diff --git a/docs/README.md b/docs/README.md
index d2f3d0418..356d46d9a 100755
--- a/docs/README.md
+++ b/docs/README.md
@@ -92,6 +92,9 @@ This documentation set is intentionally consolidated and does not maintain compa
 | Architecture: data flows | `technical/architecture/data-flows.md` |
 | Architecture: schema mapping | `technical/architecture/schema-mapping.md` |
 | Release Orchestration dossier | `modules/release-orchestrator/architecture.md` |
+| Telemetry federation architecture | `modules/telemetry/federation-architecture.md` |
+| Telemetry federation runbook | `runbooks/federated-telemetry-operations.md` |
+| Telemetry federation contracts | `contracts/federated-consent-v1.md`, `contracts/federated-telemetry-v1.md` |
 
 ### Development and operations
 
diff --git a/docs/implplan/SPRINT_20260220_016_FE_pack19_exceptions_conformity_gap.md b/docs/implplan/SPRINT_20260220_016_FE_pack19_exceptions_conformity_gap.md
new file mode 100644
index 000000000..cb961938c
--- /dev/null
+++ b/docs/implplan/SPRINT_20260220_016_FE_pack19_exceptions_conformity_gap.md
@@ -0,0 +1,90 @@
+# Sprint 20260220-016 - FE Pack 19 Exceptions Conformity Gap
+
+## Topic & Scope
+- Close the remaining pack conformity gap after full `pack-01..pack-21` Playwright verification.
+- Implement Pack 19 Exceptions screen semantics at canonical `Security & Risk` routes.
+- Preserve existing triage workflows while separating them from the Pack 19 Exceptions surface.
+- Working directory: `src/Web/StellaOps.Web`.
+- Expected evidence: focused unit tests, Playwright pack-conformance pass, and updated diff ledger.
+
+## Dependencies & Concurrency
+- Depends on current canonical route map in `src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts`.
+- Depends on Pack source-of-truth docs in `docs/modules/ui/v2-rewire/pack-19.md` and `docs/modules/ui/v2-rewire/source-of-truth.md`.
+- Safe concurrency: may run in parallel with non-security FE work if no edits touch `security-risk` routes/components.
+
+## Documentation Prerequisites
+- `docs/modules/ui/v2-rewire/pack-19.md`
+- `docs/modules/ui/v2-rewire/source-of-truth.md`
+- `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md`
+
+## Delivery Tracker
+
+### S19-EX-01 - Replace Pack 19 Exceptions route surface
+Status: TODO
+Dependency: none
+Owners: FE implementer
+Task description:
+- Replace `/security-risk/exceptions` route target so it renders a dedicated Exceptions screen aligned to Pack 19 section 19.10.
+- Keep route canonical and maintain existing breadcrumb/title behavior under `Security & Risk`.
+
+Completion criteria:
+- [ ] `/security-risk/exceptions` no longer resolves to triage artifact UI.
+- [ ] Exceptions list UI vocabulary reflects waiver/risk acceptance domain.
+- [ ] Sidebar navigation label/path behavior remains stable for `Security & Risk`.
+
+### S19-EX-02 - Add Exception detail workflow route
+Status: TODO
+Dependency: S19-EX-01
+Owners: FE implementer
+Task description:
+- Implement dedicated Exception detail surface for `/security-risk/exceptions/:id`.
+- Ensure drill-down links from Exceptions list use this route and preserve back navigation to Exceptions list.
+
+Completion criteria:
+- [ ] `/security-risk/exceptions/:id` resolves to an Exception detail view, not triage artifact detail.
+- [ ] Exceptions list has deterministic navigation to detail.
+- [ ] Detail view includes status, scope, expiry, approvals, and evidence pointers required by Pack 19 intent.
+
+### S19-EX-03 - Test coverage and pack-conformance verification
