Update module architecture docs and workflow tutorials

- Module dossiers: attestor, authority, cli, graph, scanner
- Policy assistant parameters guide
- UI v2-rewire navigation rendering policy
- Test suite overview update
- Workflow engine requirements and tutorial series (01-08)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs/technical/testing/TEST_SUITE_OVERVIEW.md

@@ -1,10 +1,10 @@
-# Automated Test-Suite Overview
+# Automated Test-Suite Overview
 
 This document enumerates **every automated check** executed by the Stella Ops
 CI pipeline, from unit level to chaos experiments. It is intended for
 contributors who need to extend coverage or diagnose failures.
 
-> **Build parameters** – values such as `{{ dotnet }}` (runtime) and
+> **Build parameters** – values such as `{{ dotnet }}` (runtime) and
 > `{{ angular }}` (UI framework) are injected at build time.
 
 ---
@@ -13,7 +13,7 @@ contributors who need to extend coverage or diagnose failures.
 
 ### Core Principles
 
-1. **Determinism as Contract**: Scan verdicts must be reproducible. Same inputs → byte-identical outputs.
+1. **Determinism as Contract**: Scan verdicts must be reproducible. Same inputs → byte-identical outputs.
 2. **Offline by Default**: Every test (except explicitly tagged "online") runs without network access.
 3. **Evidence-First Validation**: Assertions verify the complete evidence chain, not just pass/fail.
 4. **Interop is Required**: Compatibility with ecosystem tools (Syft, Grype, Trivy, cosign) blocks releases.
@@ -78,16 +78,16 @@ the required test types per project model and the module-to-model mapping.
 
 | Metric | Budget | Gate |
 |--------|--------|------|
-| API unit coverage | ≥ 85% lines | PR merge |
-| API response P95 | ≤ 120 ms | nightly alert |
-| Δ-SBOM warm scan P95 (4 vCPU) | ≤ 5 s | nightly alert |
-| Lighthouse performance score | ≥ 90 | nightly alert |
-| Lighthouse accessibility score | ≥ 95 | nightly alert |
+| API unit coverage | ≥ 85% lines | PR merge |
+| API response P95 | ≤ 120 ms | nightly alert |
+| Δ-SBOM warm scan P95 (4 vCPU) | ≤ 5 s | nightly alert |
+| Lighthouse performance score | ≥ 90 | nightly alert |
+| Lighthouse accessibility score | ≥ 95 | nightly alert |
 | k6 sustained RPS drop | < 5% vs baseline | nightly alert |
 | **Replay determinism** | 0 byte diff | **Release** |
-| **Interop findings parity** | ≥ 95% | **Release** |
+| **Interop findings parity** | ≥ 95% | **Release** |
 | **Offline E2E** | All pass with no network | **Release** |
-| **Unknowns budget (prod)** | ≤ configured limit | **Release** |
+| **Unknowns budget (prod)** | ≤ configured limit | **Release** |
 | **Router Retry-After compliance** | 100% | Nightly |
 
 ---
@@ -109,7 +109,7 @@ dotnet test --filter "Category=Interop"
 
 The script spins up PostgreSQL/Valkey via Testcontainers and requires:
 
-* Docker ≥ 25
+* Docker ≥ 25
 * Node 20 (for Jest/Playwright)
 
 ### PostgreSQL Testcontainers
@@ -158,7 +158,7 @@ stella replay verify --manifest run-manifest.json
 ### Evidence Index
 
 The **Evidence Index** links verdicts to their supporting evidence chain:
-- Verdict → SBOM digests → Attestation IDs → Tool versions
+- Verdict → SBOM digests → Attestation IDs → Tool versions
 
 ### Golden Corpus
 
@@ -191,7 +191,7 @@ public class OfflineTests : NetworkIsolatedTestBase
 
 ---
 
-## Concelier OSV↔GHSA Parity Fixtures
+## Concelier OSV↔GHSA Parity Fixtures
 
 The Concelier connector suite includes a regression test (`OsvGhsaParityRegressionTests`)
 that checks a curated set of GHSA identifiers against OSV responses. The fixture