-| Release Control | Bundle catalog/detail/builder | `source-of-truth.md 3.1`, `authority-matrix.md A: bundles`, `pack-12.md` | `/releases/*` and related bundle placeholders | `TBD` | `MISSING_NEW` | `ReleaseOrchestrator` | `TBD` | bundle-version lifecycle and materialization contracts likely incomplete | high risk for schema spread across modules | `S00-T05-RC-01` |
-| Release Control | Promotions list/create/detail | `source-of-truth.md 3.1`, `authority-matrix.md A: releases`, `pack-13.md` | `/releases/*` | `TBD` | `EXISTS_ADAPT` | `ReleaseOrchestrator` | `TBD` | bundle-version anchoring required in promotion contracts | depends on bundle contract finalization | `S00-T05-RC-02` |
-| Approvals | Approvals v2 tabs and decision packet | `source-of-truth.md 3.3`, `authority-matrix.md A: approvals`, `pack-17.md` | `/approvals/*` | `TBD` | `EXISTS_ADAPT` | `Policy` | `TBD` | richer gate trace and ops/data context payloads expected | cross-service joins may be needed | `S00-T05-APR-01` |
-| Release Runs | Run timeline and rollback | `source-of-truth.md 3.1`, `authority-matrix.md A: run timeline`, `pack-14.md` | `/deployments/*` and run views | `TBD` | `EXISTS_ADAPT` | `ReleaseOrchestrator` | `TBD` | checkpoint-level evidence/log linkage may be partial | rollback guard semantics must be explicit | `S00-T05-RUN-01` |
-| Environment | Environment detail standard tabs | `source-of-truth.md 3.1 and 3.6`, `authority-matrix.md A: env detail`, `pack-18.md` | `/environments/*` | `TBD` | `EXISTS_ADAPT` | `ReleaseOrchestrator` | `TBD` | env summary requires deploy+security+ops evidence merge | risk of expensive fan-out queries | `S00-T05-ENV-01` |
-| Security and Risk | Risk overview/findings/vuln/vex/exceptions | `source-of-truth.md 3.4`, `authority-matrix.md A: security`, `pack-19.md` | `/security/*` | `TBD` | `EXISTS_ADAPT` | `Scanner` | `TBD` | decision-first grouping and filters may require endpoint normalization | mapping from existing pages may be non-trivial | `S00-T05-SEC-01` |
-| Security and Risk | Advisory Sources | `source-of-truth.md 3.4 and 5`, `authority-matrix.md B: legacy security data split`, `pack-21.md` | `TBD` | `TBD` | `MISSING_NEW` | `Integrations` | `TBD` | final screen spec pending S00-T01, likely needs new aggregate endpoint | ownership boundary unresolved until S00 freeze | `S00-T05-SEC-02` |
-| Evidence and Audit | Evidence home/packs/bundles/export/proof/replay/audit | `source-of-truth.md 3.5`, `authority-matrix.md A: evidence`, `pack-20.md` | `/evidence/*` | `TBD` | `EXISTS_ADAPT` | `EvidenceLocker` | `TBD` | requires consolidated navigation model and consistent search keys | trust links must follow administration ownership override | `S00-T05-EVID-01` |
-| Administration | A0-A7 admin surfaces (IAM, policy, trust, system) | `source-of-truth.md 2.2 and 3.8`, `authority-matrix.md A: administration`, `pack-21.md` | `/settings/*` migration targets `TBD` | `TBD` | `EXISTS_ADAPT` | `Authority` | `TBD` | ownership shift from settings to administration needs route/permissions cleanup | high migration surface area | `S00-T05-ADM-01` |
-| Integrations | Integrations taxonomy and detail + feeds tie-in | `source-of-truth.md 3.7`, `authority-matrix.md A: integrations`, `pack-21.md`, `pack-10.md` | `/settings/integrations/*` and related | `TBD` | `EXISTS_ADAPT` | `Integrations` | `TBD` | advisory connectivity and impact mapping may require model split | coordinate with Advisory Sources spec | `S00-T05-INT-01` |
-| Platform Ops | Data Integrity and Feeds/AirGap ops | `source-of-truth.md 3.6`, `authority-matrix.md A: ops`, `pack-15.md`, `pack-10.md` | `/operations/*` | `TBD` | `EXISTS_ADAPT` | `Orchestrator` | `TBD` | data-integrity aggregate likely spans scheduler/orchestrator/integrations | ensure no duplicated source-of-truth cards | `S00-T05-OPS-01` |
+| Dashboard | Dashboard v3 mission board | `source-of-truth.md 3.2`, `authority-matrix.md A: Dashboard`, `pack-16.md` | `/` (control-plane/dashboard variants) | `GET /api/v1/dashboard/summary`; existing promotion, approval, and scan summary endpoints | `EXISTS_COMPAT` | `Web` (composition) + `ReleaseOrchestrator`, `Policy`, `Scanner` | No new scopes; requires existing viewer scopes | Implemented in Platform pack adapters with deterministic data-confidence, CritR env breakdown, B/I/R coverage, and top-driver fields consumed by dashboard v3 cards | Route finalized to `/api/v1/dashboard/summary`; validated by `PackAdapterEndpointsTests` | `S00-T05-DASH-01` |
+| Release Control | Bundle catalog/detail/builder | `source-of-truth.md 3.1`, `authority-matrix.md A: bundles`, `pack-12.md` | `/release-control/bundles/*` | `GET /api/v1/release-control/bundles`; `GET /api/v1/release-control/bundles/{bundleId}`; `GET /api/v1/release-control/bundles/{bundleId}/versions`; `GET /api/v1/release-control/bundles/{bundleId}/versions/{versionId}`; `POST /api/v1/release-control/bundles`; `POST /api/v1/release-control/bundles/{bundleId}/versions`; `POST /api/v1/release-control/bundles/{bundleId}/versions/{versionId}/materialize` | `EXISTS_COMPAT` | `Platform` (`StellaOps.Platform.WebService`) | `orch:read` (read routes), `orch:operate` (create/publish/materialize) | Implemented with Postgres-backed lifecycle tables (`release.control_bundles*`) plus deterministic list ordering and idempotent materialization key handling | Collision with Evidence bundle export routes resolved by dedicated `/api/v1/release-control/*` namespace; frontend bundle surfaces are now API-bound (see sprint `20260219_003` RC3-06) | `S00-T05-RC-01` |
+| Release Control | Promotions list/create/detail | `source-of-truth.md 3.1`, `authority-matrix.md A: releases`, `pack-13.md` | `/release-control/promotions/*` | `GET /api/release-orchestrator/approvals` (list); `GET /api/release-orchestrator/approvals/{id}` (detail); `GET /api/release-orchestrator/releases/{releaseId}/available-environments` (target preflight); `GET /api/release-orchestrator/releases/{releaseId}/promotion-preview` (gate preflight); `POST /api/release-orchestrator/releases/{releaseId}/promote` (create); `POST /api/release-orchestrator/approvals/{id}/approve`; `POST /api/release-orchestrator/approvals/{id}/reject` | `EXISTS_COMPAT` | `ReleaseOrchestrator` | Existing `orch:read` / `orch:operate` | Legacy promotion/approval payloads are enriched with manifest digest, risk snapshot, hybrid reachability coverage, ops confidence, and decision digest via `ApprovalEndpoints.WithDerivedSignals` | Contract fields verified by `ReleaseControlV2EndpointsTests`; Pack 13 digest-first promotion cards no longer depend on frontend-only gap placeholders | `S00-T05-RC-02` |
+| Release Control | Run timeline, checkpoints, rollback | `source-of-truth.md 3.1`, `authority-matrix.md A: run timeline`, `pack-14.md` | `/deployments/*` and run views | `GET /api/v1/runs/{id}` (run detail); `GET /api/v1/runs/{id}/steps` (step list); `GET /api/v1/runs/{id}/steps/{stepId}` (step detail + logs); `POST /api/v1/runs/{id}/rollback` (trigger rollback) | `EXISTS_COMPAT` | `ReleaseOrchestrator` | Existing `orch:read` / `orch:operate` | Implemented v2 run contracts include ordered checkpoints plus explicit evidence-thread and log-artifact links; rollback returns deterministic accepted payload with guard state | `/api/v1/runs/*` and `/v1/runs/*` compatibility routes are live and test-backed; policy-coupled rollback guard hardening remains future work | `S00-T05-RUN-01` |
+| Approvals | Approvals v2 tabs and decision packet | `source-of-truth.md 3.3`, `authority-matrix.md A: approvals`, `pack-17.md` | `/approvals/*` | `GET /api/v1/approvals` (queue); `GET /api/v1/approvals/{id}` (detail); `GET /api/v1/approvals/{id}/gates` (gate trace); `GET /api/v1/approvals/{id}/evidence` (evidence packet); `GET /api/v1/approvals/{id}/security-snapshot` (security tab data); `GET /api/v1/approvals/{id}/ops-health` (ops/data tab); `POST /api/v1/approvals/{id}/decision` (approve/reject/defer/escalate) | `EXISTS_COMPAT` | `Policy` + `ReleaseOrchestrator` | Existing policy reviewer / approver scopes | v2 approvals adapter routes now return deterministic decision-packet shapes containing digest, gate trace, security snapshot (risk + B/I/R), and ops/data confidence payloads | Deterministic ordering and contract fields are verified in `ReleaseControlV2EndpointsTests` (queue determinism, gate ordering, decision mutation, not-found behavior) | `S00-T05-APR-01` |
