Add tests and implement timeline ingestion options with NATS and Redis subscribers

- Introduced `BinaryReachabilityLifterTests` to validate binary lifting functionality.
- Created `PackRunWorkerOptions` for configuring worker paths and execution persistence.
- Added `TimelineIngestionOptions` for configuring NATS and Redis ingestion transports.
- Implemented `NatsTimelineEventSubscriber` for subscribing to NATS events.
- Developed `RedisTimelineEventSubscriber` for reading from Redis Streams.
- Added `TimelineEnvelopeParser` to normalize incoming event envelopes.
- Created unit tests for `TimelineEnvelopeParser` to ensure correct field mapping.
- Implemented `TimelineAuthorizationAuditSink` for logging authorization outcomes.

docs/implplan/tasks-all.md

@@ -92,8 +92,8 @@
 | AIRGAP-56-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Mirror import helpers and bundle catalog wired for sealed mode. | PROGRAM-STAFF-1001 | AGCO0101 |
 | AIRGAP-56-001..58-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Deterministic bundle + manifest/entry-trace and sealed-mode deploy runbook shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 |
 | AIRGAP-56-002 | DONE |  | SPRINT_170_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify |  |  | NOTY0101 |
-| AIRGAP-56-003 | DONE | 2025-11-23 | SPRINT_301_docs_tasks_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 |
-| AIRGAP-56-004 | DONE | 2025-11-23 | SPRINT_301_docs_tasks_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
+| AIRGAP-56-003 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 |
+| AIRGAP-56-004 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
 | AIRGAP-57 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap bundle timeline/hooks completed. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
 | AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority |  | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 |
 | AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops |  |  | DVDO0101 |
@@ -314,7 +314,7 @@
 | CLI-ATTEST-75-001 | TODO |  | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest key create. Dependencies: CLI-ATTEST-74-002. | — | CLCI0102 |
 | CLI-ATTEST-75-002 | TODO |  | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild | src/Cli/StellaOps.Cli | Add support for building/verifying attestation bundles in CLI. Dependencies: CLI-ATTEST-75-001. | Wait for ATEL0102 outputs | CLCI0109 |
 | CLI-CORE-41-001 | TODO |  | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | — | CLCI0103 |
-| CLI-DET-01 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · DevEx/CLI Guild |  | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 |
+| CLI-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild |  | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 |
 | CLI-DETER-70-003 | DONE | 2025-11-28 | SPRINT_0202_0001_0001_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella detscore run` that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes `determinism.json`, supporting CI/non-zero threshold exit codes (`docs/modules/scanner/determinism-score.md`). | — | CLCI0103 |
 | CLI-DETER-70-004 | TODO |  | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella detscore report` to summarise published `determinism.json` files (overall score, per-image matrix) and integrate with release notes/air-gap kits (`docs/modules/scanner/determinism-score.md`). Dependencies: CLI-DETER-70-003. | — | CLCI0103 |
 | CLI-DOCS-0001 | TODO |  | SPRINT_316_docs_modules_cli | Docs Guild (docs/modules/cli) | docs/modules/cli | See ./AGENTS.md | — | CLCI0103 |
@@ -646,12 +646,12 @@
 | DOCS-AIAI-31-006 | TODO | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · Advisory AI Guild | docs/modules/advisory-ai | `/docs/policy/assistant-parameters.md` now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via `AdvisoryAiServiceOptions`). | Need latest telemetry outputs from ADAI0101 | DOAI0104 |
 | DOCS-AIAI-31-008 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · SBOM Service Guild (docs) | docs | Publish `/docs/sbom/remediation-heuristics.md` (feasibility scoring, blast radius). | SBOM-AIAI-31-001 projection kit/fixtures | DOAI0104 |
 | DOCS-AIAI-31-009 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild |  | Docs updated with guardrail/ops addenda and offline hashes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 |
-| DOCS-AIRGAP-56-001 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · AirGap Controller Guild |  | `/docs/airgap/overview.md` outlining modes, lifecycle, responsibilities, rule banner. | — | DOAI0102 |
-| DOCS-AIRGAP-56-002 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · DevOps Guild |  | `/docs/airgap/sealing-and-egress.md` (network policies, EgressPolicy facade, verification). | DOCS-AIRGAP-56-001 | DOAI0102 |
-| DOCS-AIRGAP-56-003 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | `/docs/airgap/mirror-bundles.md` (bundle format, DSSE/TUF/Merkle validation, workflows). | DOCS-AIRGAP-56-002 | DOAI0102 |
