Add determinism tests for verdict artifact generation and update SHA256 sums script

- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering.
- Created helper methods for generating sample verdict inputs and computing canonical hashes.
- Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics.
- Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.

docs/assets/ui/tours/README.md

@@ -1,7 +0,0 @@
-# Archived: UI Tour Assets
-
-This directory previously contained draft UI tour capture notes/assets.
-
-It is intentionally kept only as a compatibility stub. For current Console guidance, see:
-
-- `docs/15_UI_GUIDE.md`

docs/assets/vuln-explorer/README.md

@@ -1,4 +1,4 @@
 Asset staging for Vuln Explorer Md.XI
-- Record SHA256 hashes in ../SHA256SUMS when dropping assets.
+- Record SHA256 hashes in the nearest README/CAPTURES document next to the asset entry (no separate manifest file).
 - Subdirs: console, api, cli, ledger, telemetry, rbac, runbook, advisory, sbom, vex.
 - Keep filenames deterministic and stable.

docs/assets/vuln-explorer/SHA256SUMS

@@ -1,83 +0,0 @@
-# Vuln Explorer Md.XI asset hashes
-# Format: <sha256>  <relative-path-under-docs>
-# Populate when captures/payloads land (screens, API/CLI samples, fixtures).
-# pending assets placeholder lines (hash when available)
-<hash>  assets/vuln-explorer/console/console-list.png
-<hash>  assets/vuln-explorer/console/console-detail.png
-<hash>  assets/vuln-explorer/console/console-shortcuts.md
-<hash>  assets/vuln-explorer/console/console-saved-view.json
-<hash>  assets/vuln-explorer/api/api-findings-list.json
-<hash>  assets/vuln-explorer/api/api-finding-detail.json
-<hash>  assets/vuln-explorer/api/api-action-post.json
-<hash>  assets/vuln-explorer/api/api-report-create.json
-<hash>  assets/vuln-explorer/api/api-vex-decision.json
-<hash>  assets/vuln-explorer/cli/cli-findings-list.json
-<hash>  assets/vuln-explorer/cli/cli-findings-view.json
-<hash>  assets/vuln-explorer/cli/cli-action.json
-<hash>  assets/vuln-explorer/cli/cli-report-create.json
-<hash>  assets/vuln-explorer/cli/cli-export-offline.json
-<hash>  assets/vuln-explorer/cli/cli-vex-decision.json
-<hash>  assets/vuln-explorer/ledger/ledger-history.jsonl
-<hash>  assets/vuln-explorer/ledger/ledger-actions.jsonl
-<hash>  assets/vuln-explorer/ledger/ledger-replay-output.json
-<hash>  assets/vuln-explorer/ledger/ledger-manifest.json
-<hash>  assets/vuln-explorer/telemetry/metrics-sample.json
-<hash>  assets/vuln-explorer/telemetry/logs-sample.jsonl
-<hash>  assets/vuln-explorer/telemetry/traces-sample.json
-<hash>  assets/vuln-explorer/telemetry/dashboard.json
-<hash>  assets/vuln-explorer/rbac/rbac-scope-table.md
-<hash>  assets/vuln-explorer/rbac/abac-claims.json
-<hash>  assets/vuln-explorer/rbac/attachment-token-flow.json
-<hash>  assets/vuln-explorer/runbook/runbook-projector-lag.md
-<hash>  assets/vuln-explorer/runbook/runbook-resolver-storm.json
-<hash>  assets/vuln-explorer/runbook/runbook-export-failure.json
-<hash>  assets/vuln-explorer/runbook/runbook-policy-activation.md
-<hash>  assets/vuln-explorer/advisory/advisory-normalized.json
-<hash>  assets/vuln-explorer/advisory/advisory-withdrawn.json
-<hash>  assets/vuln-explorer/advisory/advisory-bundle-manifest.json
-<hash>  assets/vuln-explorer/sbom/sbom-component-resolution.json
-<hash>  assets/vuln-explorer/sbom/sbom-path-dedupe.json
-<hash>  assets/vuln-explorer/sbom/safe-version-hints.json
-<hash>  assets/vuln-explorer/vex/vex-csaf-sample.json
-<hash>  assets/vuln-explorer/vex/vex-mapping-output.json
-<hash>  assets/vuln-explorer/vex/vex-precedence-table.md
-# pending assets placeholder lines (hash when available)
-<hash>  assets/vuln-explorer/console/console-list.png
-<hash>  assets/vuln-explorer/console/console-detail.png
-<hash>  assets/vuln-explorer/console/console-shortcuts.md
-<hash>  assets/vuln-explorer/console/console-saved-view.json
-<hash>  assets/vuln-explorer/api/api-findings-list.json
-<hash>  assets/vuln-explorer/api/api-finding-detail.json
-<hash>  assets/vuln-explorer/api/api-action-post.json
-<hash>  assets/vuln-explorer/api/api-report-create.json
-<hash>  assets/vuln-explorer/api/api-vex-decision.json
-<hash>  assets/vuln-explorer/cli/cli-findings-list.json
-<hash>  assets/vuln-explorer/cli/cli-findings-view.json
-<hash>  assets/vuln-explorer/cli/cli-action.json
-<hash>  assets/vuln-explorer/cli/cli-report-create.json
-<hash>  assets/vuln-explorer/cli/cli-export-offline.json
-<hash>  assets/vuln-explorer/cli/cli-vex-decision.json
-<hash>  assets/vuln-explorer/ledger/ledger-history.jsonl
-<hash>  assets/vuln-explorer/ledger/ledger-actions.jsonl
-<hash>  assets/vuln-explorer/ledger/ledger-replay-output.json
-<hash>  assets/vuln-explorer/ledger/ledger-manifest.json
-<hash>  assets/vuln-explorer/telemetry/metrics-sample.json
-<hash>  assets/vuln-explorer/telemetry/logs-sample.jsonl
-<hash>  assets/vuln-explorer/telemetry/traces-sample.json
-<hash>  assets/vuln-explorer/telemetry/dashboard.json
-<hash>  assets/vuln-explorer/rbac/rbac-scope-table.md
-<hash>  assets/vuln-explorer/rbac/abac-claims.json
-<hash>  assets/vuln-explorer/rbac/attachment-token-flow.json
-<hash>  assets/vuln-explorer/runbook/runbook-projector-lag.md
-<hash>  assets/vuln-explorer/runbook/runbook-resolver-storm.json
-<hash>  assets/vuln-explorer/runbook/runbook-export-failure.json
-<hash>  assets/vuln-explorer/runbook/runbook-policy-activation.md
-<hash>  assets/vuln-explorer/advisory/advisory-normalized.json
-<hash>  assets/vuln-explorer/advisory/advisory-withdrawn.json
-<hash>  assets/vuln-explorer/advisory/advisory-bundle-manifest.json
-<hash>  assets/vuln-explorer/sbom/sbom-component-resolution.json
-<hash>  assets/vuln-explorer/sbom/sbom-path-dedupe.json
-<hash>  assets/vuln-explorer/sbom/safe-version-hints.json
-<hash>  assets/vuln-explorer/vex/vex-csaf-sample.json
-<hash>  assets/vuln-explorer/vex/vex-mapping-output.json
-<hash>  assets/vuln-explorer/vex/vex-precedence-table.md

