product advisories add change contiang folder

src/AirGap/StellaOps.AirGap.Importer/AGENTS.md

@@ -50,7 +50,7 @@ Deliver offline bundle verification and ingestion tooling for sealed environment
 - `docs/airgap/airgap-mode.md`
 - `docs/airgap/advisory-implementation-roadmap.md`
 - `docs/modules/platform/architecture-overview.md`
-- `docs/product-advisories/14-Dec-2025 - Offline and Air-Gap Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Offline and Air-Gap Technical Reference.md`
 
 ## Working Agreement
 - 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.

src/Attestor/AGENTS.md

@@ -27,7 +27,7 @@ Manage the attestation and proof chain infrastructure for StellaOps:
 - `docs/modules/attestor/README.md`
 - `docs/modules/attestor/architecture.md`
 - `docs/modules/attestor/implementation_plan.md`
-- `docs/product-advisories/20-Dec-2025 - Stella Ops Reference Architecture.md`
+- `docs/product/advisories/20-Dec-2025 - Stella Ops Reference Architecture.md`
 - `docs/modules/platform/architecture-overview.md`
 
 ## Working Agreement

src/Attestor/POE_PREDICATE_SPEC.md

@@ -724,7 +724,7 @@ Status: VERIFIED
 ## 10. Cross-References
 
 - **Sprint:** `docs/implplan/SPRINT_3500_0001_0001_proof_of_exposure_mvp.md`
-- **Advisory:** `docs/product-advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
+- **Advisory:** `docs/product/advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
 - **Subgraph Extraction:** `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/SUBGRAPH_EXTRACTION.md`
 - **Function-Level Evidence:** `docs/modules/reach-graph/guides/function-level-evidence.md`
 - **Hybrid Attestation:** `docs/modules/reach-graph/guides/hybrid-attestation.md`

src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/AGENTS.md

@@ -9,7 +9,7 @@
 
 ## Required reading (treat as read before edits)
 - `docs/modules/attestor/architecture.md`
-- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
 - RFC 8785 (JSON Canonicalization Scheme)
 
 ## Working agreements

src/Attestor/__Libraries/StellaOps.Attestor.StandardPredicates/AGENTS.md

@@ -9,7 +9,7 @@
 
 ## Required reading (treat as read before edits)
 - `docs/modules/attestor/architecture.md`
-- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
 - RFC 8785 (JSON Canonicalization Scheme)
 - SPDX 3.0.1, CycloneDX 1.6/1.7, and SLSA provenance v1.0 references
 

src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict.Tests/AGENTS.md

@@ -7,7 +7,7 @@
 
 ## Required Reading (treat as read before DOING)
 - `docs/modules/attestor/architecture.md`
-- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
 - RFC 8785 (JSON Canonicalization Scheme)
 - Relevant sprint files.
 

src/Attestor/__Libraries/StellaOps.Attestor.TrustVerdict/AGENTS.md

@@ -9,7 +9,7 @@
 
 ## Required reading (treat as read before edits)
 - `docs/modules/attestor/architecture.md`
-- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
 - RFC 8785 (JSON Canonicalization Scheme)
 
 ## Working agreements

src/Attestor/__Tests/StellaOps.Attestor.ProofChain.Tests/AGENTS.md

@@ -7,7 +7,7 @@
 
 ## Required Reading (treat as read before DOING)
 - `docs/modules/attestor/architecture.md`
-- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
 - RFC 8785 (JSON Canonicalization Scheme)
 - Relevant sprint files.
 

src/Attestor/__Tests/StellaOps.Attestor.StandardPredicates.Tests/AGENTS.md

@@ -7,7 +7,7 @@
 
 ## Required Reading (treat as read before DOING)
 - `docs/modules/attestor/architecture.md`
-- `docs/product-advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Proof and Evidence Chain Technical Reference.md`
 - RFC 8785 (JSON Canonicalization Scheme)
 - SPDX 3.0.1, CycloneDX 1.6/1.7, and SLSA provenance v1.0 references
 - Relevant sprint files.