+| Environment | Environment detail standard tabs | `source-of-truth.md 3.1 and 3.6`, `authority-matrix.md A: env detail`, `pack-18.md` | `/environments/*` | `GET /api/v1/environments/{id}` (detail); `GET /api/v1/environments/{id}/deployments` (deployment history); `GET /api/v1/environments/{id}/security-snapshot` (security state); `GET /api/v1/environments/{id}/evidence` (evidence summary); `GET /api/v1/environments/{id}/ops-health` (data confidence) | `EXISTS_COMPAT` | `ReleaseOrchestrator` | Existing `orch:read` | Pack-18 environment tab contracts are implemented with standardized header fields (manifest digest, risk snapshot, B/I/R coverage, ops confidence) and deterministic deployment ordering | Environment adapters are live under `/api/v1/environments/*` and validated in `ReleaseControlV2EndpointsTests` | `S00-T05-ENV-01` |
+| Security and Risk | Risk overview, findings, vulns, vex, exceptions, reachability | `source-of-truth.md 3.4`, `authority-matrix.md A: security`, `pack-19.md` | `/security/*` | `GET /api/v1/security/findings` (decision-first grouped); `GET /api/v1/security/vulnerabilities`; `GET /api/v1/security/vex`; `GET /api/v1/security/reachability`; existing risk/scanner endpoints | `EXISTS_COMPAT` | `Scanner` | Existing security viewer scopes | Security adapter routes now normalize findings/vulnerability/VEX/reachability payloads with deterministic filters and B/I/R confidence fields expected by Pack 19 decision-centric screens | Scanner routes are validated in `SecurityAdapterEndpointsTests`; exception lifecycle remains served by Policy endpoints (`/api/policy/exceptions`) and linked from security flows | `S00-T05-SEC-01` |
+| Security and Risk | Advisory Sources | `source-of-truth.md 3.4 and 5`, `authority-matrix.md B: legacy security data split`, `pack-21.md`, `S00_advisory_sources_spec.md` | `/security-risk/advisory-sources` | `GET /api/v1/advisory-sources`; `GET /api/v1/advisory-sources/summary`; `GET /api/v1/advisory-sources/{id}/freshness` (Concelier); `GET /api/v1/advisory-sources/{id}/impact`; `GET /api/v1/advisory-sources/{id}/conflicts` (Policy) | `EXISTS_COMPAT` | `Concelier` (freshness) + `Policy` (impact/conflicts) | `advisory:read` (Concelier freshness routes), `findings:read` (Policy impact/conflicts routes); tenant header required | Implemented with Concelier freshness + signature-stat projections (`vuln.source_freshness_sla`, `vuln.advisory_source_signature_projection`) and Policy impact/conflict projections (`policy.advisory_source_impacts`, `policy.advisory_source_conflicts`) | Ownership split implemented at endpoint boundary; UI composes read-only facts from Concelier + Policy without write side-effects, including backend advisory stats in detail diagnostics (see sprint `20260219_004` SR4-07) | `S00-T05-SEC-02` |
+| Evidence and Audit | Evidence home, packs, bundles, export, proof, replay, audit | `source-of-truth.md 3.5`, `authority-matrix.md A: evidence`, `pack-20.md` | `/evidence/*` | `GET /api/v1/evidence` (home); `GET /api/v1/evidence/packs` (pack list); `GET /api/v1/evidence/packs/{id}` (pack detail); `GET /api/v1/evidence/proofs/{subjectDigest}` (proof chain); `GET /api/v1/evidence/thread/{id}` (evidence thread); `GET /api/v1/evidence/audit` (unified audit log); `GET /api/v1/evidence/receipts/cvss/{id}` | `EXISTS_COMPAT` | `EvidenceLocker` + `Attestor` | Existing evidence viewer scopes | Evidence adapter family is implemented for home/packs/proofs/audit/receipts plus thread lookup with deterministic ordering and explicit not-found contracts | Routes are validated by `EvidenceAuditEndpointsTests`; trust management remains an Administration owner workflow while evidence APIs stay read-only consumer surfaces | `S00-T05-EVID-01` |
+| Administration | A0 overview + A1 Identity and Access + A2 Tenant and Branding + A3 Notifications + A4 Usage and Limits + A5 Policy Governance + A6 Trust and Signing + A7 System | `source-of-truth.md 2.2 and 3.8`, `authority-matrix.md A: administration`, `pack-21.md` | `/settings/*` migration targets and new `/administration/*` routes | `GET /api/v1/administration/summary`; `GET /api/v1/administration/identity-access`; `GET /api/v1/administration/tenant-branding`; `GET /api/v1/administration/notifications`; `GET /api/v1/administration/usage-limits`; `GET /api/v1/administration/policy-governance`; `GET /api/v1/administration/trust-signing`; `GET /api/v1/administration/system`; `GET /api/v1/administration/trust-signing/{keys,issuers,certificates,transparency-log}`; `POST /api/v1/administration/trust-signing/keys`; `POST /api/v1/administration/trust-signing/keys/{keyId}/rotate`; `POST /api/v1/administration/trust-signing/keys/{keyId}/revoke`; `POST /api/v1/administration/trust-signing/issuers`; `POST /api/v1/administration/trust-signing/certificates`; `POST /api/v1/administration/trust-signing/certificates/{certificateId}/revoke`; `PUT /api/v1/administration/trust-signing/transparency-log` | `EXISTS_COMPAT` | `Platform` (composition) + `Authority` + `Policy` | `platform.setup.read` for A0/A1/A2/A3/A4/A5/A7 adapters; A6 read routes use `platform.trust.read` (`trust:read`), owner mutations use `platform.trust.write` (`trust:write`) and `platform.trust.admin` (`trust:admin`) | Pack adapters now return deterministic A1-A7 payloads plus `legacyAliases` route-migration metadata for `/settings/*`, `/policy/*`, and `/admin/*`; trust-owner mutation routes persist deterministic state via Platform stores | Adapter surface decouples frontend from legacy prefixes while preserving explicit trust-owner boundaries and admin-grade mutation authorization for keys/issuers/certificates/transparency configuration | `S00-T05-ADM-01` |
+| Integrations | Integrations taxonomy, hub overview, connector detail, feeds tie-in | `source-of-truth.md 3.7`, `authority-matrix.md A: integrations`, `pack-21.md`, `pack-10.md` | `/settings/integrations/*` and `/integrations/*` (partially) | `GET /api/v1/integrations` (hub list); `GET /api/v1/integrations/{id}` (connector detail); `GET /api/v1/integrations/{id}/health` (health check); `GET /api/v1/integrations/{id}/impact` (impact map); `POST /api/v1/integrations/{id}/test` (test connection) | `EXISTS_COMPAT` | `Integrations` | Existing integration admin scopes | Impact map contract is implemented at `/api/v1/integrations/{id}/impact` with deterministic workflow ordering; list/detail/health/test routes remain compatible for pack-21 integration detail tabs | Endpoint behavior is validated in `IntegrationImpactEndpointsTests`; advisory source ownership split remains handled by `S00-T05-SEC-02` | `S00-T05-INT-01` |
+| Platform Ops | Data Integrity overview + nightly report + feeds freshness + scan pipeline health + reachability ingest + DLQ + data quality SLOs | `source-of-truth.md 3.6`, `authority-matrix.md A: ops`, `pack-15.md`, `pack-10.md`, `pack-21.md` | `/operations/*` (current) | `GET /api/v1/platform/data-integrity/summary` (overview cards); `GET /api/v1/platform/data-integrity/report` (nightly report); `GET /api/v1/platform/feeds/freshness` (feeds health); `GET /api/v1/platform/scan-pipeline/health`; `GET /api/v1/platform/reachability/ingest-health`; existing DLQ and SLO endpoints | `EXISTS_COMPAT` | `Orchestrator` + `Concelier` + `Scanner` | Existing ops viewer scopes | Platform pack adapters now expose the data-integrity aggregate routes required by Packs 15/21 with deterministic card/report ordering and feed/pipeline/reachability drilldown links | Endpoints and tenant-header validation are covered in `PackAdapterEndpointsTests`; ownership split with Integrations remains explicit per `S00_advisory_sources_spec.md` | `S00-T05-OPS-01` |