-| DOCS-AIRGAP-56-004 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Deployment Guild |  | `/docs/airgap/bootstrap.md` covering Bootstrap Pack creation + install. | DOCS-AIRGAP-56-003 | DOAI0102 |
-| DOCS-AIRGAP-57-001 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | `/docs/airgap/staleness-and-time.md` (time anchors, drift, UI indicators). | DOCS-AIRGAP-56-004 | DOAI0102 |
-| DOCS-AIRGAP-57-002 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Console Guild | docs/modules/airgap | `/docs/console/airgap.md` (sealed badge, import wizard, staleness dashboards). | DOCS-AIRGAP-57-001 | DOAI0102 |
+| DOCS-AIRGAP-56-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Controller Guild |  | `/docs/airgap/overview.md` outlining modes, lifecycle, responsibilities, rule banner. | — | DOAI0102 |
+| DOCS-AIRGAP-56-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevOps Guild |  | `/docs/airgap/sealing-and-egress.md` (network policies, EgressPolicy facade, verification). | DOCS-AIRGAP-56-001 | DOAI0102 |
+| DOCS-AIRGAP-56-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | `/docs/airgap/mirror-bundles.md` (bundle format, DSSE/TUF/Merkle validation, workflows). | DOCS-AIRGAP-56-002 | DOAI0102 |
+| DOCS-AIRGAP-56-004 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild |  | `/docs/airgap/bootstrap.md` covering Bootstrap Pack creation + install. | DOCS-AIRGAP-56-003 | DOAI0102 |
+| DOCS-AIRGAP-57-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | `/docs/airgap/staleness-and-time.md` (time anchors, drift, UI indicators). | DOCS-AIRGAP-56-004 | DOAI0102 |
+| DOCS-AIRGAP-57-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/modules/airgap | `/docs/console/airgap.md` (sealed badge, import wizard, staleness dashboards). | DOCS-AIRGAP-57-001 | DOAI0102 |
 | DOCS-AIRGAP-57-003 | TODO |  | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | Publish `/docs/modules/cli/guides/airgap.md` documenting commands, examples, exit codes. Dependencies: DOCS-AIRGAP-57-002. | AIDG0101 tasks 3–4 | DOCL0102 |
 | DOCS-AIRGAP-57-004 | TODO |  | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | Create `/docs/airgap/operations.md` with runbooks for imports, failure recovery, and auditing. Dependencies: DOCS-AIRGAP-57-003. | DOCS-AIRGAP-57-003 | DOCL0102 |
 | DOCS-AIRGAP-58-001 | BLOCKED | 2025-11-25 | SPRINT_302_docs_tasks_md_ii | Docs Guild, Product Guild (docs) |  | Provide `/docs/airgap/degradation-matrix.md` enumerating feature availability, fallbacks, remediation. Dependencies: DOCS-AIRGAP-57-004. | Blocked: waiting on staleness/time-anchor spec and AirGap controller/importer timelines | DOCL0102 |
@@ -671,7 +671,7 @@
 | DOCS-ATTEST-75-002 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Security Guild (docs) |  | Update `/docs/security/aoc-invariants.md` with attestation invariants. Dependencies: DOCS-ATTEST-75-001. | — | DOAT0101 |
 | DOCS-CLI-41-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/overview.md`, `/docs/modules/cli/guides/configuration.md`, `/docs/modules/cli/guides/output-and-exit-codes.md` with imposed rule statements. | — | DOCL0101 |
 | DOCS-CLI-42-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/parity-matrix.md` and command guides under `/docs/modules/cli/guides/commands/*.md` (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). Dependencies: DOCS-CLI-41-001. | — | DOCL0101 |
-| DOCS-CLI-DET-01 | DONE | 2025-11-23 | SPRINT_301_docs_tasks_md_i | Docs Guild · DevEx/CLI Guild |  | Document `stella sbomer` verbs (`layer`, `compose`, `drift`, `verify`) with examples & offline instructions. | CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 |
+| DOCS-CLI-DET-01 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild |  | Document `stella sbomer` verbs (`layer`, `compose`, `drift`, `verify`) with examples & offline instructions. | CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 |
 | DOCS-CLI-FORENSICS-53-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/forensics.md` for snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. | — | DOCL0101 |
 | DOCS-CLI-OBS-52-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Create `/docs/modules/cli/guides/observability.md` detailing `stella obs` commands, examples, exit codes, imposed rule banner, and scripting tips. | — | DOCL0101 |
 | DOCS-CONSOLE-OBS-52-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) |  | Document `/docs/console/observability.md` showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. | Blocked: awaiting Console Observability Hub schemas/widgets from Console Guild | DOCL0101 |
@@ -753,7 +753,7 @@
 | DOCS-POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Ops Guild | docs/policy/runs.md | Write `/docs/runbooks/policy-incident.md` detailing rollback, freeze, forensic steps, notifications. Dependencies: DOCS-POLICY-27-011. | Needs ops playbooks (DVDO0108) | DOPL0103 |
 | DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update `/docs/examples/policy-templates.md` with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. | Await policy guild approval | DOPL0103 |
 | DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. | Needs policy registry approvals | DOPL0103 |
-| DOCS-POLICY-DET-01 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
+| DOCS-POLICY-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
 | DOCS-PROMO-70-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/release/promotion-attestations.md | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | — | DOPV0101 |
 | DOCS-REACH-201-006 | TODO |  | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (`docs/signals/reachability.md`, `callgraph-formats.md`, `runtime-facts.md`, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators’ workflow. | Needs RBRE0101 provenance hook summary | DORC0101 |
 | DOCS-REPLAY-185-003 | TODO |  | SPRINT_185_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author `docs/data/replay_schema.md` detailing `replay_runs`, `replay_bundles`, `replay_subjects` collections, index guidance, and offline sync strategy aligned with Replay CAS. | Need RPRC0101 API freeze | DORR0101 |
@@ -778,7 +778,7 @@
 | DOCS-SCANNER-BENCH-62-006 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
 | DOCS-SCANNER-BENCH-62-008 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
 | DOCS-SCANNER-BENCH-62-009 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
-| DOCS-SCANNER-DET-01 | TODO | 2025-11-09 | SPRINT_301_docs_tasks_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates. | Needs determinism harness from 137_SCDT0101 | DOSB0101 |
+| DOCS-SCANNER-DET-01 | BLOCKED (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates. | Needs determinism harness from 137_SCDT0101 | DOSB0101 |
 | DOCS-SDK-62-001 | TODO |  | SPRINT_309_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 |
 | DOCS-SEC-62-001 | TODO |  | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 |
 | DOCS-SEC-OBS-50-001 | TODO |  | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 |
@@ -1062,7 +1062,7 @@
 | GAP-DOC-008 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Publish the cross-module function-level evidence guide, update API/CLI references with the new `code_id` fields, and add OpenVEX/replay samples under `samples/reachability/**`. | DOAG0101 outputs | GAPG0101 |
 | GAP-POL-005 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Docs Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts into Policy Engine, expose `reachability.state/confidence` in SPL/API, enforce auto-suppress (<0.30) rules, and generate OpenVEX evidence blocks referencing graph hashes + runtime facts with policy thresholds. | GAP-DOC-008 | GAPG0101 |
 | GAP-REP-004 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | Enforce BLAKE3 hashing + CAS registration for graphs/traces before manifest writes, upgrade replay manifest v2 with analyzer versions/policy thresholds, and add deterministic tests. | GAP-DOC-008 | GAPG0101 |
-| GAP-SCAN-001 | TODO |  | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical `SymbolID = {file:hash, section, addr, name, linkage}` plus `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. | GAP-POL-005 | GAPG0101 |
+| GAP-SCAN-001 | DONE (2025-12-03) |  | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical `SymbolID = {file:hash, section, addr, name, linkage}` plus `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. | GAP-POL-005 | GAPG0101 |
 | GAP-SIG-003 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Security Guild · GAP Guild | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | Finish `/signals/runtime-facts` ingestion, add CAS-backed runtime storage, extend scoring to lattice states (`Unknown/NotPresent/Unreachable/Conditional/Reachable/Observed`), and emit `signals.fact.updated` events. Document retention/RBAC. | GAP-POL-005 | GAPG0101 |
 | GAP-SYM-007 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Extend reachability evidence schema/DTOs with demangled symbol hints, `symbol.source`, confidence, and optional `code_block_hash`; ensure Scanner SBOM/evidence writers and CLI serializers emit the new fields deterministically. | GAP-SIG-003 | GAPG0101 |
 | GAP-VEX-006 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | VEX Guild | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | Wire Policy/Excititor/UI/CLI surfaces so VEX emission and explain drawers show call paths, graph hashes, and runtime hits; add CLI `--evidence=graph`/`--threshold` plus Notify template updates. | GAP-POL-005 | GAPG0101 |
@@ -1683,7 +1683,7 @@
 | SCANNER-BENCH-62-008 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) |  |  |  |  |
 | SCANNER-BENCH-62-009 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  |  |
 | SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0000_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 |  |
-| SCANNER-DET-01 | DOING | 2025-11-09 | SPRINT_301_docs_tasks_md_i | Docs Guild · Scanner Guild |  |  |  |  |
