product advisories add change contiang folder

docs/api/score-replay-api.md

@@ -279,4 +279,4 @@ curl -H "Authorization: Bearer $TOKEN" \
 
 - [Proof Bundle Format](./proof-bundle-format.md)
 - [Scanner Architecture](../modules/scanner/architecture.md)
-- [Determinism Requirements](../product-advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
+- [Determinism Requirements](../product/advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)

docs/api/smart-diff-types.md

@@ -320,6 +320,6 @@ if (result.Suppressed)
 
 ## Related Documentation
 
-- [Smart-Diff Technical Reference](../product-advisories/14-Dec-2025%20-%20Smart-Diff%20Technical%20Reference.md)
+- [Smart-Diff Technical Reference](../product/advisories/14-Dec-2025%20-%20Smart-Diff%20Technical%20Reference.md)
 - [Scanner Architecture](../modules/scanner/architecture.md)
 - [Policy Architecture](../modules/policy/architecture.md)

docs/api/unknowns-api.md

@@ -353,6 +353,6 @@ pressure = min(epss_normalized + kev_factor, 1.0)
 
 ## Related Documentation
 
-- [Unknowns Ranking Technical Reference](../product-advisories/14-Dec-2025%20-%20Triage%20and%20Unknowns%20Technical%20Reference.md)
+- [Unknowns Ranking Technical Reference](../product/advisories/14-Dec-2025%20-%20Triage%20and%20Unknowns%20Technical%20Reference.md)
 - [Scanner Architecture](../modules/scanner/architecture.md)
 - [Proof Bundle Format](../api/proof-bundle-format.md)

docs/benchmarks/competitive-implementation-milestones.md

@@ -1,6 +1,6 @@
 # Competitive Benchmark Implementation Milestones
 
-> Source: `docs/product-advisories/19-Dec-2025 - Benchmarking Container Scanners Against Stella Ops.md`
+> Source: `docs/product/advisories/19-Dec-2025 - Benchmarking Container Scanners Against Stella Ops.md`
 >
 > This document translates the competitive matrix into concrete implementation milestones with measurable acceptance criteria.
 
@@ -281,7 +281,7 @@ Each milestone should have corresponding benchmark tests in `bench/`:
 
 ## References
 
-- Source advisory: `docs/product-advisories/19-Dec-2025 - Benchmarking Container Scanners Against Stella Ops.md`
+- Source advisory: `docs/product/advisories/19-Dec-2025 - Benchmarking Container Scanners Against Stella Ops.md`
 - Moat spec: `docs/moat.md`
 - Key features: `docs/key-features.md`
 - Reachability delivery: `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md`

docs/benchmarks/fidelity-metrics.md

@@ -178,7 +178,7 @@ Configure fidelity options via `FidelityThresholds`:
 
 ## Related Documentation
 
-- [Determinism and Reproducibility Technical Reference](../product-advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
+- [Determinism and Reproducibility Technical Reference](../product/advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
 - [Determinism Scoring Foundations Sprint](../implplan/SPRINT_3401_0001_0001_determinism_scoring_foundations.md)
 - [Scanner Architecture](../modules/scanner/architecture.md)
 

docs/benchmarks/ground-truth-corpus.md

@@ -246,6 +246,6 @@ stellaops bench baseline update \
 
 ## Related Documentation
 
-- [Reachability Analysis Technical Reference](../product-advisories/14-Dec-2025%20-%20Reachability%20Analysis%20Technical%20Reference.md)
-- [Determinism and Reproducibility Technical Reference](../product-advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
+- [Reachability Analysis Technical Reference](../product/advisories/14-Dec-2025%20-%20Reachability%20Analysis%20Technical%20Reference.md)
+- [Determinism and Reproducibility Technical Reference](../product/advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
 - [Scanner Benchmark Submission Guide](submission-guide.md)

docs/benchmarks/signals/bench-determinism.md

@@ -49,7 +49,7 @@ for sbom, vex in zip(SBOMS, VEXES):
 - CI target `bench:determinism` producing determinism% and σ per scanner; optional `bench:reachability` to recompute graph hash and runtime hit stability.
 
 ## Links
-- Source advisory: `docs/product-advisories/23-Nov-2025 - Benchmarking Determinism in Vulnerability Scoring.md`
+- Source advisory: `docs/product/advisories/23-Nov-2025 - Benchmarking Determinism in Vulnerability Scoring.md`
 - Sprint task: BENCH-DETERMINISM-401-057 (SPRINT_0401_0001_0001_reachability_evidence_chain.md)
 
 ---

docs/benchmarks/smart-diff-wii.md

@@ -1,6 +1,6 @@
 # Smart-Diff Weighted Impact Index (WII)
 
-**Source Advisory:** `docs/product-advisories/unprocessed/16-Dec-2025 - Smart‑Diff Meets Call‑Stack Reachability.md`  
+**Source Advisory:** `docs/product/advisories/unprocessed/16-Dec-2025 - Smart‑Diff Meets Call‑Stack Reachability.md`  
 **Status:** Processed 2025-12-17
 
 ## Overview

docs/benchmarks/testing/better-testing-strategy-samples.md

@@ -1,6 +1,6 @@
 # Better Testing Strategy - Code Samples
 
-Source advisory: `docs/product-advisories/22-Dec-2026 - Better testing strategy.md`  
+Source advisory: `docs/product/advisories/22-Dec-2026 - Better testing strategy.md`  
 Note: These samples are carried over verbatim for reference and should remain offline-friendly and deterministic.
 
 ## Minimal primitives to standardize immediately

docs/benchmarks/tiered-precision-curves.md

@@ -114,7 +114,7 @@ Fail builds when:
 
 - [Ground-Truth Corpus Sprint](../implplan/archived/SPRINT_3500_0003_0001_ground_truth_corpus_ci_gates.md)
 - [Scanner Architecture](../modules/scanner/architecture.md)
-- [Reachability Analysis](../product-advisories/archived/2025-12-21-moat-gap-closure/14-Dec-2025%20-%20Reachability%20Analysis%20Technical%20Reference.md)
+- [Reachability Analysis](../product/advisories/archived/2025-12-21-moat-gap-closure/14-Dec-2025%20-%20Reachability%20Analysis%20Technical%20Reference.md)
 
 ## Overlap Analysis
 

docs/db/schemas/scan-metrics.md

@@ -191,5 +191,5 @@ psql -d stellaops -f 004_scan_metrics.sql
 ## Related
 
 - [Database Specification](./SPECIFICATION.md)
-- [Determinism Advisory §13.1](../product-advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
+- [Determinism Advisory §13.1](../product/advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
 - [Scheduler Schema](./schemas/scheduler.sql)

docs/dev/contributing/corpus-contribution-guide.md

@@ -297,5 +297,5 @@ stellaops bench corpus run --sample gt-NNNN --verbose --show-evidence
 ## Related Documentation
 
 - [Tiered Precision Curves](../benchmarks/tiered-precision-curves.md)
-- [Reachability Analysis](../product-advisories/14-Dec-2025%20-%20Reachability%20Analysis%20Technical%20Reference.md)
+- [Reachability Analysis](../product/advisories/14-Dec-2025%20-%20Reachability%20Analysis%20Technical%20Reference.md)
 - [Corpus Index Schema](../../datasets/reachability/schemas/corpus-sample.v1.json)

docs/dev/onboarding/dev-quickstart.md

@@ -5,7 +5,7 @@
 
 ---
 
-This quickstart mirrors the 29-Nov-2025 Developer Onboarding advisory (`docs/product-advisories/29-Nov-2025 - StellaOps – Mid-Level .NET Onboarding (Quick Start).md`) and keeps the determinism-first guidance in sync with that release note.
+This quickstart mirrors the 29-Nov-2025 Developer Onboarding advisory (`docs/product/advisories/29-Nov-2025 - StellaOps – Mid-Level .NET Onboarding (Quick Start).md`) and keeps the determinism-first guidance in sync with that release note.
 
 ## 1. What You’re Building (Context)
 

docs/dev/performance-testing-playbook.md

@@ -659,5 +659,5 @@ perf/
 ---
 
 **Document Version**: 1.0
-**Archived From**: docs/product-advisories/unprocessed/16-Dec-2025 - Reimagining Proof-Linked UX in Security Workflows.md
+**Archived From**: docs/product/advisories/unprocessed/16-Dec-2025 - Reimagining Proof-Linked UX in Security Workflows.md
 **Archive Reason**: Wrong content was pasted; this performance testing content preserved for future use.

docs/implplan/AGENTS.md

@@ -15,10 +15,10 @@
 - Avoid external URLs unless already present; prefer relative doc links.
 
