finish off sprint advisories and sprints

docs/modules/airgap/guides/offline-bundle-format.md

@@ -191,6 +191,50 @@ stellaops alert bundle verify --file ./bundles/alert-123.stella.bundle.tgz
 stellaops alert bundle import --file ./bundles/alert-123.stella.bundle.tgz
 ```
 
+## Function Map Artifacts
+
+Bundles can include runtime linkage verification artifacts. These are stored in dedicated subdirectories:
+
+```
+bundle.stella.bundle.tgz
+├── ...existing structure...
+├── function-maps/
+│   ├── {service}-function-map.json
+│   └── {service}-function-map.dsse.json
+├── observations/
+│   └── {date-label}-observations.ndjson
+└── verification/
+    ├── verification-report.json
+    └── verification-report.dsse.json
+```
+
+### Artifact Types
+
+| Artifact Type | Media Type | Description |
+|---------------|-----------|-------------|
+| `function-map` | `application/vnd.stella.function-map+json` | Function map predicate |
+| `function-map.dsse` | `application/vnd.dsse+json` | DSSE-signed function map |
+| `observations` | `application/x-ndjson` | Runtime observations (NDJSON) |
+| `verification-report` | `application/vnd.stella.verification-report+json` | Verification result |
+| `verification-report.dsse` | `application/vnd.dsse+json` | DSSE-signed verification report |
+
+### Offline Verification Workflow
+
+In air-gapped environments:
+
+1. Export the bundle with function map and observations included
+2. Transfer to the air-gapped instance
+3. Run offline verification:
+   ```bash
+   stella function-map verify \
+     --function-map ./function-maps/my-service-function-map.json \
+     --offline --observations ./observations/2026-01-23-observations.ndjson
+   ```
+
+See [Function Map V1 Contract](../../../contracts/function-map-v1.md) for the predicate schema specification.
+
+---
+
 ## Security Considerations
 
 1. **Hash Verification**: Always verify bundle hash before processing