+| SCANNER-DET-01 | BLOCKED (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild |  |  |  |  |
 | SCANNER-DOCS-0003 | TODO |  | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. |  |  |
 | SCANNER-EMIT-15-001 | TODO |  | SPRINT_136_scanner_surface | Scanner Emit Guild (src/Scanner/__Libraries/StellaOps.Scanner.Emit) | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Enforce canonical JSON (`stella.contentHash`, Merkle root metadata, zero timestamps) for fragments and composed CycloneDX inventory/usage BOMs. Documented in `docs/modules/scanner/deterministic-sbom-compose.md` §2.2. | SCANNER-SURFACE-04 |  |
 | SCANNER-ENG-0001 | TODO |  | SPRINT_327_docs_modules_scanner | Module Team (docs/modules/scanner) | docs/modules/scanner | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. |  |  |
@@ -1935,7 +1935,7 @@
 | SYMS-SERVER-401-011 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Server` | Deliver `StellaOps.Symbols.Server` (REST+gRPC) with DSSE-verified uploads, Mongo/MinIO storage, tenant isolation, and deterministic debugId indexing; publish health/manifest APIs (spec: `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #5 | RBSY0101 |
 | TASKRUN-41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0002_taskrunner_blockers | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Bootstrap service, define migrations for `pack_runs`, `pack_run_logs`, `pack_artifacts`, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. | Delivered per Task Pack advisory and architecture contract. | ORTR0101 |
 | TASKRUN-AIRGAP-56-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Policy Guild | src/TaskRunner/StellaOps.TaskRunner | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | TASKRUN-41-001 | ORTR0101 |
-| TASKRUN-AIRGAP-56-002 | DOING (2025-12-01) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | TASKRUN-AIRGAP-56-001 | ORTR0101 |
+| TASKRUN-AIRGAP-56-002 | DONE (2025-12-03) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | TASKRUN-AIRGAP-56-001 | ORTR0101 |
 | TASKRUN-AIRGAP-57-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Controller Guild | src/TaskRunner/StellaOps.TaskRunner | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. | TASKRUN-AIRGAP-56-002 | ORTR0101 |
 | TASKRUN-AIRGAP-58-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. | TASKRUN-AIRGAP-57-001 | ORTR0101 |
 | TASKRUN-42-001 | BLOCKED (2025-11-25) | 2025-11-25 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild (`src/TaskRunner/StellaOps.TaskRunner`) | src/TaskRunner/StellaOps.TaskRunner | Execution engine enhancements (loops/conditionals/maxParallel), simulation mode, policy gate integration, deterministic failure recovery. Blocked: loop/conditional semantics and policy-gate evaluation contract not published. |  | ORTR0102 |
@@ -2307,8 +2307,8 @@
 | AIRGAP-56-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Exporter Guild · AirGap Time Guild · CLI Guild | docs/modules/airgap/airgap-mode.md | Mirror import helpers and bundle catalog wired for sealed mode. | PROGRAM-STAFF-1001 | AGCO0101 |
 | AIRGAP-56-001..58-001 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Concelier Core · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Deterministic bundle + manifest/entry-trace and sealed-mode deploy runbook shipped. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ELOCKER-CONTRACT-2001 | AGCO0101 |
 | AIRGAP-56-002 | DONE |  | SPRINT_170_notifications_telemetry | Notifications Service Guild · DevOps Guild | src/Notify/StellaOps.Notify |  |  | NOTY0101 |
-| AIRGAP-56-003 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 |
-| AIRGAP-56-004 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
+| AIRGAP-56-003 | TODO |  | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | docs/modules/airgap | DOCS-AIRGAP-56-002 | DOCS-AIRGAP-56-002 | AIDG0101 |
+| AIRGAP-56-004 | TODO |  | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild | docs/modules/airgap | AIRGAP-56-003 | DOCS-AIRGAP-56-003 | AIDG0101 |
 | AIRGAP-57 | DONE (2025-11-24) | 2025-11-24 | SPRINT_110_ingestion_evidence | Excititor Guild · AirGap Guilds | docs/modules/airgap/airgap-mode.md | Air-gap bundle timeline/hooks completed. | CONCELIER-GRAPH-21-001; CONCELIER-GRAPH-21-002; ATTEST-PLAN-2001 | AGCO0101 |
 | AIRGAP-57-001 | DONE | 2025-11-08 | SPRINT_100_identity_signing | Authority Core & Security Guild, DevOps Guild (src/Authority/StellaOps.Authority) | src/Authority/StellaOps.Authority |  | AUTH-AIRGAP-56-001; DEVOPS-AIRGAP-57-002 | KMSI0101 |
 | AIRGAP-57-002 | DOING | 2025-11-08 | SPRINT_503_ops_devops_i | DevOps Guild, Authority Guild (ops/devops) | ops/devops |  |  | DVDO0101 |
@@ -2527,7 +2527,7 @@
 | CLI-ATTEST-75-001 | TODO |  | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild, KMS Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement `stella attest key create. Dependencies: CLI-ATTEST-74-002. | — | CLCI0102 |