 ## Advisory Handling (must do for every new advisory)
-- **Trigger:** any new/updated file in `docs/product-advisories/` (current or archived) automatically requires updates below—no chat approval.
+- **Trigger:** any new/updated file in `docs/product/advisories/` (current or archived) automatically requires updates below—no chat approval.
 - **Docs:** add/update a high-level page in `docs/` (vision/key-features) and a detailed page in the closest area (`docs/modules/reach-graph/*`, `docs/benchmarks/*`, `docs/modules/<module>/*`, etc.). Inline only short snippets; place runnable/long code in `docs/benchmarks/**` or `tests/**` (deterministic, offline-friendly) and link.
 - **Sprints:** add Delivery Tracker rows in the relevant `SPRINT_*.md`, include doc paths, owners, deps; add an Execution Log line and risks/interlocks (schema/feed freeze, transparency caps) when needed.
-- **De-dup:** check `docs/product-advisories/archived/`; mark “supersedes/extends <advisory>` if overlapping to avoid duplicate tasks.
+- **De-dup:** check `docs/product/advisories/archived/`; mark “supersedes/extends <advisory>` if overlapping to avoid duplicate tasks.
 - **Defaults:** hybrid reachability posture (graph DSSE required; edge-bundle optional), deterministic/frozen feeds, offline-ready benches.
 - **Do not defer:** execute steps immediately, then report.
 

docs/modules/airgap/guides/advisory-implementation-roadmap.md

@@ -333,7 +333,7 @@ src/Authority/
 
 ## References
 
-- [14-Dec-2025 Offline and Air-Gap Technical Reference](../product-advisories/14-Dec-2025%20-%20Offline%20and%20Air-Gap%20Technical%20Reference.md)
+- [14-Dec-2025 Offline and Air-Gap Technical Reference](../product/advisories/14-Dec-2025%20-%20Offline%20and%20Air-Gap%20Technical%20Reference.md)
 - [Air-Gap Mode Playbook](./airgap-mode.md)
 - [Offline Kit Documentation](../OFFLINE_KIT.md)
 - [Importer](./importer.md)

docs/modules/airgap/guides/offline-parity-verification.md

@@ -507,8 +507,8 @@ groups:
 ## 9. REFERENCES
 
 - [Offline Update Kit (OUK)](../OFFLINE_KIT.md)
-- [Offline and Air-Gap Technical Reference](../product-advisories/14-Dec-2025%20-%20Offline%20and%20Air-Gap%20Technical%20Reference.md)
-- [Determinism and Reproducibility Technical Reference](../product-advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
+- [Offline and Air-Gap Technical Reference](../product/advisories/14-Dec-2025%20-%20Offline%20and%20Air-Gap%20Technical%20Reference.md)
+- [Determinism and Reproducibility Technical Reference](../product/advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
 - [Determinism CI Harness](../modules/scanner/design/determinism-ci-harness.md)
 - [Performance Baselines](../benchmarks/performance-baselines.md)
 

docs/modules/attestor/proof-chain-specification.md

@@ -2,7 +2,7 @@
 
 **Version**: 1.0
 **Status**: Implementation Ready
-**Source**: `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+**Source**: `docs/product/advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
 **Last Updated**: 2025-12-14
 
 ---

docs/modules/attestor/proof-spine-algorithm.md

@@ -210,6 +210,6 @@ public record ProofSpineResult
 
 ## Related Documentation
 
-- [Proof and Evidence Chain Technical Reference](../product-advisories/14-Dec-2025%20-%20Proof%20and%20Evidence%20Chain%20Technical%20Reference.md) - §2.4, §4.2, §9
+- [Proof and Evidence Chain Technical Reference](../product/advisories/14-Dec-2025%20-%20Proof%20and%20Evidence%20Chain%20Technical%20Reference.md) - §2.4, §4.2, §9
 - [Content-Addressed IDs](./content-addressed-ids.md)
 - [DSSE Predicates](./dsse-predicates.md)

docs/modules/attestor/rekor-verification-design.md

@@ -688,4 +688,4 @@ attestor:
 - [RFC 6962: Certificate Transparency](https://datatracker.ietf.org/doc/html/rfc6962)
 - [Sigstore Rekor](https://github.com/sigstore/rekor)
 - [Transparency.dev Checkpoint Format](https://github.com/transparency-dev/formats)
-- [Advisory: Rekor Integration Technical Reference](../../../product-advisories/14-Dec-2025%20-%20Rekor%20Integration%20Technical%20Reference.md)
+- [Advisory: Rekor Integration Technical Reference](../../../product/advisories/14-Dec-2025%20-%20Rekor%20Integration%20Technical%20Reference.md)

docs/modules/attestor/transparency.md

@@ -10,7 +10,7 @@ This document freezes the **offline verification inputs** used by Attestor in se
 