docs/assets/vuln-explorer/console/CAPTURES.md

@@ -1,13 +1,8 @@
 # Console Asset Captures for Vuln Explorer Documentation
 
-> **Status:** Ready for capture
-> **Last Updated:** 2025-12-06
-> **Owner:** Console Guild
-> **Hash Manifest:** See SHA256SUMS after capture
-
 ## Capture Instructions
 
-Run the console app locally and capture each screen:
+Run the Console locally and capture each screen listed below.
 
 ```bash
 # Start the dev environment
@@ -22,7 +17,7 @@ docker compose -f deploy/compose/docker-compose.dev.yaml up -d
 
 ### 1. Dashboard Overview
 
-**File:** `dashboard-overview.png`
+**File:** `dashboard-overview.png`  
 **Description:** Main dashboard showing vulnerability counts, risk scores, and recent activity.
 
 ```markdown
@@ -39,7 +34,7 @@ The dashboard provides:
 
 ### 2. Vulnerability Explorer List
 
-**File:** `vuln-explorer-list.png`
+**File:** `vuln-explorer-list.png`  
 **Description:** Vulnerability list view with filters and sorting.
 
 ```markdown
@@ -56,7 +51,7 @@ The vulnerability list shows:
 
 ### 3. Vulnerability Detail View
 
-**File:** `vuln-detail.png`
+**File:** `vuln-detail.png`  
 **Description:** Single vulnerability detail page with full context.
 
 ```markdown
@@ -75,7 +70,7 @@ The detail view includes:
 
 ### 4. Findings Ledger Timeline
 
-**File:** `findings-timeline.png`
+**File:** `findings-timeline.png`  
 **Description:** Timeline view of vulnerability findings and state changes.
 
 ```markdown
@@ -92,7 +87,7 @@ The timeline shows:
 
 ### 5. Risk Score Panel
 
-**File:** `risk-score-panel.png`
+**File:** `risk-score-panel.png`  
 **Description:** Risk score breakdown with contributing factors.
 
 ```markdown
@@ -109,7 +104,7 @@ The risk panel displays:
 
 ### 6. VEX Consensus View
 
-**File:** `vex-consensus.png`
+**File:** `vex-consensus.png`  
 **Description:** VEX consensus display showing multiple issuer statements.
 
 ```markdown
@@ -126,14 +121,14 @@ The VEX consensus view shows:
 
 ### 7. Policy Studio Editor
 
-**File:** `policy-studio-editor.png`
-**Description:** Policy Studio with Monaco editor and rule builder.
+**File:** `policy-studio-editor.png`  
+**Description:** Policy Studio with editor and rule builder.
 
 ```markdown
 ![Policy Studio Editor](./policy-studio-editor.png)
 
 The Policy Studio includes:
-- Monaco editor with StellaOps DSL highlighting
+- Policy editor with DSL highlighting
 - Rule builder sidebar
 - Simulation panel
 - Lint/compile feedback
@@ -143,7 +138,7 @@ The Policy Studio includes:
 
 ### 8. Air-Gap Status Panel
 
-**File:** `airgap-status.png`
+**File:** `airgap-status.png`  
 **Description:** Air-gap mode status and bundle information.
 
 ```markdown
@@ -160,23 +155,8 @@ The air-gap panel shows:
 
 ## After Capture
 
-1. Place captured images in this directory
-2. Generate hashes:
-   ```bash
-   sha256sum *.png > SHA256SUMS
-   ```
-3. Update `docs/assets/vuln-explorer/SHA256SUMS` with new entries
-4. Mark DOCS-CONSOLE-OBS-52-001 as DONE in sprint file
+1. Place captured images in this directory.
+2. Compute hashes:
+   - `sha256sum *.png`
+3. Record the sha256 next to each captured filename in this document (or in a sibling README where the asset is referenced).
 
-## Sample SHA256SUMS Entry
-
-```
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  dashboard-overview.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  vuln-explorer-list.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  vuln-detail.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  findings-timeline.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  risk-score-panel.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  vex-consensus.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  policy-studio-editor.png
-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  airgap-status.png
-```