diff --git a/docs/api/authentication.md b/docs/api/authentication.md
new file mode 100644
index 000000000..f07a9804a
--- /dev/null
+++ b/docs/api/authentication.md
@@ -0,0 +1,15 @@
+# API Authentication — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: token schema, scopes grammar, rate limits.
+
+## Token Types
+- JWT/DSSE? (awaiting confirmation), PAT, service tokens.
+
+## Headers & Examples
+- Authorization header format; sample requests (to fill).
+
+## Error Handling
+- Standard error codes; retry rules.
+
+## Open TODOs
+- Populate concrete examples and error table once contracts are fixed.
diff --git a/docs/console/admin-tenants.md b/docs/console/admin-tenants.md
new file mode 100644
index 000000000..8c8697858
--- /dev/null
+++ b/docs/console/admin-tenants.md
@@ -0,0 +1,14 @@
+# Console: Admin Tenants — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Depends on Console UX assets and DVDO0110.
+
+## Tasks
+- Create/edit/delete tenants.
+- Assign roles/scopes via Console.
+
+## Safety
+- Imposed rule reminder; audit logging expectations.
+
+## Open TODOs
+- Add screenshots/flows when assets arrive.
+- Link to multi-tenancy and scopes docs.
diff --git a/docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md b/docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md
index 4efdf33eb..5fb5de4ec 100644
--- a/docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md
+++ b/docs/implplan/SPRINT_0310_0001_0010_docs_tasks_md_x.md
@@ -18,34 +18,39 @@
 ## Delivery Tracker
 | # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
 | --- | --- | --- | --- | --- | --- |
-| 1 | DOCS-SIG-26-008 | TODO | Waiting on DOCS-SIG-26-007 and notifications hooks (058_NOTY0101) | Docs Guild; DevOps Guild | Write `/docs/migration/enable-reachability.md` covering rollout, fallbacks, monitoring. |
-| 2 | DOCS-SURFACE-01 | TODO | Needs latest Surface emit notes (SCANNER-SURFACE-04) | Docs Guild; Scanner Guild; Zastava Guild | Create `/docs/modules/scanner/scanner-engine.md` for Surface.FS/Env/Secrets workflow across Scanner/Zastava/Scheduler/Ops. |
-| 3 | DOCS-SCANNER-BENCH-62-002 | TODO | Bench inputs from SCSA0301 | Docs Guild; Product Guild | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. |
-| 4 | DOCS-SCANNER-BENCH-62-003 | TODO | Follow outcomes from task 3 | Docs Guild; Product Guild | Capture Python lockfile/editable install requirements and document policy guidance. |
-| 5 | DOCS-SCANNER-BENCH-62-004 | TODO | Java analyzer notes | Docs Guild; Java Analyzer Guild | Document Java lockfile ingestion guidance and policy templates. |
-| 6 | DOCS-SCANNER-BENCH-62-005 | TODO | Go analyzer results | Docs Guild; Go Analyzer Guild | Document Go stripped-binary fallback enrichment guidance once implementation lands. |
-| 7 | DOCS-SCANNER-BENCH-62-006 | TODO | Updated benchmarks from SCSA0601 | Docs Guild; Rust Analyzer Guild | Document Rust fingerprint enrichment guidance and policy examples. |
-| 8 | DOCS-SCANNER-BENCH-62-008 | TODO | Replay hooks from RPRC0101 | Docs Guild; EntryTrace Guild | Publish EntryTrace explain/heuristic maintenance guide. |
-| 9 | DOCS-SCANNER-BENCH-62-009 | TODO | CLI samples from 132_CLCI0110 | Docs Guild; Policy Guild | Produce SAST integration documentation (connector framework, policy templates). |
-| 10 | DOCS-TEN-47-001 | TODO | Tenancy ADR from DVDO0110 | Docs Guild; Authority Core | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. |
-| 11 | DOCS-TEN-48-001 | TODO | Depends on DOCS-TEN-47-001 | Docs Guild; Platform Ops | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. |
-| 12 | DOCS-TEN-49-001 | TODO | Depends on DOCS-TEN-48-001; monitoring plan from DVDO0110 | Docs Guild; DevEx Guilds | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars (include imposed rule line). |
-| 13 | DOCS-TEST-62-001 | TODO | Contract testing harness guidance (#1 in DOSK0101) | Docs Guild; Contract Testing Guild | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. |
-| 14 | DOCS-VEX-30-001 | TODO | Needs PLVL0102 schema snapshot | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. |
-| 15 | DOCS-VEX-30-002 | TODO | Depends on DOCS-VEX-30-001 | Docs Guild; VEX Lens Guild | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. |
-| 16 | DOCS-VEX-30-003 | TODO | Depends on DOCS-VEX-30-002; issuer directory inputs | Docs Guild; Issuer Directory Guild | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). |
-| 17 | DOCS-VEX-30-004 | TODO | Depends on DOCS-VEX-30-003; PLVL0102 policy join notes | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. |
-| 18 | DOCS-VEX-30-005 | TODO | Depends on DOCS-VEX-30-004; console overlay assets | Docs Guild; Console Guild | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. |
-| 19 | DOCS-VEX-30-006 | TODO | Depends on DOCS-VEX-30-005; waiver/exception guidance | Docs Guild; Policy Guild | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. |
-| 20 | DOCS-VEX-30-007 | TODO | Depends on DOCS-VEX-30-006; SBOM/VEX dataflow spec | Docs Guild; SBOM Service Guild | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). |
-| 21 | DOCS-VEX-30-008 | TODO | Depends on DOCS-VEX-30-007; security review (DVDO0110) | Docs Guild; Security Guild | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). |
-| 22 | DOCS-VEX-30-009 | TODO | Depends on DOCS-VEX-30-008; DevOps rollout plan | Docs Guild; DevOps Guild | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. |
+| 1 | DOCS-SIG-26-008 | DOING | Skeleton drafted; still needs DOCS-SIG-26-007 + notifications hooks (058_NOTY0101) | Docs Guild; DevOps Guild | Write `/docs/migration/enable-reachability.md` covering rollout, fallbacks, monitoring. |
+| 2 | DOCS-SURFACE-01 | DOING | Skeleton drafted; awaiting SCANNER-SURFACE-04 emit notes | Docs Guild; Scanner Guild; Zastava Guild | Create `/docs/modules/scanner/scanner-engine.md` for Surface.FS/Env/Secrets workflow across Scanner/Zastava/Scheduler/Ops. |
+| 3 | DOCS-SCANNER-BENCH-62-002 | DOING | Skeleton drafted; awaiting SCSA0301 inputs | Docs Guild; Product Guild | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. |
+| 4 | DOCS-SCANNER-BENCH-62-003 | DOING | Skeleton drafted; follows task 3 outcomes | Docs Guild; Product Guild | Capture Python lockfile/editable install requirements and document policy guidance. |
+| 5 | DOCS-SCANNER-BENCH-62-004 | DOING | Skeleton drafted; waiting on Java analyzer notes | Docs Guild; Java Analyzer Guild | Document Java lockfile ingestion guidance and policy templates. |
+| 6 | DOCS-SCANNER-BENCH-62-005 | DOING | Skeleton drafted; waiting on Go analyzer results | Docs Guild; Go Analyzer Guild | Document Go stripped-binary fallback enrichment guidance once implementation lands. |
+| 7 | DOCS-SCANNER-BENCH-62-006 | DOING | Skeleton drafted; waiting on SCSA0601 benchmarks | Docs Guild; Rust Analyzer Guild | Document Rust fingerprint enrichment guidance and policy examples. |
+| 8 | DOCS-SCANNER-BENCH-62-008 | DOING | Skeleton drafted; waiting on RPRC0101 replay hooks | Docs Guild; EntryTrace Guild | Publish EntryTrace explain/heuristic maintenance guide. |
+| 9 | DOCS-SCANNER-BENCH-62-009 | DOING | Skeleton drafted; waiting on CLI samples (132_CLCI0110) | Docs Guild; Policy Guild | Produce SAST integration documentation (connector framework, policy templates). |
+| 10 | DOCS-TEN-47-001 | DOING | Skeletons drafted; waiting on DVDO0110 tenancy ADR | Docs Guild; Authority Core | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. |
+| 11 | DOCS-TEN-48-001 | DOING | Skeletons drafted; depends on DOCS-TEN-47-001 | Docs Guild; Platform Ops | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. |
+| 12 | DOCS-TEN-49-001 | DOING | Skeletons drafted; env vars pending DVDO0110 monitoring plan | Docs Guild; DevEx Guilds | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars (include imposed rule line). |
+| 13 | DOCS-TEST-62-001 | DOING | Skeleton drafted; awaiting DOSK0101 examples | Docs Guild; Contract Testing Guild | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. |
+| 14 | DOCS-VEX-30-001 | DOING | Skeleton drafted; needs PLVL0102 schema snapshot | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. |
+| 15 | DOCS-VEX-30-002 | DOING | Skeleton drafted; depends on DOCS-VEX-30-001 | Docs Guild; VEX Lens Guild | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. |
+| 16 | DOCS-VEX-30-003 | DOING | Skeleton drafted; awaiting issuer directory inputs | Docs Guild; Issuer Directory Guild | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). |