-## Completion checklist
+## Sign-off requirement

- [ ] Replace all `TBD` values with concrete route and endpoint references.
- [ ] Verify one status class per row.
- [ ] Add rows for additional active-authority screens discovered during route audit.
- [ ] Link each `Action ticket` to a concrete sprint task.
+Before readiness closure, frontend and backend leads must confirm:
+- All previously `MISSING_NEW` rows are either shipped or formally deferred with owner/date.
+- Any `EXISTS_ADAPT` rows (none at this revision) have backend team acknowledgment of planned schema delta.
+- No active-authority screen remains unclassified.
+
+Sign-off is captured in `S00_handoff_packet.md`.
--- a/docs/modules/ui/v2-rewire/S00_handoff_packet.md
+++ b/docs/modules/ui/v2-rewire/S00_handoff_packet.md
@@ -1,19 +1,64 @@
-# S00 Handoff Packet
+# S00 Handoff Packet

-Status: Placeholder (created for sprint planning pointer integrity)
-Date: 2026-02-18
+Status: Published (reconciled to reopened 20260219 sprint wave)
+Date: 2026-02-19
+Working directory: `docs/modules/ui/v2-rewire`
+Sprint: `20260218_005`, task `R0-07`

-## Upstream artifacts
- `S00_advisory_sources_spec.md`
- `S00_nav_rendering_policy.md`
- `S00_trust_ownership_transition.md`
- `S00_route_deprecation_map.md`
- `S00_endpoint_contract_ledger_v1.md`
+## Purpose

-## Downstream target sprints
- `SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md`
- `SPRINT_20260218_007_FE_ui_v2_rewire_administration_foundation.md`
- `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md`
+This packet is the authoritative handoff from sprint `20260218_005` (Spec Freeze) to implementation sprints.
+All frozen decisions are referenced here.

-## Current status
- This packet is a planning placeholder and will be expanded when sprint `20260218_005` reaches DONE.
+Implementation execution for this handoff was the reopened sprint set:
+
+- `SPRINT_20260219_002` through `SPRINT_20260219_007`
+- `SPRINT_20260219_008` (backend endpoint + migration dependency closure)
+- `SPRINT_20260219_015` (Pack-13 promotions contract binding follow-on)
+
+All completed sprint files from this set are now archived under `docs-archived/implplan/`.
+
+## Frozen decisions
+
+| Decision | Document | Key ruling |
+| --- | --- | --- |
+| Canonical IA taxonomy and root domain ordering | `source-of-truth.md` sections 2.1 and 2.2 | Seven roots: Dashboard, Release Control, Security and Risk, Evidence and Audit, Integrations, Platform Ops, Administration. Order is fixed. |
+| Ownership boundaries (Policy, Trust, System, Security Data split) | `source-of-truth.md` section 2.2, `authority-matrix.md` section B | Policy Governance -> Administration. Trust and Signing -> Administration. System -> Administration. Legacy Security Data -> split: connectivity in Integrations/Platform Ops, gating impact in Security and Risk. |
+| Superseded alternatives (forbidden placements) | `authority-matrix.md` section B; `S00_nav_rendering_policy.md` do-not list | Trust in Evidence, Policy in Release Control, System as top-level root are forbidden. |
+| Release Control capability rendering policy | `S00_nav_rendering_policy.md` | Releases and Approvals may be direct nav shortcuts under Release Control group; Bundles, Deployments, and Environments stay grouped under Release Control ownership. |
+| Advisory Sources screen ownership and spec | `S00_advisory_sources_spec.md` | Security and Risk owns decision-impact view. Integrations owns connector config. Platform Ops owns freshness ops. |
+| Trust and Signing ownership transition and consumer model | `S00_trust_ownership_transition.md` | Administration is sole owner. Evidence and Audit and Security and Risk are consumers with read-only links only. |
+| Route deprecation map and activation sequence | `S00_route_deprecation_map.md` | Complete v1 -> v2 mapping with per-sprint activation sequence. |
+| Endpoint contract ledger v1 | `S00_endpoint_contract_ledger_v1.md` | 12 screen domains classified; previously missing rows `S00-T05-RC-01` and `S00-T05-SEC-02` are now reconciled to shipped backend contracts (`EXISTS_COMPAT`). |
+
+## Downstream target sprints (executed and archived)
+
+| Sprint | Dependency on S00 decisions | Unblocked after |
+| --- | --- | --- |
+| `SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth` | Nav rendering policy, route deprecation map | `SPRINT_20260219_001` DONE |
+| `SPRINT_20260219_003_FE_ui_v2_shell_release_control_structure` | Release Control ownership policy, Pack 12/13/14 structure, contract ledger RC rows | `SPRINT_20260219_002` |
+| `SPRINT_20260219_004_FE_ui_v2_shell_security_and_advisory_sources` | Advisory Sources spec, ownership split, contract ledger SEC rows | `SPRINT_20260219_002` |
+| `SPRINT_20260219_005_FE_ui_v2_shell_evidence_audit_structure` | Trust transition doc, evidence ownership policy, contract ledger EVID row | `SPRINT_20260219_002` |
+| `SPRINT_20260219_006_FE_ui_v2_shell_integrations_platform_ops_alignment` | Integrations/Platform Ops taxonomy, security-data split policy | `SPRINT_20260219_002` |
+| `SPRINT_20260219_007_FE_ui_v2_shell_qa_and_readiness_reverification` | Strict closure gate, ledger reconciliation, readiness publication | `SPRINT_20260219_003` to `SPRINT_20260219_006` |
+
+## Unresolved risks (carry into implementation)
+
+| Risk | Severity | Mitigation | Owner sprint |
+| --- | --- | --- | --- |
+| Bundle API (`S00-T05-RC-01`) contract drift after implementation | Medium | Keep ledger pinned to implemented `/api/v1/release-control/bundles*` routes and reject path regressions that collide with evidence bundle export namespace. | `SPRINT_20260219_008` + downstream QA |
+| Advisory Sources cross-service composition drift (`S00-T05-SEC-02`) | Medium | Keep Concelier freshness and Policy impact/conflicts ownership split explicit; verify tenant/scope behavior in readiness reruns. | `SPRINT_20260219_008` + downstream QA |
+| Trust scope model (`trust:read`, `trust:write`, `trust:admin`) requires Authority alignment | Closed (2026-02-19) | Authority canonical scopes and Platform trust policies are wired; A6 now includes owner mutation routes (`/api/v1/administration/trust-signing/{keys,issuers,certificates,transparency-log}`) with DB backing via migration `046_TrustSigningAdministration.sql`. | `SPRINT_20260219_016` |
+| Approvals multi-tab fan-out latency (`S00-T05-APR-01`) | Medium | Preserve lazy loading and stale-data behavior in shell and add backend performance verification in follow-on integration work. | `SPRINT_20260219_003` |
+| Data Integrity aggregate endpoint (`S00-T05-OPS-01`) spans modules | Medium | Keep ownership split explicit in shell and assign backend composition owner before full readiness GO. | `SPRINT_20260219_006` / `SPRINT_20260219_007` |
+| Legacy alias removal can miss long-tail deep links | Low | Keep redirect map under strict tests and remove aliases only after measured traffic evidence. | `SPRINT_20260219_002` / `SPRINT_20260219_007` |
+
+## Contract ledger sign-off status
+
+- Frontend shell sign-off is complete through `SPRINT_20260219_006`.
+- Backend dependency sign-off for previously unresolved rows (`S00-T05-RC-01`, `S00-T05-SEC-02`) is now complete via `SPRINT_20260219_008` evidence and ledger reconciliation.
+- Promotions row `S00-T05-RC-02` and Administration row `S00-T05-ADM-01` are fully reconciled to `EXISTS_COMPAT` via `SPRINT_20260219_016` backend contract enrichment evidence.
+
+## Non-shipped exploratory work
+
+None.
--- a/docs/modules/ui/v2-rewire/S00_nav_rendering_policy.md
+++ b/docs/modules/ui/v2-rewire/S00_nav_rendering_policy.md
@@ -1,25 +1,116 @@
-# S00 Nav Rendering Policy
+# S00 Nav Rendering Policy

