old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions

docs/UI_GUIDE.md

@@ -62,12 +62,84 @@ See `docs/VEX_CONSENSUS_GUIDE.md` for the underlying concepts.
 
 See `docs/OFFLINE_KIT.md` for packaging and offline verification workflows.
 
+### Export Evidence Cards (v1.1)
+
+Evidence Cards are single-file exports containing SBOM excerpt, DSSE envelope, and optional Rekor receipt for offline verification.
+
+**To export an Evidence Card:**
+
+1. Open an evidence pack from **Findings** or **Runs** workspace.
+2. Click the **Export** dropdown in the pack viewer header.
+3. Select **Evidence Card** for full export or **Evidence Card (Compact)** for a smaller file without full SBOM.
+4. The browser downloads a `.evidence-card.json` file.
+
+**Evidence Card contents:**
+
+- `cardId`: Unique card identifier
+- `version`: Schema version (e.g., "1.0.0")
+- `packId`: Source evidence pack ID
+- `subject`: Finding/CVE/component metadata
+- `envelope`: DSSE signature envelope (when signed)
+- `sbomExcerpt`: Relevant SBOM component data (full export only)
+- `rekorReceipt`: Sigstore Rekor transparency log receipt (when available)
+- `contentDigest`: SHA-256 digest for verification
+
+**Content types:**
+
+- Full: `application/vnd.stellaops.evidence-card+json`
+- Compact: `application/vnd.stellaops.evidence-card-compact+json`
+
+See `docs/api/evidence-decision-api.openapi.yaml` for the complete schema.
+
 ## Offline / Air-Gap Expectations
 
 - The Console must operate against Offline Kit snapshots (no external lookups required).
 - The UI should surface snapshot identity and staleness budgets (feeds, VEX, policy versions).
 - Upload/import workflows for Offline Kit bundles should be auditable (who imported what, when).
 
+## Setup Wizard
+
+The Setup Wizard provides a guided interface for initial platform configuration and reconfiguration. It communicates with the Platform backend via `/api/v1/setup/*` endpoints.
+
+### Wizard Features
+
+- **Session-based workflow:** Sessions track progress across steps, enabling resume after interruption.
+- **Step validation:** Each step includes Doctor checks that validate configuration before proceeding.
+- **Dry-run mode:** Preview configuration changes before applying them.
+- **Error handling:** Problem+JSON errors are mapped to user-friendly messages with suggested fixes.
+- **Data freshness:** Stale data banners show when cached information may be outdated.
+- **Retry support:** Failed operations can be retried with backoff and attempt tracking.
+
+### Wizard Steps
+
+The wizard guides operators through these configuration areas:
+
+| Step | Category | Required | Description |
+|------|----------|----------|-------------|
+| Database | Infrastructure | Yes | PostgreSQL connection and migrations |
+| Cache | Infrastructure | Yes | Valkey/Redis connection |
+| Vault | Security | No | HashiCorp Vault, Azure Key Vault, or AWS Secrets Manager |
+| Settings Store | Configuration | No | Consul, etcd, or PostgreSQL-backed configuration |
+| Registry | Integration | No | Container registry connections |
+| Telemetry | Observability | No | OTLP endpoint configuration |
+
+### Using the Wizard
+
+1. Access the Setup Wizard from **Admin > Configuration Wizard** or during first-run.
+2. Complete required steps (Database, Cache) before optional integrations.
+3. Use **Test Connection** to validate credentials before applying.
+4. Review validation checks (Doctor diagnostics) for each step.
+5. Use dry-run mode to preview changes before committing.
+6. After completion, restart services to apply the configuration.
+
+### Reconfiguration
+
+To modify existing configuration:
+- Use `stella setup --reconfigure` (CLI) or **Admin > Configuration Wizard** (UI).
+- Individual steps can be reconfigured without re-running the entire wizard.
+
+See `docs/setup/setup-wizard-ux.md` for detailed UX specifications and CLI parity.
+
 ## Security and Access
 
 - Authentication is typically OIDC/OAuth2 via Authority; scopes/roles govern write actions.