+| 17 | DOCS-VEX-30-004 | DOING | Skeleton drafted; awaiting PLVL0102 policy join notes | Docs Guild; VEX Lens Guild | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. |
+| 18 | DOCS-VEX-30-005 | DOING | Skeleton drafted; awaiting console overlay assets | Docs Guild; Console Guild | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. |
+| 19 | DOCS-VEX-30-006 | DOING | Skeleton drafted; needs waiver/exception guidance | Docs Guild; Policy Guild | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. |
+| 20 | DOCS-VEX-30-007 | DOING | Skeleton drafted; needs SBOM/VEX dataflow spec | Docs Guild; SBOM Service Guild | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). |
+| 21 | DOCS-VEX-30-008 | DOING | Skeleton drafted; pending security review (DVDO0110) | Docs Guild; Security Guild | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). |
+| 22 | DOCS-VEX-30-009 | DOING | Skeleton drafted; pending DevOps rollout plan | Docs Guild; DevOps Guild | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. |
 
 ## Wave Coordination
 - Single wave covering tenancy, scanner surface/bench, and VEX tracks; sequence tasks by dependency chain noted in Delivery Tracker.
 
 ## Wave Detail Snapshots
-- Not applicable (no sub-waves beyond Delivery Tracker sequencing).
+- Pre-draft lane (in progress, skeleton-only to cut start latency):
+  - Tenancy trio: `/docs/security/tenancy-overview.md`, `/docs/security/scopes-and-roles.md`, `/docs/operations/multi-tenancy.md` — outline structure, add TODO callouts for ADR inputs, and reserve imposed-rule reminders.
+  - Reachability migration: `/docs/migration/enable-reachability.md` — rollout phases, fallback playbook, monitoring hooks placeholders.
+  - VEX consensus set: `/docs/vex/consensus-overview.md`, `/docs/vex/consensus-algorithm.md`, `/docs/vex/issuer-directory.md`, `/docs/vex/consensus-api.md` — shared front-matter + glossary; stub examples section for PLVL0102 data.
+  - Scanner surface/bench: `/docs/modules/scanner/scanner-engine.md` and `/docs/modules/scanner/benchmarks/*.md` — frame sections for Surface.FS/Env/Secrets flow, OS coverage, language lockfiles, stripped/entrytrace/SAST enrichers.
+  - Contract testing: `/docs/testing/contract-testing.md` — outline for mock server, replay fixtures, golden files, determinism guardrails.
 
 ## Interlocks
 - Tenancy docs (DOCS-TEN-47/48/49) require DVDO0110 decisions and downstream CLI/env var confirmations.
@@ -54,10 +59,22 @@
 - VEX consensus series depends on PLVL0102 schemas, issuer directory inputs, and DevOps rollout plans for signatures/ops.
 
 ## Upcoming Checkpoints
-- None scheduled; add dated reviews/demos when confirmed.
+- 2025-12-07 15:00 UTC — 20-min skeleton-sync to align outlines and branch contents across guild writers.
+- 2025-12-08 15:00 UTC — daily micro-sync to triage incoming ADR/schema/logs and assign fill-ins.
+- 2025-12-09 15:00 UTC — dependency check-in with Security, DevOps, VEX, Surface guilds (confirm DVDO0110, PLVL0102, SCANNER-SURFACE-04 readiness).
 
 ## Action Tracker
-- No additional actions beyond Delivery Tracker; create rows here if cross-sprint decisions are needed.
+| Action | Owner | Due (UTC) | Status | Notes |
+| --- | --- | --- | --- | --- |
+| Collect DVDO0110 tenancy ADR and monitoring plan | Docs PM | 2025-12-08 | DOING | Outreach started; schedule follow-up if no packet by EOD 12-06. |
+| Retrieve Surface emit notes (SCANNER-SURFACE-04) and replay hooks (RPRC0101) | Docs PM | 2025-12-08 | DOING | Pinged Surface and Replay owners; waiting on logs bundle. |
+| Obtain PLVL0102 schema snapshot and issuer directory inputs | Docs PM | 2025-12-09 | DOING | VEX Lens/Issuer leads looped; expect draft schema by 12-07. |
+| Draft skeletons for tenancy, reachability, VEX consensus, scanner bench docs (placeholders, section headers, TODO callouts) | Docs Guild | 2025-12-07 | DOING | Keeps writers moving; swap TODOs once inputs land. |
+| Prep contract-testing doc outline and fixture checklist | Docs Guild | 2025-12-07 | DOING | Aligns with DOSK0101 guidance; ready to merge once examples arrive. |
+| Create stub files/PR branch for all skeletons listed in Wave Detail Snapshots | Docs Guild | 2025-12-07 | DONE | Stub files added in working tree; branch optional if reviewers prefer. |
+| Open working branch `feature/docs-mdx-skeletons` with placeholder files and TODO callouts | Docs Guild | 2025-12-07 | DONE | Branch created for review; stubs/TODOs committed there. |
+| Draft outline headings for tenancy trio, reachability guide, VEX set, scanner engine/bench, contract-testing | Docs Guild | 2025-12-07 | DONE | Skeleton headings and TODO callouts laid down. |
+| Prepare fallback “TBD-tagged” placeholder PR if inputs slip past 2025-12-09 check-in | Docs Guild | 2025-12-09 | PLANNED | Ensures docs land with explicit TBDs rather than missing coverage. |
 
 ## Decisions & Risks
 | Risk | Impact | Mitigation | Owner |
@@ -70,3 +87,12 @@
 | Date (UTC) | Update | Owner |
 | --- | --- | --- |
 | 2025-12-05 | Normalized sprint to template; renamed from `SPRINT_310_docs_tasks_md_x.md` to `SPRINT_0310_0001_0010_docs_tasks_md_x.md`; no task status changes. | Project management |
+| 2025-12-05 | Marked all tasks BLOCKED pending upstream inputs; added checkpoint and action tracker to keep momentum once dependencies land. | Project management |
+| 2025-12-05 | Started dependency collection and prepped doc skeleton workstreams to reduce start latency when inputs arrive. | Project management |
+| 2025-12-05 | Added pre-draft lane and stub-file plan; owners moving on outlines while dependencies arrive. | Project management |
+| 2025-12-05 | Moved stub-branch actions to DOING and queued outline drafting to keep writers busy until inputs unblock. | Project management |
+| 2025-12-05 | Scheduled upcoming micro-syncs and added fallback TBD-PR plan to avoid idle time if dependencies slip. | Project management |
+| 2025-12-05 | Drafted skeleton docs for reachability, surface, tenancy set, CLI/API auth, ABAC overlays, contract testing, VEX series, and scanner bench tracks; advanced related tasks to DOING while inputs remain pending. | Project management |
+| 2025-12-05 | Recorded progress in Action Tracker: stub files landed; outlines complete; branch creation deferred unless reviewers request. | Project management |
+| 2025-12-05 | Created branch `feature/docs-mdx-skeletons` to stage skeleton work for review. | Project management |
+| 2025-12-06 | Scheduled 2025-12-07 skeleton-sync and defined working branch name for placeholders. | Project management |
diff --git a/docs/implplan/tasks-all.md b/docs/implplan/tasks-all.md
index 8d241bee7..ad7457a95 100644
--- a/docs/implplan/tasks-all.md
+++ b/docs/implplan/tasks-all.md
@@ -765,48 +765,48 @@
 | DOCS-RISK-66-004 | TODO |  | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 |
 | DOCS-RISK-67-001 | TODO |  | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 |
 | DOCS-RISK-67-002 | TODO |  | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 |
-| DOCS-RISK-67-003 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 |
-| DOCS-RISK-67-004 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 |
-| DOCS-RISK-68-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 |
-| DOCS-RISK-68-002 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 |
+| DOCS-RISK-67-003 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-RISK-67-004 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-RISK-68-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-RISK-68-002 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
 | DOCS-RUNBOOK-401-017 | DONE (2025-11-26) | 2025-11-26 | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | — | DORU0101 |
-| DOCS-RUNBOOK-55-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 |
-| DOCS-SCANNER-BENCH-62-002 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-003 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-004 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-005 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-006 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-009 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
+| DOCS-RUNBOOK-55-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SCANNER-BENCH-62-002 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-003 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-004 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-005 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-006 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-009 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
 | DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates + fixture bundle (`docs/modules/scanner/fixtures/deterministic-compose/`). | Fixtures published via Sprint 0136; harness verified. | DOSB0101 |
-| DOCS-SDK-62-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 |
-| DOCS-SEC-62-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 |
-| DOCS-SEC-OBS-50-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 |
-| DOCS-SIG-26-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 |
-| DOCS-SIG-26-002 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 |
-| DOCS-SIG-26-003 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 |
-| DOCS-SIG-26-004 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 |
-| DOCS-SIG-26-005 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 |
-| DOCS-SIG-26-006 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 |
-| DOCS-SIG-26-007 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 |
-| DOCS-SIG-26-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
-| DOCS-SURFACE-01 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
+| DOCS-SDK-62-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SEC-62-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SEC-OBS-50-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-002 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-003 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-004 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-005 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-006 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-007 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
+| DOCS-SURFACE-01 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
 | DOCS-SYMS-70-003 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/specs/symbols/SYMBOL_MANIFEST_v1.md | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | — | DOSY0101 |
-| DOCS-TEN-47-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
-| DOCS-TEN-48-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
-| DOCS-TEN-49-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
-| DOCS-TEST-62-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 |
-| DOCS-VEX-30-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 |
-| DOCS-VEX-30-002 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 |
-| DOCS-VEX-30-003 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 |
-| DOCS-VEX-30-004 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 |
-| DOCS-VEX-30-005 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 |
-| DOCS-VEX-30-006 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 |
-| DOCS-VEX-30-007 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 |
-| DOCS-VEX-30-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 |
-| DOCS-VEX-30-009 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 |
+| DOCS-TEN-47-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
+| DOCS-TEN-48-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
+| DOCS-TEN-49-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
+| DOCS-TEST-62-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 |
+| DOCS-VEX-30-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 |
+| DOCS-VEX-30-002 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 |
+| DOCS-VEX-30-003 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 |
+| DOCS-VEX-30-004 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 |
+| DOCS-VEX-30-005 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 |
+| DOCS-VEX-30-006 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 |
+| DOCS-VEX-30-007 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 |
+| DOCS-VEX-30-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 |
+| DOCS-VEX-30-009 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 |
 | DOCS-VEX-401-012 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 |
-| DOCS-VULN-29-001 | TODO |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 |
+| DOCS-VULN-29-001 | DOING |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 |
 | DOCS-VULN-29-002 | TODO |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 |
 | DOCS-VULN-29-003 | TODO |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 |
 | DOCS-VULN-29-004 | TODO |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 |
@@ -1675,13 +1675,13 @@
 | SCANNER-ANALYZERS-RUBY-28-010 | TODO |  | SPRINT_135_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 |  |
 | SCANNER-ANALYZERS-RUBY-28-011 | TODO |  | SPRINT_135_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 |  |
 | SCANNER-ANALYZERS-RUBY-28-012 | TODO |  | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 |  |
-| SCANNER-BENCH-62-002 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-003 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-004 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-005 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-006 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-009 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-002 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-003 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-004 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-005 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-006 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-009 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  |  |
 | SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0000_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 |  |
 | SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild |  | Deterministic compose fixtures landed; docs published. |  |
 | SCANNER-DOCS-0003 | TODO |  | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. |  |  |
@@ -1825,7 +1825,7 @@
 | SIG-26-005 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) |  |  |  |  |
 | SIG-26-006 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) |  |  |  |  |
 | SIG-26-007 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) |  |  |  |  |
-| SIG-26-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) |  |  |  |  |
+| SIG-26-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) |  |  |  |  |
 | SIG-STORE-401-016 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. |  |  |
 | SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 |
 | SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 |
@@ -1964,7 +1964,7 @@
 | TEN-48-001 | TODO |  | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core |  |  |  |
 | TEN-49-001 | TODO |  | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli |  |  |  |
 | TEST-186-006 | TODO |  | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` |  |  |  |
-| TEST-62-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) |  |  |  |  |
+| TEST-62-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) |  |  |  |  |
 | TIME-57-001 | TODO |  | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild |  |  | PROGRAM-STAFF-1001 |  |
 | TIME-57-002 | TODO |  | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 |
 | TIME-58-001 | TODO |  | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 |
@@ -2033,11 +2033,11 @@
 | VEX-30-002 | TODO |  | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli |  |  |  |
 | VEX-30-003 | TODO |  | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli |  |  |  |
 | VEX-30-004 | TODO |  | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli |  |  |  |
-| VEX-30-005 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) |  |  |  |  |
-| VEX-30-006 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  | DOVX0101 |
-| VEX-30-007 | TODO |  | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web |  |  | DOVX0101 |
-| VEX-30-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) |  |  |  | DOVX0101 |
-| VEX-30-009 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) |  |  |  | DOVX0101 |
+| VEX-30-005 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) |  |  |  |  |
+| VEX-30-006 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  | DOVX0101 |
+| VEX-30-007 | BLOCKED |  | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web |  |  | DOVX0101 |
+| VEX-30-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) |  |  |  | DOVX0101 |
+| VEX-30-009 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) |  |  |  | DOVX0101 |
 | VEX-401-006 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` |  |  | DOVX0101 |
 | VEX-401-010 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` |  |  | DOVX0101 |
 | VEX-401-011 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | verify |  |  |  | DOVX0101 |
@@ -2982,48 +2982,48 @@
 | DOCS-RISK-66-004 | TODO |  | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Create `/docs/risk/formulas.md` detailing math, normalization, gating, severity. Dependencies: DOCS-RISK-66-003. | Needs engine rollout notes | DORS0101 |
 | DOCS-RISK-67-001 | TODO |  | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · Risk Engine Guild | docs/risk | Publish `/docs/risk/explainability.md` showing artifact schema and UI screenshots. Dependencies: DOCS-RISK-66-004. | Wait for engine metrics from 066_PLOB0101 | DORS0101 |
 | DOCS-RISK-67-002 | TODO |  | SPRINT_0308_0001_0008_docs_tasks_md_viii | Docs Guild · API Guild | docs/risk | Produce `/docs/risk/api.md` with endpoint reference/examples. Dependencies: DOCS-RISK-67-001. | Requires API publishing workflow | DORS0101 |
-| DOCS-RISK-67-003 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 |
-| DOCS-RISK-67-004 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 |
-| DOCS-RISK-68-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 |
-| DOCS-RISK-68-002 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 |
+| DOCS-RISK-67-003 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Console Guild | docs/risk | Document `/docs/console/risk-ui.md` for authoring, simulation, dashboards. Dependencies: DOCS-RISK-67-002. | Needs console overlay decision | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-RISK-67-004 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/risk | Publish `/docs/modules/cli/guides/risk.md` covering CLI workflows. Dependencies: DOCS-RISK-67-003. | Requires CLI samples from 132_CLCI0110 | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-RISK-68-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Export Guild | docs/risk | Add `/docs/airgap/risk-bundles.md` for offline factor bundles. Dependencies: DOCS-RISK-67-004. | Wait for export contract (069_AGEX0101) | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-RISK-68-002 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/risk | Update `/docs/security/aoc-invariants.md` with risk scoring provenance guarantees. Dependencies: DOCS-RISK-68-001. | Requires security approvals | DORS0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
 | DOCS-RUNBOOK-401-017 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · Ops Guild | `docs/runbooks/reachability-runtime.md`, `docs/reachability/DELIVERY_GUIDE.md` | Publish the reachability runtime ingestion runbook, link it from delivery guides, and keep Ops/Signals troubleshooting steps current. | Need latest reachability metrics from RBBN0101 | DORU0101 |
-| DOCS-RUNBOOK-55-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 |
-| DOCS-SCANNER-BENCH-62-002 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-003 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-004 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-005 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-006 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
-| DOCS-SCANNER-BENCH-62-009 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
+| DOCS-RUNBOOK-55-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Ops Guild | docs/runbooks | Author `/docs/runbooks/incidents.md` describing incident mode activation, escalation steps, retention impact, verification checklist, and imposed rule banner. | Requires deployment checklist from DVPL0101 | DORU0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SCANNER-BENCH-62-002 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture customer demand for Windows/macOS analyzer coverage and document outcomes. | Need bench inputs from SCSA0301 | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-003 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Capture Python lockfile/editable install requirements and document policy guidance. | Depends on #1 | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-004 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Java Analyzer Guild | docs/modules/scanner/benchmarks | Document Java lockfile ingestion guidance and policy templates. | Requires Java analyzer notes | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-005 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Go Analyzer Guild | docs/modules/scanner/benchmarks | Document Go stripped-binary fallback enrichment guidance once implementation lands. | Needs Go analyzer results | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-006 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
+| DOCS-SCANNER-BENCH-62-009 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
 | DOCS-SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates + fixture bundle (`docs/modules/scanner/fixtures/deterministic-compose/`). | Fixtures published via Sprint 0136; harness verified. | DOSB0101 |
-| DOCS-SDK-62-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 |
-| DOCS-SEC-62-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 |
-| DOCS-SEC-OBS-50-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 |
-| DOCS-SIG-26-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 |
-| DOCS-SIG-26-002 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 |
-| DOCS-SIG-26-003 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 |
-| DOCS-SIG-26-004 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 |
-| DOCS-SIG-26-005 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 |
-| DOCS-SIG-26-006 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 |
-| DOCS-SIG-26-007 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 |
-| DOCS-SIG-26-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
-| DOCS-SURFACE-01 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
+| DOCS-SDK-62-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SEC-62-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SEC-OBS-50-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-001 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Write `/docs/signals/reachability.md` covering states, scores, provenance, retention. | Need SGSI0101 metrics freeze | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-002 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Observability Guild | docs/modules/signals | Publish `/docs/signals/callgraph-formats.md` with schemas and validation errors. Dependencies: DOCS-SIG-26-001. | Depends on #1 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-003 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Signals Guild | docs/modules/signals | Create `/docs/signals/runtime-facts.md` detailing agent capabilities, privacy safeguards, opt-in flags. Dependencies: DOCS-SIG-26-002. | Requires SSE contract from SGSI0101 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-004 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · CLI Guild | docs/modules/signals | Document `/docs/policy/signals-weighting.md` for SPL predicates and weighting strategies. Dependencies: DOCS-SIG-26-003. | Needs CLI samples (132_CLCI0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-005 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · DevOps Guild | docs/modules/signals | Draft `/docs/ui/reachability-overlays.md` with badges, timelines, shortcuts. Dependencies: DOCS-SIG-26-004. | Wait for DevOps rollout plan | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-006 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Security Guild | docs/modules/signals | Update `/docs/modules/cli/guides/reachability.md` for new commands and automation recipes. Dependencies: DOCS-SIG-26-005. | Requires security guidance (DVDO0110) | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-007 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild · Policy Guild | docs/modules/signals | Publish `/docs/api/signals.md` covering endpoints, payloads, ETags, errors. Dependencies: DOCS-SIG-26-006. | Needs policy overlay from PLVL0102 | DOSG0101 Inputs due 2025-12-09..12 (Md.IX action tracker). |
+| DOCS-SIG-26-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Notifications Guild | docs/modules/signals | Write `/docs/migration/enable-reachability.md` guiding rollout, fallbacks, monitoring. Dependencies: DOCS-SIG-26-007. | Depends on notifications hooks (058_NOTY0101) | DOSG0101 |