 | CLI-ATTEST-75-002 | TODO |  | SPRINT_0201_0001_0001_cli_i | CLI Attestor Guild | src/Cli/StellaOps.Cli | Add support for building/verifying attestation bundles in CLI. Dependencies: CLI-ATTEST-75-001. | Wait for ATEL0102 outputs | CLCI0109 |
 | CLI-CORE-41-001 | TODO |  | SPRINT_202_cli_ii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Implement CLI core features: config precedence, profiles/contexts, auth flows, output renderer (json/yaml/table), error mapping, global flags, telemetry opt-in. | — | CLCI0103 |
-| CLI-DET-01 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · DevEx/CLI Guild |  | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 |
+| CLI-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild |  | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLI-SBOM-60-001; CLI-SBOM-60-002 | CLCI0103 |
 | CLI-DETER-70-003 | TODO |  | SPRINT_202_cli_ii | DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Provide `stella detscore run` that executes the determinism harness locally (fixed clock, seeded RNG, canonical hashes) and writes `determinism.json`, supporting CI/non-zero threshold exit codes (`docs/modules/scanner/determinism-score.md`). | — | CLCI0103 |
 | CLI-DETER-70-004 | TODO |  | SPRINT_203_cli_iii | DevEx/CLI Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Add `stella detscore report` to summarise published `determinism.json` files (overall score, per-image matrix) and integrate with release notes/air-gap kits (`docs/modules/scanner/determinism-score.md`). Dependencies: CLI-DETER-70-003. | — | CLCI0103 |
 | CLI-DOCS-0001 | TODO |  | SPRINT_316_docs_modules_cli | Docs Guild (docs/modules/cli) | docs/modules/cli | See ./AGENTS.md | — | CLCI0103 |
@@ -2859,12 +2859,12 @@
 | DOCS-AIAI-31-006 | TODO | 2025-11-13 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · Advisory AI Guild | docs/modules/advisory-ai | `/docs/policy/assistant-parameters.md` now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via `AdvisoryAiServiceOptions`). | Need latest telemetry outputs from ADAI0101 | DOAI0104 |
 | DOCS-AIAI-31-008 | BLOCKED | 2025-11-18 | SPRINT_0111_0001_0001_advisoryai | Docs Guild · SBOM Service Guild (docs) | docs | Publish `/docs/sbom/remediation-heuristics.md` (feasibility scoring, blast radius). | SBOM-AIAI-31-001 projection kit/fixtures | DOAI0104 |
 | DOCS-AIAI-31-009 | DONE (2025-11-25) | 2025-11-25 | SPRINT_110_ingestion_evidence | Docs Guild |  | Docs updated with guardrail/ops addenda and offline hashes. | DOCS-AIAI-31-004; CLI-VULN-29-001; CLI-VEX-30-001; POLICY-ENGINE-31-001; DEVOPS-AIAI-31-001 | DOAI0102 |
-| DOCS-AIRGAP-56-001 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · AirGap Controller Guild |  | `/docs/airgap/overview.md` outlining modes, lifecycle, responsibilities, rule banner. | — | DOAI0102 |
-| DOCS-AIRGAP-56-002 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · DevOps Guild |  | `/docs/airgap/sealing-and-egress.md` (network policies, EgressPolicy facade, verification). | DOCS-AIRGAP-56-001 | DOAI0102 |
-| DOCS-AIRGAP-56-003 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | `/docs/airgap/mirror-bundles.md` (bundle format, DSSE/TUF/Merkle validation, workflows). | DOCS-AIRGAP-56-002 | DOAI0102 |
-| DOCS-AIRGAP-56-004 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Deployment Guild |  | `/docs/airgap/bootstrap.md` covering Bootstrap Pack creation + install. | DOCS-AIRGAP-56-003 | DOAI0102 |
-| DOCS-AIRGAP-57-001 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | `/docs/airgap/staleness-and-time.md` (time anchors, drift, UI indicators). | DOCS-AIRGAP-56-004 | DOAI0102 |
-| DOCS-AIRGAP-57-002 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Console Guild | docs/modules/airgap | `/docs/console/airgap.md` (sealed badge, import wizard, staleness dashboards). | DOCS-AIRGAP-57-001 | DOAI0102 |
+| DOCS-AIRGAP-56-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Controller Guild |  | `/docs/airgap/overview.md` outlining modes, lifecycle, responsibilities, rule banner. | — | DOAI0102 |
+| DOCS-AIRGAP-56-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevOps Guild |  | `/docs/airgap/sealing-and-egress.md` (network policies, EgressPolicy facade, verification). | DOCS-AIRGAP-56-001 | DOAI0102 |
+| DOCS-AIRGAP-56-003 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Exporter Guild | bundle format, DSSE/TUF/Merkle validation, workflows | `/docs/airgap/mirror-bundles.md` (bundle format, DSSE/TUF/Merkle validation, workflows). | DOCS-AIRGAP-56-002 | DOAI0102 |
+| DOCS-AIRGAP-56-004 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Deployment Guild |  | `/docs/airgap/bootstrap.md` covering Bootstrap Pack creation + install. | DOCS-AIRGAP-56-003 | DOAI0102 |
+| DOCS-AIRGAP-57-001 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · AirGap Time Guild | docs/modules/airgap | `/docs/airgap/staleness-and-time.md` (time anchors, drift, UI indicators). | DOCS-AIRGAP-56-004 | DOAI0102 |
