audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories

docs/operations/deployment/VERSION_MATRIX.md

@@ -279,8 +279,8 @@ docker-compose up -d
 
 ## Related Documents
 
-- [Helm Chart Documentation](../deploy/helm/stellaops/README.md)
-- [Compose Quickstart](../deploy/compose/README.md)
+- [Helm Chart Documentation](../devops/helm/stellaops/README.md)
+- [Compose Quickstart](../devops/compose/README.md)
 - [Offline Kit Guide](./OFFLINE_KIT.md)
 - [Air-Gap Provenance](../modules/findings-ledger/airgap-provenance.md)
 - [Staleness Schema](../schemas/ledger-airgap-staleness.schema.json)

docs/operations/deployment/console.md

@@ -27,7 +27,7 @@ helm repo add stellaops https://downloads.stella-ops.org/helm
 helm repo update stellaops
 ```
 
-If operating offline, copy the chart archive from the Offline Kit (`deploy/helm/stellaops-<ver>.tgz`) and run:
+If operating offline, copy the chart archive from the Offline Kit (`devops/helm/stellaops-<ver>.tgz`) and run:
 
 ```bash
 helm install stellaops ./stellaops-<ver>.tgz --namespace stellaops --create-namespace
@@ -39,14 +39,14 @@ helm install stellaops ./stellaops-<ver>.tgz --namespace stellaops --create-name
 helm install stellaops stellaops/stellaops \
   --namespace stellaops \
   --create-namespace \
-  --values deploy/helm/stellaops/values-prod.yaml
+  --values devops/helm/stellaops/values-prod.yaml
 ```
 
 The chart deploys Authority, Console web/API gateway, Scanner API, Scheduler, and supporting services. The console frontend pod is labelled `app=stellaops-web-ui`.
 
 ### 2.3 Helm values highlights
 
-Key sections in `deploy/helm/stellaops/values-prod.yaml`:
+Key sections in `devops/helm/stellaops/values-prod.yaml`:
 
 | Path | Description |
 |------|-------------|
@@ -94,7 +94,7 @@ Helm chart sets default probes (`initialDelaySeconds: 10`, `periodSeconds: 15`).
 
 ## 3. Docker Compose deployment
 
-Located in `deploy/compose/docker-compose.console.yaml`. Quick start:
+Located in `devops/compose/docker-compose.console.yaml`. Quick start:
 
 ```bash
 cd deploy/compose
@@ -203,8 +203,8 @@ Troubleshooting steps:
 
 ## 9. References
 
-- `deploy/helm/stellaops/values-*.yaml` - environment-specific overrides.  
-- `deploy/compose/docker-compose.console.yaml` - Compose bundle.  
+- `devops/helm/stellaops/values-*.yaml` - environment-specific overrides.  
+- `devops/compose/docker-compose.console.yaml` - Compose bundle.  
 - `docs/UI_GUIDE.md` - Console workflows and offline posture.
 - `/docs/security/console-security.md` - CSP and Authority scopes.
 - `/docs/OFFLINE_KIT.md` - Offline kit packaging and verification.  

docs/operations/deployment/docker.md

@@ -12,8 +12,8 @@ This guide focuses on the new **StellaOps Console** container. Start with the ge
 | Artefact | Source | Verification |
 |----------|--------|--------------|
 | Console image | `registry.stella-ops.org/stellaops/web-ui@sha256:<digest>` | Listed in `deploy/releases/<channel>.yaml` (`yq '.services[] | select(.name=="web-ui") | .image'`). Signed with Cosign (`cosign verify --key https://stella-ops.org/keys/cosign.pub …`). |
-| Compose bundles | `deploy/compose/docker-compose.{dev,stage,prod,airgap}.yaml` | Each profile already includes a `web-ui` service pinned to the release digest. Run `docker compose --env-file <env> -f docker-compose.<profile>.yaml config` to confirm the digest matches the manifest. |
-| Helm values | `deploy/helm/stellaops/values-*.yaml` (`services.web-ui`) | CI lints the chart; use `helm template` to confirm the rendered Deployment/Service carry the expected digest and env vars. |
+| Compose bundles | `devops/compose/docker-compose.{dev,stage,prod,airgap}.yaml` | Each profile already includes a `web-ui` service pinned to the release digest. Run `docker compose --env-file <env> -f docker-compose.<profile>.yaml config` to confirm the digest matches the manifest. |
+| Helm values | `devops/helm/stellaops/values-*.yaml` (`services.web-ui`) | CI lints the chart; use `helm template` to confirm the rendered Deployment/Service carry the expected digest and env vars. |
 | Offline artefact (preview) | Generated via `oras copy registry.stella-ops.org/stellaops/web-ui@sha256:<digest> oci-archive:stellaops-web-ui-<channel>.tar` | Record SHA-256 in the downloads manifest (`DOWNLOADS-CONSOLE-23-001`) and sign with Cosign before shipping in the Offline Kit. |
 