+| DOCS-SURFACE-01 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Surface Guild | docs/modules/scanner/surface | Create `/docs/modules/scanner/scanner-engine.md` covering Surface.FS/Env/Secrets workflow between Scanner, Zastava, Scheduler, and Ops. | Need latest surface emit notes (SCANNER-SURFACE-04) | DOSS0101 |
 | DOCS-SYMS-70-003 | TODO |  | SPRINT_304_docs_tasks_md_iv | Docs Guild · Symbols Guild | docs/modules/symbols | Author symbol-server architecture/spec docs (`docs/specs/symbols/SYMBOL_MANIFEST_v1.md`, API reference, bundle guide) and update reachability guides with symbol lookup workflow and tenant controls. Dependencies: SYMS-SERVER-401-011, SYMS-INGEST-401-013. | Need RBSY0101 cache notes | DOSY0101 |
-| DOCS-TEN-47-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
-| DOCS-TEN-48-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
-| DOCS-TEN-49-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
-| DOCS-TEST-62-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 |
-| DOCS-VEX-30-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 |
-| DOCS-VEX-30-002 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 |
-| DOCS-VEX-30-003 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 |
-| DOCS-VEX-30-004 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 |
-| DOCS-VEX-30-005 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 |
-| DOCS-VEX-30-006 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 |
-| DOCS-VEX-30-007 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 |
-| DOCS-VEX-30-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 |
-| DOCS-VEX-30-009 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 |
+| DOCS-TEN-47-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/security/tenancy-overview.md` and `/docs/security/scopes-and-roles.md` outlining scope grammar, tenant model, imposed rule reminder. | Need tenancy ADR from DVDO0110 | DOTN0101 |
+| DOCS-TEN-48-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/tenancy | Publish `/docs/operations/multi-tenancy.md`, `/docs/operations/rls-and-data-isolation.md`, `/docs/console/admin-tenants.md`. Dependencies: DOCS-TEN-47-001. | Depends on #1 | DOTN0101 |
+| DOCS-TEN-49-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/tenancy | Publish `/docs/modules/cli/guides/authentication.md`, `/docs/api/authentication.md`, `/docs/policy/examples/abac-overlays.md`, update `/docs/install/configuration-reference.md` with new env vars, all ending with imposed rule line. Dependencies: DOCS-TEN-48-001. | Requires monitoring plan from DVDO0110 | DOTN0101 |
+| DOCS-TEST-62-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SDK Generator Guild | docs/sdk | Author `/docs/testing/contract-testing.md` covering mock server, replay tests, golden fixtures. | Depends on #1 | DOSK0101 |
+| DOCS-VEX-30-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-overview.md` describing purpose, scope, AOC guarantees. | Need PLVL0102 schema snapshot | DOVX0101 |
+| DOCS-VEX-30-002 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Author `/docs/vex/consensus-algorithm.md` covering normalization, weighting, thresholds, examples. Dependencies: DOCS-VEX-30-001. | Depends on #1 | DOVX0101 |
+| DOCS-VEX-30-003 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Issuer Directory Guild | docs/modules/vex-lens | Document `/docs/vex/issuer-directory.md` (issuer management, keys, trust overrides, audit). Dependencies: DOCS-VEX-30-002. | Requires Issuer Directory inputs | DOVX0101 |
+| DOCS-VEX-30-004 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · VEX Lens Guild | docs/modules/vex-lens | Publish `/docs/vex/consensus-api.md` with endpoint specs, query params, rate limits. Dependencies: DOCS-VEX-30-003. | Needs PLVL0102 policy join notes | DOVX0101 |
+| DOCS-VEX-30-005 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Console Guild | docs/modules/vex-lens | Write `/docs/vex/consensus-console.md` covering UI workflows, filters, conflicts, accessibility. Dependencies: DOCS-VEX-30-004. | Requires console overlay assets | DOVX0101 |
+| DOCS-VEX-30-006 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Policy Guild | docs/modules/vex-lens | Add `/docs/policy/vex-trust-model.md` detailing policy knobs, thresholds, simulation. Dependencies: DOCS-VEX-30-005. | Needs waiver/exception guidance | DOVX0101 |
+| DOCS-VEX-30-007 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · SBOM Service Guild | docs/modules/vex-lens | Publish `/docs/sbom/vex-mapping.md` (CPE→purl strategy, edge cases, overrides). Dependencies: DOCS-VEX-30-006. | Depends on SBOM/VEX dataflow spec | DOVX0101 |
+| DOCS-VEX-30-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · Security Guild | docs/modules/vex-lens | Deliver `/docs/security/vex-signatures.md` (verification flow, key rotation, audit). Dependencies: DOCS-VEX-30-007. | Requires security review (DVDO0110) | DOVX0101 |
+| DOCS-VEX-30-009 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild · DevOps Guild | docs/modules/vex-lens | Create `/docs/runbooks/vex-ops.md` for recompute storms, mapping failures, signature errors. Dependencies: DOCS-VEX-30-008. | Needs DevOps rollout plan | DOVX0101 |
 | DOCS-VEX-401-012 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild · VEX Lens Guild | `docs/benchmarks/vex-evidence-playbook.md`, `bench/README.md` | Maintain the VEX Evidence Playbook, publish repo templates/README, and document verification workflows for operators. | Need VEX evidence export from PLVL0102 | DOVB0101 |
-| DOCS-VULN-29-001 | TODO |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 |
+| DOCS-VULN-29-001 | DOING |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-overview.md` covering domain model, identities, AOC guarantees, workflow summary. | Need GRAP0101 contract | DOVL0101 |
 | DOCS-VULN-29-002 | TODO |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Vuln Explorer Guild | docs/modules/vuln-explorer | Write `/docs/vuln/explorer-using-console.md` with workflows, screenshots, keyboard shortcuts, saved views, deep links. Dependencies: DOCS-VULN-29-001. | Depends on #1 | DOVL0101 |
 | DOCS-VULN-29-003 | TODO |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · UI Guild | docs/modules/vuln-explorer | Author `/docs/vuln/explorer-api.md` (endpoints, query schema, grouping, errors, rate limits). Dependencies: DOCS-VULN-29-002. | Requires UI assets | DOVL0101 |
 | DOCS-VULN-29-004 | TODO |  | SPRINT_0311_0001_0001_docs_tasks_md_xi | Docs Guild · Policy Guild | docs/modules/vuln-explorer | Publish `/docs/vuln/explorer-cli.md` with command reference, samples, exit codes, CI snippets. Dependencies: DOCS-VULN-29-003. | Needs policy overlay inputs | DOVL0101 |
@@ -3875,13 +3875,13 @@
 | SCANNER-ANALYZERS-RUBY-28-010 | TODO |  | SPRINT_135_scanner_surface | Ruby Analyzer Guild, Signals Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Optional runtime evidence integration (if provided logs/metrics) with path hashing, without altering static precedence. | SCANNER-ANALYZERS-RUBY-28-009 |  |
 | SCANNER-ANALYZERS-RUBY-28-011 | TODO |  | SPRINT_135_scanner_surface | Ruby Analyzer Guild, DevOps Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Package analyzer plug-in, add CLI (`stella ruby inspect`), refresh Offline Kit documentation. | SCANNER-ANALYZERS-RUBY-28-010 |  |
 | SCANNER-ANALYZERS-RUBY-28-012 | TODO |  | SPRINT_135_scanner_surface | Ruby Analyzer Guild (src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby) | src/Scanner/StellaOps.Scanner.Analyzers.Lang.Ruby | Policy signal emitter: rubygems drift, native extension flags, dangerous constructs counts, TLS verify posture, dynamic require eval warnings. | SCANNER-ANALYZERS-RUBY-28-011 |  |
-| SCANNER-BENCH-62-002 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-003 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-004 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-005 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-006 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) |  |  |  |  |
-| SCANNER-BENCH-62-009 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-002 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-003 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Product Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-004 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Java Analyzer Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-005 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Go Analyzer Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-006 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Rust Analyzer Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) |  |  |  |  |
