docs consolidation and others

docs/modules/platform/architecture-overview.md

@@ -2,7 +2,7 @@
 
 > **Ownership:** Architecture Guild • Docs Guild
 > **Audience:** Service owners, platform engineers, solution architects
-> **Related:** [High-Level Architecture](../../ARCHITECTURE_REFERENCE.md), [Concelier Architecture](../concelier/architecture.md), [Policy Engine Architecture](../policy/architecture.md), [Aggregation-Only Contract](../../aoc/aggregation-only-contract.md)
+> **Related:** [High-Level Architecture](../../ARCHITECTURE_REFERENCE.md), [Concelier Architecture](../concelier/architecture.md), [Policy Engine Architecture](../policy/architecture.md), [Aggregation-Only Contract](../../modules/concelier/guides/aggregation-only-contract.md)
 
 This dossier summarises the end-to-end runtime topology after the Aggregation-Only Contract (AOC) rollout. It highlights where raw facts live, how ingest services enforce guardrails, and how downstream components consume those facts to derive policy decisions and user-facing experiences.
 
@@ -160,7 +160,7 @@ sequenceDiagram
 
 - **Offline Kit:** Packages raw PostgreSQL snapshots (`advisory_raw`, `vex_raw`) plus guard configuration and CLI verifier binaries so air-gapped sites can re-run AOC checks before promotion.
 - **Recovery:** Supersedes chains allow rollback to prior revisions without mutating rows. Disaster exercises must rehearse restoring from snapshot, replaying logical replication into Policy Engine, and re-validating guard compliance.
-- **Migration:** Legacy normalised fields are moved to temporary views during cutover; ingestion runtime removes writes once guard-enforced path is live (see [Migration playbook](../../aoc/aggregation-only-contract.md#8-migration-playbook)).
+- **Migration:** Legacy normalised fields are moved to temporary views during cutover; ingestion runtime removes writes once guard-enforced path is live (see [Migration playbook](../../modules/concelier/guides/aggregation-only-contract.md#8-migration-playbook)).
 
 ---
 
@@ -171,26 +171,26 @@ sequenceDiagram
   1. `manifest.json` (canonical JSON, hashed and signed via DSSE).
   2. `inputbundle.tar.zst` (feeds, policies, tools, environment snapshot).
   3. `outputbundle.tar.zst` (SBOM, findings, VEX, logs, Merkle proofs).
-  Every artifact is signed with multi-profile keys (FIPS, GOST, SM, etc.) managed by Authority. See `docs/replay/DETERMINISTIC_REPLAY.md` §2–§5 for the full schema.
+  Every artifact is signed with multi-profile keys (FIPS, GOST, SM, etc.) managed by Authority. See `docs/modules/replay/guides/DETERMINISTIC_REPLAY.md` §2–§5 for the full schema.
 - **Reachability subtree:** When reachability recording is enabled, Scanner uploads graphs & runtime traces under `cas://replay/<scan-id>/reachability/graphs/` and `cas://replay/<scan-id>/reachability/traces/`. Manifest references (StellaOps.Replay.Core) bind these URIs along with analyzer hashes so Replay + Signals can rehydrate explainability evidence deterministically.
 - **Storage tiers:** Primary storage is PostgreSQL (`replay_runs`, `replay_subjects`) plus the CAS bucket. Evidence Locker mirrors bundles for long-term retention and legal hold workflows (`docs/modules/evidence-locker/architecture.md`). Offline kits package bundles under `offline/replay/<scan-id>` with detached DSSE envelopes for air-gapped verification.
 - **APIs & ownership:** Scanner WebService produces the bundles via `record` mode, Scanner Worker emits Merkle metadata, Signer/Authority provide DSSE signatures, Attestor anchors manifests to Rekor, CLI/Evidence Locker handle retrieval, and Docs Guild maintains runbooks. Responsibilities are tracked in `docs/implplan/SPRINT_185_shared_replay_primitives.md` through `SPRINT_187_evidence_locker_cli_integration.md`.
-- **Operational policies:** Retention defaults to 180 days for hot CAS storage and 2 years for cold Evidence Locker copies. Rotation and pruning follow the checklist in `docs/runbooks/replay_ops.md`.
+- **Operational policies:** Retention defaults to 180 days for hot CAS storage and 2 years for cold Evidence Locker copies. Rotation and pruning follow the checklist in `docs/operations/runbooks/replay_ops.md`.
 