 > **Tip:** Keep Compose/Helm digests in sync with the release manifest to preserve determinism. `deploy/tools/validate-profiles.sh` performs a quick cross-check.
@@ -26,7 +26,7 @@ This guide focuses on the new **StellaOps Console** container. Start with the ge
 
    ```bash
    mkdir stella-console && cd stella-console
-   cp /path/to/repo/deploy/compose/env/dev.env.example .env
+   cp /path/to/repo/devops/compose/env/dev.env.example .env
    ```
 
 2. **Add console configuration** – append the following to `.env` (adjust per environment):
@@ -53,15 +53,15 @@ This guide focuses on the new **StellaOps Console** container. Start with the ge
    ```bash
    cosign verify-blob \
      --key https://stella-ops.org/keys/cosign.pub \
-     --signature /path/to/repo/deploy/compose/docker-compose.dev.yaml.sig \
-     /path/to/repo/deploy/compose/docker-compose.dev.yaml
+     --signature /path/to/repo/devops/compose/docker-compose.dev.yaml.sig \
+     /path/to/repo/devops/compose/docker-compose.dev.yaml
    ```
 
 4. **Launch infrastructure + console**
 
    ```bash
-   docker compose --env-file .env -f /path/to/repo/deploy/compose/docker-compose.dev.yaml up -d postgres valkey rustfs
-   docker compose --env-file .env -f /path/to/repo/deploy/compose/docker-compose.dev.yaml up -d web-ui
+   docker compose --env-file .env -f /path/to/repo/devops/compose/docker-compose.dev.yaml up -d postgres valkey rustfs
+   docker compose --env-file .env -f /path/to/repo/devops/compose/docker-compose.dev.yaml up -d web-ui
    ```
 
    The `web-ui` service exposes the console on port `8443` by default. Change the published port in the Compose file if you need to front it with an existing reverse proxy.
@@ -108,15 +108,15 @@ This guide focuses on the new **StellaOps Console** container. Start with the ge
 2. **Render and validate**
 
    ```bash
-   helm template stella-console ./deploy/helm/stellaops -f console-values.yaml | \
+   helm template stella-console ./devops/helm/stellaops -f console-values.yaml | \
      grep -A2 'name: stellaops-web-ui' -A6 'image:'
    ```
 
 3. **Deploy**
 
    ```bash
-   helm upgrade --install stella-console ./deploy/helm/stellaops \
-     -f deploy/helm/stellaops/values-dev.yaml \
+   helm upgrade --install stella-console ./devops/helm/stellaops \
+     -f devops/helm/stellaops/values-dev.yaml \
      -f console-values.yaml
    ```
 
@@ -201,8 +201,8 @@ Track progress for the CLI commands via `DOCS-CONSOLE-23-014` (CLI vs UI parity
 ## 7 · References
 
 - `deploy/releases/<channel>.yaml` – Release manifest (digests, SBOM metadata).  
-- `deploy/compose/README.md` – Compose profile overview.  
-- `deploy/helm/stellaops/values-*.yaml` – Helm defaults per environment.  
+- `devops/compose/README.md` – Compose profile overview.  
+- `devops/helm/stellaops/values-*.yaml` – Helm defaults per environment.  
 - `/docs/deploy/console.md` – Detailed environment variables, CSP, health checks.  
 - `/docs/security/console-security.md` – Auth flows, scopes, DPoP, monitoring.  
 - `docs/UI_GUIDE.md` – Console workflows and offline posture.