 ## Offline Inputs (Air-Gap / Sealed Mode)
 
-Baseline directory layout is defined in `docs/product-advisories/14-Dec-2025 - Offline and Air-Gap Technical Reference.md`:
+Baseline directory layout is defined in `docs/product/advisories/14-Dec-2025 - Offline and Air-Gap Technical Reference.md`:
 
 ```
 /evidence/
@@ -26,7 +26,7 @@ Baseline directory layout is defined in `docs/product-advisories/14-Dec-2025 - O
 The offline kit (or any offline DSSE evidence pack) may include a Rekor receipt alongside a DSSE statement.
 
 - **Schema:** `docs/modules/attestor/schemas/rekor-receipt.schema.json`
-- **Source:** `docs/product-advisories/14-Dec-2025 - Rekor Integration Technical Reference.md` (Section 13.1) and `docs/product-advisories/14-Dec-2025 - Offline and Air-Gap Technical Reference.md` (Section 1.4)
+- **Source:** `docs/product/advisories/14-Dec-2025 - Rekor Integration Technical Reference.md` (Section 13.1) and `docs/product/advisories/14-Dec-2025 - Offline and Air-Gap Technical Reference.md` (Section 1.4)
 
 Fields:
 - `uuid`: Rekor entry UUID.
@@ -50,7 +50,7 @@ Contract:
 
 Contract:
 - Files are **NDJSON** (one JSON object per line).
-- Each line uses the "Rekor Entry Structure" defined in `docs/product-advisories/14-Dec-2025 - Rekor Integration Technical Reference.md` (Section 4).
+- Each line uses the "Rekor Entry Structure" defined in `docs/product/advisories/14-Dec-2025 - Rekor Integration Technical Reference.md` (Section 4).
 - **Deterministic ordering**:
   - File names sort lexicographically (Ordinal).
   - Within each file, lines sort by `rekor.logIndex` ascending.

docs/modules/authority/gaps/2025-12-04-auth-gaps-au1-au10.md

@@ -1,6 +1,6 @@
 # Authority Gap Remediation · AU1–AU10 (31-Nov-2025 Findings)
 
-Source: `docs/product-advisories/31-Nov-2025 FINDINGS.md` (AU1–AU10). Scope covers Authority scoping, crypto posture, and verifier/offline expectations.
+Source: `docs/product/advisories/31-Nov-2025 FINDINGS.md` (AU1–AU10). Scope covers Authority scoping, crypto posture, and verifier/offline expectations.
 
 ## Deliverables & Evidence Map
 | ID | Requirement (from advisory) | Authority deliverable | Evidence & location |

docs/modules/authority/gaps/2025-12-04-rekor-receipt-gaps-rr1-rr10.md

@@ -1,6 +1,6 @@
 # Rekor Receipt Remediation · RR1–RR10 (Authority/Attestor/Sbomer)
 
-Source: `docs/product-advisories/31-Nov-2025 FINDINGS.md` (RR1–RR10). Scope is Rekor receipt schema/catalog and offline verification path consumed by Authority + Sbomer + Attestor.
+Source: `docs/product/advisories/31-Nov-2025 FINDINGS.md` (RR1–RR10). Scope is Rekor receipt schema/catalog and offline verification path consumed by Authority + Sbomer + Attestor.
 
 ## Deliverables & Evidence Map
 | ID | Requirement | Deliverable | Evidence & location |

docs/modules/authority/verdict-manifest.md

@@ -3,7 +3,7 @@
 > **Status**: Implementation Complete (Sprint 7100)
 > **Version**: 1.0.0
 > **Last Updated**: 2025-12-22
-> **Source Advisory**: `docs/product-advisories/archived/22-Dec-2026 - Building a Trust Lattice for VEX Sources.md`
+> **Source Advisory**: `docs/product/advisories/archived/22-Dec-2026 - Building a Trust Lattice for VEX Sources.md`
 
 ## 1. Overview
 

docs/modules/binary-index/architecture.md

@@ -875,7 +875,7 @@ binaryindex:
 
 ## 10. References
 
-- Advisory: `docs/product-advisories/21-Dec-2025 - Mapping Evidence Within Compiled Binaries.md`
+- Advisory: `docs/product/advisories/21-Dec-2025 - Mapping Evidence Within Compiled Binaries.md`
 - Scanner Native Analysis: `src/Scanner/StellaOps.Scanner.Analyzers.Native/`
 - Existing Fingerprinting: `src/Scanner/__Libraries/StellaOps.Scanner.EntryTrace/Binary/`
 - Build-ID Index: `src/Scanner/StellaOps.Scanner.Analyzers.Native/Index/`

docs/modules/evidence-locker/bundle-packaging.md

@@ -38,7 +38,7 @@ The endpoint reuses `EvidenceBundlePackagingService` and caches the packaged obj
 
 ## Verification guidance
 
-Upcoming EB1–EB10 remediation (Sprint 0161; advisory `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Evidence Bundle and Replay Contracts.md`):
+Upcoming EB1–EB10 remediation (Sprint 0161; advisory `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Evidence Bundle and Replay Contracts.md`):
 - Publish `bundle.manifest.schema.json` and `checksums.schema.json` with canonical JSON rules and signatures.
 - Document the Merkle hash recipe and DSSE predicate/log policy.
 - Ship an offline verifier script and golden bundles/replay fixtures to prove determinism.

docs/modules/evidence-locker/eb-gaps-161-007-plan.md

@@ -27,6 +27,6 @@ Working directory: `docs/implplan` (sprint coordination) with artefacts in `docs
 - Bump Evidence Locker and CLI SemVer and changelog once above artefacts are wired (EB10) — **completed** with changelog v1.1.0 and fixture drop; wire binaries/CLI version in next release cut.
 
 ## Dependencies and Links
-- Advisory: `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Evidence Bundle and Replay Contracts.md`
+- Advisory: `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Evidence Bundle and Replay Contracts.md`
 - Replay rules: `docs/replay/DETERMINISTIC_REPLAY.md`
 - Sprint tracking: `docs/implplan/SPRINT_0161_0001_0001_evidencelocker.md` (EVID-GAPS-161-007)

docs/modules/excititor/trust-lattice.md

@@ -3,7 +3,7 @@
 > **Status**: Implementation Complete (Sprint 7100)
 > **Version**: 1.0.0
 > **Last Updated**: 2025-12-22
-> **Source Advisory**: `docs/product-advisories/archived/22-Dec-2026 - Building a Trust Lattice for VEX Sources.md`
+> **Source Advisory**: `docs/product/advisories/archived/22-Dec-2026 - Building a Trust Lattice for VEX Sources.md`
 
 ## 1. Overview
 

docs/modules/export-center/architecture.md

@@ -25,7 +25,7 @@ The Export Center is the dedicated service layer that packages StellaOps evidenc
 - Integrity: require checksum/signature headers and OCI annotations; mirror delta/tombstone rules documented for adapters.
 - Security: cross-tenant exports denied by default; enforce approval tokens and encryption recipient validation.
 - Offline parity: provide export-kit packaging + verify script for air-gap consumers; include fixtures under `src/ExportCenter/__fixtures`.
-- Advisory link: see `docs/product-advisories/28-Nov-2025 - Export Center and Reporting Strategy.md` (EC1–EC10) for original requirements and keep it alongside sprint tasks for implementers.
+- Advisory link: see `docs/product/advisories/28-Nov-2025 - Export Center and Reporting Strategy.md` (EC1–EC10) for original requirements and keep it alongside sprint tasks for implementers.
 
 ## Job lifecycle
 1. **Profile selection.** Operator or automation picks a profile (`json:raw`, `json:policy`, `trivy:db`, `trivy:java-db`, `mirror:full`, `mirror:delta`) and submits scope selectors (tenant, time window, products, SBOM subjects, ecosystems). See `docs/modules/export-center/profiles.md` for profile definitions and configuration fields.
@@ -88,7 +88,7 @@ Audit bundles are a specialized Export Center output: a deterministic, immutable
   - `GET /v1/audit-bundles` - List previously created bundles.
   - `GET /v1/audit-bundles/{bundleId}` - Returns job metadata (`Accept: application/json`) or streams bundle bytes (`Accept: application/octet-stream`).
 - **Typical contents**: vuln reports, SBOM(s), VEX decisions, policy evaluations, and DSSE attestations, plus an integrity root hash and optional OCI reference.
-- **Reference**: `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.
+- **Reference**: `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.
 
 ## Adapter responsibilities
 - **JSON (`json:raw`, `json:policy`).**

docs/modules/export-center/determinism.md

@@ -1,6 +1,6 @@
 # Export Center Determinism & Rerun Hash Guide
 
-Advisory anchor: `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Export Center and Reporting Strategy.md` (EC1–EC10).
+Advisory anchor: `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Export Center and Reporting Strategy.md` (EC1–EC10).
 
 ## EC1 — Signed schemas
 - Export profile schema: `docs/modules/export-center/schemas/export-profile.schema.json` (selectors, approvals, quotas).

docs/modules/findings-ledger/gaps-FL1-FL10.md

@@ -1,6 +1,6 @@
 # Findings Ledger — FL1–FL10 Remediation (LEDGER-GAPS-121-009)
 
-**Source advisory:** `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Findings Ledger and Immutable Audit Trail.md`  
+**Source advisory:** `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Findings Ledger and Immutable Audit Trail.md`  
 **Created:** 2025-12-02 · **Owner:** Findings Ledger Guild
 
 ## Gap closure map

docs/modules/gateway/architecture.md

@@ -457,7 +457,7 @@ spec:
 - Router ASP.NET Endpoint Bridge: `docs/modules/router/aspnet-endpoint-bridge.md`
 - Router Messaging (Valkey) Transport: `docs/modules/router/messaging-valkey-transport.md`
 - Authority Integration: `docs/modules/authority/architecture.md`
-- Reference Architecture: `docs/product-advisories/archived/2025-12-21-reference-architecture/`
+- Reference Architecture: `docs/product/advisories/archived/2025-12-21-reference-architecture/`
 
 ---
 

docs/modules/notify/gaps-nr1-nr10.md

@@ -1,4 +1,4 @@
-# Notify Gaps NR1–NR10 — Remediation Blueprint (source: `docs/product-advisories/31-Nov-2025 FINDINGS.md`)
+# Notify Gaps NR1–NR10 — Remediation Blueprint (source: `docs/product/advisories/31-Nov-2025 FINDINGS.md`)
 