+Status: TODO
+Dependency: S19-EX-01
+Owners: FE implementer, QA
+Task description:
+- Add or update unit tests for the new Exceptions route wiring and core rendering assertions.
+- Re-run pack-conformance Playwright sweep against `pack-01..pack-21` and ensure zero mismatches.
+
+Completion criteria:
+- [ ] Unit tests pass for new Exceptions route/component behavior.
+- [ ] `tests/e2e/pack-conformance.scratch.spec.ts` passes with no mismatches.
+- [ ] Test commands and outputs recorded in this sprint `Execution Log`.
+
+### S19-EX-04 - Update pack difference ledger and close sprint
+Status: TODO
+Dependency: S19-EX-03
+Owners: FE implementer, Documentation author
+Task description:
+- Update `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md` from `DIFF` to resolved state when implementation lands.
+- Archive this sprint only after all tasks are `DONE`.
+
+Completion criteria:
+- [ ] Pack diff ledger updated to reflect resolved Pack 19 mismatch.
+- [ ] All tasks in this sprint are `DONE`.
+- [ ] Sprint moved to `docs-archived/implplan/` only after criteria are met.
+
+## Execution Log
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-02-20 | Sprint created from full Pack conformity run. Result: 61 checks, 1 mismatch at Pack 19 Exceptions route. | Planning |
+| 2026-02-20 | Reproduced mismatch with filtered run (`PACK_CONFORMANCE_FILTER='pack-19.*exceptions'`) to isolate route-level nonconformance. | QA |
+
+## Decisions & Risks
+- Decision: treat latest pack precedence as authoritative; Pack 19 section 19.10 governs Exceptions behavior.
+- Decision: keep this sprint FE-scoped with route/component separation first; backend enrichment can layer without blocking route conformance.
+- Risk: replacing current route target can break users relying on triage page at `/security-risk/exceptions`; mitigate by preserving triage under existing triage paths and adding redirects if needed.
+- Risk: pack-conformance run is sensitive to dev proxy path capture for `/integrations` and `/platform`; mitigate by using clean proxy config during conformity runs.
+- Evidence reference: `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md`.
+
+## Next Checkpoints
+- 2026-02-21: route/component implementation complete and unit tests green.
+- 2026-02-21: full Playwright pack-conformance rerun shows zero mismatches.
+- 2026-02-21: sprint ready for archive review.
diff --git a/docs/modules/remediation/architecture.md b/docs/modules/remediation/architecture.md
index 972320230..6b31a8dc3 100644
--- a/docs/modules/remediation/architecture.md
+++ b/docs/modules/remediation/architecture.md
@@ -135,3 +135,7 @@ src/Remediation/
 - SPRINT_20260220_013: Matching, sources, policy
 - SPRINT_20260220_014: UI components
 - SPRINT_20260220_015: Documentation
+
+## Related Contracts
+
+- `docs/contracts/remediation-pr-v1.md`
diff --git a/docs/modules/telemetry/README.md b/docs/modules/telemetry/README.md
index 005d2b5e2..64fcb80bc 100644
--- a/docs/modules/telemetry/README.md
+++ b/docs/modules/telemetry/README.md
@@ -29,9 +29,13 @@ Telemetry module captures deployment and operations guidance for the shared obse
 - Sprint 23 console security sign-off (2025-10-27) added the `console-security.json` Grafana board and burn-rate alert pack—ensure environments import the updated dashboards/alerts referenced in `docs/updates/2025-10-27-console-security-signoff.md`.
 - Observability assets for this sprint: `operations/observability.md` and `operations/dashboards/telemetry-observability.json` (offline import).
 
