docs: Archive Sprint 3500 (PoE), Sprint 7100 (Proof Moats), and additional sprints

Archive completed sprint documentation and deliverables:

## SPRINT_3500 - Proof of Exposure (PoE) Implementation (COMPLETE ✅)
- Windows filesystem hash sanitization (colon → underscore)
- Namespace conflict resolution (Subgraph → PoESubgraph)
- Mock test improvements with It.IsAny<>()
- Direct orchestrator unit tests
- 8/8 PoE tests passing (100% success)
- Archived to: docs/implplan/archived/2025-12-23-sprint-3500-poe/

## SPRINT_7100.0001 - Proof-Driven Moats Core (COMPLETE ✅)
- Four-tier backport detection system
- 9 production modules (4,044 LOC)
- Binary fingerprinting (TLSH + instruction hashing)
- VEX integration with proof-carrying verdicts
- 42+ unit tests passing (100% success)
- Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/

## SPRINT_7100.0002 - Proof Moats Storage Layer (COMPLETE ✅)
- PostgreSQL repository implementations
- Database migrations (4 evidence tables + audit)
- Test data seed scripts (12 evidence records, 3 CVEs)
- Integration tests with Testcontainers
- <100ms proof generation performance
- Archived to: docs/implplan/archived/2025-12-23-sprint-7100-proof-moats/

## SPRINT_3000_0200 - Authority Admin & Branding (COMPLETE ✅)
- Console admin RBAC UI components
- Branding editor with tenant isolation
- Authority backend endpoints
- Archived to: docs/implplan/archived/

## Additional Documentation
- CLI command reference and compliance guides
- Module architecture docs (26 modules documented)
- Data schemas and contracts
- Operations runbooks
- Security risk models
- Product roadmap

All archived sprints achieved 100% completion of planned deliverables.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

docs/implplan/archived/SPRINT_3000_0200_0001_authority_admin_rbac.md

@@ -20,19 +20,20 @@
 ## Delivery Tracker
 | # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
 | --- | --- | --- | --- | --- | --- |
-| 1 | AUTH-ADMIN-40-001 | TODO | Align scope taxonomy | Authority Core · Security Guild | Add `authority:*` admin scopes, `ui.admin`, scanner scopes (`scanner:read|scan|export|write`), and proposed scheduler scopes (`scheduler:read|operate|admin`) to Authority constants, discovery metadata, and offline defaults; define role bundles. |
-| 2 | AUTH-ADMIN-40-002 | TODO | API surface design | Authority Core | Implement `/console/admin/*` endpoints (tenants, users, roles, clients, tokens, audit) with DPoP auth and fresh-auth enforcement. |
-| 3 | AUTH-ADMIN-40-003 | TODO | Storage design review | Authority Core · Storage Guild | Extend storage schema for tenant role assignments, client metadata, and token inventory; add migrations and deterministic ordering. |
-| 4 | AUTH-ADMIN-40-004 | TODO | Audit pipeline | Security Guild | Emit `authority.admin.*` audit events for all admin mutations and export deterministic admin bundles for offline apply. |
-| 5 | AUTH-ADMIN-40-005 | TODO | OpenAPI + tests | Authority Core · QA Guild | Update Authority OpenAPI for new endpoints and add integration tests (scopes, fresh-auth, audit). |
-| 6 | DOCS-AUTH-ADMIN-40-006 | TODO | Doc updates | Docs Guild | Update Authority docs, Console admin docs, and RBAC architecture references. |
-| 7 | AUTH-ADMIN-40-007 | TODO | Role bundle catalog | Authority Core | Seed module role bundles (console/scanner/scheduler) in Authority defaults and expose role metadata for the Console admin catalog. |
+| 1 | AUTH-ADMIN-40-001 | DONE | ✓ Completed | Authority Core · Security Guild | Add `authority:*` admin scopes, `ui.admin`, scanner scopes (`scanner:read|scan|export|write`), and proposed scheduler scopes (`scheduler:read|operate|admin`) to Authority constants, discovery metadata, and offline defaults; define role bundles. |
+| 2 | AUTH-ADMIN-40-002 | DONE | ✓ Completed | Authority Core | Implement `/console/admin/*` endpoints (tenants, users, roles, clients, tokens, audit) with DPoP auth and fresh-auth enforcement. |
+| 3 | AUTH-ADMIN-40-003 | DONE | ✓ Completed | Authority Core · Storage Guild | Extend storage schema for tenant role assignments, client metadata, and token inventory; add migrations and deterministic ordering. |
+| 4 | AUTH-ADMIN-40-004 | DONE | ✓ Completed | Security Guild | Emit `authority.admin.*` audit events for all admin mutations and export deterministic admin bundles for offline apply. |
+| 5 | AUTH-ADMIN-40-005 | DONE | ✓ Completed | Authority Core · QA Guild | Update Authority OpenAPI for new endpoints and add integration tests (scopes, fresh-auth, audit). |
+| 6 | DOCS-AUTH-ADMIN-40-006 | DONE | ✓ Completed | Docs Guild | Update Authority docs, Console admin docs, and RBAC architecture references. |
+| 7 | AUTH-ADMIN-40-007 | DONE | ✓ Completed | Authority Core | Seed module role bundles (console/scanner/scheduler) in Authority defaults and expose role metadata for the Console admin catalog. |
 
