feat: Add documentation and task tracking for Sprints 508 to 514 in Ops & Offline

- Created detailed markdown files for Sprints 508 (Ops Offline Kit), 509 (Samples), 510 (AirGap), 511 (Api), 512 (Bench), 513 (Provenance), and 514 (Sovereign Crypto Enablement) outlining tasks, dependencies, and owners.
- Introduced a comprehensive Reachability Evidence Delivery Guide to streamline the reachability signal process.
- Implemented unit tests for Advisory AI to block known injection patterns and redact secrets.
- Added AuthoritySenderConstraintHelper to manage sender constraints in OpenIddict transactions.

src/__Libraries/StellaOps.Configuration/StellaOpsAuthorityOptions.cs

@@ -340,6 +340,11 @@ public sealed class AuthorityDpopOptions
 
     public bool Enabled { get; set; }
 
+    /// <summary>
+    /// Allows temporarily bypassing DPoP enforcement (for emergency drills only).
+    /// </summary>
+    public bool AllowTemporaryBypass { get; set; }
+
     public TimeSpan ProofLifetime { get; set; } = TimeSpan.FromMinutes(2);
 
     public TimeSpan AllowedClockSkew { get; set; } = TimeSpan.FromSeconds(30);

src/__Libraries/StellaOps.Replay.Core/AGENTS.md

@@ -13,7 +13,7 @@ Own shared replay domain types, canonicalisation helpers, bundle hashing utiliti
 1. Maintain deterministic behaviour (lexicographic ordering, canonical JSON, fixed encodings).
 2. Keep APIs offline-friendly; no network dependencies.
 3. Coordinate schema and bundle changes with Scanner, Evidence Locker, CLI, and Docs guilds.
-4. Update module `TASKS.md` statuses alongside `docs/implplan/SPRINT_185_replay_core.md`.
+4. Update module `TASKS.md` statuses alongside `docs/implplan/SPRINT_185_shared_replay_primitives.md`.
 
 ## Contacts
 - BE-Base Platform Guild (primary)