docs consolidation work

docs/modules/zastava/README.md

@@ -2,13 +2,13 @@
 
 Zastava monitors running workloads, verifies supply chain posture, and enforces runtime policy via Kubernetes admission webhooks.
 
-## Latest updates (2025-12-02)
-- DSSE-signed schemas, thresholds, exports, and deterministic `zastava-kit` bundle published under `docs/modules/zastava`; verification via `kit/verify.sh` and hashes in `SHA256SUMS`.
-- Sprint tracker `docs/implplan/SPRINT_0335_0001_0001_docs_modules_zastava.md` and module `TASKS.md` added to mirror status.
-- Observability runbook stub + dashboard placeholder added under `operations/` (offline import).
-- Surface.Env/Surface.Secrets adoption remains pending platform contracts; align with platform docs before enabling sealed mode.
-
-## Responsibilities
+## Latest updates (2025-12-02)
+- DSSE-signed schemas, thresholds, exports, and deterministic `zastava-kit` bundle published under `docs/modules/zastava`; verification via `kit/verify.sh` and hashes in `SHA256SUMS`.
+- Sprint tracker `docs/implplan/SPRINT_0335_0001_0001_docs_modules_zastava.md` and module `TASKS.md` added to mirror status.
+- Observability runbook stub + dashboard placeholder added under `operations/` (offline import).
+- Surface.Env/Surface.Secrets adoption remains pending platform contracts; align with platform docs before enabling sealed mode.
+
+## Responsibilities
 - Observe node/container activity and emit runtime events.
 - Validate signatures, SBOM presence, and backend verdicts before allowing containers.
 - Buffer and replay events during disconnections.
@@ -24,16 +24,61 @@ Zastava monitors running workloads, verifies supply chain posture, and enforces
 - Scanner/Scheduler for remediation triggers.
 - Notify/UI for runtime alerts and dashboards.
 
-## Operational notes
-- Runbook `./operations/observability.md` (stub) plus dashboard placeholder `./operations/dashboards/zastava-observability.json`.
-- Legacy runtime runbook assets remain under ./operations if present; keep offline kit bundles deterministic.
-- DPoP/mTLS rotation guidance shared with Authority.
+## Operational notes
+- Runbook `./operations/observability.md` (stub) plus dashboard placeholder `./operations/dashboards/zastava-observability.json`.
+- Legacy runtime runbook assets remain under ./operations if present; keep offline kit bundles deterministic.
+- DPoP/mTLS rotation guidance shared with Authority.
 
 ## Related resources
 - ./operations/runtime.md
 - ./operations/runtime-grafana-dashboard.json
 - ./operations/runtime-prometheus-rules.yaml
 
+## Implementation Status
+
+### Current Objectives
+- Maintain deterministic behaviour and offline parity across releases
+- Keep documentation, telemetry, and runbooks aligned with latest sprint outcomes
+- Coordinate with platform contracts before enabling sealed mode
+
+### Core Capabilities
+- Runtime event observation: node/container activity monitoring
+- Admission control: signature validation, SBOM presence, backend verdict checks
+- Disconnection resilience: event buffering and replay during network outages
+- Delta scan triggering when runtime posture drifts
+
+### Key Components
+- StellaOps.Zastava.Observer daemonset for runtime monitoring
+- StellaOps.Zastava.Webhook admission controller for policy enforcement
+- StellaOps.Zastava.Core shared contracts
+
+### Integration Points
+- Authority: OpToks and mTLS for secure communication
+- Scanner/Scheduler: remediation trigger coordination
+- Notify/UI: runtime alerts and dashboard visualization
+- Platform contracts: Surface.Env/Surface.Secrets (pending alignment)
+
+### Operational Assets (Sprint 0335 · 2025-12-02)
+- DSSE-signed schemas, thresholds, exports in docs/modules/zastava
+- Deterministic zastava-kit bundle with verification via kit/verify.sh
+- SHA256SUMS for bundle integrity validation
+- Observability runbook: operations/observability.md
+- Dashboard placeholder: operations/dashboards/zastava-observability.json
+- Legacy assets: operations/runtime.md, runtime-grafana-dashboard.json, runtime-prometheus-rules.yaml
+
+### Technical Decisions
+- Deterministic offline kit bundles with signed manifests
+- DPoP/mTLS rotation guidance shared with Authority
+- Surface.Env/Surface.Secrets adoption pending platform contract finalization
+
+### Coordination Approach
+- Review AGENTS.md before starting new work
+- Sync with cross-cutting teams via docs/implplan/SPRINT_*.md
+- Track backlog: ZASTAVA runtime tasks in ../../TASKS.md
+- Webhook smoke tests: src/Zastava/**/TASKS.md
+- Sprint tracker: docs/implplan/SPRINT_0335_0001_0001_docs_modules_zastava.md
+- Module status mirror: docs/modules/zastava/TASKS.md
+
 ## Backlog references
 - ZASTAVA runtime tasks in ../../TASKS.md.
 - Webhook smoke tests tracked in src/Zastava/**/TASKS.md.

docs/modules/zastava/implementation_plan.md

@@ -1,24 +0,0 @@
-# Implementation plan — Zastava
-
-## Current objectives
-- Maintain deterministic behaviour and offline parity across releases.
-- Keep documentation, telemetry, and runbooks aligned with the latest sprint outcomes.
-
-## Workstreams
-- Backlog grooming: reconcile open stories in ../../TASKS.md with this module's roadmap.
-- Implementation: collaborate with service owners to land feature work defined in SPRINTS/EPIC docs.
-- Validation: extend tests/fixtures to preserve determinism and provenance requirements.
-
-## Backlog references
-- ZASTAVA runtime tasks in ../../TASKS.md.
-- Webhook smoke tests tracked in src/Zastava/**/TASKS.md.
-
-## Coordination
-- Review ./AGENTS.md before picking up new work.
-- Sync with cross-cutting teams noted in `/docs/implplan/SPRINT_*.md`.
-- Update this plan whenever scope, dependencies, or guardrails change.
-
-## Sprint alignment (2025-11-30)
-- Docs refresh tracked in `docs/implplan/SPRINT_0335_0001_0001_docs_modules_zastava.md`; statuses mirrored in `docs/modules/zastava/TASKS.md`.
-- Observability evidence lives in `operations/observability.md` with Grafana JSON stub under `operations/dashboards/`.
-- Surface.Env/Surface.Secrets contracts remain dependencies; align with platform docs before enabling sealed mode.