-Status: Draft (created for sprint planning pointer integrity)
+Status: Frozen
 Date: 2026-02-18
+Working directory: `docs/modules/ui/v2-rewire`
+Sprint: `20260218_005`, task `R0-03`

 ## Policy statement
-Release Control-owned capabilities may be rendered as direct shortcuts if and only if ownership remains labeled as Release Control in breadcrumbs and headers.

-## Allowed model
- Root domains remain canonical.
- Shortcuts allowed for `Releases` and `Approvals` when they route to Release Control-owned routes.
- `Bundles`, `Deployments`, and `Regions and Environments` remain under Release Control navigation hierarchy.
+Release Control-owned capabilities may be rendered as direct shortcuts in the sidebar if and only if:
+1. Ownership is labeled as **Release Control** in breadcrumbs and page headers.
+2. The canonical routes for those capabilities live under `/release-control/*`.
+3. The sidebar shortcut links to the canonical route, not an alias.
+
+This policy prevents mixed rendering where the same screen appears to be owned by two domains.
+
+## Allowed rendering model
+
+### Desktop (expanded sidebar)
+
+```
+Dashboard
+Release Control
+  ├── Releases          [shortcut direct nav allowed]
+  ├── Approvals         [shortcut direct nav allowed]
+  ├── Bundles           [nested only — no direct shortcut]
+  ├── Deployments       [nested only — no direct shortcut]
+  └── Regions & Environments  [nested only — no direct shortcut]
+Security & Risk
+Evidence & Audit
+Integrations
+Platform Ops
+Administration
+```
+
+`Releases` and `Approvals` may appear as direct children under `Release Control` in the sidebar
+(rather than requiring expand → click).
+`Bundles`, `Deployments`, and `Regions & Environments` remain nested and require expand.
+
+### Desktop (collapsed sidebar — icons only)
+
+- Show icon for Release Control root only.
+- Tooltip on hover shows "Release Control".
+- Click navigates to Release Control overview or last active child.
+- No separate Releases / Approvals icons in collapsed mode.
+
+### Mobile (navigation drawer)
+
+- All root domains appear as top-level items in the drawer.
+- Release Control expands in-place to show child nav items.
+- `Releases` and `Approvals` may appear as drawer children with Release Control as visible parent.
+- No Release Control capabilities may appear as top-level drawer items separate from the Release Control group.

 ## Breadcrumb rules
- Any shortcut route must render breadcrumb prefix `Release Control`.
- Header titles use canonical naming; optional compatibility labels may be temporary.

-## Non-allowed model
- Dual ownership labels for same screen.
- Divergent mobile vs desktop ownership paths.
- Legacy settings-first entry as primary owner path.
+Canonical format: `Root Domain > Capability > [Sub-page]`

-## Route guidance
- Use alias redirects for historical direct paths.
- Canonical targets must live under final IA route families.
+| Scenario | Breadcrumb | Notes |
+| --- | --- | --- |
+| Releases list | `Release Control > Releases` | No shortcut bypasses ownership label |
+| Release detail | `Release Control > Releases > RCB-1234` | ID or name appended |
+| Approvals queue | `Release Control > Approvals` | |
+| Approval detail | `Release Control > Approvals > APR-5678` | |
+| Bundle catalog | `Release Control > Bundles` | |
+| Bundle detail | `Release Control > Bundles > my-bundle` | |
+| Bundle version detail | `Release Control > Bundles > my-bundle > v1.3.0` | |
+| Deployments | `Release Control > Deployments` | |
+| Environments list | `Release Control > Regions & Environments` | |
+| Environment detail | `Release Control > Regions & Environments > staging-eu` | |
+
+### Concrete counter-examples (forbidden)
+
+| Forbidden breadcrumb | Reason |
+| --- | --- |
+| `Approvals > APR-5678` | Missing Release Control ownership prefix |
+| `Releases` (no parent) | Same — no domain context |
+| `Settings > Policy Governance` | Policy Governance owner is Administration, not Settings |
+| `Evidence & Audit > Trust & Signing` | Trust & Signing owner is Administration; Evidence may only show a consumer link |
+
+## Legacy label transition behavior
+
+Where users know a surface by an old label, show a compact transition label during the migration window defined in `S00_route_deprecation_map.md`.
+
+Rules:
+- Transition labels appear only in page headers and sidebar items, not in breadcrumbs.
+- Format: canonical label is primary; old label appears parenthetically — e.g., `Policy Governance (formerly Policy Studio)`.
+- Transition labels are removed at sprint 016 cutover unless traffic evidence requires extension.
+- Canonical labels are always primary; old labels never replace canonical ones.
+
+Planned transition labels:
+
+| Canonical label | Transition label (migration window only) | Remove at |
+| --- | --- | --- |
+| `Security & Risk` | `Security & Risk (formerly Security)` | Sprint 016 |
+| `Platform Ops` | `Platform Ops (formerly Operations)` | Sprint 016 |
+| `Evidence & Audit` | `Evidence & Audit (formerly Evidence)` | Sprint 016 |
+| `Policy Governance` | `Policy Governance (formerly Policy Studio / Policy)` | Sprint 016 |
+
+## Explicit do-not list
+
+The following rendering patterns are forbidden in any sprint implementation:
+
+1. **Do not** place Release Control capability screens (`Releases`, `Approvals`, `Bundles`, `Deployments`, `Environments`) as root-level sidebar items independent from the `Release Control` group.
+2. **Do not** display a breadcrumb that omits the canonical root domain prefix.
+3. **Do not** show different ownership labels on desktop vs. mobile for the same screen.
+4. **Do not** use legacy root-level nav paths (e.g., `/approvals`, `/releases`) as the canonical nav target — they must redirect to `/release-control/*` canonical targets.
+5. **Do not** label `Trust & Signing` as owned by Evidence & Audit or Security in any nav or header.
+6. **Do not** label `Policy Governance` as owned by Release Control in any nav or header.
+7. **Do not** introduce a new root domain that is not in the canonical 7: Dashboard, Release Control, Security & Risk, Evidence & Audit, Integrations, Platform Ops, Administration.
+
+## Route alias requirements for migration
+
+During the alias window, current root-level paths (`/releases`, `/approvals`) must:
+- Resolve to the canonical `/release-control/releases` and `/release-control/approvals` routes.
+- Render the canonical breadcrumb (e.g., `Release Control > Releases`) — not an alias-derived breadcrumb.
+- Not appear as primary nav items in the sidebar; the sidebar must link to canonical paths only.
--- a/docs/modules/ui/v2-rewire/S00_route_deprecation_map.md
+++ b/docs/modules/ui/v2-rewire/S00_route_deprecation_map.md
@@ -1,26 +1,183 @@
-# S00 Route Deprecation Map
+# S00 Route Deprecation Map

-Status: Draft baseline (created for sprint planning pointer integrity)
+Status: Frozen baseline
 Date: 2026-02-18
+Working directory: `docs/modules/ui/v2-rewire`
+Canonical source: `source-of-truth.md`, `authority-matrix.md`

 ## Purpose
-Baseline mapping for legacy route families to canonical IA targets.

-## Route action values
- `keep`
- `redirect`
- `alias`
- `remove-later`
+Complete route baseline mapping current v1 canonical paths to v2 target IA families.
+Every major route family must have exactly one migration action.
+This map governs all implementation in sprints 006 through 016.

