consolidation of some of the modules, localization fixes, product advisories work, qa work

docs/modules/cli/guides/commands/sbom.md

@@ -59,6 +59,11 @@ The command performs the following verification checks:
 4. **Tool Version**: Verifies tool version metadata is present and valid.
 5. **Timestamp Validity**: Checks generation timestamp is within acceptable window.
 
+### 2026-02-26 parity note
+
+- `stella sbom verify` now follows verification-first behavior and no longer relies on structural placeholder checks.
+- Deterministic failure reasons are surfaced for missing trust roots, malformed signatures, and verification mismatch paths.
+
 ### Exit Codes
 
 | Code | Meaning |

docs/modules/cli/guides/commands/scan-replay.md

@@ -146,6 +146,11 @@ stella scan replay \
     --policy "sha256:policy321..."
 ```
 
+## 2026-02-26 parity note
+
+- Replay commands in UI and evidence exports are backend-generated and should be executed without placeholder edits.
+- `scan replay`, `timeline query/export`, and score explain/replay flows are aligned with deterministic backend contracts and error taxonomy.
+
 ## Related Commands
 
 | Command | Description |

docs/modules/cli/guides/output-and-exit-codes.md

@@ -32,3 +32,8 @@ stella task-runner simulate --output table
 ## Observability signals
 - When tracing headers are present (`traceparent`), CLI propagates them; otherwise it emits new span IDs only in verbose logs.
 - Metrics are not emitted by the CLI itself; servers capture request telemetry and can be correlated via the returned correlation/trace IDs printed on errors in verbose mode.
+
+## 2026-02-26 proof/replay contract note
+
+- Proof verification surfaces (`chain verify`, `bundle verify`, `sbom verify`, `witness verify`) emit deterministic error bodies and stable non-zero exit behavior when cryptographic checks fail.
+- Score explain/replay and scan replay flows avoid synthetic fallback payloads and return explicit contract errors for missing or malformed backend responses.