partly or unimplemented features - now implemented

docs/modules/advisory-ai/architecture.md

@@ -115,8 +115,10 @@ All context references include `content_hash` and `source_id` enabling verifiabl
 
 ## 8) APIs
 
-- `POST /api/v1/advisory/{task}` — executes Summary/Conflict/Remediation pipeline (`task` ∈ `summary|conflict|remediation`). Requests accept `{advisoryKey, artifactId?, policyVersion?, profile, preferredSections?, forceRefresh}` and return sanitized prompt payloads, citations, guardrail metadata, provenance hash, and cache hints.
-- `GET /api/v1/advisory/outputs/{cacheKey}?taskType=SUMMARY&profile=default` — retrieves cached artefacts for downstream consumers (Console, CLI, Export Center). Guardrail state and provenance hash accompany results.
+- `POST /api/v1/advisory/{task}` - executes Summary/Conflict/Remediation pipeline (`task` in `summary|conflict|remediation`). Requests accept `{advisoryKey, artifactId?, policyVersion?, profile, preferredSections?, forceRefresh}` and return sanitized prompt payloads, citations, guardrail metadata, provenance hash, and cache hints.
+- `GET /api/v1/advisory/outputs/{cacheKey}?taskType=SUMMARY&profile=default` - retrieves cached artifacts for downstream consumers (Console, CLI, Export Center). Guardrail state and provenance hash accompany results.
+- `POST /v1/advisory-ai/companion/explain` - composes explanation output with deterministic runtime signals from Zastava-compatible observers. Request payload extends explain fields with `runtimeSignals[]`; response returns `companionId`, `companionHash`, composed summary lines, and normalized runtime highlights.
+- Companion endpoint authorization accepts `advisory:run`, `advisory:explain`, or `advisory:companion` scopes and maps companion validation failures to HTTP 400 without leaking internal state.
 
 All endpoints accept `profile` parameter (default `fips-local`) and return `output_hash`, `input_digest`, and `citations` for verification.