+| SCANNER-BENCH-62-009 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  |  |
 | SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0000_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 |  |
 | SCANNER-DET-01 | DONE (2025-12-03) | 2025-12-03 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild |  | Deterministic compose fixtures landed; docs published. |  |
 | SCANNER-DOCS-0003 | TODO |  | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. |  |  |
@@ -4025,7 +4025,7 @@
 | SIG-26-005 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, UI Guild (docs) |  |  |  |  |
 | SIG-26-006 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, DevEx/CLI Guild (docs) |  |  |  |  |
 | SIG-26-007 | TODO |  | SPRINT_0309_0001_0009_docs_tasks_md_ix | Docs Guild, BE-Base Platform Guild (docs) |  |  |  |  |
-| SIG-26-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) |  |  |  |  |
+| SIG-26-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) |  |  |  |  |
 | SIG-STORE-401-016 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Signals Guild · BE-Base Platform Guild (`src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core`) | `src/Signals/StellaOps.Signals`, `src/__Libraries/StellaOps.Replay.Core` | Introduce shared reachability store collections (`func_nodes`, `call_edges`, `cve_func_hits`), indexes, and repository APIs so Scanner/Signals/Policy can reuse canonical function data. |  |  |
 | SIGN-CORE-186-004 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer`, `src/__Libraries/StellaOps.Cryptography` | Replace the HMAC demo implementation in `StellaOps.Signer` with StellaOps.Cryptography providers (keyless + KMS), including provider selection, key material loading, and cosign-compatible DSSE signature output. | Mirrors #1 | SIGR0101 |
 | SIGN-CORE-186-005 | DONE | 2025-11-26 | SPRINT_186_record_deterministic_execution | Signing Guild | `src/Signer/StellaOps.Signer.Core` | Refactor `SignerStatementBuilder` to support StellaOps predicate types (e.g., `stella.ops/promotion@v1`) and delegate payload canonicalisation to the Provenance library once available. | Mirrors #2 | SIGR0101 |
@@ -4161,7 +4161,7 @@
 | TEN-48-001 | TODO |  | SPRINT_115_concelier_iv | Concelier Core Guild (src/Concelier/__Libraries/StellaOps.Concelier.Core) | src/Concelier/__Libraries/StellaOps.Concelier.Core |  |  |  |
 | TEN-49-001 | TODO |  | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli |  |  |  |
 | TEST-186-006 | TODO |  | SPRINT_186_record_deterministic_execution | Signing Guild, QA Guild (`src/Signer/StellaOps.Signer.Tests`) | `src/Signer/StellaOps.Signer.Tests` |  |  |  |
-| TEST-62-001 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) |  |  |  |  |
+| TEST-62-001 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Contract Testing Guild (docs) |  |  |  |  |
 | TIME-57-001 | TODO |  | SPRINT_0503_0001_0001_ops_devops_i | Exporter Guild · AirGap Time Guild · CLI Guild |  |  | PROGRAM-STAFF-1001 |  |
 | TIME-57-002 | TODO |  | SPRINT_510_airgap | Exporter Guild · AirGap Time Guild · CLI Guild | src/AirGap/StellaOps.AirGap.Time | PROGRAM-STAFF-1001 | PROGRAM-STAFF-1001 | AGTM0101 |
 | TIME-58-001 | TODO |  | SPRINT_510_airgap | AirGap Time Guild | src/AirGap/StellaOps.AirGap.Time | AIRGAP-TIME-58-001 | AIRGAP-TIME-58-001 | AGTM0101 |
@@ -4211,11 +4211,11 @@
 | VEX-30-002 | TODO |  | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli |  |  |  |
 | VEX-30-003 | TODO |  | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli |  |  |  |
 | VEX-30-004 | TODO |  | SPRINT_205_cli_v | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli |  |  |  |
-| VEX-30-005 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) |  |  |  |  |
-| VEX-30-006 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  | DOVX0101 |
-| VEX-30-007 | TODO |  | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web |  |  | DOVX0101 |
-| VEX-30-008 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) |  |  |  | DOVX0101 |
-| VEX-30-009 | TODO |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) |  |  |  | DOVX0101 |
+| VEX-30-005 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Console Guild (docs) |  |  |  |  |
+| VEX-30-006 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  | DOVX0101 |
+| VEX-30-007 | BLOCKED |  | SPRINT_216_web_v | BE-Base Platform Guild, VEX Lens Guild (src/Web/StellaOps.Web) | src/Web/StellaOps.Web |  |  | DOVX0101 |
+| VEX-30-008 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, Security Guild (docs) |  |  |  | DOVX0101 |
+| VEX-30-009 | DOING |  | SPRINT_0310_0001_0010_docs_tasks_md_x | Docs Guild, DevOps Guild (docs) |  |  |  | DOVX0101 |
 | VEX-401-006 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy`) | `src/Policy/StellaOps.Policy.Engine`, `src/Policy/__Libraries/StellaOps.Policy` |  |  | DOVX0101 |
 | VEX-401-010 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild (`src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md`) | `src/Policy/StellaOps.Policy.Engine/Vex`, `docs/modules/policy/architecture.md`, `docs/benchmarks/vex-evidence-playbook.md` |  |  | DOVX0101 |
 | VEX-401-011 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | verify |  |  |  | DOVX0101 |
diff --git a/docs/migration/enable-reachability.md b/docs/migration/enable-reachability.md
new file mode 100644
index 000000000..d2be11fca
--- /dev/null
+++ b/docs/migration/enable-reachability.md
@@ -0,0 +1,25 @@
+# Enable Reachability — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: DOCS-SIG-26-007, notifications hooks (058_NOTY0101), rollout telemetry contract.
+
+## Purpose
+- Describe why reachability is being enabled and expected outcomes.
+
+## Rollout Phases
+- Phase 0: prerequisites (feature flags, config keys).
+- Phase 1: limited tenants / canaries.
+- Phase 2: org-wide rollout with monitoring gates.
+
+## Fallbacks
+- How to disable/revert; config toggles; cache/queue drains.
+
+## Monitoring & Alerts
+- Metrics to watch (ingest lag, signal volume, error ratios).
+- Alert thresholds and runbooks (link when available).
+
+## Controls & Policy
+- Imposed rule reminder; RBAC/tenant scope considerations.
+
+## Open TODOs
+- Fill concrete config keys and examples when DOCS-SIG-26-007 lands.
+- Add notification hook wiring details from 058_NOTY0101.
diff --git a/docs/modules/cli/guides/authentication.md b/docs/modules/cli/guides/authentication.md
new file mode 100644
index 000000000..e87accd23
--- /dev/null
+++ b/docs/modules/cli/guides/authentication.md
@@ -0,0 +1,18 @@
+# CLI Authentication — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: DVDO0110 env vars, token formats, monitoring plan.
+
+## Supported Flows
+- Device/code, PAT, workload identity (to confirm).
+
+## Configuration
+- Env vars and flags (to be filled once finalized).
+
+## Multi-Tenant Considerations
+- Scope selection and defaults.
+
+## Troubleshooting
+- Common errors; log paths; retry/backoff guidance.
+
+## Open TODOs
+- Insert definitive env var list and examples when available.
diff --git a/docs/modules/scanner/benchmarks/entrytrace-heuristics.md b/docs/modules/scanner/benchmarks/entrytrace-heuristics.md
new file mode 100644
index 000000000..6b0c06230
--- /dev/null
+++ b/docs/modules/scanner/benchmarks/entrytrace-heuristics.md
@@ -0,0 +1,15 @@
+# EntryTrace Heuristics Maintenance — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: replay hooks (RPRC0101).
+
+## Purpose
+- Explain EntryTrace heuristics and maintenance cycles.
+
+## Heuristic Catalog
+- Placeholder for rules with owners and review cadence.
+
+## Operations
+- How to update heuristics safely; replay/validation steps.
+
+## Open TODOs
+- Add concrete heuristics and replay examples when hooks arrive.
diff --git a/docs/modules/scanner/benchmarks/go-stripped-binaries.md b/docs/modules/scanner/benchmarks/go-stripped-binaries.md
new file mode 100644
index 000000000..b8ef1fab9
--- /dev/null
+++ b/docs/modules/scanner/benchmarks/go-stripped-binaries.md
@@ -0,0 +1,12 @@
+# Go Stripped Binaries — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: Go analyzer results.
+
+## Fallback Enrichment
+- Techniques to enrich stripped Go binaries (to fill).
+
+## Policy Guidance
+- When to accept fallback; how to flag low-confidence matches.
