sprints completion. new product advisories prepared

docs/flows/10-cicd-gate-flow.md

@@ -555,6 +555,46 @@ Comments include evidence references for auditability:
 | Comment too long | Truncate with link to full report |
 | PR already merged | Skip comment |
 
+#### Evidence-First Annotation Format
+
+PR/MR comments use ASCII-only output for determinism and maximum compatibility:
+
+```
+## StellaOps Security Scan
+
+**Verdict:** [BLOCKING] Policy violation detected
+
+| Status | Finding | Package | Action |
+| --- | --- | --- | --- |
+| [+] New | CVE-2026-1234 | lodash@4.17.21 | Fix: 4.17.22 |
+| [-] Fixed | CVE-2025-9999 | express@4.17.0 | Resolved |
+| [^] Upgraded | CVE-2026-5678 | axios@1.0.0 | High -> Medium |
+| [v] Downgraded | CVE-2026-4321 | react@18.0.0 | Medium -> Low |
+
+### Evidence
+
+| Field | Value |
+| --- | --- |
+| Attestation Digest | sha256:abc123... |
+| Policy Verdict | FAIL |
+| Verify Command | `stellaops verify --digest sha256:abc123...` |
+
+---
+*[OK] 12 findings unchanged | Policy: production v2.1.0*
+```
+
+**ASCII Indicator Reference:**
+
+| Indicator | Meaning |
+|-----------|---------|
+| `[OK]` | Pass / Success |
+| `[BLOCKING]` | Fail / Hard gate triggered |
+| `[WARNING]` | Soft gate / Advisory |
+| `[+]` | New finding introduced |
+| `[-]` | Finding fixed / removed |
+| `[^]` | Severity upgraded |
+| `[v]` | Severity downgraded |
+
 #### Offline Mode
 
 In air-gapped environments: