feat: Add UI benchmark driver and scenarios for graph interactions

- Introduced `ui_bench_driver.mjs` to read scenarios and fixture manifest, generating a deterministic run plan.
- Created `ui_bench_plan.md` outlining the purpose, scope, and next steps for the benchmark.
- Added `ui_bench_scenarios.json` containing various scenarios for graph UI interactions.
- Implemented tests for CLI commands, ensuring bundle verification and telemetry defaults.
- Developed schemas for orchestrator components, including replay manifests and event envelopes.
- Added mock API for risk management, including listing and statistics functionalities.
- Implemented models for risk profiles and query options to support the new API.

docs/implplan/SPRINT_300_documentation_process.md

@@ -28,6 +28,7 @@
 | ECOSYS-FIXTURES-GAPS-300-017 | TODO | QA Guild · Scanner Guild · Docs Guild | 30-Nov-2025 ecosystem reality test cases | Close ET1–ET10: signed fixture pack + expected-result schema, deterministic builds/seeds, secret-leak assertions, offline/no-network enforcement, version matrix + DB pinning, SBOM parity thresholds, CI ownership/SLOs, provenance/licensing, retention/redaction policy, and ID/CVSS normalization utilities. |
 | IMPLEMENTOR-GAPS-300-018 | TODO | Docs Guild · Platform Guild | 30-Nov-2025 implementor guidelines | Close IG1–IG10: enforceable checklist + CI gates, schema/versioning change control, determinism/offline/secret/provenance requirements, perf/quota tests, boundary rules, and AGENTS/sprint linkages. |
 | STANDUP-GAPS-300-019 | TODO | Docs Guild · Ops Guild | 30-Nov-2025 standup sprint kickstarters | Close SK1–SK10: kickstarter template alignment with sprint template, readiness evidence checklist, dependency ledger with owners/SLOs, time-box/exit rules, async/offline workflow, Execution Log updates, decisions/risks delta capture, metrics (blocker clear rate/latency), role assignment, and lint/checks to enforce completion. |
+| ARCHIVED-GAPS-300-020 | TODO | Docs Guild · Architecture Guild | 15–23 Nov archived advisories | Decide which archived advisories to revive; close AR-* gaps (see `31-Nov-2025 FINDINGS.md` per-advisory table): publish canonical schemas/recipes (provenance, reachability, PURL/Build-ID), licensing/manifest rules, determinism seeds/SLOs, redaction/isolation, changelog/checkpoint signing, supersede duplicates (SBOM-Provenance-Spine, archived VB reachability), and document PostgreSQL storage blueprint guardrails. |
 | Plugin architecture gaps remediation | TODO | Docs Guild · Module Guilds (Authority/Scanner/Concelier) | 28-Nov-2025 plugin advisory | Close PL1–PL10 from `31-Nov-2025 FINDINGS.md`: publish signed schemas/capability catalog, sandbox/resource limits, provenance/SBOM + DSSE verification, determinism harness, compatibility matrix, dependency/secret rules, crash kill-switch, offline kit packaging/verify script, and signed plugin index with revocation/CVE data. |
 | CVSS v4.0 momentum sync | TODO | Docs Guild | 29-Nov-2025 advisory + briefing draft | Publish the CVSS v4.0 momentum briefing, highlight adoption signals, and link to sprint decisions for SPRINT_0190.* and docs coverage. |
 | SBOM→VEX proof blueprint sync | TODO | Docs Guild | 29-Nov-2025 advisory + blueprint draft | Publish the SBOM→VEX blueprint, link to platform/blueprint docs, and capture diagram/stub updates for DSSE/Rekor/VEX. |
@@ -55,6 +56,7 @@
 | 2025-12-01 | Added ECOSYS-FIXTURES-GAPS-300-017 to track ET1–ET10 remediation from `31-Nov-2025 FINDINGS.md`; status TODO pending fixture pack creation and CI wiring. | Project Mgmt |
 | 2025-12-01 | Added IMPLEMENTOR-GAPS-300-018 to track IG1–IG10 remediation from `31-Nov-2025 FINDINGS.md`; status TODO pending enforceable checklist/CI gates rollout. | Project Mgmt |
 | 2025-12-01 | Added STANDUP-GAPS-300-019 to track SK1–SK10 remediation from `31-Nov-2025 FINDINGS.md`; status TODO pending kickstarter template updates, async/offline workflows, metrics, and lint enforcement. | Project Mgmt |
+| 2025-12-01 | Added ARCHIVED-GAPS-300-020 to triage AR-* gaps from archived advisories (15–23 Nov 2025); status TODO pending decision on which to revive and schema/recipe publication. | Project Mgmt |
 | 2025-11-30 | Added the 30-Nov-2025 Rekor Receipt Checklist advisory and noted the ownership/action map for Authority/Sbomer/Vexer. | Docs Guild |
 | 2025-11-30 | Added the 30-Nov-2025 Ecosystem Reality Test Cases advisory (credential leak, Trivy offline DB, SBOM parity, Grype divergence) and logged the acceptance test intent. | Docs Guild |
 | 2025-11-30 | Added the 30-Nov-2025 Unknowns Decay & Triage advisory and noted UI + export artifacts for UnknownsRegistry + queues. | Docs Guild |