save progress

docs/flows/README.md

@@ -0,0 +1,63 @@
+# StellaOps Flow Documentation
+
+This directory contains detailed end-to-end flow documentation for all major StellaOps workflows.
+
+## Flow Categories
+
+### Core Platform Flows (Existing)
+
+| Flow | File | Description |
+|------|------|-------------|
+| Dashboard Data Flow | [01-dashboard-data-flow.md](01-dashboard-data-flow.md) | How dashboard aggregates and displays security posture |
+| Scan Submission Flow | [02-scan-submission-flow.md](02-scan-submission-flow.md) | End-to-end container image scan lifecycle |
+| SBOM Generation Flow | [03-sbom-generation-flow.md](03-sbom-generation-flow.md) | Multi-analyzer SBOM generation and attestation |
+| Policy Evaluation Flow | [04-policy-evaluation-flow.md](04-policy-evaluation-flow.md) | K4 lattice policy evaluation with confidence scoring |
+| Notification Flow | [05-notification-flow.md](05-notification-flow.md) | Multi-channel notification delivery |
+| Export Flow | [06-export-flow.md](06-export-flow.md) | Report and evidence bundle generation |
+
+### Advanced Flows (New)
+
+| Flow | File | Description |
+|------|------|-------------|
+| CI/CD Gate Flow | [10-cicd-gate-flow.md](10-cicd-gate-flow.md) | Pipeline integration with pass/fail gates |
+| Advisory Drift Re-scan Flow | [11-advisory-drift-rescan-flow.md](11-advisory-drift-rescan-flow.md) | Automatic re-evaluation on new advisories |
+| VEX Auto-Generation Flow | [12-vex-auto-generation-flow.md](12-vex-auto-generation-flow.md) | ML-assisted VEX statement generation |
+| Evidence Bundle Export Flow | [13-evidence-bundle-export-flow.md](13-evidence-bundle-export-flow.md) | Auditable evidence package creation |
+| Multi-Tenant Policy Rollout Flow | [14-multi-tenant-policy-rollout-flow.md](14-multi-tenant-policy-rollout-flow.md) | Cross-tenant policy propagation |
+| Binary Delta Attestation Flow | [15-binary-delta-attestation-flow.md](15-binary-delta-attestation-flow.md) | Binary-level change attestation |
+| Offline Sync Flow | [16-offline-sync-flow.md](16-offline-sync-flow.md) | Air-gapped environment synchronization |
+| Exception Approval Workflow | [17-exception-approval-workflow.md](17-exception-approval-workflow.md) | Policy exception request and approval |
+| Risk Score Dashboard Flow | [18-risk-score-dashboard-flow.md](18-risk-score-dashboard-flow.md) | Real-time risk aggregation and display |
+| Reachability Drift Alert Flow | [19-reachability-drift-alert-flow.md](19-reachability-drift-alert-flow.md) | Runtime reachability change detection |
+
+## Flow Documentation Format
+
+Each flow document follows a standard structure:
+
+1. **Overview** - Brief description and business value
+2. **Actors** - Users, systems, and services involved
+3. **Prerequisites** - Required configuration and dependencies
+4. **Flow Diagram** - UML sequence/activity diagram
+5. **Step-by-Step** - Detailed step descriptions
+6. **Data Contracts** - Input/output schemas
+7. **Error Handling** - Failure modes and recovery
+8. **Observability** - Metrics, logs, and traces
+9. **Related Flows** - Cross-references to related workflows
+
+## Module Ownership
+
+| Flow Category | Primary Module | Supporting Modules |
+|---------------|----------------|-------------------|
+| Scanning | Scanner | Gateway, Scheduler, Attestor |
+| Policy | Policy | VexLens, Concelier, Scanner |
+| Advisory | Concelier | Excititor, Mirror, VexLens |
+| Export | ExportCenter | EvidenceLocker, Attestor, Signer |
+| Notification | Notify | Scheduler, Orchestrator |
+| CI/CD | CLI | Gateway, Scanner, Policy |
+
+## Related Documentation
+
+- [User Flows (UML)](../technical/architecture/user-flows.md)
+- [Data Flows](../technical/architecture/data-flows.md)
+- [Module Matrix](../technical/architecture/module-matrix.md)
+- [Schema Mapping](../technical/architecture/schema-mapping.md)