consolidation of some of the modules, localization fixes, product advisories work, qa work

docs/modules/ui/api-strategy.md

@@ -396,7 +396,7 @@ export class SseService {
 // Usage in component
 @Component({...})
 export class JobDetailComponent {
-  jobUpdates$ = this.sse.connect<JobUpdate>(`/api/v1/orchestrator/jobs/${this.jobId}/stream`);
+  jobUpdates$ = this.sse.connect<JobUpdate>(`/api/v1/jobengine/jobs/${this.jobId}/stream`);
 }
 ```
 

docs/modules/ui/architecture.md

@@ -454,3 +454,11 @@ sequenceDiagram
 * **SBOM graph** visualization (force‑directed) for small components sets.
 * **Runtime session replay** (privacy‑safe) to debug operator workflows (opt‑in).
 * **Assistive wizards** for policy creation with guided templates.
+
+## 20) Advisory Commitments (2026-02-26 Batch)
+
+- `SPRINT_20260226_227_FE_triage_risk_score_widget_wiring_and_parity` delivers:
+  - triage evidence pill parity and quick-verify status clarity,
+  - risk dashboard widget parity with passing E2E coverage,
+  - findings score breakdown/history wiring to live API responses,
+  - removal of skipped risk/score E2E suites in favor of deterministic route mocks.

docs/modules/ui/information-architecture.md

@@ -96,11 +96,11 @@ This document defines the information architecture (IA) for the StellaOps web in
 | `/integrations/ci` | CiIntegrations | integrations.read | SPRINT_014 |
 | `/ops/health` | PlatformHealth | ops.health | SPRINT_032 |
 | `/ops/orchestrator` | OrchestratorDashboard | orch.read | existing |
-| `/ops/orchestrator/jobs` | OrchestratorJobs | orch.read | existing |
-| `/ops/orchestrator/jobs/:jobId` | OrchestratorJobDetail | orch.read | existing |
-| `/ops/orchestrator/quotas` | OrchestratorQuotas | orch.operator | existing |
-| `/ops/orchestrator/dead-letter` | DeadLetterManagement | orch.admin | SPRINT_030 |
-| `/ops/orchestrator/slo` | SloMonitoring | ops.read | SPRINT_031 |
+| `/ops/jobengine/jobs` | OrchestratorJobs | orch.read | existing |
+| `/ops/jobengine/jobs/:jobId` | OrchestratorJobDetail | orch.read | existing |
+| `/ops/jobengine/quotas` | OrchestratorQuotas | orch.operator | existing |
+| `/ops/jobengine/dead-letter` | DeadLetterManagement | orch.admin | SPRINT_030 |
+| `/ops/jobengine/slo` | SloMonitoring | ops.read | SPRINT_031 |
 | `/ops/scheduler` | SchedulerOps | scheduler.read | SPRINT_017 |
 | `/ops/packs` | PackRegistry | orchestrator.read | SPRINT_036 |
 | `/ops/signals` | SignalsDashboard | signals.read | SPRINT_037 |

docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md

@@ -29,7 +29,7 @@ Sprint: `20260218_005`, task `R0-06`
 | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
 | Dashboard | Dashboard v3 mission board | `source-of-truth.md 3.2`, `authority-matrix.md A: Dashboard`, `pack-16.md` | `/` (control-plane/dashboard variants) | `GET /api/v1/dashboard/summary`; existing promotion, approval, and scan summary endpoints | `EXISTS_COMPAT` | `Web` (composition) + `ReleaseOrchestrator`, `Policy`, `Scanner` | No new scopes; requires existing viewer scopes | Implemented in Platform pack adapters with deterministic data-confidence, CritR env breakdown, B/I/R coverage, and top-driver fields consumed by dashboard v3 cards | Route finalized to `/api/v1/dashboard/summary`; validated by `PackAdapterEndpointsTests` | `S00-T05-DASH-01` |
 | Release Control | Bundle catalog/detail/builder | `source-of-truth.md 3.1`, `authority-matrix.md A: bundles`, `pack-12.md` | `/release-control/bundles/*` | `GET /api/v1/release-control/bundles`; `GET /api/v1/release-control/bundles/{bundleId}`; `GET /api/v1/release-control/bundles/{bundleId}/versions`; `GET /api/v1/release-control/bundles/{bundleId}/versions/{versionId}`; `POST /api/v1/release-control/bundles`; `POST /api/v1/release-control/bundles/{bundleId}/versions`; `POST /api/v1/release-control/bundles/{bundleId}/versions/{versionId}/materialize` | `EXISTS_COMPAT` | `Platform` (`StellaOps.Platform.WebService`) | `orch:read` (read routes), `orch:operate` (create/publish/materialize) | Implemented with Postgres-backed lifecycle tables (`release.control_bundles*`) plus deterministic list ordering and idempotent materialization key handling | Collision with Evidence bundle export routes resolved by dedicated `/api/v1/release-control/*` namespace; frontend bundle surfaces are now API-bound (see sprint `20260219_003` RC3-06) | `S00-T05-RC-01` |