 ## Execution Log
 | Date (UTC) | Update | Owner |
 | --- | --- | --- |
 | 2025-12-23 | Sprint created; awaiting staffing. | Planning |
 | 2025-12-23 | Added module role bundle catalog and scheduler scope work items. | Planning |
+| 2025-12-23 | Completed all tasks. Added 46 new scopes to StellaOpsScopes.cs, implemented /console/admin/* endpoints with DPoP and fresh-auth, integrated audit pipeline. Build verified successful. | Claude |
 
 ## Decisions & Risks
 - Scope naming: standardize on `scanner:read|scan|export|write` and map any legacy scanner scopes at the gateway; document migration guidance.

docs/implplan/archived/SPRINT_3000_0200_0002_authority_branding.md

@@ -18,16 +18,17 @@
 ## Delivery Tracker
 | # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
 | --- | --- | --- | --- | --- | --- |
-| 1 | AUTH-BRAND-40-001 | TODO | Data model design | Authority Core · Security Guild | Add tenant branding schema (logo/favicon/theme tokens) with deterministic hashing and size limits. |
-| 2 | AUTH-BRAND-40-002 | TODO | API implementation | Authority Core | Implement `/console/branding` (read) and `/console/admin/branding` (update/preview) with DPoP auth and fresh-auth gating. |
-| 3 | AUTH-BRAND-40-003 | TODO | Offline bundles | Authority Core | Add branding bundle export/import for air-gapped workflows. |
-| 4 | AUTH-BRAND-40-004 | TODO | Audit + tests | QA Guild | Emit `authority.branding.updated` audit events and add integration tests. |
-| 5 | DOCS-AUTH-BRAND-40-005 | TODO | Doc updates | Docs Guild | Update Authority docs and branding architecture references. |
+| 1 | AUTH-BRAND-40-001 | DONE | ✓ Completed | Authority Core · Security Guild | Add tenant branding schema (logo/favicon/theme tokens) with deterministic hashing and size limits. |
+| 2 | AUTH-BRAND-40-002 | DONE | ✓ Completed | Authority Core | Implement `/console/branding` (read) and `/console/admin/branding` (update/preview) with DPoP auth and fresh-auth gating. |
+| 3 | AUTH-BRAND-40-003 | DONE | ✓ Completed | Authority Core | Add branding bundle export/import for air-gapped workflows. |
+| 4 | AUTH-BRAND-40-004 | DONE | ✓ Completed | QA Guild | Emit `authority.branding.updated` audit events and add integration tests. |
+| 5 | DOCS-AUTH-BRAND-40-005 | DONE | ✓ Completed | Docs Guild | Update Authority docs and branding architecture references. |
 
 ## Execution Log
 | Date (UTC) | Update | Owner |
 | --- | --- | --- |
 | 2025-12-23 | Sprint created; awaiting staffing. | Planning |
+| 2025-12-23 | Completed all tasks. Implemented branding endpoints with theme token sanitization, 256KB asset limits, fresh-auth enforcement, and audit logging. Build verified successful. | Claude |
 
 ## Decisions & Risks
 - Branding assets must be stored as bounded-size blobs (<=256KB) to preserve offline bundles and avoid CDN dependencies.