+| DOCS-AIRGAP-57-002 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Console Guild | docs/modules/airgap | `/docs/console/airgap.md` (sealed badge, import wizard, staleness dashboards). | DOCS-AIRGAP-57-001 | DOAI0102 |
 | DOCS-AIRGAP-57-003 | TODO |  | SPRINT_302_docs_tasks_md_ii | Docs Guild · CLI Guild | docs/modules/airgap | Publish `/docs/modules/cli/guides/airgap.md` documenting commands, examples, exit codes. Dependencies: DOCS-AIRGAP-57-002. | AIDG0101 tasks 3–4 | DOCL0102 |
 | DOCS-AIRGAP-57-004 | TODO |  | SPRINT_302_docs_tasks_md_ii | Docs Guild · Ops Guild | docs/modules/airgap | Create `/docs/airgap/operations.md` with runbooks for imports, failure recovery, and auditing. Dependencies: DOCS-AIRGAP-57-003. | DOCS-AIRGAP-57-003 | DOCL0102 |
 | DOCS-AIRGAP-58-001 | TODO |  | SPRINT_302_docs_tasks_md_ii | Docs Guild, Product Guild (docs) |  | Provide `/docs/airgap/degradation-matrix.md` enumerating feature availability, fallbacks, remediation. Dependencies: DOCS-AIRGAP-57-004. | — | DOCL0102 |
@@ -2884,7 +2884,7 @@
 | DOCS-ATTEST-75-002 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Security Guild (docs) |  | Update `/docs/security/aoc-invariants.md` with attestation invariants. Dependencies: DOCS-ATTEST-75-001. | — | DOAT0101 |
 | DOCS-CLI-41-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/overview.md`, `/docs/modules/cli/guides/configuration.md`, `/docs/modules/cli/guides/output-and-exit-codes.md` with imposed rule statements. | — | DOCL0101 |
 | DOCS-CLI-42-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild (docs) |  | Publish `/docs/modules/cli/guides/parity-matrix.md` and command guides under `/docs/modules/cli/guides/commands/*.md` (policy, sbom, vuln, vex, advisory, export, orchestrator, notify, aoc, auth). Dependencies: DOCS-CLI-41-001. | — | DOCL0101 |
-| DOCS-CLI-DET-01 | DONE | 2025-11-23 | SPRINT_301_docs_tasks_md_i | Docs Guild · DevEx/CLI Guild |  | Document `stella sbomer` verbs (`layer`, `compose`, `drift`, `verify`) with examples & offline instructions. | CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 |
+| DOCS-CLI-DET-01 | DONE | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · DevEx/CLI Guild |  | Document `stella sbomer` verbs (`layer`, `compose`, `drift`, `verify`) with examples & offline instructions. | CLI-SBOM-60-001; CLI-SBOM-60-002 | DOCL0101 |
 | DOCS-CLI-FORENSICS-53-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Publish `/docs/modules/cli/guides/forensics.md` for snapshot/verify/attest commands with sample outputs, imposed rule banner, and offline workflows. | — | DOCL0101 |
 | DOCS-CLI-OBS-52-001 | DONE | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, DevEx/CLI Guild (docs) | docs/modules/cli/guides | Create `/docs/modules/cli/guides/observability.md` detailing `stella obs` commands, examples, exit codes, imposed rule banner, and scripting tips. | — | DOCL0101 |
 | DOCS-CONSOLE-OBS-52-001 | BLOCKED | 2025-11-25 | SPRINT_303_docs_tasks_md_iii | Docs Guild, Console Guild (docs) |  | Document `/docs/console/observability.md` showcasing Observability Hub widgets, trace/log search, imposed rule banner, and accessibility tips. | Blocked: awaiting Console Observability Hub schemas/widgets from Console Guild | DOCL0101 |
@@ -2970,7 +2970,7 @@
 | DOCS-POLICY-27-012 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Ops Guild | docs/policy/runs.md | Write `/docs/runbooks/policy-incident.md` detailing rollback, freeze, forensic steps, notifications. Dependencies: DOCS-POLICY-27-011. | Needs ops playbooks (DVDO0108) | DOPL0103 |
 | DOCS-POLICY-27-013 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Guild | docs/policy/runs.md | Update `/docs/examples/policy-templates.md` with new templates, snippets, and sample policies. Dependencies: DOCS-POLICY-27-012. | Await policy guild approval | DOPL0103 |
 | DOCS-POLICY-27-014 | BLOCKED | 2025-10-27 | SPRINT_308_docs_tasks_md_viii | Docs Guild · Policy Registry Guild | docs/policy/runs.md | Refresh `/docs/aoc/aoc-guardrails.md` to include Studio-specific guardrails and validation scenarios. Dependencies: DOCS-POLICY-27-013. | Needs policy registry approvals | DOPL0103 |
-| DOCS-POLICY-DET-01 | TODO |  | SPRINT_301_docs_tasks_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
+| DOCS-POLICY-DET-01 | DONE (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Policy Guild | docs/policy/runs.md | Extend `docs/modules/policy/architecture.md` with determinism gate semantics and provenance references. | Depends on deterministic harness (137_SCDT0101) | DOPL0103 |
 | DOCS-PROMO-70-001 | DONE (2025-11-26) | 2025-11-26 | SPRINT_304_docs_tasks_md_iv | Docs Guild · Provenance Guild | docs/release/promotion-attestations.md | Publish `/docs/release/promotion-attestations.md` describing the promotion workflow (CLI commands, Signer/Attestor integration, offline verification) and update `/docs/forensics/provenance-attestation.md` with the new predicate. Dependencies: PROV-OBS-53-003, CLI-PROMO-70-002. | — | DOPV0101 |