-| Release Control | Promotions list/create/detail | `source-of-truth.md 3.1`, `authority-matrix.md A: releases`, `pack-13.md` | `/release-control/promotions/*` | `GET /api/release-orchestrator/approvals` (list); `GET /api/release-orchestrator/approvals/{id}` (detail); `GET /api/release-orchestrator/releases/{releaseId}/available-environments` (target preflight); `GET /api/release-orchestrator/releases/{releaseId}/promotion-preview` (gate preflight); `POST /api/release-orchestrator/releases/{releaseId}/promote` (create); `POST /api/release-orchestrator/approvals/{id}/approve`; `POST /api/release-orchestrator/approvals/{id}/reject` | `EXISTS_COMPAT` | `ReleaseOrchestrator` | Existing `orch:read` / `orch:operate` | Legacy promotion/approval payloads are enriched with manifest digest, risk snapshot, hybrid reachability coverage, ops confidence, and decision digest via `ApprovalEndpoints.WithDerivedSignals` | Contract fields verified by `ReleaseControlV2EndpointsTests`; Pack 13 digest-first promotion cards no longer depend on frontend-only gap placeholders | `S00-T05-RC-02` |
+| Release Control | Promotions list/create/detail | `source-of-truth.md 3.1`, `authority-matrix.md A: releases`, `pack-13.md` | `/release-control/promotions/*` | `GET /api/release-jobengine/approvals` (list); `GET /api/release-jobengine/approvals/{id}` (detail); `GET /api/release-jobengine/releases/{releaseId}/available-environments` (target preflight); `GET /api/release-jobengine/releases/{releaseId}/promotion-preview` (gate preflight); `POST /api/release-jobengine/releases/{releaseId}/promote` (create); `POST /api/release-jobengine/approvals/{id}/approve`; `POST /api/release-jobengine/approvals/{id}/reject` | `EXISTS_COMPAT` | `ReleaseOrchestrator` | Existing `orch:read` / `orch:operate` | Legacy promotion/approval payloads are enriched with manifest digest, risk snapshot, hybrid reachability coverage, ops confidence, and decision digest via `ApprovalEndpoints.WithDerivedSignals` | Contract fields verified by `ReleaseControlV2EndpointsTests`; Pack 13 digest-first promotion cards no longer depend on frontend-only gap placeholders | `S00-T05-RC-02` |
 | Release Control | Run timeline, checkpoints, rollback | `source-of-truth.md 3.1`, `authority-matrix.md A: run timeline`, `pack-14.md` | `/deployments/*` and run views | `GET /api/v1/runs/{id}` (run detail); `GET /api/v1/runs/{id}/steps` (step list); `GET /api/v1/runs/{id}/steps/{stepId}` (step detail + logs); `POST /api/v1/runs/{id}/rollback` (trigger rollback) | `EXISTS_COMPAT` | `ReleaseOrchestrator` | Existing `orch:read` / `orch:operate` | Implemented v2 run contracts include ordered checkpoints plus explicit evidence-thread and log-artifact links; rollback returns deterministic accepted payload with guard state | `/api/v1/runs/*` and `/v1/runs/*` compatibility routes are live and test-backed; policy-coupled rollback guard hardening remains future work | `S00-T05-RUN-01` |
 | Approvals | Approvals v2 tabs and decision packet | `source-of-truth.md 3.3`, `authority-matrix.md A: approvals`, `pack-17.md` | `/approvals/*` | `GET /api/v1/approvals` (queue); `GET /api/v1/approvals/{id}` (detail); `GET /api/v1/approvals/{id}/gates` (gate trace); `GET /api/v1/approvals/{id}/evidence` (evidence packet); `GET /api/v1/approvals/{id}/security-snapshot` (security tab data); `GET /api/v1/approvals/{id}/ops-health` (ops/data tab); `POST /api/v1/approvals/{id}/decision` (approve/reject/defer/escalate) | `EXISTS_COMPAT` | `Policy` + `ReleaseOrchestrator` | Existing policy reviewer / approver scopes | v2 approvals adapter routes now return deterministic decision-packet shapes containing digest, gate trace, security snapshot (risk + B/I/R), and ops/data confidence payloads | Deterministic ordering and contract fields are verified in `ReleaseControlV2EndpointsTests` (queue determinism, gate ordering, decision mutation, not-found behavior) | `S00-T05-APR-01` |