 ## Scope
 Close NR1–NR10 by defining contracts, evidence, and deterministic test hooks for the Notifier runtime (service + worker + offline kit). This doc is the detailed layer referenced by sprint `SPRINT_0171_0001_0001_notifier_i` and NOTIFY-GAPS-171-014.

docs/modules/platform/architecture-overview.md

@@ -12,20 +12,20 @@ This dossier summarises the end-to-end runtime topology after the Aggregation-On
 
 > Testing strategy models and CI lanes live in `docs/technical/testing/testing-strategy-models.md`, with the source catalog in `docs/technical/testing/TEST_CATALOG.yml`.
 
-> Planner note: the [SBOM→VEX proof blueprint](../product-advisories/29-Nov-2025 - SBOM to VEX Proof Pipeline Blueprint.md) shows the DSSE → Rekor v2 tiles → VEX linkage, so threat-model and compliance teams can copy the capture/verification checkpoints.
+> Planner note: the [SBOM→VEX proof blueprint](../product/advisories/29-Nov-2025 - SBOM to VEX Proof Pipeline Blueprint.md) shows the DSSE → Rekor v2 tiles → VEX linkage, so threat-model and compliance teams can copy the capture/verification checkpoints.
 
-> Working on a feature? Check the [Implementor Guidelines](../product-advisories/30-Nov-2025 - Implementor Guidelines for Stella Ops.md) to align with the SRS + release playbook checklist before you merge anything into main.
+> Working on a feature? Check the [Implementor Guidelines](../product/advisories/30-Nov-2025 - Implementor Guidelines for Stella Ops.md) to align with the SRS + release playbook checklist before you merge anything into main.
 
-> Need to prove Rekor receipts? The [Rekor Receipt Checklist](../product-advisories/30-Nov-2025 - Rekor Receipt Checklist for Stella Ops.md) maps each field to a module owner and explains offline metadata for deterministic re-verification.
+> Need to prove Rekor receipts? The [Rekor Receipt Checklist](../product/advisories/30-Nov-2025 - Rekor Receipt Checklist for Stella Ops.md) maps each field to a module owner and explains offline metadata for deterministic re-verification.
 
-> Taming unknowns? The [Unknowns Decay & Triage Heuristics](../product-advisories/30-Nov-2025 - Unknowns Decay & Triage Heuristics.md) explains the confidence decay card, triage queue view, and the daily export artifact for planning.
+> Taming unknowns? The [Unknowns Decay & Triage Heuristics](../product/advisories/30-Nov-2025 - Unknowns Decay & Triage Heuristics.md) explains the confidence decay card, triage queue view, and the daily export artifact for planning.
 
-> Check the [Ecosystem Reality Test Cases](../product-advisories/30-Nov-2025 - Ecosystem Reality Test Cases for StellaOps.md) for reproducible acceptance tests based on credential leaks, offline DB schema issues, SBOM parity drift, and scanner version divergence.
+> Check the [Ecosystem Reality Test Cases](../product/advisories/30-Nov-2025 - Ecosystem Reality Test Cases for StellaOps.md) for reproducible acceptance tests based on credential leaks, offline DB schema issues, SBOM parity drift, and scanner version divergence.
 
-> Need unblocker tasks? The [Standup Sprint Kickstarters](../product-advisories/30-Nov-2025 - Standup Sprint Kickstarters.md) lists three day-0 wins (scanner regressions, Postgres slice, DSSE/Rekor sweep) plus ready-to-copy ticket names.
-> Compare how evidence/suppression/audit flows work elsewhere via the [Comparative Evidence Patterns](../product-advisories/30-Nov-2025 - Comparative Evidence Patterns for Stella Ops.md) brief—Snyk, GitHub, Aqua, Anchore/Grype, Prisma Cloud, and the UX trade-offs.
+> Need unblocker tasks? The [Standup Sprint Kickstarters](../product/advisories/30-Nov-2025 - Standup Sprint Kickstarters.md) lists three day-0 wins (scanner regressions, Postgres slice, DSSE/Rekor sweep) plus ready-to-copy ticket names.
+> Compare how evidence/suppression/audit flows work elsewhere via the [Comparative Evidence Patterns](../product/advisories/30-Nov-2025 - Comparative Evidence Patterns for Stella Ops.md) brief—Snyk, GitHub, Aqua, Anchore/Grype, Prisma Cloud, and the UX trade-offs.
 
-> Evaluate public scanner incidents? The [Ecosystem Test Cases](../product-advisories/30-Nov-2025 - Ecosystem Test Cases for StellaOps.md) document five hardened regressions (Grype credential leak, Trivy offline schema, SBOM parity, Grype instability) that you can turn into acceptance tests today.
+> Evaluate public scanner incidents? The [Ecosystem Test Cases](../product/advisories/30-Nov-2025 - Ecosystem Test Cases for StellaOps.md) document five hardened regressions (Grype credential leak, Trivy offline schema, SBOM parity, Grype instability) that you can turn into acceptance tests today.
 
 ## 1 · System landscape
 

docs/modules/platform/explainable-triage-implementation-plan.md

@@ -201,7 +201,7 @@ Per advisory, a release is "done" only if:
 
 ## References
 
-- **Advisory**: `docs/product-advisories/archived/21-Dec-2025 - Designing Explainable Triage Workflows.md`
+- **Advisory**: `docs/product/advisories/archived/21-Dec-2025 - Designing Explainable Triage Workflows.md`
 - **Sprint Summary**: `docs/implplan/SPRINT_7000_SUMMARY.md`
 - **Individual Sprints**: `docs/implplan/SPRINT_7000_*.md`
 

docs/modules/platform/moat-gap-analysis.md

@@ -272,5 +272,5 @@ This document captures the gap analysis between the competitive moat advisory an
 ## References
 
 - **Sprints**: `docs/implplan/SPRINT_4300_*.md`, `SPRINT_4400_*.md`, `SPRINT_4500_*.md`, `SPRINT_4600_*.md`
-- **Original Advisory**: `docs/product-advisories/archived/19-Dec-2025 - Stella Ops candidate features mapped to moat strength.md`
+- **Original Advisory**: `docs/product/advisories/archived/19-Dec-2025 - Stella Ops candidate features mapped to moat strength.md`
 - **Architecture**: `docs/ARCHITECTURE_OVERVIEW.md`

docs/modules/platform/proof-driven-moats-architecture.md

@@ -781,9 +781,9 @@ audit-bundle-{artifact-digest}.stella.bundle.tgz
 
 ### 12.1 Product Advisories
 
-- `docs/product-advisories/23-Dec-2026 - Proof‑Driven Moats Stella Ops Can Ship.md`
-- `docs/product-advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
-- `docs/product-advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
+- `docs/product/advisories/23-Dec-2026 - Proof‑Driven Moats Stella Ops Can Ship.md`
+- `docs/product/advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
+- `docs/product/advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
 
 ### 12.2 Standards
 

docs/modules/policy/architecture.md

@@ -682,13 +682,13 @@ stella exception status <request-id>
 
 The following product advisories provide strategic context for Policy Engine features:
 
-- **[Consolidated: Diff-Aware Release Gates and Risk Budgets](../../product-advisories/CONSOLIDATED%20-%20Diff-Aware%20Release%20Gates%20and%20Risk%20Budgets.md)** — Master reference for risk budgets, delta verdicts, VEX trust scoring, and release gate policies. Key sections:
+- **[Consolidated: Diff-Aware Release Gates and Risk Budgets](../../product/advisories/CONSOLIDATED%20-%20Diff-Aware%20Release%20Gates%20and%20Risk%20Budgets.md)** — Master reference for risk budgets, delta verdicts, VEX trust scoring, and release gate policies. Key sections:
   - §2 Risk Budget Model: Service tier definitions and RP scoring formulas
   - §4 Delta Verdict Engine: Deterministic evaluation pipeline and replay contract
   - §5 Smart-Diff Algorithm: Material risk change detection rules
   - §7 VEX Trust Scoring: Confidence/freshness lattice for VEX source weighting
 
-- **[Consolidated: Deterministic Evidence and Verdict Architecture](../../product-advisories/CONSOLIDATED%20-%20Deterministic%20Evidence%20and%20Verdict%20Architecture.md)** — Master reference for determinism guarantees, canonical serialization, and signing. Key sections:
+- **[Consolidated: Deterministic Evidence and Verdict Architecture](../../product/advisories/CONSOLIDATED%20-%20Deterministic%20Evidence%20and%20Verdict%20Architecture.md)** — Master reference for determinism guarantees, canonical serialization, and signing. Key sections:
   - §3 Canonical Serialization: RFC 8785 JCS + Unicode NFC rules
   - §5 Signing & Attestation: Keyless signing with Sigstore
   - §6 Proof-Carrying Reachability: Minimal proof chains
@@ -696,7 +696,7 @@ The following product advisories provide strategic context for Policy Engine fea
 
 - **[Determinism Specification](../../technical/architecture/determinism-specification.md)** — Technical specification for all digest algorithms (VerdictId, EvidenceId, GraphRevisionId, ManifestId) and canonicalization rules.
 
-- **[Smart-Diff Technical Reference](../../product-advisories/archived/2025-12-21-moat-gap-closure/14-Dec-2025%20-%20Smart-Diff%20Technical%20Reference.md)** — Detailed algorithm specifications for reachability gates, delta computation, and call-stack analysis.
+- **[Smart-Diff Technical Reference](../../product/advisories/archived/2025-12-21-moat-gap-closure/14-Dec-2025%20-%20Smart-Diff%20Technical%20Reference.md)** — Detailed algorithm specifications for reachability gates, delta computation, and call-stack analysis.
 
 ---
 

docs/modules/policy/contracts/spine-versioning-plan.md

@@ -79,4 +79,4 @@ Establish versioned spine API/DTO schemas with migration rules, determinism guar
 
 ## Links
 - Sprint: `docs/implplan/SPRINT_0186_0001_0001_record_deterministic_execution.md` (SP1–SP10)
-- Advisory: `docs/product-advisories/31-Nov-2025 FINDINGS.md`
+- Advisory: `docs/product/advisories/31-Nov-2025 FINDINGS.md`

docs/modules/policy/cvss-v4.md