-## Related resources
-- ./operations/collector.md
-- ./operations/storage.md
+## Related resources
+- ./operations/collector.md
+- ./operations/storage.md
+- ./federation-architecture.md
+- ../../contracts/federated-consent-v1.md
+- ../../contracts/federated-telemetry-v1.md
+- ../../runbooks/federated-telemetry-operations.md
 
 ## Backlog references
 - TELEMETRY-OBS-50-001 … 50-004 in ../../TASKS.md.
diff --git a/docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md b/docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md
new file mode 100644
index 000000000..8474da5cb
--- /dev/null
+++ b/docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md
@@ -0,0 +1,25 @@
+# Pack Conformity Diff - 2026-02-20 (UTC)
+
+## Scope
+- Source packs reviewed: `docs/modules/ui/v2-rewire/pack-01.md` through `docs/modules/ui/v2-rewire/pack-21.md`.
+- Effective precedence rule: higher pack number wins where behavior is refined in later packs.
+- Conformity harness: `src/Web/StellaOps.Web/tests/e2e/pack-conformance.scratch.spec.ts`.
+- UI run mode for clean routing: Angular dev server on `https://127.0.0.1:4410` with empty proxy config (no `/integrations` or `/platform` path capture).
+
+## Evidence
+- Command:
+  `npx ng serve --configuration development --port 4410 --host 127.0.0.1 --ssl --proxy-config proxy.playwright-empty.json`
+- Command:
+  `PLAYWRIGHT_BASE_URL=https://127.0.0.1:4410 npx playwright test tests/e2e/pack-conformance.scratch.spec.ts`
+- Result:
+  `61` canonical pack route checks executed, `60` conformant, `1` mismatch.
+
+## Difference Ledger
+| Status | Pack File | Pack Section | Canonical Route | Expected UI | Actual UI | Code Reference |
+| --- | --- | --- | --- | --- | --- | --- |
+| DIFF | `docs/modules/ui/v2-rewire/pack-19.md` | `19.10 Security screen - Exceptions` | `/security-risk/exceptions` | Dedicated "Exceptions" screen for waivers and risk acceptance | Route resolves to Vulnerability Triage artifact screen (`Vulnerability Triage`, `Artifact-first workflow with evidence and VEX-first decisioning`) | `src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts:103`, `src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts:107`, `src/Web/StellaOps.Web/src/app/features/triage/triage-artifacts.component.html:4` |
+
+## Notes
+- The remaining gap is functional, not naming-only.
+- The mismatch is isolated to the Pack 19 Exceptions requirement.
+- All other pack-derived canonical routes in the current matrix conform under the clean run mode above.
diff --git a/src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/Console/ConsoleAdminEndpointsTests.cs b/src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/Console/ConsoleAdminEndpointsTests.cs
index a75ededde..3f38dcdd4 100644
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/Console/ConsoleAdminEndpointsTests.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/Console/ConsoleAdminEndpointsTests.cs
@@ -116,6 +116,48 @@ public sealed class ConsoleAdminEndpointsTests
         Assert.Contains(listed!.Users, static user => user.Username == "alice");
     }
 