-## Baseline mapping examples
-| Legacy family | Canonical target family | Action |
+## Route action definitions
+
+| Action | Meaning |
+| --- | --- |
+| `keep` | Path and semantics are unchanged; no migration work required. |
+| `redirect` | Current path redirects to v2 canonical target; old path is no longer authoritative. |
+| `alias` | Current path remains active and resolves to the same content as canonical; both paths are valid during the migration window. Planned for removal after cutover. |
+| `remove-later` | Path is superseded; leave as redirect stub until traffic confirms safety, then remove in sprint 016. |
+
+## Section 1 — Root domain family migrations
+
+These are the highest-priority mappings because they affect top-level navigation and all deep links.
+
+| Current v1 path family | v2 canonical target family | Action | Notes |
+| --- | --- | --- | --- |
+| `/` (control-plane landing) | `/dashboard` | `redirect` | Current Control Plane becomes Dashboard v3 landing. Sprint 012 implements target. |
+| `/security/*` | `/security-risk/*` | `redirect` + temporary `alias` | High-traffic. Alias `/security/*` during sprint 014 window; remove in sprint 016. |
+| `/operations/*` | `/platform-ops/*` | `redirect` + temporary `alias` | Ops team bookmarks. Alias during sprint 008 window; remove in sprint 016. |
+| `/evidence/*` | `/evidence-audit/*` | `redirect` + temporary `alias` | Alias during sprint 015 window; remove in sprint 016. |
+| `/policy/*` | `/administration/policy-governance/*` | `redirect` | Ownership change. High risk; enforce breadcrumb and ownership labels per nav policy. |
+| `/settings/*` (admin subset) | `/administration/*` | `redirect` | Split: admin sub-paths go to `/administration/*`; integration sub-paths go to `/integrations/*`. |
+| `/settings/integrations/*` | `/integrations/*` | `redirect` | Integrations becomes a canonical root domain. |
+| `/integrations/*` (current shallow root) | `/integrations/*` (v2 canonical root) | `keep` | Route family stays. Sprint 008 expands content and taxonomy. |
+| `/approvals/*` | `/release-control/approvals/*` | `redirect` + temporary `alias` | Alias `/approvals/*` for operator convenience during cutover; remove in sprint 016. |
+| `/releases/*` | `/release-control/releases/*` | `redirect` + temporary `alias` | High-traffic operator route. Alias during sprints 010-016 window. |
+| `/environments/*` | `/release-control/environments/*` | `redirect` | Medium risk. |
+| `/deployments/*` | `/release-control/deployments/*` | `redirect` | Medium risk. |
+| `/analytics/*` | `/security-risk/analytics/*` | `redirect` | Analytics is consumed under Security & Risk. |
+
+## Section 2 — Settings sub-family migrations
+
+All settings sub-paths have a final canonical owner under Administration or Integrations.
+
+| Current v1 path | v2 target | Action | Sprint |
+| --- | --- | --- | --- |
+| `/settings/admin/users` | `/administration/identity-access/users` | `redirect` | 007 |
+| `/settings/admin/roles` | `/administration/identity-access/roles` | `redirect` | 007 |
+| `/settings/admin/tenants` | `/administration/identity-access/tenants` | `redirect` | 007 |
+| `/settings/admin/clients` | `/administration/identity-access/clients` | `redirect` | 007 |
+| `/settings/admin/tokens` | `/administration/identity-access/tokens` | `redirect` | 007 |
+| `/settings/admin/branding` | `/administration/tenant-branding` | `redirect` | 007 |
+| `/settings/admin/:page` | `/administration/:page` | `redirect` (catch-all) | 007 |
+| `/settings/trust/*` | `/administration/trust-signing/*` | `redirect` | 007 |
+| `/settings/notifications/*` | `/administration/notifications/*` | `redirect` | 007 |
+| `/settings/security-data/trivy` | `/integrations/feeds/trivy` | `redirect` | 008 |
+| `/settings/sbom-sources/*` | `/integrations/sbom-sources/*` | `redirect` | 008 |
+| `/settings/workflows/*` | `/administration/system/workflows` | `redirect` | 007 |
+| `/settings/profile` | `/administration/profile` | `alias` | 007 (keep; `/administration/profile` is canonical) |
+| `/settings/configuration-pane` | `/administration/system/configuration` | `redirect` | 007 |
+
+## Section 3 — Evidence & Audit sub-family migrations
+
+| Current v1 path | v2 target | Action | Sprint |
+| --- | --- | --- | --- |
+| `/evidence` | `/evidence-audit` | `redirect` + alias | 015 |
+| `/evidence/audit` | `/evidence-audit/audit` | `redirect` | 015 |
+| `/evidence/packs/*` | `/evidence-audit/packs/*` | `redirect` | 015 |
+| `/evidence/proofs/*` | `/evidence-audit/proofs/*` | `alias` | 015 (permanent convenience alias for external linking) |
+| `/evidence/change-trace/*` | `/evidence-audit/change-trace/*` | `redirect` | 015 |
+| `/evidence/receipts/cvss/*` | `/evidence-audit/receipts/cvss/*` | `redirect` | 015 |
+| `/evidence-thread/*` | `/evidence-audit/thread/*` | `redirect` | 015 |
+| `/timeline/*` | `/evidence-audit/timeline/*` | `redirect` | 015 |
+
+## Section 4 — Platform Ops sub-family migrations
+
+| Current v1 path | v2 target | Action | Sprint |
+| --- | --- | --- | --- |
+| `/operations/feeds/*` | `/platform-ops/data-integrity/feeds/*` | `redirect` | 008 |
+| `/operations/orchestrator/*` | `/platform-ops/orchestrator/*` | `redirect` | 008 |
+| `/operations/health` | `/platform-ops/health` | `redirect` | 008 |
+| `/operations/quotas/*` | `/platform-ops/quotas/*` | `redirect` | 008 |
+| `/operations/slo` | `/platform-ops/data-integrity/slo` | `redirect` | 008 |
+| `/operations/dead-letter` | `/platform-ops/orchestrator/dead-letter` | `redirect` | 008 |
+| `/operations/aoc` | `/platform-ops/aoc` | `redirect` | 008 |
+| `/operations/doctor` | `/platform-ops/doctor` | `redirect` | 008 |
+| `/operations/offline-kit/*` | `/platform-ops/offline-kit/*` | `redirect` | 008 |
+| `/operations/agents/*` | `/platform-ops/agents/*` | `redirect` | 008 |
+| `/operations/scanner/*` | `/platform-ops/scanner/*` | `redirect` | 008 |
+| `/operations/packs/*` | `/platform-ops/pack-registry/*` | `redirect` | 008 |
+| `/operations/signals/*` | `/platform-ops/signals/*` | `redirect` | 008 |
+| `/operations/ai-runs/*` | `/platform-ops/ai-runs/*` | `redirect` | 008 |
+| `/operations/notifications` | `/administration/notifications` | `redirect` | 007 (ownership change) |
+| `/operations/status` | `/administration/system/status` | `redirect` | 007 (ownership change) |
+
+## Section 5 — Release Control sub-family migrations
+
+| Current v1 path | v2 target | Action | Sprint |
+| --- | --- | --- | --- |
+| `/releases` | `/release-control/releases` | `redirect` + alias | 010 |
+| `/releases/:id` | `/release-control/releases/:id` | `redirect` | 010 |
+| `/approvals` | `/release-control/approvals` | `redirect` + alias | 011 |
+| `/approvals/:id` | `/release-control/approvals/:id` | `redirect` | 011 |
+| `/environments` | `/release-control/environments` | `redirect` | 013 |
+| `/environments/:id` | `/release-control/environments/:id` | `redirect` | 013 |
+| `/deployments/*` | `/release-control/deployments/*` | `redirect` | 010 |
+| (new) `/release-control/bundles/*` | `/release-control/bundles/*` | `new (implemented)` | 20260219_003 |
+
+## Section 6 — Security & Risk sub-family migrations
+
+| Current v1 path | v2 target | Action | Sprint |
+| --- | --- | --- | --- |
+| `/security` | `/security-risk` | `redirect` + alias | 014 |
+| `/security/findings/*` | `/security-risk/findings/*` | `redirect` | 014 |
+| `/security/vulnerabilities/*` | `/security-risk/vulnerabilities/*` | `redirect` | 014 |
+| `/security/sbom/graph` | `/security-risk/sbom/graph` | `redirect` | 014 |
+| `/security/lineage/*` | `/security-risk/lineage/*` | `redirect` | 014 |
+| `/security/reachability` | `/security-risk/reachability` | `redirect` | 014 |
+| `/security/risk` | `/security-risk/risk` | `redirect` | 014 |
+| `/security/artifacts/*` | `/security-risk/artifacts/*` | `redirect` | 014 |
+| `/security/vex/*` | `/security-risk/vex/*` | `redirect` | 014 |
+| `/security/unknowns` | `/security-risk/unknowns` | `redirect` | 014 |
+| `/security/patch-map` | `/security-risk/patch-map` | `redirect` | 014 |
+| `/security/scans/*` | `/security-risk/scans/*` | `redirect` | 014 |
+| (new) `/security-risk/advisory-sources` | `/security-risk/advisory-sources` | `new (implemented)` | 20260219_004 |
+
+## Section 7 — Administration sub-family migrations
+
+| Current v1 path | v2 target | Action | Sprint |
+| --- | --- | --- | --- |
+| `/policy/governance` | `/administration/policy-governance` | `redirect` | 007 |
+| `/policy/exceptions/*` | `/administration/policy-governance/exceptions/*` | `redirect` | 007 |
+| `/policy/packs/*` | `/administration/policy-governance/packs/*` | `redirect` | 007 |
+| `/admin/trust/*` | `/administration/trust-signing/*` | `redirect` | 007 |
+| `/admin/audit` | `/evidence-audit/audit` | `redirect` | 015 |
+| `/admin/notifications` | `/administration/notifications` | `redirect` | 007 |
+| `/admin/policy/governance` | `/administration/policy-governance` | `redirect` | 007 |
+| `/admin/policy/simulation` | `/administration/policy-governance/simulation` | `redirect` | 007 |
+| `/admin/registries` | `/integrations/registries` | `redirect` | 008 |
+| `/admin/issuers` | `/administration/trust-signing/issuers` | `redirect` | 007 |
+| `/admin/vex-hub/*` | `/security-risk/vex/*` | `redirect` | 014 |
+
+## Section 8 — Remove-later candidates
+
+Paths that are stale and should be removed after traffic confirmation:
+
+| Path | Current state | Proposed timeline |
 | --- | --- | --- |
-| `/settings/*` admin-owned surfaces | `/administration/*` | `redirect` |
-| `/settings/security-data` | split to `/integrations/*` and `/security/*` contexts | `redirect` |
-| `/integrations/*` legacy settings paths | `/integrations/*` canonical root | `alias` |
-| historical trust routes | `/administration/trust*` | `redirect` |
-| historical ops aliases | `/operations/*` canonical root | `alias` |
+| `/home` | Already redirects to `/` | Sprint 016: confirm and remove from app.routes |
+| `/orchestrator/*` | Already redirects to `/operations/*` → sprint 008 will update to `/platform-ops/*` | Sprint 016 |
+| `/release-orchestrator/*` | Already redirects to root routes | Sprint 016 |
+| `/ops/*` | Already redirects to `/operations/*` → sprint 008 will update | Sprint 016 |
+| `/console/*` | Already redirects to `/settings/*` → sprint 007 will update to `/administration/*` | Sprint 016 |
+| `/triage/*` | Already redirects to `/security/*` → sprint 014 will update | Sprint 016 |
+| `/qa/*` (internal workbenches) | Internal tooling; keep as `alias` long-term | No sprint 016 removal |