@@ -1,6 +1,6 @@
 # CVSS v4.0 Receipts – Hardening Guide
 
-Source advisory: `docs/product-advisories/25-Nov-2025 - Add CVSS v4.0 Score Receipts for Transparency.md` (CV1–CV10). This guide turns the gaps into implementable rules for Sprint 0190.
+Source advisory: `docs/product/advisories/25-Nov-2025 - Add CVSS v4.0 Score Receipts for Transparency.md` (CV1–CV10). This guide turns the gaps into implementable rules for Sprint 0190.
 
 ## Canonical hashing (CV2)
 - Serializer: JSON Canonicalization Scheme (JCS).

docs/modules/policy/guides/score-policy-yaml.md

@@ -287,5 +287,5 @@ Future schema versions (e.g., `score.v2`) will include migration guides and back
 ## Related Documentation
 
 - [Architecture Overview](../ARCHITECTURE_OVERVIEW.md)
-- [Determinism Technical Reference](../product-advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
+- [Determinism Technical Reference](../product/advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md)
 - [Policy Engine Architecture](../modules/policy/architecture.md)

docs/modules/reach-graph/guides/gates.md

@@ -202,5 +202,5 @@ Gates are included in the reachability report:
 ## Related Documentation
 
 - [Reachability Architecture](../modules/scanner/architecture.md)
-- [Determinism Technical Reference](../product-advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md) - Sections 2.2, 4.3
+- [Determinism Technical Reference](../product/advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md) - Sections 2.2, 4.3
 - [Signals Service](../modules/signals/architecture.md)

docs/modules/reach-graph/guides/lead.md

@@ -73,6 +73,6 @@ Source: internal advisory “23-Nov-2025 - Where Stella Ops Can Truly Lead”.
 - `GET /vex/:artifact` — streams OpenVEX with embedded proofs.
 
 ## Links
-- Advisory source: `docs/product-advisories/23-Nov-2025 -  Where Stella Ops Can Truly Lead.md`
+- Advisory source: `docs/product/advisories/23-Nov-2025 -  Where Stella Ops Can Truly Lead.md`
 - Schemas: `docs/modules/reach-graph/guides/evidence-schema.md`, `docs/modules/reach-graph/guides/hybrid-attestation.md`
 - Sprint tracking: `docs/implplan/SPRINT_0401_0001_0001_reachability_evidence_chain.md`

docs/modules/scanner/AGENTS.md

@@ -31,13 +31,13 @@ Scanner analyses container images layer-by-layer, producing deterministic SBOM f
 - `docs/modules/scanner/architecture.md`
 - `docs/modules/scanner/implementation_plan.md`
 - `docs/modules/platform/architecture-overview.md`
-- `docs/product-advisories/CONSOLIDATED - Diff-Aware Release Gates and Risk Budgets.md` — Master reference for delta verdicts, smart-diff algorithms, and determinism requirements that Scanner must honor.
+- `docs/product/advisories/CONSOLIDATED - Diff-Aware Release Gates and Risk Budgets.md` — Master reference for delta verdicts, smart-diff algorithms, and determinism requirements that Scanner must honor.
 
 ## Related Product Advisories
-- **[Consolidated: Diff-Aware Release Gates and Risk Budgets](../../product-advisories/CONSOLIDATED%20-%20Diff-Aware%20Release%20Gates%20and%20Risk%20Budgets.md)** — Risk budgets, delta verdicts, smart-diff algorithms
-- **[Consolidated: Deterministic Evidence and Verdict Architecture](../../product-advisories/CONSOLIDATED%20-%20Deterministic%20Evidence%20and%20Verdict%20Architecture.md)** — Determinism guarantees, canonical serialization, keyless signing
+- **[Consolidated: Diff-Aware Release Gates and Risk Budgets](../../product/advisories/CONSOLIDATED%20-%20Diff-Aware%20Release%20Gates%20and%20Risk%20Budgets.md)** — Risk budgets, delta verdicts, smart-diff algorithms
+- **[Consolidated: Deterministic Evidence and Verdict Architecture](../../product/advisories/CONSOLIDATED%20-%20Deterministic%20Evidence%20and%20Verdict%20Architecture.md)** — Determinism guarantees, canonical serialization, keyless signing
 - **[Determinism Specification](../../technical/architecture/determinism-specification.md)** — Technical spec for digest algorithms and canonicalization rules
-- **[Smart-Diff Technical Reference](../../product-advisories/archived/2025-12-21-moat-gap-closure/14-Dec-2025%20-%20Smart-Diff%20Technical%20Reference.md)** — Detailed reachability gate and call-stack analysis specs
+- **[Smart-Diff Technical Reference](../../product/advisories/archived/2025-12-21-moat-gap-closure/14-Dec-2025%20-%20Smart-Diff%20Technical%20Reference.md)** — Detailed reachability gate and call-stack analysis specs
 
 ## Working Agreement
 - 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.

docs/modules/scanner/design/competitor-ingest-normalization.md

@@ -74,4 +74,4 @@ Define how external SBOM/scan outputs (Syft, Trivy, Clair) are normalized into S
 
 ## Links
 - Sprint: `docs/implplan/SPRINT_0186_0001_0001_record_deterministic_execution.md` (CM1–CM10)
-- Advisory: `docs/product-advisories/31-Nov-2025 FINDINGS.md`
+- Advisory: `docs/product/advisories/31-Nov-2025 FINDINGS.md`

docs/modules/scanner/design/standards-convergence-roadmap.md

@@ -72,4 +72,4 @@ Define the concrete steps for adopting CVSS v4.0, CycloneDX 1.7 (incl. CBOM), an
 
 ## Links
 - Sprint: `docs/implplan/SPRINT_0186_0001_0001_record_deterministic_execution.md` (tasks SC1–SC10)
-- Advisory: `docs/product-advisories/31-Nov-2025 FINDINGS.md`
+- Advisory: `docs/product/advisories/31-Nov-2025 FINDINGS.md`

docs/modules/scanner/epss-integration.md

@@ -1,6 +1,6 @@
 # EPSS Integration Architecture
 
-> **Advisory Source**: `docs/product-advisories/16-Dec-2025 - Merging EPSS v4 with CVSS v4 Frameworks.md`  
+> **Advisory Source**: `docs/product/advisories/16-Dec-2025 - Merging EPSS v4 with CVSS v4 Frameworks.md`  
 > **Last Updated**: 2025-12-17  
 > **Status**: Approved for Implementation
 

docs/modules/scanner/reachability-drift.md

@@ -165,5 +165,5 @@ See `docs/api/scanner-drift-api.md` for details.
 - `docs/implplan/archived/SPRINT_3600_0003_0001_drift_detection_engine.md`
 - `docs/api/scanner-drift-api.md`
 - `docs/operations/reachability-drift-guide.md`
-- `docs/product-advisories/archived/17-Dec-2025 - Reachability Drift Detection.md`
+- `docs/product/advisories/archived/17-Dec-2025 - Reachability Drift Detection.md`
 - `src/Scanner/__Libraries/StellaOps.Scanner.ReachabilityDrift/`

docs/modules/scheduler/hlc-migration-guide.md

@@ -187,4 +187,4 @@ The `scheduler_log` table can be retained for audit purposes or dropped if no lo
 
 - [Scheduler Architecture](architecture.md)
 - [HLC Library Documentation](../../__Libraries/StellaOps.HybridLogicalClock/README.md)
-- [Product Advisory: Audit-safe Job Queue Ordering](../../product-advisories/audit-safe-job-queue-ordering.md)
+- [Product Advisory: Audit-safe Job Queue Ordering](../../product/advisories/audit-safe-job-queue-ordering.md)

docs/modules/signals/architecture.md

@@ -207,7 +207,7 @@ The Signals module maintains strict determinism:
 
 ## Related Documentation
 
-- Product Advisory: `docs/product-advisories/24-Dec-2025 - Evidence-Weighted Score Model.md`
+- Product Advisory: `docs/product/advisories/24-Dec-2025 - Evidence-Weighted Score Model.md`
 - Sprint Plans: `docs/implplan/SPRINT_8200_0012_*.md`
 - Policy Confidence (deprecated): `docs/modules/policy/confidence-scoring.md`
 - Backport Detection: `docs/modules/concelier/backport-detection.md`

docs/modules/signals/decay/2025-12-01-confidence-decay.md

@@ -1,7 +1,7 @@
 # Confidence Decay Controls · Signals Runtime
 
 **Compiled:** 2025-12-01 (UTC)
-**Scope:** Close U1–U10 gaps from `docs/product-advisories/31-Nov-2025 FINDINGS.md` for confidence decay of unknowns/signals.
+**Scope:** Close U1–U10 gaps from `docs/product/advisories/31-Nov-2025 FINDINGS.md` for confidence decay of unknowns/signals.
 **Status:** Draft for review on 2025-12-03; to be signed (DSSE) after sign-off.
 
 ## Decisions (U1–U10)

docs/modules/signals/heuristics/2025-12-01-heuristic-catalog.md

@@ -1,7 +1,7 @@
 # Signals Heuristic Catalog · Deterministic Scoring
 
 **Compiled:** 2025-12-01 (UTC)
-**Scope:** Close UT1–UT10 gaps from `docs/product-advisories/31-Nov-2025 FINDINGS.md` by publishing a signed heuristic catalog and golden outputs.
+**Scope:** Close UT1–UT10 gaps from `docs/product/advisories/31-Nov-2025 FINDINGS.md` by publishing a signed heuristic catalog and golden outputs.
 **Status:** Draft; target publish 2025-12-05 with DSSE signature.
 
 ## Decisions (UT1–UT10)

docs/modules/signals/unknowns/2025-12-01-unknowns-registry.md

@@ -1,7 +1,7 @@
 # Unknowns Registry & Scoring Manifest
 
 **Compiled:** 2025-12-01 (UTC)
-**Scope:** Close UN1–UN10 gaps from `docs/product-advisories/31-Nov-2025 FINDINGS.md` for Unknowns Registry.
+**Scope:** Close UN1–UN10 gaps from `docs/product/advisories/31-Nov-2025 FINDINGS.md` for Unknowns Registry.
 **Status:** Draft; review 2025-12-04; DSSE signing required before adoption.
 
 ## Decisions (UN1–UN10)

docs/modules/taskrunner/architecture.md

@@ -94,6 +94,6 @@
 - **Fail-closed gates (TP10):** Approval/policy/timeline gates default to fail-closed on missing evidence, expired DSSE, or absent quotas; remediation hints surface in `pack_run_logs` and API error payloads.
 
 ## 13. References
-- Product advisory: `docs/product-advisories/29-Nov-2025 - Task Pack Orchestration and Automation.md`.
+- Product advisory: `docs/product/advisories/29-Nov-2025 - Task Pack Orchestration and Automation.md`.
 - Task Pack spec + authoring + runbook: `docs/modules/packs-registry/guides/spec.md`, `docs/modules/packs-registry/guides/authoring-guide.md`, `docs/modules/packs-registry/guides/runbook.md`.