 | Environment | Environment detail standard tabs | `source-of-truth.md 3.1 and 3.6`, `authority-matrix.md A: env detail`, `pack-18.md` | `/environments/*` | `GET /api/v1/environments/{id}` (detail); `GET /api/v1/environments/{id}/deployments` (deployment history); `GET /api/v1/environments/{id}/security-snapshot` (security state); `GET /api/v1/environments/{id}/evidence` (evidence summary); `GET /api/v1/environments/{id}/ops-health` (data confidence) | `EXISTS_COMPAT` | `ReleaseOrchestrator` | Existing `orch:read` | Pack-18 environment tab contracts are implemented with standardized header fields (manifest digest, risk snapshot, B/I/R coverage, ops confidence) and deterministic deployment ordering | Environment adapters are live under `/api/v1/environments/*` and validated in `ReleaseControlV2EndpointsTests` | `S00-T05-ENV-01` |

docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md

@@ -34,7 +34,7 @@ Supersedes for new IA planning: `S00_endpoint_contract_ledger_v1.md` remains his
 | Security | SBOM Explorer (table/graph/diff) | `source-of-truth.md 2.3`, `source-of-truth.md 3.5`, `pack-22.md 5` | `/security-risk/sbom`, `/security-risk/sbom-lake` | `GET /api/v2/security/sbom-explorer?mode=table|graph|diff` with release compare filters | `EXISTS_COMPAT` | `Scanner` + `Graph` + `Platform` | `platform.security.read` mapped to existing `findings:read` viewer scope | Shipped unified response envelope for table/graph/diff views with deterministic diff composition from migration `050` projection objects | Enables FE to collapse dual SBOM routes onto one v2 explorer contract | `S22-T05-SEC-03` |
 | Evidence | Evidence packs, audit, replay linkage from Releases/Security | `source-of-truth.md 3.6`, `pack-22.md 5`, `pack-20.md` | `/evidence-audit/*` (legacy) | Existing `/api/v1/evidence/*`; add release/finding correlation filters on `/api/v2/evidence/*` | `EXISTS_ADAPT` | `EvidenceLocker` + `Attestor` + `Platform` | Existing evidence read scopes | Add optional filters (`releaseId`, `findingId`, `approvalId`) and deterministic pagination | Ensures inline evidence references across modules | `S22-T06-EVID-01` |
 | Platform / Integrations | Advisory feeds and VEX source setup + health/activity | `source-of-truth.md 2.3`, `source-of-truth.md 3.8`, `pack-23.md 2`, `pack-10.md` | `/platform/integrations/feeds` | `GET /api/v2/integrations/feeds`; `GET /api/v2/integrations/vex-sources`; legacy `/api/v1/integrations/*` retained during migration | `EXISTS_COMPAT` | `Integrations` + `Concelier` + `Platform` | `platform.integrations.read` mapped to `advisory:read`; `platform.integrations.vex.read` mapped to `vex:read` | Shipped source-type discriminator plus status/freshness/last-sync metadata and Security/Dashboard consumer hints, backed by migration `051_IntegrationSourceHealth.sql` | Integrations setup + health routes are now v2-ready for FE cutover while legacy aliases remain available during transition | `S22-T07-INT-01` |
-| Platform / Ops | Platform health/data integrity/offline/scheduler | `source-of-truth.md 3.7`, `pack-23.md 2`, `pack-15.md` | `/platform/ops/*` | Existing `/api/v1/platform/data-integrity/*`, scheduler/orchestrator/health routes | `EXISTS_COMPAT` | `Platform` + `Scheduler` + `Orchestrator` | Existing ops scopes | No schema change required for baseline migration; route names will change in FE | Keep aliases from old path prefix during cutover | `S22-T08-OPS-01` |
+| Platform / Ops | Platform health/data integrity/offline/scheduler | `source-of-truth.md 3.7`, `pack-23.md 2`, `pack-15.md` | `/platform/ops/*` | Existing `/api/v1/platform/data-integrity/*`, scheduler/jobengine/health routes | `EXISTS_COMPAT` | `Platform` + `Scheduler` + `Orchestrator` | Existing ops scopes | No schema change required for baseline migration; route names will change in FE | Keep aliases from old path prefix during cutover | `S22-T08-OPS-01` |
 | Administration | Identity/tenant/notifications/usage/policy/system | `source-of-truth.md 3.9`, `pack-22.md 5`, `pack-21.md` | `/administration/*` | Existing `/api/v1/administration/*` | `EXISTS_COMPAT` | `Platform` + `Authority` + `Policy` | Existing admin scopes | No immediate schema change in Pack 22 baseline | Track trust-posture entry points from Evidence as FE task | `S22-T09-ADM-01` |
 
 ## Sign-off requirement