-## Notes
- Full detailed map is completed in sprint `20260218_005` task `R0-05`.
- Query and fragment preservation is required for redirect families.
+## Section 9 — High-risk deep-link mitigation
+
+| Risk | Mitigation |
+| --- | --- |
+| `/approvals/:id` bookmarks (operators) | Alias `/approvals/:id` until sprint 016 cutover confirmation. |
+| `/releases/:id` links from CI/CD notifications | Alias `/releases/:id` until sprint 016. Log alias traffic before removal. |
+| `/settings/trust/*` from admin-written runbooks | Update internal runbooks in sprint 007 alongside redirect implementation. |
+| `/policy/*` ownership migration confuses policy authors | Apply transition labels in sprint 007 alongside redirect; breadcrumb shows `Administration > Policy Governance`. |
+| `/operations/*` ops-team dashboards with hardcoded links | Announce alias window in release notes. Alias during sprint 008-016 window. |
+
+## Section 10 — Activation sequence
+
+| Sprint | Routes activated / aliases established |
+| --- | --- |
+| 006 | Root nav + canonical domain route trees; alias existing roots to new domains |
+| 007 | Administration domain routes; redirect `/settings/admin/*`, `/policy/*`, `/admin/*` paths |
+| 008 | Integrations and Platform Ops routes; redirect `/operations/*`, `/settings/integrations/*` paths |
+| 009 | Bundle routes under `/release-control/bundles/*` (new) |
+| 010 | Release and promotion routes; redirect `/releases/*`, `/deployments/*` |
+| 011 | Approvals routes; alias `/approvals/*` to `/release-control/approvals/*` |
+| 012 | Dashboard v3; redirect `/` and update home behavior |
+| 013 | Environment detail routes; redirect `/environments/*` |
+| 014 | Security & Risk routes; alias `/security/*` |
+| 015 | Evidence & Audit routes; alias `/evidence/*` |
+| 016 | Remove all `alias` and `remove-later` temporary paths; publish cutover confirmation |
--- a/docs/modules/ui/v2-rewire/S00_trust_ownership_transition.md
+++ b/docs/modules/ui/v2-rewire/S00_trust_ownership_transition.md
@@ -1,23 +1,96 @@
-# S00 Trust Ownership Transition
+# S00 Trust Ownership Transition

-Status: Draft (created for sprint planning pointer integrity)
+Status: Frozen
 Date: 2026-02-18
+Working directory: `docs/modules/ui/v2-rewire`
+Sprint: `20260218_005`, task `R0-04`

 ## Ownership decision
-`Administration` is the owner domain for Trust and Signing.
+
+`Administration` is the sole owner domain for Trust and Signing.
+This is a final decision (Pack 21 overrides Packs 9, 11, and 20 on ownership).
+
+No other domain may host trust management screens. Trust management includes:
+- Key lifecycle (rotate, revoke, generate).
+- Issuer/CA registration and trust configuration.
+- Certificate lifecycle and renewal.
+- Transparency log configuration.
+- Trust scoring policy.

 ## Consumer model
- `Evidence and Audit` consumes trust state through deep links and contextual trust indicators.
- `Security and Risk` consumes issuer/signature confidence as decision context.