 | DOCS-REACH-201-006 | TODO |  | SPRINT_400_runtime_facts_static_callgraph_union | Docs Guild · Runtime Evidence Guild | docs/reachability | Author the reachability doc set (`docs/signals/reachability.md`, `callgraph-formats.md`, `runtime-facts.md`, CLI/UI appendices) plus update Zastava + Replay guides with the new evidence and operators’ workflow. | Needs RBRE0101 provenance hook summary | DORC0101 |
 | DOCS-REPLAY-185-003 | TODO |  | SPRINT_185_shared_replay_primitives | Docs Guild · Platform Data Guild | docs/replay | Author `docs/data/replay_schema.md` detailing `replay_runs`, `replay_bundles`, `replay_subjects` collections, index guidance, and offline sync strategy aligned with Replay CAS. | Need RPRC0101 API freeze | DORR0101 |
@@ -2995,7 +2995,7 @@
 | DOCS-SCANNER-BENCH-62-006 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild · Product Guild | docs/modules/scanner/benchmarks | Document Rust fingerprint enrichment guidance and policy examples. | Requires updated benchmarks from SCSA0601 | DOSB0101 |
 | DOCS-SCANNER-BENCH-62-008 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild · Platform Data Guild | docs/modules/scanner/benchmarks | Publish EntryTrace explain/heuristic maintenance guide. | Wait for replay hooks (RPRC0101) | DOSB0101 |
 | DOCS-SCANNER-BENCH-62-009 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild · DevEx/CLI Guild | docs/modules/scanner/benchmarks | Produce SAST integration documentation (connector framework, policy templates). | Depends on CLI samples (132_CLCI0110) | DOSB0101 |
-| DOCS-SCANNER-DET-01 | TODO | 2025-11-09 | SPRINT_301_docs_tasks_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates. | Needs determinism harness from 137_SCDT0101 | DOSB0101 |
+| DOCS-SCANNER-DET-01 | BLOCKED (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild | docs/modules/scanner/benchmarks | `/docs/modules/scanner/deterministic-sbom-compose.md` plus scan guide updates. | Needs determinism harness from 137_SCDT0101 | DOSB0101 |
 | DOCS-SDK-62-001 | TODO |  | SPRINT_309_docs_tasks_md_ix | Docs Guild · SDK Generator Guild | docs/sdk | Publish `/docs/sdks/overview.md` plus language guides (`typescript.md`, `python.md`, `go.md`, `java.md`). | Need SDK toolchain notes from SDKG0101 | DOSK0101 |
 | DOCS-SEC-62-001 | TODO |  | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/auth-scopes.md` with OAuth2/PAT scopes, tenancy header usage. | Need security ADR from DVDO0110 | DOSE0101 |
 | DOCS-SEC-OBS-50-001 | TODO |  | SPRINT_309_docs_tasks_md_ix | Docs Guild · Security Guild | docs/security | Update `/docs/security/redaction-and-privacy.md` to cover telemetry privacy controls, tenant opt-in debug, and imposed rule reminder. | Depends on PLOB0101 metrics | DOSE0101 |
@@ -3285,7 +3285,7 @@
 | GAP-DOC-008 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `docs/reachability/function-level-evidence.md`, `docs/09_API_CLI_REFERENCE.md`, `docs/api/policy.md` | Publish the cross-module function-level evidence guide, update API/CLI references with the new `code_id` fields, and add OpenVEX/replay samples under `samples/reachability/**`. | DOAG0101 outputs | GAPG0101 |
 | GAP-POL-005 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Policy Guild · Docs Guild | `src/Policy/StellaOps.Policy.Engine`, `docs/modules/policy/architecture.md`, `docs/reachability/function-level-evidence.md` | Ingest reachability facts into Policy Engine, expose `reachability.state/confidence` in SPL/API, enforce auto-suppress (<0.30) rules, and generate OpenVEX evidence blocks referencing graph hashes + runtime facts with policy thresholds. | GAP-DOC-008 | GAPG0101 |
 | GAP-REP-004 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `src/__Libraries/StellaOps.Replay.Core`, `docs/replay/DETERMINISTIC_REPLAY.md` | Enforce BLAKE3 hashing + CAS registration for graphs/traces before manifest writes, upgrade replay manifest v2 with analyzer versions/policy thresholds, and add deterministic tests. | GAP-DOC-008 | GAPG0101 |
-| GAP-SCAN-001 | TODO |  | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical `SymbolID = {file:hash, section, addr, name, linkage}` plus `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. | GAP-POL-005 | GAPG0101 |
+| GAP-SCAN-001 | DONE (2025-12-03) |  | SPRINT_400_runtime_facts_static_callgraph_union | Scanner Guild · GAP Guild | `src/Scanner/StellaOps.Scanner.Worker`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Implement binary/language symbolizers that emit `richgraph-v1` payloads with canonical `SymbolID = {file:hash, section, addr, name, linkage}` plus `code_id` anchors, persist graphs to CAS via `StellaOps.Scanner.Reachability`, and refresh analyzer docs/fixtures. | GAP-POL-005 | GAPG0101 |
 | GAP-SIG-003 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Security Guild · GAP Guild | `src/Signals/StellaOps.Signals`, `docs/reachability/function-level-evidence.md` | Finish `/signals/runtime-facts` ingestion, add CAS-backed runtime storage, extend scoring to lattice states (`Unknown/NotPresent/Unreachable/Conditional/Reachable/Observed`), and emit `signals.fact.updated` events. Document retention/RBAC. | GAP-POL-005 | GAPG0101 |