+    [Fact]
+    public async Task LegacyApiAlias_UsersListAndCreate_WorkForApiAdminPath()
+    {
+        var now = new DateTimeOffset(2026, 2, 20, 14, 0, 0, TimeSpan.Zero);
+        var timeProvider = new FakeTimeProvider(now);
+        var sink = new RecordingAuthEventSink();
+        var users = new InMemoryUserRepository();
+
+        await using var app = await CreateApplicationAsync(timeProvider, sink, users);
+
+        var principalAccessor = app.Services.GetRequiredService<AdminTestPrincipalAccessor>();
+        principalAccessor.Principal = CreatePrincipal(
+            tenant: "default",
+            scopes: new[] { StellaOpsScopes.UiAdmin, StellaOpsScopes.AuthorityUsersRead, StellaOpsScopes.AuthorityUsersWrite },
+            expiresAt: now.AddMinutes(10));
+
+        using var client = CreateTestClient(app);
+        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(AdminAuthenticationDefaults.AuthenticationScheme);
+        client.DefaultRequestHeaders.Add(AuthorityHttpHeaders.Tenant, "default");
+
+        var createResponse = await client.PostAsJsonAsync(
+            "/api/admin/users",
+            new
+            {
+                username = "legacy-api-user",
+                email = "legacy@example.com",
+                displayName = "Legacy API User",
+                roles = new[] { "operator" }
+            });
+
+        Assert.Equal(HttpStatusCode.Created, createResponse.StatusCode);
+        Assert.NotNull(createResponse.Headers.Location);
+        Assert.StartsWith("/api/admin/users/", createResponse.Headers.Location!.ToString(), StringComparison.OrdinalIgnoreCase);
+
+        var listResponse = await client.GetAsync("/api/admin/users");
+        Assert.Equal(HttpStatusCode.OK, listResponse.StatusCode);
+
+        var payload = await listResponse.Content.ReadFromJsonAsync<UserListPayload>();
+        Assert.NotNull(payload);
+        Assert.Contains(payload!.Users, static user => user.Username == "legacy-api-user");
+    }
+
     private static async Task<WebApplication> CreateApplicationAsync(
         FakeTimeProvider timeProvider,
         RecordingAuthEventSink sink,
diff --git a/src/Authority/StellaOps.Authority/StellaOps.Authority/Console/Admin/ConsoleAdminEndpointExtensions.cs b/src/Authority/StellaOps.Authority/StellaOps.Authority/Console/Admin/ConsoleAdminEndpointExtensions.cs
index bc010a8bb..14389d72f 100644
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority/Console/Admin/ConsoleAdminEndpointExtensions.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority/Console/Admin/ConsoleAdminEndpointExtensions.cs
@@ -33,6 +33,13 @@ internal static class ConsoleAdminEndpointExtensions
         adminGroup.AddEndpointFilter(new TenantHeaderFilter());
         adminGroup.AddEndpointFilter(new FreshAuthFilter());
 
+        var legacyApiGroup = app.MapGroup("/api/admin")
+            .RequireAuthorization(policy => policy.RequireStellaOpsScopes(StellaOpsScopes.UiAdmin))
+            .WithTags("Console Admin");
+
+        legacyApiGroup.AddEndpointFilter(new TenantHeaderFilter());
+        legacyApiGroup.AddEndpointFilter(new FreshAuthFilter());
+
         // Tenants
         var tenantGroup = adminGroup.MapGroup("/tenants");
 
@@ -79,6 +86,17 @@ internal static class ConsoleAdminEndpointExtensions
             .WithName("AdminCreateUser")
             .WithSummary("Create a local user (does not apply to external IdP users).");
 
+        var legacyUserGroup = legacyApiGroup.MapGroup("/users");
+
+        legacyUserGroup.MapGet("", ListUsers)
+            .RequireAuthorization(policy => policy.RequireStellaOpsScopes(StellaOpsScopes.AuthorityUsersRead))
+            .WithSummary("Legacy alias: list users for the specified tenant.");
+
+        legacyUserGroup.MapPost("", CreateUser)
+            .RequireAuthorization(policy => policy.RequireStellaOpsScopes(StellaOpsScopes.AuthorityUsersWrite))
+            .RequireFreshAuth()
+            .WithSummary("Legacy alias: create a local user.");
+
         userGroup.MapPatch("/{userId}", UpdateUser)
             .RequireAuthorization(policy => policy.RequireStellaOpsScopes(StellaOpsScopes.AuthorityUsersWrite))
             .RequireFreshAuth()
@@ -388,7 +406,12 @@ internal static class ConsoleAdminEndpointExtensions
                 ("user.id", createdSummary.Id)),
             cancellationToken).ConfigureAwait(false);
 
-        return Results.Created($"/console/admin/users/{createdSummary.Id}", createdSummary);
+        var requestPath = httpContext.Request.Path.Value ?? string.Empty;
+        var locationPrefix = requestPath.StartsWith("/api/admin", StringComparison.OrdinalIgnoreCase)
+            ? "/api/admin/users"
+            : "/console/admin/users";
+
+        return Results.Created($"{locationPrefix}/{createdSummary.Id}", createdSummary);
     }
 