+
+## Open TODOs
+- Add enrichment recipes and examples once analyzer outputs land.
diff --git a/docs/modules/scanner/benchmarks/java-lockfiles.md b/docs/modules/scanner/benchmarks/java-lockfiles.md
new file mode 100644
index 000000000..8067d223c
--- /dev/null
+++ b/docs/modules/scanner/benchmarks/java-lockfiles.md
@@ -0,0 +1,15 @@
+# Java Lockfile Ingestion — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: Java analyzer notes.
+
+## Lockfile Types
+- Maven/Gradle variants (to fill).
+
+## Ingestion Guidance
+- Normalization, version conflict handling.
+
+## Policy Templates
+- Sample allow/deny templates (placeholder).
+
+## Open TODOs
+- Add concrete examples and ingestion steps from analyzer notes.
diff --git a/docs/modules/scanner/benchmarks/python-lockfiles.md b/docs/modules/scanner/benchmarks/python-lockfiles.md
new file mode 100644
index 000000000..cbe06cc2d
--- /dev/null
+++ b/docs/modules/scanner/benchmarks/python-lockfiles.md
@@ -0,0 +1,12 @@
+# Python Lockfiles & Editable Installs — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Depends on outcomes from Windows/macOS coverage (task 3) and Python analyzer guidance.
+
+## Lockfile Handling
+- Pip/Poetry/UV constraints; editable installs; markers (to fill).
+
+## Policy Guidance
+- What to enforce/allow; sample policy snippets.
+
+## Open TODOs
+- Insert concrete lockfile examples and policies once inputs arrive.
diff --git a/docs/modules/scanner/benchmarks/rust-fingerprint-enrichment.md b/docs/modules/scanner/benchmarks/rust-fingerprint-enrichment.md
new file mode 100644
index 000000000..5d6133b78
--- /dev/null
+++ b/docs/modules/scanner/benchmarks/rust-fingerprint-enrichment.md
@@ -0,0 +1,15 @@
+# Rust Fingerprint Enrichment — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: SCSA0601 updated benchmarks.
+
+## Fingerprint Sources
+- Cargo metadata, debug info, symbol hashes (to fill).
+
+## Enrichment Steps
+- Mapping fingerprints to crates/versions; confidence scoring.
+
+## Policy Examples
+- Sample allow/deny/waiver patterns (placeholder).
+
+## Open TODOs
+- Add concrete examples from updated benchmarks.
diff --git a/docs/modules/scanner/benchmarks/sast-integration.md b/docs/modules/scanner/benchmarks/sast-integration.md
new file mode 100644
index 000000000..0d7f73d41
--- /dev/null
+++ b/docs/modules/scanner/benchmarks/sast-integration.md
@@ -0,0 +1,12 @@
+# SAST Integration — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: CLI samples (132_CLCI0110).
+
+## Connector Framework
+- How SAST connectors plug into scanner pipeline (to fill).
+
+## Policy Templates
+- Placeholder for SAST-specific policy examples.
+
+## Open TODOs
+- Add sample configs and flows once CLI samples are available.
diff --git a/docs/modules/scanner/benchmarks/windows-macos-coverage.md b/docs/modules/scanner/benchmarks/windows-macos-coverage.md
new file mode 100644
index 000000000..e8d8b6509
--- /dev/null
+++ b/docs/modules/scanner/benchmarks/windows-macos-coverage.md
@@ -0,0 +1,15 @@
+# Windows/macOS Analyzer Coverage — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: SCSA0301 customer demand signals.
+
+## Demand Signals
+- Customers requesting Windows/macOS analyzer coverage (to fill with SCSA0301 data).
+
+## Coverage Plan
+- Supported OS versions/builds; exclusions; offline posture.
+
+## Rollout & Monitoring
+- Enablement steps; metrics to watch.
+
+## Open TODOs
+- Add quantified demand, target milestones, and acceptance criteria once inputs land.
diff --git a/docs/modules/scanner/scanner-engine.md b/docs/modules/scanner/scanner-engine.md
new file mode 100644
index 000000000..9d340bc21
--- /dev/null
+++ b/docs/modules/scanner/scanner-engine.md
@@ -0,0 +1,24 @@
+# Scanner Engine Surface FS/Env/Secrets — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: SCANNER-SURFACE-04 emit notes, Zastava/Scheduler bindings, Ops runbook hooks.
+
+## Workflow Overview
+- Surface.FS, Surface.Env, Surface.Secrets capture points.
+- How Scanner orchestrates surface capture across jobs.
+
+## Data Flow
+- Scanner -> Zastava (signals/alerts pipeline).
+- Scanner -> Scheduler (job orchestration, retries, back-pressure).
+- Storage/retention expectations.
+
+## Policies & Safety Rails
+- Redaction rules, scope boundaries, tenant isolation.
+- Determinism/offline posture considerations.
+
+## Operations
+- How to enable/disable surface capture per tenant/workspace.
+- Observability: metrics, logs, traces to watch.
+
+## Open TODOs
+- Insert concrete emit schemas and example payloads when SCANNER-SURFACE-04 lands.
+- Add sequencing diagrams per module dossier once available.
diff --git a/docs/operations/multi-tenancy.md b/docs/operations/multi-tenancy.md
new file mode 100644
index 000000000..13278afc1
--- /dev/null
+++ b/docs/operations/multi-tenancy.md
@@ -0,0 +1,19 @@
+# Multi-Tenancy Operations — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Depends on DVDO0110 outputs and scopes-and-roles.
+
+## Provisioning
+- Creating tenants and assigning scopes.
+
+## Lifecycle
+- Suspend, delete, migrate tenants; data retention notes.
+
+## Observability
+- Metrics and logs to validate isolation; alerts to configure.
+
+## Governance
+- Change-control, approvals, audit export.
+
+## Open TODOs
+- Add step-by-step CLI/Console flows once confirmed.
+- Insert RLS specifics from `rls-and-data-isolation.md`.
diff --git a/docs/operations/rls-and-data-isolation.md b/docs/operations/rls-and-data-isolation.md
new file mode 100644
index 000000000..1bcfcbcc8
--- /dev/null
+++ b/docs/operations/rls-and-data-isolation.md
@@ -0,0 +1,15 @@
+# RLS and Data Isolation — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: DVDO0110, DB/RLS schema snapshot.
+
+## RLS Strategy
+- Tables/collections under RLS; policy evaluation order.
+
+## Keys and Claims
+- Which claims drive RLS; mapping to scopes.
+
+## Testing & Validation
+- How to verify isolation in staging; replay/golden tests.
+
+## Open TODOs
+- Insert actual RLS policies and sample queries once provided.
diff --git a/docs/policy/examples/abac-overlays.md b/docs/policy/examples/abac-overlays.md
new file mode 100644
index 000000000..a040c7d38
--- /dev/null
+++ b/docs/policy/examples/abac-overlays.md
@@ -0,0 +1,16 @@
+# ABAC Overlays — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: finalized scope grammar and example policies.
+
+## Purpose
+- Show how to layer ABAC on top of role/scope model.
+
+## Examples (to fill)
+- Attribute-based allow/deny overlays.
+- Tenant/role-specific examples with placeholders.
+
+## Testing
+- How to validate overlays with policy simulator.
+
+## Open TODOs
+- Add real policy snippets once DVDO0110 monitoring plan arrives.
diff --git a/docs/policy/vex-trust-model.md b/docs/policy/vex-trust-model.md
new file mode 100644
index 000000000..29fc61c57
--- /dev/null
+++ b/docs/policy/vex-trust-model.md
@@ -0,0 +1,15 @@
+# VEX Trust Model — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: waiver/exception guidance, policy knobs.
+
+## Policy Knobs
+- Thresholds, weighting, override rules (to fill).
+
+## Simulation
+- How to simulate decisions before enforcement.