-## Route policy
- Legacy trust routes redirect or alias to Administration trust pages.
- Evidence and Security pages must not host owner-duplicate trust management screens.
+Two domains consume trust state without owning it:

-## UX policy
- Trust actions (rotate, issuer management, cert lifecycle) remain in Administration.
- Consumer pages provide contextual links with preserved entity ids.
+### Evidence & Audit (consumer)
+- Displays trust indicators on proof chain, attestation, and evidence node views.
+- Links to Administration > Trust & Signing > [entity] for management actions.
+- Read-only trust status display only; no management surface.
+- Preserved entity id must be included in all deep links to Administration trust pages.

-## Risk controls
- Prevent duplicate owner surfaces.
- Ensure breadcrumbs and page headers always indicate Administration ownership.
+### Security & Risk (consumer)
+- Displays issuer/signature confidence as a decision context field in security findings, advisory sources, and approval tabs.
+- Links to Administration > Trust & Signing > Issuers > [issuerId] when an issuer is referenced in a finding or advisory.
+- Read-only trust confidence display only; no management surface.
+
+## Cross-link contract
+
+All trust management deep links from consumer domains must:
+1. Navigate to the Administration trust screen that is the canonical owner of the referenced entity.
+2. Preserve the entity identifier as a route parameter or query parameter.
+3. Return-navigation must allow the user to return to the originating domain context.
+
+| Consumer page | Link target | Preserved context |
+| --- | --- | --- |
+| Evidence proof chain node (issuer) | `/administration/trust-signing/issuers/:issuerId` | `issuerId` |
+| Evidence attestation detail (signing key) | `/administration/trust-signing/keys/:keyId` | `keyId` |
+| Security finding advisory (issuer trust) | `/administration/trust-signing/issuers/:issuerId` | `issuerId` |
+| Approval detail — trust confidence indicator | `/administration/trust-signing` (overview) | none required |
+| Security advisory source — signature status | `/administration/trust-signing/issuers` (filtered) | `sourceId` as query param |
+
+## Alias and deprecation behavior by route family
+
+| Legacy path | v2 canonical target | Action | Notes |
+| --- | --- | --- | --- |
+| `/admin/trust` | `/administration/trust-signing` | `redirect` | Sprint 007 |
+| `/admin/trust/keys` | `/administration/trust-signing/keys` | `redirect` | Sprint 007 |
+| `/admin/trust/issuers` | `/administration/trust-signing/issuers` | `redirect` | Sprint 007 |
+| `/admin/trust/certs` | `/administration/trust-signing/certificates` | `redirect` | Sprint 007 |
+| `/admin/trust/:page` | `/administration/trust-signing/:page` | `redirect` (catch-all) | Sprint 007 |
+| `/admin/issuers` | `/administration/trust-signing/issuers` | `redirect` | Sprint 007 |
+| `/settings/trust` | `/administration/trust-signing` | `redirect` | Sprint 007 |
+| `/settings/trust/:page` | `/administration/trust-signing/:page` | `redirect` (catch-all) | Sprint 007 |
+| `/evidence/trust` | `/administration/trust-signing` | `redirect` | Sprint 015 (if exists) |
+
+Alias window: trust route aliases are removed at sprint 016 cutover.
+Legacy `/admin/trust/*` and `/settings/trust/*` paths must not remain as primary navigation targets after sprint 007.
+
+## Auth scope implications
+
+| Action | Required scope | Notes |
+| --- | --- | --- |
+| View trust overview and key list | `trust:read` | Read-only access; auditors and security reviewers |
+| View issuer list and trust scoring | `trust:read` | Read access |
+| Create or update key, rotate key | `trust:write` | Restricted to trust admins |
+| Revoke key or certificate | `trust:admin` | Highest privilege; requires explicit MFA re-auth recommendation |
+| Register issuer | `trust:write` | |
+| Configure transparency log | `trust:admin` | |
+| View trust state in consumer domains (Evidence, Security) | No additional scope; inherited from existing page access | Consumer pages do not require trust scope to display trust indicators |
+
+Trust scope constants are now implemented in Authority (`StellaOpsScopes.TrustRead`, `StellaOpsScopes.TrustWrite`, `StellaOpsScopes.TrustAdmin`) and mapped in Platform policy wiring.
+`/api/v1/administration/trust-signing` now enforces `platform.trust.read` (`trust:read`) and contract row `S00-T05-ADM-01` remains `EXISTS_COMPAT`.
+
+Trust-owner backend mutation routes are now implemented under Platform Administration A6:
+- `POST /api/v1/administration/trust-signing/keys` (`platform.trust.write`)
+- `POST /api/v1/administration/trust-signing/keys/{keyId}/rotate` (`platform.trust.write`)
+- `POST /api/v1/administration/trust-signing/keys/{keyId}/revoke` (`platform.trust.admin`)
+- `POST /api/v1/administration/trust-signing/issuers` (`platform.trust.write`)
+- `POST /api/v1/administration/trust-signing/certificates` (`platform.trust.write`)
+- `POST /api/v1/administration/trust-signing/certificates/{certificateId}/revoke` (`platform.trust.admin`)
+- `PUT /api/v1/administration/trust-signing/transparency-log` (`platform.trust.admin`)
+
+## Non-allowed regressions
+
+- Evidence & Audit may not host a `Trust Management` section or own a trust key/issuer editing surface.
+- Security & Risk may not host issuer or key management; only trust confidence indicators are allowed.
+- Legacy route paths (`/admin/trust/*`, `/settings/trust/*`) may not be kept as primary authoritative routes after sprint 007; they must redirect.
+- Breadcrumbs on all trust pages must show `Administration > Trust & Signing > ...`, never `Evidence > Trust` or `Security > Trust`.
--- a/docs/modules/ui/v2-rewire/S16_release_readiness_package.md
+++ b/docs/modules/ui/v2-rewire/S16_release_readiness_package.md
@@ -0,0 +1,189 @@
+# UI V2 Rewire - Release Readiness Package
+
+**Sprint:** `SPRINT_20260219_007_FE_ui_v2_shell_qa_and_readiness_reverification`
+**Date:** 2026-02-19
+**Owner:** Project Manager, QA lead
+**Status:** PASS (frontend shell structure + backend contract dependency closure + UI endpoint binding)
+
+---
+
+## 1. Scope Reverification Summary
+
+Frontend shell restructuring is implemented for the canonical seven domains and verified against reopened sprint requirements:
+
+- Dashboard
+- Release Control
+- Security and Risk
+- Evidence and Audit
+- Integrations
+- Platform Ops
+- Administration
+
+Implemented shell evidence (non-exhaustive):
+
+- `src/Web/StellaOps.Web/src/app/app.routes.ts`
+- `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts`
+- `src/Web/StellaOps.Web/src/app/routes/release-control.routes.ts`
+- `src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts`
+- `src/Web/StellaOps.Web/src/app/routes/evidence-audit.routes.ts`
+- `src/Web/StellaOps.Web/src/app/routes/platform-ops.routes.ts`
+- `src/Web/StellaOps.Web/src/app/routes/administration.routes.ts`
+
+API binding evidence for previously blocked contract rows:
+
+- `src/Web/StellaOps.Web/src/app/features/bundles/bundle-organizer.api.ts`
+- `src/Web/StellaOps.Web/src/app/features/bundles/bundle-catalog.component.ts`
+- `src/Web/StellaOps.Web/src/app/features/bundles/bundle-detail.component.ts`
+- `src/Web/StellaOps.Web/src/app/features/bundles/bundle-builder.component.ts`
+- `src/Web/StellaOps.Web/src/app/features/bundles/bundle-version-detail.component.ts`
+- `src/Web/StellaOps.Web/src/app/features/security-risk/advisory-sources.api.ts`
+- `src/Web/StellaOps.Web/src/app/features/security-risk/advisory-sources.component.ts`
+
+---
+
+## 2. QA Evidence (Strict Suites)
+
+### 2.1 Unit and Structural Route Coverage