     private static async Task<IResult> UpdateUser(
diff --git a/src/Telemetry/StellaOps.Telemetry.Federation.Tests/PrivacyBudgetTrackerTests.cs b/src/Telemetry/StellaOps.Telemetry.Federation.Tests/PrivacyBudgetTrackerTests.cs
index a7db73453..772527256 100644
--- a/src/Telemetry/StellaOps.Telemetry.Federation.Tests/PrivacyBudgetTrackerTests.cs
+++ b/src/Telemetry/StellaOps.Telemetry.Federation.Tests/PrivacyBudgetTrackerTests.cs
@@ -79,7 +79,8 @@ public sealed class PrivacyBudgetTrackerTests
         var snapshot = tracker.GetSnapshot();
         Assert.Equal(2, snapshot.QueriesThisPeriod);
         Assert.Equal(1, snapshot.SuppressedThisPeriod);
-        Assert.True(snapshot.Exhausted);
+        Assert.False(snapshot.Exhausted);
+        Assert.Equal(0.1, snapshot.Remaining, precision: 10);
     }
 
     [Fact]
diff --git a/src/Telemetry/StellaOps.Telemetry.Federation.Tests/TelemetryAggregatorTests.cs b/src/Telemetry/StellaOps.Telemetry.Federation.Tests/TelemetryAggregatorTests.cs
index 4154ff19e..a244d9c88 100644
--- a/src/Telemetry/StellaOps.Telemetry.Federation.Tests/TelemetryAggregatorTests.cs
+++ b/src/Telemetry/StellaOps.Telemetry.Federation.Tests/TelemetryAggregatorTests.cs
@@ -121,6 +121,9 @@ public sealed class TelemetryAggregatorTests
     {
         var (aggregator, budget) = CreateAggregator(kThreshold: 1, epsilon: 0.01);
 
+        // Pre-spend enough budget so the aggregation pass must suppress some buckets.
+        Assert.True(budget.TrySpend(0.0095));
+
         // Create many CVE groups to exhaust the tiny budget
         var facts = new List<TelemetryFact>();
         for (int i = 0; i < 100; i++)
diff --git a/src/Telemetry/StellaOps.Telemetry.Federation/Privacy/PrivacyBudgetTracker.cs b/src/Telemetry/StellaOps.Telemetry.Federation/Privacy/PrivacyBudgetTracker.cs
index dda7c5d2a..91d803660 100644
--- a/src/Telemetry/StellaOps.Telemetry.Federation/Privacy/PrivacyBudgetTracker.cs
+++ b/src/Telemetry/StellaOps.Telemetry.Federation/Privacy/PrivacyBudgetTracker.cs
@@ -129,7 +129,7 @@ public sealed class PrivacyBudgetTracker : IPrivacyBudgetTracker
         }
     }
 
-    internal static double LaplacianNoise(double sensitivity, double epsilon, Random rng)
+    public static double LaplacianNoise(double sensitivity, double epsilon, Random rng)
     {
         double u = rng.NextDouble() - 0.5;
         return -(sensitivity / epsilon) * Math.Sign(u) * Math.Log(1 - 2 * Math.Abs(u));
diff --git a/src/Web/StellaOps.Web/src/app/app.routes.ts b/src/Web/StellaOps.Web/src/app/app.routes.ts
index 219207861..2758e53e7 100644
--- a/src/Web/StellaOps.Web/src/app/app.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/app.routes.ts
@@ -46,6 +46,11 @@ export const routes: Routes = [
         (m) => m.DASHBOARD_ROUTES
       ),
   },
+  {
+    path: 'control-plane',
+    pathMatch: 'full',
+    redirectTo: '/',
+  },
 
   // Domain 2: Release Control
   {
@@ -59,12 +64,12 @@ export const routes: Routes = [
       ),
   },
 