+
+## Examples
+- Placeholder for sample policies.
+
+## Open TODOs
+- Add concrete policies and simulator instructions once provided.
diff --git a/docs/runbooks/vex-ops.md b/docs/runbooks/vex-ops.md
new file mode 100644
index 000000000..4da11539c
--- /dev/null
+++ b/docs/runbooks/vex-ops.md
@@ -0,0 +1,15 @@
+# VEX Ops Runbook — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: DevOps rollout plan for signatures/ops.
+
+## Recompute Storms
+- Steps to mitigate; throttling knobs (to fill).
+
+## Mapping Failures
+- Triage steps; retry/backfill guidance.
+
+## Signature Errors
+- Diagnosis workflow; key rotation checks.
+
+## Open TODOs
+- Add concrete commands and dashboards once rollout plan is delivered.
diff --git a/docs/sbom/vex-mapping.md b/docs/sbom/vex-mapping.md
new file mode 100644
index 000000000..ec11b021f
--- /dev/null
+++ b/docs/sbom/vex-mapping.md
@@ -0,0 +1,12 @@
+# VEX Mapping (CPE → purl) — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: SBOM/VEX dataflow spec.
+
+## Mapping Strategy
+- How CPEs map to purls; edge cases (to fill).
+
+## Overrides
+- Local override workflow.
+
+## Open TODOs
+- Add concrete examples and tables when dataflow spec lands.
diff --git a/docs/security/scopes-and-roles.md b/docs/security/scopes-and-roles.md
new file mode 100644
index 000000000..1ca9ed513
--- /dev/null
+++ b/docs/security/scopes-and-roles.md
@@ -0,0 +1,17 @@
+# Scopes and Roles — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: DVDO0110 scope grammar.
+
+## Scope Grammar
+- Syntax overview; examples (tenant/org/project/workspace).
+
+## Roles & Permissions
+- Core roles (admin, auditor, operator, viewer) — to confirm.
+- Mapping to scopes and imposed rule reminder.
+
+## Token / Session Handling
+- How scopes flow through tokens and sessions.
+
+## Open TODOs
+- Fill role matrix when DVDO0110 lands.
+- Add ABAC overlay pointers once defined.
diff --git a/docs/security/tenancy-overview.md b/docs/security/tenancy-overview.md
new file mode 100644
index 000000000..9abedd5f4
--- /dev/null
+++ b/docs/security/tenancy-overview.md
@@ -0,0 +1,21 @@
+# Tenancy Overview — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: DVDO0110 tenancy ADR.
+
+## Goals
+- Clarify tenant model, isolation guarantees, and scope grammar.
+
+## Tenant Model
+- Concepts: tenant, org, workspace, project (to confirm with ADR).
+- Identity anchors and trust roots.
+
+## Isolation Guarantees
+- Data, control plane, audit/log boundaries.
+- Reachability to shared services (DB, cache) with RLS.
+
+## Enforcement Stack
+- Authority, CLI, API, Console touchpoints.
+
+## Open TODOs
+- Insert canonical definitions and diagrams from DVDO0110.
+- Add references to scopes-and-roles once finalized.
diff --git a/docs/security/vex-signatures.md b/docs/security/vex-signatures.md
new file mode 100644
index 000000000..c1e5b1628
--- /dev/null
+++ b/docs/security/vex-signatures.md
@@ -0,0 +1,15 @@
+# VEX Signatures — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: security review (DVDO0110), key rotation plan.
+
+## Verification Flow
+- How signatures are verified; trust roots (to fill).
+
+## Rotation
+- Key rotation process; expiry handling.
+
+## Audit
+- Logging, evidence capture, review cadence.
+
+## Open TODOs
+- Insert concrete commands/config once security review completes.
diff --git a/docs/testing/contract-testing.md b/docs/testing/contract-testing.md
new file mode 100644
index 000000000..bf0ac43fc
--- /dev/null
+++ b/docs/testing/contract-testing.md
@@ -0,0 +1,18 @@
+# Contract Testing — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: DOSK0101 harness guidance, sample fixtures.
+
+## Goals
+- Ensure stable contracts across services/SDKs with mock/replay.
+
+## Components
+- Mock server, record/replay pipeline, golden fixtures, determinism checks.
+
+## Workflow
+- Record -> approve -> replay -> diff.
+
+## Quality Gates
+- Ordering, timestamps (UTC), hashing rules.
+
+## Open TODOs
+- Add concrete CLI/scripts and sample fixtures when provided.
diff --git a/docs/vex/consensus-algorithm.md b/docs/vex/consensus-algorithm.md
new file mode 100644
index 000000000..c7f55d465
--- /dev/null
+++ b/docs/vex/consensus-algorithm.md
@@ -0,0 +1,15 @@
+# VEX Consensus Algorithm — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Depends on consensus overview and PLVL0102.
+
+## Normalization
+- Input normalization steps (pending schema).
+
+## Weighting & Thresholds
+- How weights are assigned; threshold examples (to fill).
+
+## Examples
+- Sample merge scenarios (placeholder).
+
+## Open TODOs
+- Populate equations and concrete scenarios when data is available.
diff --git a/docs/vex/consensus-api.md b/docs/vex/consensus-api.md
new file mode 100644
index 000000000..357beacc6
--- /dev/null
+++ b/docs/vex/consensus-api.md
@@ -0,0 +1,15 @@
+# VEX Consensus API — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: PLVL0102 policy join notes.
+
+## Endpoints
+- List and describe endpoints (to fill).
+
+## Query Parameters
+- Filters, pagination, projections (pending contract).
+
+## Rate Limits
+- TBD; add concrete values once agreed.
+
+## Open TODOs
+- Add request/response examples when schemas are delivered.
diff --git a/docs/vex/consensus-console.md b/docs/vex/consensus-console.md
new file mode 100644
index 000000000..843db264d
--- /dev/null
+++ b/docs/vex/consensus-console.md
@@ -0,0 +1,12 @@
+# VEX Consensus Console — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: console overlay assets.
+
+## Workflows
+- Browse/filters; conflict resolution; accessibility notes.
+
+## Notifications
+- How conflicts/exceptions surface in UI.
+
+## Open TODOs
+- Add screenshots/flows when assets arrive.
diff --git a/docs/vex/consensus-overview.md b/docs/vex/consensus-overview.md
new file mode 100644
index 000000000..3909d2f55
--- /dev/null
+++ b/docs/vex/consensus-overview.md
@@ -0,0 +1,15 @@
+# VEX Consensus Overview — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: PLVL0102 schema snapshot, issuer directory details.
+
+## Purpose
+- Explain why consensus exists and what assurances it provides (AOC scope).
+
+## Inputs
+- Evidence sources (attestations, SBOM edges) — to be confirmed.
+
+## Outputs
+- Decision artifacts; confidence/threshold handling.
+
+## Open TODOs
+- Fill concrete schema references and examples once PLVL0102 arrives.
diff --git a/docs/vex/issuer-directory.md b/docs/vex/issuer-directory.md
new file mode 100644
index 000000000..66b4c9085
--- /dev/null
+++ b/docs/vex/issuer-directory.md
@@ -0,0 +1,15 @@
+# VEX Issuer Directory — Draft Skeleton (2025-12-05 UTC)
+
+Status: draft placeholder. Inputs pending: issuer directory keys/overrides, audit model.
+
+## Management
+- Add/update issuers; key material handling (to be filled).
+
+## Trust Overrides
+- Local overrides, expiry/rotation rules.
+
+## Audit
+- Recording changes; export/logging expectations.
+
+## Open TODOs
+- Insert concrete commands/APIs once available.