consolidation of some of the modules, localization fixes, product advisories work, qa work

docs/modules/web/architecture.md

@@ -169,17 +169,17 @@ Verification coverage:
 Release Orchestrator now provides a unified pipeline run-centric surface that links release status, approvals, deployment progress, evidence state, and first-signal telemetry:
 
 - Route registration:
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/dashboard.routes.ts`
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/runs/runs.routes.ts`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/dashboard/dashboard.routes.ts`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/runs/runs.routes.ts`
 - Feature implementation:
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/runs/models/pipeline-runs.models.ts`
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/runs/services/pipeline-runs.service.ts`
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/runs/pipeline-runs-list.component.ts`
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/runs/pipeline-run-detail.component.ts`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/runs/models/pipeline-runs.models.ts`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/runs/services/pipeline-runs.service.ts`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/runs/pipeline-runs-list.component.ts`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/runs/pipeline-run-detail.component.ts`
 - Dashboard integration entry point:
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/dashboard.component.html`
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/dashboard.component.ts`
-  - `src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/dashboard.component.scss`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/dashboard/dashboard.component.html`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/dashboard/dashboard.component.ts`
+  - `src/Web/StellaOps.Web/src/app/features/release-jobengine/dashboard/dashboard.component.scss`
 
 Run-centric behavior:
 
@@ -258,3 +258,41 @@ export const environment = {
 * UI module: `../ui/architecture.md`
 * Authority: `../authority/architecture.md`
 * Auth smoke tests: `../ui/operations/auth-smoke.md`
+
+## 6) Signed Score + Vulnerability Detail Contracts (Sprint 20260304_309)
+
+Delivered contracts:
+
+- `src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail.facade.ts`
+  - Single API-backed facade for vulnerability detail loading and signed-score verification.
+  - Consolidates route/malformed/not-found handling for both Security and Security-Risk route trees.
+- `src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail-page.component.ts`
+  - No static CVE payloads. Reads route id and renders deterministic loading/error/not-found states.
+  - Uses API-backed fields for CVSS/EPSS/KEV, environment impact, gate impact, and witness path.
+- `src/Web/StellaOps.Web/src/app/features/security-risk/vulnerability-detail-page.component.ts`
+  - Uses the shared Security vulnerability detail view; no placeholder text-only implementation remains.
+- `src/Web/StellaOps.Web/src/app/shared/components/score/signed-score-ribbon.component.ts`
+  - Reusable signed-score ribbon for vulnerability and triage detail contexts.
+  - Supports collapsed/expanded factor breakdown, provenance links, verify action, and policy gate badge (`pass|warn|block`).
+  - Reuses existing shared score primitives (`ScorePillComponent`, `ScoreBadgeComponent`) instead of duplicating score visuals.
+
+Scanner replay route contract (Web client):
+
+- Implemented by `src/Web/StellaOps.Web/src/app/core/api/proof.client.ts` (`ScoreReplayClient`).
+- Canonical paths:
+  - `POST /api/v1/scans/{scanId}/score/replay`
+  - `GET /api/v1/scans/{scanId}/score/bundle`
+  - `POST /api/v1/scans/{scanId}/score/verify`
+  - `GET /api/v1/scans/{scanId}/score/history`
+- Compatibility aliases remain backend-side (`/api/v1/score/{scanId}/...`) while clients migrate, but Web now uses canonical scanner routes.
+
+Coverage:
+
+- `src/Web/StellaOps.Web/src/app/core/api/proof.client.spec.ts`
+- `src/Web/StellaOps.Web/src/tests/sprint309/signed-score-ribbon.component.spec.ts`
+- `src/Web/StellaOps.Web/src/tests/sprint309/security-vulnerability-detail-page.component.spec.ts`
+- `src/Web/StellaOps.Web/src/tests/sprint309/security-risk-vulnerability-detail-page.component.spec.ts`
+
+Remaining planned FE capability (explicitly still planned):
+
+- Signed-score ribbon integration into additional triage detail canvases beyond vulnerability detail routes (not in sprint 309 scope).

docs/modules/web/unified-triage-specification.md

@@ -346,3 +346,16 @@ GET  /api/v1/actionables/delta/{id}
 - [Snyk Reachability Analysis](https://docs.snyk.io/manage-risk/prioritize-issues-for-fixing/reachability-analysis)
 - [Anchore Vulnerability Annotations](https://docs.anchore.com/current/docs/vulnerability_management/vuln_annotations/)
 - [Prisma Cloud Runtime Defense](https://docs.prismacloud.io/en/compute-edition/30/admin-guide/runtime-defense/)
+
+## 12. 2026-02-26 Batch Delivery Update
+
+This document is updated to reflect completed triage/risk/score parity work from:
+
+- `SPRINT_20260226_227_FE_triage_risk_score_widget_wiring_and_parity`
+
+Delivered coverage in this batch:
+
+- Evidence pill interactions in triage now route through deterministic verification and explanation paths.
+- Risk dashboard parity widgets (budget, verdict, diff, exceptions) are covered by active Playwright suites.
+- Findings score interactions include breakdown and score-history panel sourced from API responses.
+- Previously skipped `risk-dashboard` and `score-features` E2E suites were replaced with active deterministic mock-backed tests.