-  // Domain 3: Security and Risk (formerly /security)
+  // Domain 3: Security & Risk (formerly /security)
   {
     path: 'security-risk',
-    title: 'Security and Risk',
+    title: 'Security & Risk',
     canMatch: [requireConfigGuard, requireBackendsReachableGuard, requireAuthGuard],
-    data: { breadcrumb: 'Security and Risk' },
+    data: { breadcrumb: 'Security & Risk' },
     loadChildren: () =>
       import('./routes/security-risk.routes').then(
         (m) => m.SECURITY_RISK_ROUTES
@@ -74,9 +79,9 @@ export const routes: Routes = [
   // Domain 4: Evidence and Audit (formerly /evidence)
   {
     path: 'evidence-audit',
-    title: 'Evidence and Audit',
+    title: 'Evidence & Audit',
     canMatch: [requireConfigGuard, requireBackendsReachableGuard, requireAuthGuard],
-    data: { breadcrumb: 'Evidence and Audit' },
+    data: { breadcrumb: 'Evidence & Audit' },
     loadChildren: () =>
       import('./routes/evidence-audit.routes').then(
         (m) => m.EVIDENCE_AUDIT_ROUTES
@@ -127,7 +132,7 @@ export const routes: Routes = [
   {
     path: 'environments',
     pathMatch: 'full',
-    redirectTo: '/release-control/environments',
+    redirectTo: '/release-control/regions',
   },
   {
     path: 'releases',
@@ -140,7 +145,7 @@ export const routes: Routes = [
     redirectTo: '/release-control/deployments',
   },
 
-  // Security and Risk domain alias
+  // Security & Risk domain alias
   {
     path: 'security',
     pathMatch: 'full',
@@ -166,8 +171,13 @@ export const routes: Routes = [
   // Platform Ops domain alias
   {
     path: 'operations',
-    pathMatch: 'full',
-    redirectTo: '/platform-ops',
+    title: 'Platform Ops',
+    canMatch: [requireConfigGuard, requireBackendsReachableGuard, requireAuthGuard],
+    data: { breadcrumb: 'Platform Ops' },
+    loadChildren: () =>
+      import('./routes/platform-ops.routes').then(
+        (m) => m.PLATFORM_OPS_ROUTES
+      ),
   },
 
   // Administration domain alias — policy
@@ -207,10 +217,8 @@ export const routes: Routes = [
   // Administration domain alias — settings
   {
     path: 'settings',
-    title: 'Settings',
-    canMatch: [requireConfigGuard, requireBackendsReachableGuard, requireAuthGuard],
-    loadChildren: () =>
-      import('./features/settings/settings.routes').then((m) => m.SETTINGS_ROUTES),
+    pathMatch: 'full',
+    redirectTo: '/administration',
   },
 
   // ==========================================================================
@@ -242,6 +250,7 @@ export const routes: Routes = [
   },
   {
     path: 'console/profile',
+    title: 'Profile',
     canMatch: [requireConfigGuard, requireBackendsReachableGuard, requireAuthGuard],
     loadComponent: () =>
       import('./features/console/console-profile.component').then(
diff --git a/src/Web/StellaOps.Web/src/app/core/api/search.client.ts b/src/Web/StellaOps.Web/src/app/core/api/search.client.ts
index 813b4da8e..b825d9b1c 100644
--- a/src/Web/StellaOps.Web/src/app/core/api/search.client.ts
+++ b/src/Web/StellaOps.Web/src/app/core/api/search.client.ts
@@ -182,7 +182,7 @@ export class SearchClient {
             title: `job-${item.id.substring(0, 8)}`,
             subtitle: `${item.type} (${item.status})`,
             description: item.artifactRef,
-            route: `/orchestrator/jobs/${item.id}`,
+            route: `/platform-ops/orchestrator/jobs/${item.id}`,
             matchScore: 100,
           }))
         ),
diff --git a/src/Web/StellaOps.Web/src/app/core/api/search.models.ts b/src/Web/StellaOps.Web/src/app/core/api/search.models.ts
index 997049a7b..61f2612d5 100644
--- a/src/Web/StellaOps.Web/src/app/core/api/search.models.ts
+++ b/src/Web/StellaOps.Web/src/app/core/api/search.models.ts
@@ -127,7 +127,7 @@ export const DEFAULT_QUICK_ACTIONS: QuickAction[] = [
     shortcut: '>jobs',
     description: 'Navigate to job list',
     icon: 'workflow',
-    route: '/orchestrator/jobs',
+    route: '/platform-ops/orchestrator/jobs',
     keywords: ['jobs', 'orchestrator', 'list'],
   },
   {
diff --git a/src/Web/StellaOps.Web/src/app/core/auth/auth.service.ts b/src/Web/StellaOps.Web/src/app/core/auth/auth.service.ts
index f122de3ba..a10ec5a23 100644
--- a/src/Web/StellaOps.Web/src/app/core/auth/auth.service.ts
+++ b/src/Web/StellaOps.Web/src/app/core/auth/auth.service.ts
@@ -155,19 +155,19 @@ export class MockAuthService implements AuthService {
 