src/BinaryIndex/AGENTS.md

@@ -66,7 +66,7 @@ BinaryIndex is a collection of libraries and services for binary analysis:
 - `docs/modules/binaryindex/architecture.md`
 - `docs/modules/scanner/architecture.md`
 - `docs/implplan/SPRINT_20260102_001_BE_binary_delta_signatures.md`
-- `docs/product-advisories/30-Dec-2025 - Binary Diff Signatures for Patch Detection.md`
+- `docs/product/advisories/30-Dec-2025 - Binary Diff Signatures for Patch Detection.md`
 
 ## Working Agreement
 1. **Task status** - Update `DOING`/`DONE` in sprint files when starting/finishing work.

src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.DeltaSig/AGENTS.md

@@ -35,7 +35,7 @@ Generate and match delta signatures for binary vulnerability detection. Provide
 
 ## Required Reading
 - `docs/implplan/SPRINT_20260102_001_BE_binary_delta_signatures.md`
-- `docs/product-advisories/30-Dec-2025 - Binary Diff Signatures for Patch Detection.md`
+- `docs/product/advisories/30-Dec-2025 - Binary Diff Signatures for Patch Detection.md`
 
 ## Working Agreement
 1. Update task status in sprint file when starting/finishing work.

src/Cli/OFFLINE_POE_VERIFICATION.md

@@ -692,7 +692,7 @@ jq '.subgraph.entryRefs' ./incident-poe/poe.json
 - **PoE Specification:** `src/Attestor/POE_PREDICATE_SPEC.md`
 - **Subgraph Extraction:** `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/SUBGRAPH_EXTRACTION.md`
 - **Sprint Plan:** `docs/implplan/SPRINT_3500_0001_0001_proof_of_exposure_mvp.md`
-- **Advisory:** `docs/product-advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
+- **Advisory:** `docs/product/advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
 
 ---
 

src/Cli/StellaOps.Cli/AGENTS.md

@@ -5,7 +5,7 @@
 - Honour StellaOps principles of determinism, observability, and offline-first behaviour while providing a polished operator experience.
 
 ## Advisory Handling (inherit + enforce)
-- Trigger: any new/updated advisory (`docs/product-advisories/`) requires immediate doc + sprint updates. No chat approval.
+- Trigger: any new/updated advisory (`docs/product/advisories/`) requires immediate doc + sprint updates. No chat approval.
 - Docs: add high-level + detailed updates; inline only short snippets; put runnable/long code in `docs/benchmarks/**` or `tests/**` (deterministic/offline) and link.
 - Sprints: add Delivery Tracker rows and Execution Log entries in the relevant `SPRINT_*.md`; include doc paths and owners; add risks if feeds/schemas/transparency caps apply.
 - De-dup: check archived advisories; mark supersedes/extends if overlapping.

src/Concelier/AGENTS.md

@@ -20,7 +20,7 @@
 - `docs/modules/concelier/prep/2025-11-22-oas-obs-prep.md` (OAS + observability prep)
 - `docs/modules/concelier/prep/2025-11-20-orchestrator-registry-prep.md` (orchestrator registry/control contracts)
 - `docs/modules/policy/cvss-v4.md` (CVSS receipts model & hashing)
-- `docs/product-advisories/25-Nov-2025 - Add CVSS v4.0 Score Receipts for Transparency.md` (vector provenance, DSSE expectations)
+- `docs/product/advisories/25-Nov-2025 - Add CVSS v4.0 Score Receipts for Transparency.md` (vector provenance, DSSE expectations)
 - Any sprint-specific ADRs/notes linked from `docs/implplan/SPRINT_0112_0001_0001_concelier_i.md`, `SPRINT_0113_0001_0002_concelier_ii.md`, or `SPRINT_0114_0001_0003_concelier_iii.md`.
 