 | GAP-SYM-007 | BLOCKED (2025-11-27) | Waiting on GRAPH-CAS-401-001 schema/hash | SPRINT_0401_0001_0001_reachability_evidence_chain | Docs Guild | `src/Scanner/StellaOps.Scanner.Models`, `docs/modules/scanner/architecture.md`, `docs/reachability/function-level-evidence.md` | Extend reachability evidence schema/DTOs with demangled symbol hints, `symbol.source`, confidence, and optional `code_block_hash`; ensure Scanner SBOM/evidence writers and CLI serializers emit the new fields deterministically. | GAP-SIG-003 | GAPG0101 |
 | GAP-VEX-006 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | VEX Guild | `docs/modules/excititor/architecture.md`, `src/Cli/StellaOps.Cli`, `src/UI/StellaOps.UI`, `docs/09_API_CLI_REFERENCE.md` | Wire Policy/Excititor/UI/CLI surfaces so VEX emission and explain drawers show call paths, graph hashes, and runtime hits; add CLI `--evidence=graph`/`--threshold` plus Notify template updates. | GAP-POL-005 | GAPG0101 |
@@ -3883,7 +3883,7 @@
 | SCANNER-BENCH-62-008 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild, EntryTrace Guild (docs) |  |  |  |  |
 | SCANNER-BENCH-62-009 | TODO |  | SPRINT_310_docs_tasks_md_x | Docs Guild, Policy Guild (docs) |  |  |  |  |
 | SCANNER-CLI-0001 | DONE | 2025-11-10 | SPRINT_0138_0000_0001_scanner_ruby_parity | CLI Guild, Ruby Analyzer Guild (src/Cli/StellaOps.Cli) | src/Cli/StellaOps.Cli | Coordinate CLI UX/help text for new Ruby verbs and update CLI docs/golden outputs. | SCANNER-ENG-0019 |  |
-| SCANNER-DET-01 | DOING | 2025-11-09 | SPRINT_301_docs_tasks_md_i | Docs Guild · Scanner Guild |  |  |  |  |
+| SCANNER-DET-01 | BLOCKED (2025-11-23) | 2025-11-23 | SPRINT_0301_0001_0001_docs_md_i | Docs Guild · Scanner Guild |  |  |  |  |
 | SCANNER-DOCS-0003 | TODO |  | SPRINT_327_docs_modules_scanner | Docs Guild, Product Guild (docs/modules/scanner) | docs/modules/scanner | Gather Windows/macOS analyzer demand signals and record findings in `docs/benchmarks/scanner/windows-macos-demand.md` for marketing + product readiness. |  |  |
 | SCANNER-EMIT-15-001 | TODO |  | SPRINT_136_scanner_surface | Scanner Emit Guild (src/Scanner/__Libraries/StellaOps.Scanner.Emit) | src/Scanner/__Libraries/StellaOps.Scanner.Emit | Enforce canonical JSON (`stella.contentHash`, Merkle root metadata, zero timestamps) for fragments and composed CycloneDX inventory/usage BOMs. Documented in `docs/modules/scanner/deterministic-sbom-compose.md` §2.2. | SCANNER-SURFACE-04 |  |
 | SCANNER-ENG-0001 | TODO |  | SPRINT_327_docs_modules_scanner | Module Team (docs/modules/scanner) | docs/modules/scanner | Cross-check implementation plan milestones against `/docs/implplan/SPRINT_*.md` and update module readiness checkpoints. |  |  |
@@ -4135,7 +4135,7 @@
 | SYMS-SERVER-401-011 | TODO |  | SPRINT_0401_0001_0001_reachability_evidence_chain | Symbols Guild | `src/Symbols/StellaOps.Symbols.Server` | Deliver `StellaOps.Symbols.Server` (REST+gRPC) with DSSE-verified uploads, Mongo/MinIO storage, tenant isolation, and deterministic debugId indexing; publish health/manifest APIs (spec: `docs/specs/SYMBOL_MANIFEST_v1.md`). | Depends on #5 | RBSY0101 |
 | TASKRUN-41-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0002_taskrunner_blockers | Task Runner Guild | src/TaskRunner/StellaOps.TaskRunner | Bootstrap service, define migrations for `pack_runs`, `pack_run_logs`, `pack_artifacts`, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. | Delivered per Task Pack advisory and architecture contract. | ORTR0101 |
 | TASKRUN-AIRGAP-56-001 | DONE (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Policy Guild | src/TaskRunner/StellaOps.TaskRunner | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | TASKRUN-41-001 | ORTR0101 |
-| TASKRUN-AIRGAP-56-002 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | TASKRUN-AIRGAP-56-001 | ORTR0101 |
+| TASKRUN-AIRGAP-56-002 | DONE (2025-12-03) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Importer Guild | src/TaskRunner/StellaOps.TaskRunner | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | TASKRUN-AIRGAP-56-001 | ORTR0101 |
 | TASKRUN-AIRGAP-57-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · AirGap Controller Guild | src/TaskRunner/StellaOps.TaskRunner | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. | TASKRUN-AIRGAP-56-002 | ORTR0101 |
 | TASKRUN-AIRGAP-58-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · Evidence Locker Guild | src/TaskRunner/StellaOps.TaskRunner | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. | TASKRUN-AIRGAP-57-001 | ORTR0101 |
 | TASKRUN-OAS-61-001 | BLOCKED (2025-11-30) | 2025-11-30 | SPRINT_0157_0001_0001_taskrunner_i | Task Runner Guild · API Contracts Guild | src/TaskRunner/StellaOps.TaskRunner | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | TASKRUN-41-001 | ORTR0101 |