 - Migration detail: `docs/modules/taskrunner/migrations/pack-run-collections.md`.

docs/modules/telemetry/contracts/telemetry-gaps-remediation.md

@@ -1,6 +1,6 @@
 # Telemetry Gap Remediation (TO1–TO10) — v1 · 2025-12-01
 
-Source: `docs/product-advisories/31-Nov-2025 FINDINGS.md` (Telemetry gaps TO1–TO10).
+Source: `docs/product/advisories/31-Nov-2025 FINDINGS.md` (Telemetry gaps TO1–TO10).
 Scope: telemetry core (collectors/SDK defaults/bundles) across services; applicable to default/forensic/airgap profiles.
 
 ## Decisions (mapped to gaps)

docs/modules/telemetry/guides/fn-drift.md

@@ -172,6 +172,6 @@ Aggregated daily statistics for efficient dashboard queries:
 
 ## Related Documentation
 
-- [Determinism Technical Reference](../product-advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md) - Section 13.2
+- [Determinism Technical Reference](../product/advisories/14-Dec-2025%20-%20Determinism%20and%20Reproducibility%20Technical%20Reference.md) - Section 13.2
 - [Scanner Architecture](../modules/scanner/architecture.md)
 - [Telemetry Stack](../modules/telemetry/architecture.md)

docs/modules/telemetry/ttfs-architecture.md

@@ -417,7 +417,7 @@ Load tests validate TTFS performance under realistic conditions.
 
 ## 13) References
 
-- Advisory: `docs/product-advisories/14-Dec-2025 - UX and Time-to-Evidence Technical Reference.md`
+- Advisory: `docs/product/advisories/14-Dec-2025 - UX and Time-to-Evidence Technical Reference.md`
 - Sprint 1 (Foundation): `docs/implplan/SPRINT_0338_0001_0001_ttfs_foundation.md`
 - Sprint 2 (API): `docs/implplan/SPRINT_0339_0001_0001_first_signal_api.md`
 - Sprint 3 (UI): `docs/implplan/SPRINT_0340_0001_0001_first_signal_card_ui.md`

docs/modules/ui/architecture.md

@@ -122,7 +122,7 @@ Each feature folder builds as a **standalone route** (lazy loaded). All HTTP sha
 * **VEX decisions**: evidence-first VEX modal with scope + validity + evidence links; bulk apply supported; uses `/v1/vex-decisions`.
 * **Audit bundles**: "Create immutable audit bundle" UX to build and download an evidence pack; uses `/v1/audit-bundles`.
 * **Schemas**: `docs/modules/vuln-explorer/schemas/vex-decision.schema.json`, `docs/modules/attestor/schemas/attestation-vuln-scan.schema.json`, `docs/modules/evidence-locker/schemas/audit-bundle-index.schema.json`.
-* **Reference**: `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.
+* **Reference**: `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.
 
 ### 3.10 Integration Hub (Sprint 011)
 

docs/modules/ui/micro-interactions-map.md

@@ -205,7 +205,7 @@ EvidencePanel:
 - TypeScript tokens: `src/Web/StellaOps.Web/src/app/styles/motion-tokens.ts`
 - Storybook stories: `src/Web/StellaOps.Web/src/stories/motion-tokens.stories.ts`
 - TTFS Architecture: `docs/modules/telemetry/ttfs-architecture.md`
-- Advisory: `docs/product-advisories/14-Dec-2025 - UX and Time-to-Evidence Technical Reference.md`
+- Advisory: `docs/product/advisories/14-Dec-2025 - UX and Time-to-Evidence Technical Reference.md`
 
 ---
 

docs/modules/vuln-explorer/architecture.md

@@ -79,7 +79,7 @@ CLI mirrors these endpoints (`stella findings list|view|update|export`). Console
 
 ## 8) VEX-First Triage UX
 
-> Reference: Product advisory `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`
+> Reference: Product advisory `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`
 
 ### 8.1 Evidence-First Finding Cards
 

docs/modules/zastava/gaps/2025-12-02-zr-gaps.md

@@ -1,6 +1,6 @@
 # Zastava Runtime Signals Gaps (ZR1–ZR10)
 
-**Source:** `docs/product-advisories/31-Nov-2025 FINDINGS.md`
+**Source:** `docs/product/advisories/31-Nov-2025 FINDINGS.md`
 **Compiled:** 2025-12-02 (UTC)
 **Scope:** Close ZR1–ZR10 for Observer + Webhook (Surface.Env/Secrets/FS) with offline parity and auditability.
 

docs/operations/router-chaos-testing-runbook.md

@@ -193,5 +193,5 @@ k6 run tests/load/router/spike-test.js --verbose
 ## References
 
 - [Router Architecture](../modules/router/architecture.md)
-- [Backpressure Design](../product-advisories/15-Dec-2025%20-%20Designing%20202%20+%20Retry-After%20Backpressure%20Control.md)
-- [Testing Strategy](../product-advisories/20-Dec-2025%20-%20Testing%20strategy.md)
+- [Backpressure Design](../product/advisories/15-Dec-2025%20-%20Designing%20202%20+%20Retry-After%20Backpressure%20Control.md)
+- [Testing Strategy](../product/advisories/20-Dec-2025%20-%20Testing%20strategy.md)

docs/operations/unknowns-queue-runbook.md

@@ -625,7 +625,7 @@ To allow approved exceptions to cover specific unknown reason codes, set excepti
 ## Related Documentation
 
 - [Unknowns API Reference](../api/score-proofs-reachability-api-reference.md#5-unknowns-api)
-- [Triage Technical Reference](../product-advisories/14-Dec-2025%20-%20Triage%20and%20Unknowns%20Technical%20Reference.md)
+- [Triage Technical Reference](../product/advisories/14-Dec-2025%20-%20Triage%20and%20Unknowns%20Technical%20Reference.md)
 - [Score Proofs Runbook](./score-proofs-runbook.md)
 - [Policy Engine](../modules/policy/architecture.md)
 

docs/product/PROOF_MOATS_FINAL_SIGNOFF.md

@@ -435,7 +435,7 @@ public sealed class ProofAwareVexGenerator
 
 **Approved By:** Claude Code Implementation Agent
 **Date:** 2025-12-23
-**Advisory Reference:** `docs/product-advisories/23-Dec-2026 - Proof-Driven Moats Stella Ops Can Ship.md`
+**Advisory Reference:** `docs/product/advisories/23-Dec-2026 - Proof-Driven Moats Stella Ops Can Ship.md`
 
 ---
 

docs/product/advisories/08-Jan-2026 - AI moats.md

@@ -0,0 +1,545 @@
+Below is a cohesive set of **7 product advisories** that together define an “AI-native” Stella Ops with defensible moats. Each advisory follows the same structure:
+
+* **Problem** (what hurts today)
+* **Why** (why Stella should solve it)
+* **What we ship** (capabilities, boundaries)
+* **How we achieve** (proposed `AdvisoryAI` backend modules + key UI components)
+* **Guardrails** (safety / trust / determinism)
+* **KPIs** (how you prove it works)
+
+I’m assuming your canonical object model already includes **Runs** (incident/escalation/change investigation runs) and a system-of-record in **PostgreSQL** with **Valkey** as a non-authoritative accelerator.
+
+---
+
+# ADVISORY-AI-000 — AdvisoryAI Foundation: Chat + Workbench + Runs (the “AI OS surface”)
+
+## Problem
+
+Most “AI in ops” fails because it’s only a chat box. Chat is not:
+
+* auditable
+* repeatable
+* actionable with guardrails
+* collaborative (handoffs, approvals, artifacts)
+
+Operators need a place where AI output becomes **objects** (runs, decisions, patches, evidence packs), not ephemeral text.
+
+## Why we do it
+
+This advisory is the substrate for all other moats. Without it, your other features remain demos.
+
+## What we ship
+
+1. **AdvisoryAI Orchestrator** that can:
+
+* read Stella objects (runs, services, policies, evidence)
+* propose plans
+* call tools/actions (within policy)
+* produce structured artifacts (patches, decision records, evidence packs)
+
+2. **AI Workbench UI**:
+
+* Chat panel for intent
+* Artifact cards (Run, Playbook Patch, Decision, Evidence Pack)
+* Run Timeline view (what happened, tool calls, approvals, outputs)
+
+## How we achieve (modules + UI)
+
+### Backend modules (suggested)
+
+* `StellaOps.AdvisoryAI.WebService`
+
+  * Conversation/session orchestration
+  * Tool routing + action execution requests
+  * Artifact creation (Run notes, patches, decisions)
+* `StellaOps.AdvisoryAI.Prompting`
+
+  * Prompt templates versioned + hashed
+  * Guarded system prompts per “mode”
+* `StellaOps.AdvisoryAI.Tools`
+
+  * Tool contracts (read-only queries, action requests)
+* `StellaOps.AdvisoryAI.Eval`
+
+  * Regression tests for tool correctness + safety
+
+### UI components
+
+* `AiChatPanelComponent`
+* `AiArtifactCardComponent` (Run/Decision/Patch/Evidence Pack)
+* `RunTimelineComponent` (with “AI steps” and “human steps”)
+* `ModeSelectorComponent` (Analyst / Operator / Autopilot)
+
+### Canonical flow
+
+```
+User intent (chat) 
+  -> AdvisoryAI proposes plan (steps)
+  -> executes read-only tools
+  -> generates artifact(s)
+  -> requests approvals for risky actions
+  -> records everything on Run timeline
+```
+
+## Guardrails
+
+* Every AI interaction writes to a **Run** (or attaches to an existing Run).
+* Prompt templates are **versioned + hashed**.
+* Tool calls and outputs are **persisted** (for audit and replay).
+
+## KPIs
+
+* % AI sessions attached to Runs
+* “Time to first useful artifact”
+* Operator adoption (weekly active users of Workbench)
+
+---
+
+# ADVISORY-AI-001 — Evidence-First Outputs (trust-by-construction)
+
+## Problem
+
+In ops, an answer without evidence is a liability. LLMs are persuasive even when wrong. Operators waste time verifying or, worse, act on incorrect claims.
+
+## Why we do it
+
+Evidence-first output is the trust prerequisite for:
+
+* automation
+* playbook learning
+* org memory
+* executive reporting
+
+## What we ship
+
+* A **Claim → Evidence** constraint:
+
+  * Each material claim must be backed by an `EvidenceRef` (query snapshot, ticket, pipeline run, commit, config state).
+* An **Evidence Pack** artifact:
+
+  * A shareable bundle of evidence for an incident/change/review.
+
+## How we achieve (modules + UI)
+
+### Backend modules
+
+* `StellaOps.AdvisoryAI.Evidence`
+
+  * Claim extraction from model output