 ## Working Agreements
@@ -34,7 +34,7 @@
 
 ## Distro Backport Version Handling
 
-> **Reference:** `docs/product-advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
+> **Reference:** `docs/product/advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
 
 When working with OS package advisories, follow these rules:
 

src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Alpine/AGENTS.md

@@ -14,7 +14,7 @@ Implement and maintain the Alpine secdb connector that ingests Alpine Linux pack
 - `docs/ingestion/aggregation-only-contract.md`
 - `docs/modules/concelier/operations/connectors/alpine.md`
 - `docs/modules/concelier/operations/mirror.md`
-- `docs/product-advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
+- `docs/product/advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
 
 ## Working Agreement
 1. **Status sync**: update task state to `DOING`/`DONE` in the sprint file and local `TASKS.md` before/after work.

src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Debian/AGENTS.md

@@ -14,7 +14,7 @@ Implement and maintain the Debian security tracker connector that ingests Debian
 - `docs/modules/platform/architecture-overview.md`
 - `docs/ingestion/aggregation-only-contract.md`
 - `docs/modules/concelier/operations/mirror.md`
-- `docs/product-advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
+- `docs/product/advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
 
 ## Working Agreement
 1. **Status sync**: update task state to `DOING`/`DONE` in the sprint file and local `TASKS.md` before/after work.

src/Excititor/AGENTS.md

@@ -19,7 +19,7 @@
 - `docs/modules/excititor/operations/chunk-api-user-guide.md`
 - `docs/modules/excititor/schemas/vex-chunk-api.yaml`
 - `docs/modules/evidence-locker/attestation-contract.md`
-- `docs/product-advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for VEX emission contracts)
+- `docs/product/advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for VEX emission contracts)
 
 ## VEX Emission Contracts (Sprint 3500)
 

src/Gateway/AGENTS.md

@@ -16,7 +16,7 @@
 - docs/modules/gateway/openapi.md
 - docs/modules/router/architecture.md
 - docs/modules/authority/architecture.md
-- docs/product-advisories/archived/2025-12-21-reference-architecture/20-Dec-2025 - Stella Ops Reference Architecture.md
+- docs/product/advisories/archived/2025-12-21-reference-architecture/20-Dec-2025 - Stella Ops Reference Architecture.md
 
 ## Working Directory & Boundaries
 - Primary scope: src/Gateway/**

src/Policy/AGENTS.md

@@ -12,7 +12,7 @@
 - `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
 - `docs/modules/platform/architecture-overview.md`
 - `docs/modules/policy/architecture.md`
-- `docs/product-advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for suppression contracts)
+- `docs/product/advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for suppression contracts)
 - Current sprint file
 
 ## Working Directory & Boundaries

src/Policy/StellaOps.Policy.Gateway/AGENTS.md

@@ -12,7 +12,7 @@
 - `docs/modules/policy/architecture.md`
 - `docs/modules/platform/architecture-overview.md`
 - `docs/modules/policy/cvss-v4.md`
-- `docs/product-advisories/25-Nov-2025 - Add CVSS v4.0 Score Receipts for Transparency.md`
+- `docs/product/advisories/25-Nov-2025 - Add CVSS v4.0 Score Receipts for Transparency.md`
 - Sprint tracker: `docs/implplan/SPRINT_0190_0001_0001_cvss_v4_receipts.md`
 
 ## Working Agreements

src/Policy/__Libraries/StellaOps.Policy.Exceptions/AGENTS.md

@@ -11,8 +11,8 @@
 ## Required Reading (treat as read before DOING)
 - `docs/modules/policy/architecture.md`
 - `docs/modules/platform/architecture-overview.md`
-- `docs/product-advisories/archived/20-Dec-2025 - Moat Explanation - Exception management as auditable objects.md`
-- `docs/product-advisories/22-Dec-2026 - UI Patterns for Triage and Replay.md`
+- `docs/product/advisories/archived/20-Dec-2025 - Moat Explanation - Exception management as auditable objects.md`
+- `docs/product/advisories/22-Dec-2026 - UI Patterns for Triage and Replay.md`
 - Current sprint file in `docs/implplan/SPRINT_3900_*.md`
 