   // Orchestrator access methods (UI-ORCH-32-001)
   canViewOrchestrator(): boolean {
-    return this.hasScope(StellaOpsScopes.ORCH_READ);
+    return this.hasAdminPrivilege() || this.hasScope(StellaOpsScopes.ORCH_READ);
   }
 
   canOperateOrchestrator(): boolean {
-    return this.hasScope(StellaOpsScopes.ORCH_OPERATE);
+    return this.hasAdminPrivilege() || this.hasScope(StellaOpsScopes.ORCH_OPERATE);
   }
 
   canManageOrchestratorQuotas(): boolean {
-    return this.hasScope(StellaOpsScopes.ORCH_QUOTA);
+    return this.hasAdminPrivilege() || this.hasScope(StellaOpsScopes.ORCH_QUOTA);
   }
 
   canInitiateBackfill(): boolean {
-    return this.hasScope(StellaOpsScopes.ORCH_BACKFILL);
+    return this.hasAdminPrivilege() || this.hasScope(StellaOpsScopes.ORCH_BACKFILL);
   }
 
   // Policy Studio access methods (UI-POLICY-20-003)
@@ -210,6 +210,17 @@ export class MockAuthService implements AuthService {
   canAuditPolicies(): boolean {
     return this.hasScope(StellaOpsScopes.POLICY_AUDIT);
   }
+
+  private hasAdminPrivilege(): boolean {
+    const roleSet = new Set(
+      (this.user()?.roles ?? []).map((role) => role.trim().toLowerCase())
+    );
+    if (roleSet.has('admin')) {
+      return true;
+    }
+
+    return this.hasAnyScope([StellaOpsScopes.ADMIN, StellaOpsScopes.UI_ADMIN]);
+  }
 }
 
 // Re-export scopes for convenience
diff --git a/src/Web/StellaOps.Web/src/app/core/auth/authority-auth-adapter.service.spec.ts b/src/Web/StellaOps.Web/src/app/core/auth/authority-auth-adapter.service.spec.ts
index 5edb6d89c..3d2965915 100644
--- a/src/Web/StellaOps.Web/src/app/core/auth/authority-auth-adapter.service.spec.ts
+++ b/src/Web/StellaOps.Web/src/app/core/auth/authority-auth-adapter.service.spec.ts
@@ -72,6 +72,44 @@ describe('AuthorityAuthAdapterService', () => {
     service.logout();
     expect(authorityAuth.logout).toHaveBeenCalled();
   });
+
+  it('grants orchestrator capabilities to admin role even without orch scopes', () => {
+    sessionStore.setSession(
+      buildSession({
+        tenantId: 'tenant-ops',
+        subject: 'admin-subject',
+        name: 'Admin User',
+        email: 'admin@example.com',
+        roles: ['admin'],
+        scopes: [StellaOpsScopes.UI_READ],
+      })
+    );
+    TestBed.flushEffects();
+
+    expect(service.canViewOrchestrator()).toBeTrue();
+    expect(service.canOperateOrchestrator()).toBeTrue();
+    expect(service.canManageOrchestratorQuotas()).toBeTrue();
+    expect(service.canInitiateBackfill()).toBeTrue();
+  });
+
+  it('keeps orchestrator restrictions for non-admin roles', () => {
+    sessionStore.setSession(
+      buildSession({
+        tenantId: 'tenant-ops',
+        subject: 'viewer-subject',
+        name: 'Viewer User',
+        email: 'viewer@example.com',
+        roles: ['viewer'],
+        scopes: [StellaOpsScopes.UI_READ],
+      })
+    );
+    TestBed.flushEffects();
+
+    expect(service.canViewOrchestrator()).toBeFalse();
+    expect(service.canOperateOrchestrator()).toBeFalse();
+    expect(service.canManageOrchestratorQuotas()).toBeFalse();
+    expect(service.canInitiateBackfill()).toBeFalse();
+  });
 });
 
