old sprints work, new sprints for exposing functionality via cli, improve code_of_conduct and other agents instructions

docs/modules/policy/determinization-api.md

@@ -91,7 +91,49 @@ When receiving `GuardedPass`:
 
 ## 4. Determinization Rules
 
-The gate evaluates rules in priority order:
+The gate evaluates rules in priority order.
+
+### 4.1 Anchored Evidence Rules (v1.1)
+
+> **Sprint:** SPRINT_20260112_004_BE_policy_determinization_attested_rules
+
+Anchored evidence (DSSE-signed with optional Rekor transparency) takes highest priority in rule evaluation. These rules short-circuit evaluation when cryptographically attested evidence is present.
+
+| Priority | Rule | Condition | Result |
+|----------|------|-----------|--------|
+| 1 | AnchoredAffectedWithRuntimeHardFail | Anchored VEX affected + anchored runtime telemetry confirms loading | **Blocked** (hard fail) |
+| 2 | AnchoredVexNotAffectedAllow | Anchored VEX not_affected or fixed | Pass (short-circuit) |
+| 3 | AnchoredBackportProofAllow | Anchored backport proof detected | Pass (short-circuit) |
+| 4 | AnchoredUnreachableAllow | Anchored reachability shows unreachable | Pass (short-circuit) |
+
+**Anchor Metadata Fields:**
+
+Evidence anchoring is tracked via these fields on each evidence type:
+
+```json
+{
+  "anchor": {
+    "anchored": true,
+    "envelope_digest": "sha256:abc123...",
+    "predicate_type": "https://stellaops.io/vex/v1",
+    "rekor_log_index": 12345678,
+    "rekor_entry_id": "24296fb24b8ad77a...",
+    "scope": "finding",
+    "verified": true,
+    "attested_at": "2026-01-14T12:00:00Z"
+  }
+}
+```
+
+Evidence types with anchor support:
+- `VexClaimSummary` (via `VexClaimAnchor`)
+- `BackportEvidence`
+- `RuntimeEvidence`
+- `ReachabilityEvidence`
+
+### 4.2 Standard Rules
+
+Standard rules apply when no anchored evidence short-circuits evaluation:
 
 | Priority | Rule | Condition | Result |
 |----------|------|-----------|--------|