+
+Command:
+
+```bash
+npm run test -- --watch=false --include src/tests/navigation/nav-route-integrity.spec.ts --include src/tests/navigation/nav-model.spec.ts --include src/tests/navigation/legacy-redirects.spec.ts --include src/tests/release-control/release-control-routes.spec.ts --include src/tests/release-control/release-control-setup.component.spec.ts --include src/tests/release-control/release-control-structure.component.spec.ts --include src/tests/security-risk/security-risk-routes.spec.ts --include src/tests/security-risk/advisory-sources.component.spec.ts --include src/tests/evidence-audit/evidence-audit-routes.spec.ts --include src/tests/evidence-audit/evidence-audit-overview.component.spec.ts --include src/tests/platform-ops/platform-ops-routes.spec.ts --include src/tests/administration/administration-routes.spec.ts
+```
+
+Result:
+
+- 12 files passed
+- 167 tests passed
+- 0 failed
+
+### 2.2 E2E Shell Reverification
+
+Command:
+
+```bash
+npx playwright test tests/e2e/nav-shell.spec.ts tests/e2e/critical-path.spec.ts tests/e2e/ia-v2-a11y-regression.spec.ts --workers=1
+```
+
+Result:
+
+- 33 tests passed
+- 0 failed
+
+Suites covered:
+
+- canonical nav shell and redirect behavior
+- cross-domain critical flows
+- IA v2 accessibility/regression checks
+
+---
+
+## 3. Contract Ledger Reconciliation (QA7-04 + BE8-06)
+
+Source ledger: `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
+
+Previously blocked backend dependency rows are now implemented and reconciled:
+
+1. `S00-T05-RC-01` (Bundle catalog/detail/builder endpoint family)
+- Reclassified from `MISSING_NEW` -> `EXISTS_COMPAT`.
+- Implemented route family:
+  - `GET /api/v1/release-control/bundles`
+  - `GET /api/v1/release-control/bundles/{bundleId}`
+  - `GET /api/v1/release-control/bundles/{bundleId}/versions`
+  - `GET /api/v1/release-control/bundles/{bundleId}/versions/{versionId}`
+  - `POST /api/v1/release-control/bundles`
+  - `POST /api/v1/release-control/bundles/{bundleId}/versions`
+  - `POST /api/v1/release-control/bundles/{bundleId}/versions/{versionId}/materialize`
+- Persistence implemented by migration:
+  - `src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/045_ReleaseControlBundleLifecycle.sql`
+
+2. `S00-T05-SEC-02` (Advisory Sources aggregate endpoint family)
+- Reclassified from `MISSING_NEW` -> `EXISTS_COMPAT`.
+- Implemented Concelier freshness routes:
+  - `GET /api/v1/advisory-sources`
+  - `GET /api/v1/advisory-sources/summary`
+  - `GET /api/v1/advisory-sources/{id}/freshness`
+- Implemented Policy impact/conflict routes:
+  - `GET /api/v1/advisory-sources/{id}/impact`
+  - `GET /api/v1/advisory-sources/{id}/conflicts`
+- Persistence implemented by migrations:
+  - `src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Migrations/004_add_advisory_source_freshness_projection.sql`
+  - `src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Migrations/005_add_advisory_source_signature_projection.sql`
+  - `src/Policy/__Libraries/StellaOps.Policy.Persistence/Migrations/005_advisory_source_projection.sql`
+- Advisory detail diagnostics now include backend contract fields for total/signed/unsigned/signature-failure counts.
+
+Reconciled truth:
+
+- Frontend shell conformance: PASS.
+- Backend dependency closure for UI shell contracts (`S00-T05-RC-01`, `S00-T05-SEC-02`): PASS.
+- Frontend endpoint-consumption closure for `S00-T05-RC-01` and `S00-T05-SEC-02`: PASS.
+
+---
+
+## 4. Decision
+
+### Readiness outcome
+
+- Frontend shell gate (sprints 002-006 scope): **PASS**.
+- Backend dependency gate for full pack closure (`S00-T05-RC-01`, `S00-T05-SEC-02`): **PASS**.
+
+### Verification evidence (backend dependency closure)
+
+- `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj -v minimal` -> Passed 115/115 (MTP full project run)
+- `dotnet test src/Policy/__Tests/StellaOps.Policy.Gateway.Tests/StellaOps.Policy.Gateway.Tests.csproj -v minimal` -> Passed 131/131 (MTP full project run)
+- `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/bin/Debug/net10.0/StellaOps.Platform.WebService.Tests.exe -class "StellaOps.Platform.WebService.Tests.ReleaseControlEndpointsTests"` -> Passed 3/3
+- `src/Policy/__Tests/StellaOps.Policy.Gateway.Tests/bin/Debug/net10.0/StellaOps.Policy.Gateway.Tests.exe -class "StellaOps.Policy.Gateway.Tests.AdvisorySourceEndpointsTests"` -> Passed 5/5
+- `src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/bin/Debug/net10.0/StellaOps.Concelier.WebService.Tests.exe -class "StellaOps.Concelier.WebService.Tests.AdvisorySourceEndpointsTests"` -> Passed 5/5
+- Note: `dotnet test --filter` remains non-deterministic in this repo under Microsoft Testing Platform (`MTP0001`), so targeted class evidence uses xUnit in-proc runner executables.
+- `npm run test -- --watch=false --include src/tests/release-control/release-control-structure.component.spec.ts --include src/tests/security-risk/advisory-sources.component.spec.ts` -> Passed 11/11
+- `npm run build` -> Passed (with existing bundle-size/commonjs warnings unrelated to these endpoint bindings)
+
+---
+
+## 5. Sprint Archival Decision
+
+Backend dependency blockers tracked by this package are cleared.
+
+Archival for reopened UI sprints can proceed once sprint owners confirm remaining non-endpoint risks (if any) are closed and statuses are updated in their sprint trackers.
+
+- backend contract blockers are implemented (completed here),
+- ledger reconciliation remains current with implementation state,
+- sprint trackers carry explicit QA/closure evidence.
+
+---
+
+## 6. Addendum - Promotions Contract Binding (Sprint 015)
+
+Follow-on sprint `SPRINT_20260219_015_FE_ui_v2_shell_release_control_promotions_pack13_contract_binding` completed pack-13 promotions contract binding work that remained after structural closure.
+
+Implemented frontend evidence:
+
+- `src/Web/StellaOps.Web/src/app/features/promotions/promotions-list.component.ts`
+- `src/Web/StellaOps.Web/src/app/features/promotions/promotion-detail.component.ts`
+- `src/Web/StellaOps.Web/src/app/features/promotions/create-promotion.component.ts`
+- `src/Web/StellaOps.Web/src/tests/release-control/release-control-structure.component.spec.ts`
+
+Validation evidence:
+
+- `npm run test -- --watch=false --include src/tests/release-control/release-control-structure.component.spec.ts --include src/tests/release-control/release-control-routes.spec.ts` -> Passed 33/33.
+- `npm run build` -> Passed (existing bundle-size/commonjs warnings unchanged).
+
+Ledger impact:
+
+- `S00-T05-RC-02` and `S00-T05-ADM-01` are now `EXISTS_COMPAT` after backend contract enrichment in sprint `20260219_016` (release-control derived-signal contracts + administration A0-A7 adapter routes).
+- Trust-owner mutation routes (`/api/v1/administration/trust-signing/{keys,issuers,certificates,transparency-log}`) are now shipped with `platform.trust.write` / `platform.trust.admin` mapping and DB backing via `046_TrustSigningAdministration.sql`.
+
+---
+
+## 7. Post-Readiness Verification and Archival Update
+
+Additional verification was executed after reading all `docs/modules/ui/v2-rewire/pack-01.md` through `pack-21.md` to account for higher-pack overrides.
+
+Updated Playwright evidence:
+
+- `npx playwright test tests/e2e/nav-shell.spec.ts tests/e2e/critical-path.spec.ts tests/e2e/ia-v2-a11y-regression.spec.ts --workers=1` -> Passed 33/33.
+- Deterministic advisory-source API fixtures were added to `tests/e2e/critical-path.spec.ts` so ownership-split assertions are validated against stable data.
+
+Archival update:
+
+- Completed sprint files were moved from `docs/implplan/` to `docs-archived/implplan/`.