feat: Add Scanner CI runner and related artifacts

- Implemented `run-scanner-ci.sh` to build and run tests for the Scanner solution with a warmed NuGet cache.
- Created `excititor-vex-traces.json` dashboard for monitoring Excititor VEX observations.
- Added Docker Compose configuration for the OTLP span sink in `docker-compose.spansink.yml`.
- Configured OpenTelemetry collector in `otel-spansink.yaml` to receive and process traces.
- Developed `run-spansink.sh` script to run the OTLP span sink for Excititor traces.
- Introduced `FileSystemRiskBundleObjectStore` for storing risk bundle artifacts in the filesystem.
- Built `RiskBundleBuilder` for creating risk bundles with associated metadata and providers.
- Established `RiskBundleJob` to execute the risk bundle creation and storage process.
- Defined models for risk bundle inputs, entries, and manifests in `RiskBundleModels.cs`.
- Implemented signing functionality for risk bundle manifests with `HmacRiskBundleManifestSigner`.
- Created unit tests for `RiskBundleBuilder`, `RiskBundleJob`, and signing functionality to ensure correctness.
- Added filesystem artifact reader tests to validate manifest parsing and artifact listing.
- Included test manifests for egress scenarios in the task runner tests.
- Developed timeline query service tests to verify tenant and event ID handling.

docs/modules/platform/AGENTS.md

@@ -8,6 +8,7 @@ Platform module describes cross-cutting architecture, contracts, and guardrails
 - [Architecture](./architecture.md)
 - [Implementation plan](./implementation_plan.md)
 - [Task board](./TASKS.md)
+- [Architecture overview](./architecture-overview.md)
 
 ## How to get started
 1. Open sprint file `/docs/implplan/SPRINT_*.md` and locate the stories referencing this module.

docs/modules/platform/README.md

@@ -2,24 +2,31 @@
 
 Platform module describes cross-cutting architecture, contracts, and guardrails that bind the services together.
 
-## Responsibilities
-- Maintain the system-wide architecture overview and integration diagrams.
-- Capture Aggregation-Only Contract guidance and migration playbooks.
-- Document shared services such as API gateway, tenancy, quotas, and offline posture.
-- Coordinate platform-wide epics and compliance checklists.
+## Latest updates (2025-11-30)
+- Sprint tracker `docs/implplan/SPRINT_0324_0001_0001_docs_modules_platform.md` and module `TASKS.md` added to mirror status.
+- README now points to architecture overview, AOC references, and offline guidance entry points.
+- Platform module remains docs-only; no runtime services.
+
+## Responsibilities
+- Maintain the system-wide architecture overview and integration diagrams.
+- Capture Aggregation-Only Contract guidance and migration playbooks.
+- Document shared services such as API gateway, tenancy, quotas, and offline posture.
+- Coordinate platform-wide epics and compliance checklists.
 
-## Key components
-- Architecture overview in ./architecture-overview.md.
-- References to high-level docs (../../07_HIGH_LEVEL_ARCHITECTURE.md).
+## Key components
+- Architecture overview in `architecture-overview.md`.
+- Platform architecture summary in `architecture.md`.
+- High-level reference: `../../07_HIGH_LEVEL_ARCHITECTURE.md`.
 
 ## Integrations & dependencies
 - All StellaOps services via shared contracts (AOC, telemetry, security).
 - DevOps for release governance.
 - Docs guild for cross-module onboarding.
 
-## Operational notes
-- No runtime component; focus is architectural governance.
-- Glossaries and guardrails cross-linked across docs.
+## Operational notes
+- Docs-only module; focus is architectural governance and cross-module guardrails.
+- Glossaries and guardrails cross-linked across docs; keep AOC references current.
+- Status mirrors: sprint file and `docs/modules/platform/TASKS.md`.
 
 ## Backlog references
 - DOCS-AOC-19-002/003 in ../../TASKS.md.

docs/modules/platform/TASKS.md

@@ -0,0 +1,9 @@
+# Platform · TASKS (status mirror)
+
+| Task ID | Status | Owner(s) | Notes / Evidence |
+| --- | --- | --- | --- |
+| PLATFORM-DOCS-0001 | DONE (2025-11-30) | Docs Guild | README/architecture/implementation_plan refreshed; AOC/offline guardrails linked. |
+| PLATFORM-ENG-0001 | DONE (2025-11-30) | Module Team | TASKS board created; statuses mirrored with `docs/implplan/SPRINT_0324_0001_0001_docs_modules_platform.md`. |
+| PLATFORM-OPS-0001 | DONE (2025-11-30) | Ops Guild | Cross-links to architecture-overview and 07_HLA verified; offline guidance highlighted. |
+
+> Keep this table in lockstep with the sprint Delivery Tracker (TODO/DOING/DONE/BLOCKED updates go to both files).

docs/modules/platform/architecture.md

@@ -1,7 +1,18 @@
-# Platform architecture
-
-> Cross-cutting view anchored in the Authority, Policy, Graph, Vulnerability Explorer, Orchestrator, Export Center, and Notifications module documentation set.
-
-This placeholder summarises the planned architecture for Platform. Consolidate design details from implementation plans and upcoming epics before coding.
-
-Refer to the module README and implementation plan for immediate context, and update this document once component boundaries and data flows are finalised.
+# Platform architecture (summary)
+
+This module aggregates cross-cutting contracts and guardrails that every StellaOps service must follow.
+
+## Anchors
+- High-level system view: `../../07_HIGH_LEVEL_ARCHITECTURE.md`
+- Platform overview: `architecture-overview.md`
+- Aggregation-Only Contract: `../ingestion/aggregation-only-contract.md` (referenced across ingestion/observability docs)
+
+## Scope
+- **Identity & tenancy**: Authority-issued OpToks, tenant scoping, RBAC, short TTLs; see Authority module docs.
+- **AOC & provenance**: services ingest evidence without mutating/merging; provenance preserved; determinism required.
+- **Offline posture**: Offline Kit parity, sealed-mode defaults, deterministic bundles.
+- **Observability baseline**: metrics/logging/tracing patterns reused across modules; collectors documented under Telemetry module.
+- **Determinism**: stable ordering, UTC timestamps, content-addressed artifacts, reproducible exports.
+
+## Coordination
+Platform docs are the starting point for new contributors; keep this summary in sync with module-specific dossiers and sprint references.

docs/modules/platform/implementation_plan.md

@@ -16,7 +16,12 @@
 - **Epics 6–11:** ensure cross-cutting contracts (Explorer, Lens, AI, Orchestrator, Notifications) stay aligned.
 - Track additional platform updates in ../../TASKS.md and docs/implplan/SPRINTS.md.
 
-## Coordination
-- Review ./AGENTS.md before picking up new work.
-- Sync with cross-cutting teams noted in `/docs/implplan/SPRINT_*.md`.
-- Update this plan whenever scope, dependencies, or guardrails change.
+## Coordination
+- Review ./AGENTS.md before picking up new work.
+- Sync with cross-cutting teams noted in `/docs/implplan/SPRINT_*.md`.
+- Update this plan whenever scope, dependencies, or guardrails change.
+
+## Sprint alignment (2025-11-30)
+- Docs sprint: `docs/implplan/SPRINT_0324_0001_0001_docs_modules_platform.md`; statuses mirrored in `docs/modules/platform/TASKS.md`.
+- Keep links to `architecture-overview.md` and `../../07_HIGH_LEVEL_ARCHITECTURE.md` current; update both sprint and TASKS if platform guardrails change.
+- Platform is docs-only; ensure Offline Kit and AOC references remain discoverable from README/architecture.