audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration

docs/benchmarks/ai-code-guard/README.md

@@ -0,0 +1,12 @@
+# AI Code Guard Benchmarks
+
+This folder contains deterministic fixtures for the AI code guard policy and CI snippets. The files are designed for offline use and stable hashing.
+
+## Files
+- `stellaops.sample.yml` - Sample `.stellaops.yml` policy fragment.
+- `ci-github-actions.yml` - Sample GitHub Actions job.
+- `ci-gitlab.yml` - Sample GitLab CI job.
+
+## Notes
+- Keep fixtures ASCII-only and deterministic.
+- Do not include secrets or live endpoints.

docs/benchmarks/ai-code-guard/ci-github-actions.yml

@@ -0,0 +1,11 @@
+jobs:
+  ai-guard:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: stella-ops/cli-action@v1
+        with:
+          args: guard run --policy .stellaops.yml --format sarif --out guard.sarif
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v3
+        with: { sarif_file: guard.sarif }

docs/benchmarks/ai-code-guard/ci-gitlab.yml

@@ -0,0 +1,5 @@
+ai_guard:
+  image: stellaops/cli:latest
+  script:
+    - stella guard run --policy .stellaops.yml --format gitlab --out guard.json
+    - test "$(jq -r .status guard.json)" = "pass"

docs/benchmarks/ai-code-guard/stellaops.sample.yml

@@ -0,0 +1,23 @@
+stellaops:
+  ai_code_guard:
+    enabled: true
+    thresholds:
+      similarity_block: 0.92
+      similarity_review: 0.80
+      max_paste_lines_without_provenance: 12
+    licenses:
+      allow: [MIT, BSD-2-Clause, BSD-3-Clause, Apache-2.0]
+      review: [MPL-2.0, LGPL-2.1, LGPL-3.0]
+      block: [GPL-3.0-only, AGPL-3.0-only]
+    checks:
+      - id: secrets_scan
+        required: true
+      - id: unsafe_api_scan
+        required: true
+      - id: snippet_similarity
+        required: true
+      - id: dep_sbom_license
+        required: true
+    overrides:
+      require_issue_link: true
+      max_duration_days: 14