feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline

- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners.
- Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process.
- Implemented unit tests for Advisory AI to block known injection patterns and redact secrets.
- Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.

docs/security/crypto-routing-audit-2025-11-07.md

@@ -70,6 +70,8 @@ Each deployment picks a profile (`activeProfile`) that resolves to a determinist
 
 **Action:** Introduce `ICryptoProviderRegistry` consumption inside connector/lib assemblies (probably through lightweight adapter service). File follow-up tasks in `src/Concelier/StellaOps.Concelier.WebService/TASKS.md` and connector TASK boards to migrate hashing/signing to the new PKCS#11/CryptoPro providers (priority for RU feeds to unblock RootPack_RU).
 
+> **Update (2025-11-08).** OpenAPI discovery, advisory chunk IDs, SourceFetchService/SourceStateSeedProcessor, OSV/NVD + RU connectors, and the JSON exporter/mirror bundle writers now route hashing/signing through `ICryptoHash` + `StellaOpsCryptoOptions`. Remaining Concelier hotspots should now only appear inside the shared `StellaOps.Cryptography*` assemblies.
+
 ### Scanner (web service, worker, Sbomer plug-ins)
 - `src/Scanner/StellaOps.Scanner.WebService/Utilities/ScanIdGenerator.cs` – direct SHA256 for id derivation.
 - `src/Scanner/StellaOps.Scanner.WebService/Services/ReportSigner.cs` – uses `ECDsa.Create()` directly for DSSE hand-off.

docs/security/dpop-mtls-rollout.md

@@ -8,15 +8,16 @@ _Last updated: 2025-11-07_
 3. Provide telemetry + runbooks so plugins (SEC2/SEC3/SEC5) can validate enforcement without regressions.
 
 ## Phase 1 · Config & Telemetry (ETA 2025-11-08)
-- [ ] Extend `authority.yaml` with `security.senderConstraints.dpop` section (nonce store, allowed algorithms, replay window).
-- [ ] Wire structured logs (`authority.dpop.request`) containing tenant, client, cnf thumbprint, nonce status.
-- [ ] Add `DPoPNonceStore` abstraction + Redis implementation for multi-node deployments.
-- [ ] Update integration tests: `AuthorityTokenTests.DPoPNonceRequired`, `AuthorityTokenTests.DPoPMustMatchCnF`.
+- [x] Extend `authority.yaml` with `security.senderConstraints.dpop` section (nonce store, allowed algorithms, replay window).
+- [x] Wire structured logs (`authority.dpop.request`) containing tenant, client, cnf thumbprint, nonce status.
+- [x] Add `DPoPNonceStore` abstraction + Redis implementation for multi-node deployments.
+- [x] Update integration tests: `AuthorityTokenTests.DPoPNonceRequired`, `AuthorityTokenTests.DPoPMustMatchCnF`.
 
 ## Phase 2 · Enforcement & Fallback (ETA 2025-11-10)
-- [ ] Reject `/token` requests lacking DPoP proof when tenant policy requires it.
-- [ ] Persist `cnf.jkt` and expose through `/introspect` so downstream services validate sender.
-- [ ] Add emergency bypass flag (`security.senderConstraints.dpop.allowTemporaryBypass`) for sealed recap drills; default disabled.
+- [x] Reject `/token` requests lacking DPoP proof when tenant policy requires it.
+- [x] Persist `cnf.jkt` and expose through `/introspect` so downstream services validate sender.
+- [x] Add emergency bypass flag (`security.senderConstraints.dpop.allowTemporaryBypass`) for sealed recap drills; default disabled.
+  - When enabled, Authority logs `authority.dpop.proof.bypass`, adds `authority.dpop_result=bypass` telemetry, and issues tokens without `cnf` so downstream services know sender constraints were relaxed. Reset immediately after the drill.
 
 ## Phase 3 · mTLS Binding (ETA 2025-11-10)
 - [x] Capture client cert thumbprint on `/token` (mutual TLS) and store in `authority_tokens.senderCertificate`.