+  * Evidence retrieval + snapshotting
+  * Citation enforcement (or downgrade claim confidence)
+* `StellaOps.EvidenceStore`
+
+  * Immutable (or content-addressed) snapshots
+  * Hashes, timestamps, query parameters
+
+### UI components
+
+* `EvidenceSidePanelComponent` (opens from inline citations)
+* `EvidencePackViewerComponent`
+* `ConfidenceBadgeComponent` (Verified / Inferred / Unknown)
+
+### Implementation pattern
+
+* For each answer:
+
+  1. Draft response
+  2. Extract claims
+  3. Attach evidence refs
+  4. If evidence missing: label as uncertain + propose verification steps
+
+## Guardrails
+
+* If evidence is missing, Stella must **not** assert certainty.
+* Evidence snapshots must capture:
+
+  * query inputs
+  * time range
+  * raw result (or hash + storage pointer)
+
+## KPIs
+
+* Citation coverage (% of answers with evidence refs)
+* Reduced back-and-forth (“how do you know?” rate)
+* Adoption of automation after evidence-first rollout
+
+---
+
+# ADVISORY-AI-002 — Policy-Aware Automation (safe actions, not just suggestions)
+
+## Problem
+
+The main blocker to “AI that acts” is governance:
+
+* wrong environment
+* insufficient permission
+* missing approvals
+* non-idempotent actions
+* unclear accountability
+
+## Why we do it
+
+If Stella can’t safely execute actions, it will remain a read-only assistant. Policy-aware automation is a hard moat because it requires real engineering discipline and operational maturity.
+
+## What we ship
+
+* A typed **Action Registry**:
+
+  * schemas, risk levels, idempotency, rollback/compensation
+* A **Policy decision point** (PDP) before any action:
+
+  * allow / allow-with-approvals / deny
+* An **Approval workflow** linked to Runs
+
+## How we achieve (modules + UI)
+
+### Backend modules
+
+* `StellaOps.ActionRegistry`
+
+  * Action definitions + schemas + risk metadata
+* `StellaOps.PolicyEngine`
+
+  * Rules: environment protections, freeze windows, role constraints
+* `StellaOps.AdvisoryAI.Automation`
+
+  * Converts intent → action proposals
+  * Submits action requests after approvals
+* `StellaOps.RunLedger`
+
+  * Every action request + result is a ledger entry
+
+### UI components
+
+* `ActionProposalCardComponent`
+* `ApprovalModalComponent` (scoped approval: this action/this run/this window)
+* `PolicyExplanationComponent` (human-readable “why allowed/denied”)
+* `RollbackPanelComponent`
+
+## Guardrails
+
+* Default: propose actions; only auto-execute in explicitly configured “Autopilot scopes.”
+* Every action must support:
+
+  * idempotency key
+  * audit fields (why, ticket/run linkage)
+  * reversible/compensating action where feasible
+
+## KPIs
+
+* % actions proposed vs executed
+* “Policy prevented incident” count
+* Approval latency and action success rate
+
+---
+
+# ADVISORY-AI-003 — Ops Memory (structured, durable, queryable)
+
+## Problem
+
+Teams repeat incidents because knowledge lives in:
+
+* chat logs
+* tribal memory
+* scattered tickets
+* unwritten heuristics
+
+Chat history is not an operational knowledge base: it’s unstructured and hard to reuse safely.
+
+## Why we do it
+
+Ops memory reduces repeat work and accelerates diagnosis. It also becomes a defensible dataset because it’s tied to your Runs, artifacts, and outcomes.
+
+## What we ship
+
+A set of typed memory objects (not messages):
+
+* `DecisionRecord`
+* `KnownIssue`
+* `Tactic`
+* `Constraint`
+* `PostmortemSummary`
+
+Memory is written on:
+
+* Run closure
+* approvals (policy events)
+* explicit “save as org memory” actions
+
+## How we achieve (modules + UI)
+
+### Backend modules
+
+* `StellaOps.AdvisoryAI.Memory`
+
+  * Write: extract structured memory from run artifacts
+  * Read: retrieve memory relevant to current context (service/env/symptoms)
+  * Conflict handling: “superseded by”, timestamps, confidence
+* `StellaOps.MemoryStore` (Postgres tables + full-text index as needed)
+
+### UI components
+
+* `MemoryPanelComponent` (contextual suggestions during a run)
+* `MemoryBrowserComponent` (search + filters)
+* `MemoryDiffComponent` (when superseding prior memory)
+
+## Guardrails
+
+* Memory entries have:
+
+  * scope (service/env/team)
+  * confidence (verified vs anecdotal)
+  * review/expiry policies for tactics/constraints
+* Never “learn” from unresolved or low-confidence runs by default.
+
+## KPIs
+
+* Repeat incident rate reduction
+* Time-to-diagnosis delta when memory exists
+* Memory reuse rate inside Runs
+
+---
+
+# ADVISORY-AI-004 — Playbook Learning (Run → Patch → Approved Playbook)
+
+## Problem
+
+Runbooks/playbooks drift. Operators improvise. The playbook never improves, and the organization pays the same “tuition” repeatedly.
+
+## Why we do it
+
+Playbook learning is the compounding loop that turns daily operations into a proprietary advantage. Competitors can generate playbooks; they struggle to continuously improve them from real run traces with review + governance.
+
+## What we ship
+
+* Versioned playbooks as structured objects
+* **Playbook Patch** proposals generated from Run traces:
+
+  * coverage patches, repair patches, optimization patches, safety patches, detection patches
+* Owner review + approval workflow
+
+## How we achieve (modules + UI)
+
+### Backend modules
+
+* `StellaOps.Playbooks`
+
+  * Playbook schema + versioning
+* `StellaOps.AdvisoryAI.PlaybookLearning`
+
+  * Extract “what we did” from Run timeline
+  * Compare to playbook steps
+  * Propose a patch with evidence links
+* `StellaOps.DiffService`
+
+  * Human-friendly diff output for UI
+
+### UI components
+
+* `PlaybookPatchCardComponent`
+* `DiffViewerComponent` (Monaco diff or equivalent)
+* `PlaybookApprovalFlowComponent`
+* `PlaybookCoverageHeatmapComponent` (optional, later)
+
+## Guardrails
+
+* Never auto-edit canonical playbooks; only patches + review.
+* Require evidence links for each proposed step.
+* Prevent one-off contamination by marking patches as:
+
+  * “generalizable” vs “context-specific”
+
+## KPIs
+
+* % incidents with a playbook
+* Patch acceptance rate
+* MTTR improvement for playbook-backed incidents
+
+---
+
+# ADVISORY-AI-005 — Integration Concierge (setup + health + “how-to” that is actually correct)
+
+## Problem
+
+Integrations are where tools die:
+
+* users ask “how do I integrate X”
+* assistant answers generically
+* setup fails because of environment constraints, permissions, webhooks, scopes, retries, or missing prerequisites
+* no one can debug it later
+
+## Why we do it
+
+Integration handling becomes a moat when it is:
+
+* deterministic (wizard truth)
+* auditable (events + actions traced)
+* self-healing (retries, backfills, health checks)
+* explainable (precise steps, not generic docs)
+
+## What we ship
+
+1. **Integration Setup Wizard** per provider (GitLab, Jira, Slack, etc.)
+2. **Integration Health** dashboard:
+
+* last event received
+* last action executed
+* failure reasons + next steps
+* token expiry warnings
+
+3. **Chat-driven guidance** that drives the same wizard backend:
+
+* when user asks “how to integrate GitLab,” Stella replies with the exact steps for the instance type, auth mode, and required permissions, and can pre-fill a setup plan.
+
+## How we achieve (modules + UI)
+
+### Backend modules
+
+* `StellaOps.Integrations`
+
+  * Provider contracts: inbound events + outbound actions
+  * Normalization into Stella `Signals` and `Actions`
+* `StellaOps.Integrations.Reliability`
+
+  * Webhook dedupe, replay, dead-letter, backfill polling
+* `StellaOps.AdvisoryAI.Integrations`
+
+  * Retrieves provider-specific setup templates
+  * Asks only for missing parameters
+  * Produces a “setup checklist” artifact attached to a Run or Integration record
+
+### UI components
+
+* `IntegrationWizardComponent`
+* `IntegrationHealthComponent`
+* `IntegrationEventLogComponent` (raw payload headers + body stored securely)
+* `SetupChecklistArtifactComponent` (generated by AdvisoryAI)
+
+## Guardrails
+
+* Store inbound webhook payloads for replay/debug, with redaction where required.
+* Always support reconciliation/backfill (webhooks are never perfectly lossless).
+* Use least-privilege token scopes by default, with clear permission error guidance.
+
+## KPIs
+
+* Time-to-first-successful-event
+* Integration “healthy” uptime
+* Setup completion rate without human support
+
+---
+
+# ADVISORY-AI-006 — Outcome Analytics (prove ROI with credible attribution)
+
+## Problem
+
+AI features are easy to cut in budgeting because value is vague. “It feels faster” doesn’t survive scrutiny.
+
+## Why we do it
+
+Outcome analytics makes Stella defensible to leadership and helps prioritize what to automate next. It also becomes a dataset for continuous improvement.
+
+## What we ship
+
+* Baseline metrics (before Stella influence):
+
+  * MTTA, MTTR, escalation count, repeat incidents, deploy failure rate (as relevant)
+* Attribution model (only count impact when Stella materially contributed):
+
+  * playbook patch accepted
+  * evidence pack used
+  * policy-gated action executed
+  * memory entry reused
+* Monthly/weekly impact reports
+
+## How we achieve (modules + UI)
+
+### Backend modules
+
+* `StellaOps.Analytics`
+
+  * Metric computation + cohorts (by service/team/severity)
+* `StellaOps.AdvisoryAI.Attribution`
+
+  * Joins outcomes to AI artifacts and actions in the Run ledger
+* `StellaOps.Reporting`
+
+  * Scheduled report generation (exportable)