 ## Working Directory & Boundaries

src/Policy/__Libraries/StellaOps.Policy.Unknowns/AGENTS.md

@@ -9,7 +9,7 @@
 - docs/07_HIGH_LEVEL_ARCHITECTURE.md
 - docs/modules/platform/architecture-overview.md
 - docs/modules/policy/architecture.md
-- docs/product-advisories/archived/2025-12-21-moat-gap-closure/14-Dec-2025 - Triage and Unknowns Technical Reference.md
+- docs/product/advisories/archived/2025-12-21-moat-gap-closure/14-Dec-2025 - Triage and Unknowns Technical Reference.md
 
 ## Working Directory
 - src/Policy/__Libraries/StellaOps.Policy.Unknowns/

src/Scanner/AGENTS.md

@@ -13,7 +13,7 @@
 - `docs/modules/reach-graph/guides/DELIVERY_GUIDE.md` (sections 5.5–5.9 for native/JS/PHP updates)
 - `docs/modules/reach-graph/guides/purl-resolved-edges.md`
 - `docs/modules/reach-graph/guides/patch-oracles.md`
-- `docs/product-advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for Smart-Diff predicates)
+- `docs/product/advisories/14-Dec-2025 - Smart-Diff Technical Reference.md` (for Smart-Diff predicates)
 - Current sprint file (e.g., `docs/implplan/SPRINT_401_reachability_evidence_chain.md`).
 
 ## Working Directory & Boundaries

src/Scanner/AGENTS_SCORE_PROOFS.md

@@ -670,7 +670,7 @@ Before deploying to production:
 - `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
 - `docs/db/schemas/scanner_schema_specification.md`
 - `docs/api/scanner-score-proofs-api.md`
-- `docs/product-advisories/14-Dec-2025 - Reachability Analysis Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Reachability Analysis Technical Reference.md`
 
 **Existing Code**:
 - `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/` — DSSE examples

src/Scanner/__Libraries/StellaOps.Scanner.Reachability/SUBGRAPH_EXTRACTION.md

@@ -642,7 +642,7 @@ public async Task ExtractSubgraph_WithSameInputs_ProducesSameHash(string fixture
 ## 12. Cross-References
 
 - **Sprint:** `docs/implplan/SPRINT_3500_0001_0001_proof_of_exposure_mvp.md`
-- **Advisory:** `docs/product-advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
+- **Advisory:** `docs/product/advisories/23-Dec-2026 - Binary Mapping as Attestable Proof.md`
 - **Reachability Docs:** `docs/modules/reach-graph/guides/function-level-evidence.md`, `docs/modules/reach-graph/guides/lattice.md`
 - **EntryTrace:** `docs/modules/scanner/operations/entrypoint-static-analysis.md`
 - **CVE Mapping:** `docs/modules/reach-graph/guides/cve-symbol-mapping.md`

src/Scanner/__Libraries/StellaOps.Scanner.SmartDiff/AGENTS.md

@@ -17,7 +17,7 @@ Deliver Smart-Diff primitives and detection logic that enable deterministic, att
 - Golden predicate fixtures to ensure deterministic output.
 