 ---
 
 ## 6 · References
 
-- [Aggregation-Only Contract reference](../../aoc/aggregation-only-contract.md)
+- [Aggregation-Only Contract reference](../../modules/concelier/guides/aggregation-only-contract.md)
 - [Concelier architecture](../concelier/architecture.md)
 - [Excititor architecture](../excititor/architecture.md)
 - [Policy Engine architecture](../policy/architecture.md)
 - [Authority service](../authority/architecture.md)
-- [Replay specification](../../replay/DETERMINISTIC_REPLAY.md)
-- [Replay developer guide](../../replay/DEVS_GUIDE_REPLAY.md)
+- [Replay specification](../../modules/replay/guides/DETERMINISTIC_REPLAY.md)
+- [Replay developer guide](../../modules/replay/guides/DEVS_GUIDE_REPLAY.md)
 - [Replay schema](../../db/replay-schema.md)
-- [Replay test strategy](../../replay/TEST_STRATEGY.md) *(draft)*
-- [Observability standards (upcoming)](../../observability/policy.md) – interim reference for telemetry naming.
+- [Replay test strategy](../../modules/replay/guides/TEST_STRATEGY.md) *(draft)*
+- [Observability standards (upcoming)](../../modules/telemetry/guides/policy.md) – interim reference for telemetry naming.
 
 ---
 

docs/modules/platform/moat-gap-analysis.md

@@ -273,4 +273,4 @@ This document captures the gap analysis between the competitive moat advisory an
 
 - **Sprints**: `docs/implplan/SPRINT_4300_*.md`, `SPRINT_4400_*.md`, `SPRINT_4500_*.md`, `SPRINT_4600_*.md`
 - **Original Advisory**: `docs/product-advisories/archived/19-Dec-2025 - Stella Ops candidate features mapped to moat strength.md`
-- **Architecture**: `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- **Architecture**: `docs/ARCHITECTURE_OVERVIEW.md`

docs/modules/platform/proof-driven-moats-architecture.md

@@ -797,7 +797,7 @@ audit-bundle-{artifact-digest}.stella.bundle.tgz
 
 ### 12.3 Related Documentation
 
-- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/ARCHITECTURE_OVERVIEW.md`
 - `docs/modules/concelier/architecture.md`
 - `docs/modules/scanner/architecture.md`
 - `docs/modules/attestor/architecture.md`

docs/modules/platform/reference-architecture-card.md

@@ -1,7 +1,7 @@
 # Stella Ops Reference Architecture Card (Dec 2025)
 
 > **One-Pager** for product managers, architects, and auditors.
-> Full specification: `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+> Full specification: `docs/ARCHITECTURE_OVERVIEW.md`
 
 ---
 

docs/modules/platform/samples/console-vex-30-001.json

@@ -0,0 +1,17 @@
+{
+  "query": {"component": "openssl", "advisory": "CVE-2024-1234"},
+  "tenant": "demo",
+  "timestamp": "2025-11-19T00:00:00Z",
+  "statements": [
+    {
+      "id": "stmt-1",
+      "status": "not_affected",
+      "justification": "component_not_present",
+      "advisory": "CVE-2024-1234",
+      "products": ["pkg:deb/openssl@1.1.1w"],
+      "evidence": {"observationId": "obs-ossl-001", "linksetId": "lnm-ossl-001"},
+      "timestamp": "2025-11-19T00:00:00Z"
+    }
+  ],
+  "pagination": {"pageSize": 20, "next": null}
+}

docs/modules/platform/samples/console-vuln-29-001.json

@@ -0,0 +1,19 @@
+{
+  "query": "openssl",
+  "tenant": "demo",
+  "timestamp": "2025-11-19T00:00:00Z",
+  "results": [
+    {
+      "advisoryId": "CVE-2024-1234",
+      "title": "OpenSSL buffer overflow",
+      "severity": "HIGH",
+      "package": "openssl",
+      "version": "1.1.1w",
+      "source": "nvd",
+      "linksetId": "lnm-ossl-001",
+      "justification": "aggregation-only",
+      "provenance": {"fetchedAt": "2025-11-18T12:00:00Z", "digest": "sha256:dummy"}
+    }
+  ],
+  "pagination": {"pageSize": 20, "next": null}
+}