+
+### UI components
+
+* `OutcomeDashboardComponent`
+* `AttributionBreakdownComponent`
+* `ExecutiveReportExportComponent`
+
+## Guardrails
+
+* Avoid vanity metrics (“number of chats”).
+* Always show confidence/limitations in attribution (correlation vs causation).
+
+## KPIs
+
+* MTTR delta (with Stella artifacts vs without)
+* Repeat incident reduction
+* Escalation reduction
+* Automation coverage growth
+
+---
+
+## One unifying implementation note: “AdvisoryAI” should output objects, not prose
+
+To make all seven advisories work together, standardize on a small set of **AI-produced artifacts**:
+
+* `Plan` (step list with tools/actions)
+* `EvidencePack`
+* `DecisionRecord`
+* `PlaybookPatch`
+* `IntegrationSetupChecklist`
+* `RunSummary` (postmortem-ready)
+
+Every artifact is:
+
+* versioned
+* evidence-linked
+* attached to a Run
+* subject to policy gates when it triggers actions
+
+This gives you:
+
+* auditability
+* deterministic replay of the *inputs and tool outputs*
+* compounding “Ops memory” and “Playbook learning” data
+
+---
+
+## Example: how this maps to “AdvisoryAI module + Chat UI component”
+
+Minimum viable architecture that is coherent:
+
+**Backend**
+
+* `StellaOps.AdvisoryAI.WebService` (orchestrator)
+* `StellaOps.AdvisoryAI.Evidence` (citations)
+* `StellaOps.AdvisoryAI.Memory` (structured memory)
+* `StellaOps.AdvisoryAI.PlaybookLearning` (patch proposals)
+* `StellaOps.AdvisoryAI.Integrations` (setup guidance + checklists)
+* `StellaOps.PolicyEngine` + `StellaOps.ActionRegistry` (gated actions)
+* `StellaOps.RunLedger` + `StellaOps.EvidenceStore` (audit + snapshots)
+
+**UI**
+
+* AI chat panel that emits/accepts **artifact cards**
+* Evidence side panel
+* Approval modal
+* Diff viewer for patches
+* Integration wizard + health
+
+---
+
+If you want, I can translate these advisories into a single internal spec pack:
+
+* database tables (Postgres)
+* event contracts (signals/actions)
+* JSON schemas for artifacts/actions
+* UI navigation and component tree
+* the first 10 “golden workflows” you should ship with the Workbench

docs/product/claims-citation-index.md

@@ -24,7 +24,7 @@ This document is the **authoritative source** for all competitive positioning cl
 
 | ID | Claim | Evidence | Confidence | Verified | Next Review |
 |----|-------|----------|------------|----------|-------------|
-| REACH-001 | "Hybrid static + runtime reachability analysis reduces noise by 60-85%" | `docs/product-advisories/14-Dec-2025 - Reachability Analysis Technical Reference.md` | High | 2025-12-14 | 2026-03-14 |
+| REACH-001 | "Hybrid static + runtime reachability analysis reduces noise by 60-85%" | `docs/product/advisories/14-Dec-2025 - Reachability Analysis Technical Reference.md` | High | 2025-12-14 | 2026-03-14 |
 | REACH-002 | "Signed reachability graphs with DSSE attestation" | `src/Attestor/` module; DSSE envelope implementation | High | 2025-12-14 | 2026-03-14 |
 | REACH-003 | "~85% of critical vulnerabilities in containers are in inactive code" | Sysdig 2024 Container Security Report (external) | Medium | 2025-11-01 | 2026-02-01 |
 | REACH-004 | "Multi-language support: Java, C#, Go, JavaScript, TypeScript, Python" | Language analyzer implementations in `src/Scanner/Analyzers/` | High | 2025-12-14 | 2026-03-14 |
@@ -35,7 +35,7 @@ This document is the **authoritative source** for all competitive positioning cl
 |----|-------|----------|------------|----------|-------------|
 | VEX-001 | "OpenVEX lattice semantics with deterministic state transitions" | `src/Excititor/` VEX engine; lattice documentation | High | 2025-12-14 | 2026-03-14 |
 | VEX-002 | "VEX consensus from multiple sources (vendor, tool, analyst)" | `VexConsensusRefreshService.cs`; consensus algorithm | High | 2025-12-14 | 2026-03-14 |
-| VEX-003 | "Seven-state lattice: CR, SR, SU, DT, DV, DA, U" | `docs/product-advisories/14-Dec-2025 - Triage and Unknowns Technical Reference.md` | High | 2025-12-14 | 2026-03-14 |
+| VEX-003 | "Seven-state lattice: CR, SR, SU, DT, DV, DA, U" | `docs/product/advisories/14-Dec-2025 - Triage and Unknowns Technical Reference.md` | High | 2025-12-14 | 2026-03-14 |
 
 ### 3a. Unknowns & Ambiguity Claims
 
@@ -214,6 +214,6 @@ When a claim becomes false (e.g., competitor adds feature):
 
 ## References
 
-- `docs/product-advisories/14-Dec-2025 - CVSS and Competitive Analysis Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - CVSS and Competitive Analysis Technical Reference.md`
 - `docs/product/competitive-landscape.md`
 - `docs/benchmarks/accuracy-metrics-framework.md`

docs/product/competitive-landscape.md

@@ -135,7 +135,7 @@ This isn't a feature gap—it's a category difference. Retrofitting it requires:
 - Vision: `docs/VISION.md` (Moats section)
 - Architecture: `docs/ARCHITECTURE_REFERENCE.md`
 - Reachability moat details: `docs/modules/reach-graph/guides/lead.md`
-- Source advisory: `docs/product-advisories/23-Nov-2025 - Stella Ops vs Competitors.md`
+- Source advisory: `docs/product/advisories/23-Nov-2025 - Stella Ops vs Competitors.md`
 - **Claims Citation Index**: [`docs/product/claims-citation-index.md`](claims-citation-index.md)
 
 ---
@@ -190,5 +190,5 @@ This isn't a feature gap—it's a category difference. Retrofitting it requires:
 - **Key features:** `docs/key-features.md`
 
 ## Sources
-- Full advisory: `docs/product-advisories/23-Nov-2025 - Stella Ops vs Competitors.md`
+- Full advisory: `docs/product/advisories/23-Nov-2025 - Stella Ops vs Competitors.md`
 - Claims Citation Index: `docs/product/claims-citation-index.md`

docs/technical/adr/0044-binary-delta-signatures.md

@@ -198,7 +198,7 @@ This evidence feeds into VEX candidate generation with full audit trail.
 
 ## References
 
-- [Binary Diff Signatures Advisory](../product-advisories/30-Dec-2025%20-%20Binary%20Diff%20Signatures%20for%20Patch%20Detection.md)
+- [Binary Diff Signatures Advisory](../product/advisories/30-Dec-2025%20-%20Binary%20Diff%20Signatures%20for%20Patch%20Detection.md)
 - [B2R2 GitHub](https://github.com/B2R2-org/B2R2)
 - [Iced GitHub](https://github.com/icedland/iced)
 - [OpenVEX Specification](https://github.com/openvex/spec)

docs/technical/architecture/determinism-specification.md

@@ -4,7 +4,7 @@
 > **Version:** 1.0
 > **Created:** 2025-12-26
 > **Owners:** Policy Guild, Platform Guild
-> **Related:** [`CONSOLIDATED - Deterministic Evidence and Verdict Architecture.md`](../../product-advisories/CONSOLIDATED%20-%20Deterministic%20Evidence%20and%20Verdict%20Architecture.md)
+> **Related:** [`CONSOLIDATED - Deterministic Evidence and Verdict Architecture.md`](../../product/advisories/CONSOLIDATED%20-%20Deterministic%20Evidence%20and%20Verdict%20Architecture.md)
 
 ---
 

docs/technical/testing/TESTING_MASTER_PLAN.md

@@ -389,7 +389,7 @@ ONGOING: QUALITY GATES (Weeks 3-14+)
 
 ### Appendix B: Reference Documents
 
-1. **Advisory:** `docs/product-advisories/22-Dec-2026 - Better testing strategy.md`
+1. **Advisory:** `docs/product/advisories/22-Dec-2026 - Better testing strategy.md`
 2. **Test Catalog:** `docs/technical/testing/TEST_CATALOG.yml`
 3. **Test Models:** `docs/technical/testing/testing-strategy-models.md`
 4. **Dependency Graph:** `docs/technical/testing/SPRINT_DEPENDENCY_GRAPH.md`

docs/technical/testing/testing-enhancements-architecture.md

@@ -405,5 +405,5 @@ src/__Tests/__Libraries/
   - `docs/implplan/SPRINT_20260105_002_003_TEST_failure_choreography.md`
   - `docs/implplan/SPRINT_20260105_002_004_TEST_policy_explainability.md`
   - `docs/implplan/SPRINT_20260105_002_005_TEST_cross_cutting.md`
-- **Advisory:** `docs/product-advisories/05-Dec-2026 - New Testing Enhancements for Stella Ops.md`
+- **Advisory:** `docs/product/advisories/05-Dec-2026 - New Testing Enhancements for Stella Ops.md`
 - **Test Infrastructure:** `src/__Tests/AGENTS.md`

docs/technical/testing/testing-quality-guardrails-implementation.md

@@ -4,7 +4,7 @@
 
 This document provides the master implementation plan for the Testing Quality Guardrails system derived from the `14-Dec-2025 - Testing and Quality Guardrails Technical Reference.md` product advisory.
 
-**Source Advisory:** `docs/product-advisories/14-Dec-2025 - Testing and Quality Guardrails Technical Reference.md`
+**Source Advisory:** `docs/product/advisories/14-Dec-2025 - Testing and Quality Guardrails Technical Reference.md`
 
 **Implementation Status:** Planning Complete, Execution Pending
 
@@ -324,7 +324,7 @@ If quality gates cause CI instability:
 - `docs/implplan/SPRINT_0353_0001_0001_mutation_testing_integration.md`
 
 ### Source Advisory
-- `docs/product-advisories/14-Dec-2025 - Testing and Quality Guardrails Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Testing and Quality Guardrails Technical Reference.md`
 
 ### Existing Documentation
 - `docs/19_TEST_SUITE_OVERVIEW.md`

docs/technical/testing/testing-strategy-models.md

@@ -1,7 +1,7 @@
 # Testing Strategy Models and Lanes (2026)
 
-Source advisory: `docs/product-advisories/22-Dec-2026 - Better testing strategy.md`  
-Supersedes/extends: `docs/product-advisories/archived/2025-12-21-testing-strategy/20-Dec-2025 - Testing strategy.md`
+Source advisory: `docs/product/advisories/22-Dec-2026 - Better testing strategy.md`  
+Supersedes/extends: `docs/product/advisories/archived/2025-12-21-testing-strategy/20-Dec-2025 - Testing strategy.md`
 
 ## Purpose
 - Define a single testing taxonomy for all StellaOps project types.