 ## Required Reading
-- `docs/product-advisories/14-Dec-2025 - Smart-Diff Technical Reference.md`
+- `docs/product/advisories/14-Dec-2025 - Smart-Diff Technical Reference.md`
 - `docs/modules/scanner/architecture.md`
 - `docs/modules/platform/architecture-overview.md`
 

src/Scanner/__Libraries/StellaOps.Scanner.Triage/AGENTS.md

@@ -15,8 +15,8 @@ Provide triage workflow infrastructure for the Scanner module:
 
 ## Required Reading
 - `docs/modules/scanner/architecture.md`
-- `docs/product-advisories/21-Dec-2025 - How Top Scanners Shape Evidence‑First UX.md`
-- `docs/product-advisories/21-Dec-2025 - Designing Explainable Triage Workflows.md`
+- `docs/product/advisories/21-Dec-2025 - How Top Scanners Shape Evidence‑First UX.md`
+- `docs/product/advisories/21-Dec-2025 - Designing Explainable Triage Workflows.md`
 - `docs/modules/platform/architecture-overview.md`
 
 ## Working Agreement

src/TaskRunner/StellaOps.TaskRunner/AGENTS.md

@@ -20,7 +20,7 @@ Execute Task Packs safely and deterministically. Provide remote pack execution,
 - `docs/modules/platform/architecture.md`
 - `docs/modules/platform/architecture-overview.md`
 - `docs/modules/taskrunner/architecture.md`
-- `docs/product-advisories/29-Nov-2025 - Task Pack Orchestration and Automation.md`
+- `docs/product/advisories/29-Nov-2025 - Task Pack Orchestration and Automation.md`
 - `docs/task-packs/spec.md`, `docs/task-packs/authoring-guide.md`, `docs/task-packs/runbook.md`
 
 ## Working Agreement

src/__Tests/Integration/StellaOps.Integration.Unknowns/AGENTS.md

@@ -13,7 +13,7 @@
 - docs/modules/policy/architecture.md
 - docs/uncertainty/README.md
 - docs/api/unknowns-api.md
-- docs/product-advisories/14-Dec-2025 - Triage and Unknowns Technical Reference.md
+- docs/product/advisories/14-Dec-2025 - Triage and Unknowns Technical Reference.md
 
 ## Working Directory & Scope
 - Primary: src/__Tests/Integration/StellaOps.Integration.Unknowns

src/__Tests/__Benchmarks/proof-chain/README.md

@@ -209,6 +209,6 @@ From advisory §14.1:
 
 ## Related Documentation
 
-- [Proof and Evidence Chain Technical Reference](../../docs/product-advisories/14-Dec-2025%20-%20Proof%20and%20Evidence%20Chain%20Technical%20Reference.md)
+- [Proof and Evidence Chain Technical Reference](../../docs/product/advisories/14-Dec-2025%20-%20Proof%20and%20Evidence%20Chain%20Technical%20Reference.md)
 - [Attestor Architecture](../../docs/modules/attestor/architecture.md)
 - [Performance Workbook](../../docs/12_PERFORMANCE_WORKBOOK.md)

src/__Tests/__Benchmarks/reachability-benchmark/AGENTS.md

@@ -11,9 +11,9 @@
 - `docs/modules/reach-graph/guides/function-level-evidence.md`
 - `docs/modules/reach-graph/guides/lattice.md`
 - Product advisories:
-  - `docs/product-advisories/24-Nov-2025 - Designing a Deterministic Reachability Benchmark.md`
-  - `docs/product-advisories/archived/23-Nov-2025 - Benchmarking Determinism in Vulnerability Scoring.md`
-  - `docs/product-advisories/archived/23-Nov-2025 - Publishing a Reachability Benchmark Dataset.md`
+  - `docs/product/advisories/24-Nov-2025 - Designing a Deterministic Reachability Benchmark.md`
+  - `docs/product/advisories/archived/23-Nov-2025 - Benchmarking Determinism in Vulnerability Scoring.md`
+  - `docs/product/advisories/archived/23-Nov-2025 - Publishing a Reachability Benchmark Dataset.md`
 - Sprint plan: `docs/implplan/SPRINT_0513_0001_0001_public_reachability_benchmark.md`
 - DB/spec guidance for determinism and licensing: `docs/db/RULES.md`, `docs/db/VERIFICATION.md`