audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories

docs/modules/provenance/README.md

@@ -0,0 +1,51 @@
+# Provenance
+
+> Provenance attestation library for SLSA/DSSE compliance.
+
+## Purpose
+
+Provenance provides deterministic, verifiable provenance attestations for all StellaOps artifacts. It enables SLSA compliance through DSSE statement generation, Merkle tree construction, and cryptographic verification.
+
+## Quick Links
+
+- [Architecture](./architecture.md) - Technical design and implementation details
+- [Guides](./guides/) - Attestation generation guides
+
+## Status
+
+| Attribute | Value |
+|-----------|-------|
+| **Maturity** | Production |
+| **Last Reviewed** | 2025-12-29 |
+| **Maintainer** | Security Guild |
+
+## Key Features
+
+- **DSSE Statement Generation**: Build provenance attestations per DSSE spec
+- **SLSA Compliance**: Support for SLSA build predicates
+- **Merkle Tree Construction**: Content-addressed integrity verification
+- **Promotion Attestations**: Track artifact promotions across environments
+- **Verification Harness**: Validate attestation chains
+
+## Dependencies
+
+### Upstream (this module depends on)
+- **Signer/KMS** - Key management for signing (delegated)
+
+### Downstream (modules that depend on this)
+- **Attestor** - Stores generated attestations
+- **EvidenceLocker** - Evidence bundle attestations
+- **ExportCenter** - Export attestations
+
+## Notes
+
+Provenance is a **library**, not a standalone service. It does not:
+- Store attestations (handled by Attestor and EvidenceLocker)
+- Hold signing keys (delegated to Signer/KMS)
+
+All attestation outputs are deterministic with canonical JSON serialization.
+
+## Related Documentation
+
+- [Attestor Architecture](../attestor/architecture.md)
+- [DSSE Specification](../../security/trust-and-signing.md)