 function buildSession(overrides: {
diff --git a/src/Web/StellaOps.Web/src/app/core/auth/authority-auth-adapter.service.ts b/src/Web/StellaOps.Web/src/app/core/auth/authority-auth-adapter.service.ts
index 4ac3f6531..cd4d1dc56 100644
--- a/src/Web/StellaOps.Web/src/app/core/auth/authority-auth-adapter.service.ts
+++ b/src/Web/StellaOps.Web/src/app/core/auth/authority-auth-adapter.service.ts
@@ -79,19 +79,19 @@ export class AuthorityAuthAdapterService implements AuthService {
   }
 
   canViewOrchestrator(): boolean {
-    return this.hasScope(StellaOpsScopes.ORCH_READ);
+    return this.hasAdminPrivilege() || this.hasScope(StellaOpsScopes.ORCH_READ);
   }
 
   canOperateOrchestrator(): boolean {
-    return this.hasScope(StellaOpsScopes.ORCH_OPERATE);
+    return this.hasAdminPrivilege() || this.hasScope(StellaOpsScopes.ORCH_OPERATE);
   }
 
   canManageOrchestratorQuotas(): boolean {
-    return this.hasScope(StellaOpsScopes.ORCH_QUOTA);
+    return this.hasAdminPrivilege() || this.hasScope(StellaOpsScopes.ORCH_QUOTA);
   }
 
   canInitiateBackfill(): boolean {
-    return this.hasScope(StellaOpsScopes.ORCH_BACKFILL);
+    return this.hasAdminPrivilege() || this.hasScope(StellaOpsScopes.ORCH_BACKFILL);
   }
 
   canViewPolicies(): boolean {
@@ -156,7 +156,7 @@ export class AuthorityAuthAdapterService implements AuthService {
     const identity = session.identity;
     const id = identity.subject?.trim() || 'unknown-user';
     const name = identity.name?.trim() || id;
-    const email = identity.email?.trim() || `${id}@unknown.local`;
+    const email = identity.email?.trim() ?? '';
     const roles = identity.roles ?? [];
 
     return {
@@ -175,4 +175,15 @@ export class AuthorityAuthAdapterService implements AuthService {
       KNOWN_SCOPE_SET.has(scope as StellaOpsScope)
     );
   }
+
+  private hasAdminPrivilege(): boolean {
+    const roleSet = new Set(
+      (this.user()?.roles ?? []).map((role) => role.trim().toLowerCase())
+    );
+    if (roleSet.has('admin')) {
+      return true;
+    }
+
+    return this.hasAnyScope([StellaOpsScopes.ADMIN, StellaOpsScopes.UI_ADMIN]);
+  }
 }
diff --git a/src/Web/StellaOps.Web/src/app/features/analytics/analytics.routes.ts b/src/Web/StellaOps.Web/src/app/features/analytics/analytics.routes.ts
index 3b8f4b12a..3648cec3e 100644
--- a/src/Web/StellaOps.Web/src/app/features/analytics/analytics.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/features/analytics/analytics.routes.ts
@@ -7,15 +7,13 @@ import { Routes } from '@angular/router';
 export const ANALYTICS_ROUTES: Routes = [
   {
     path: '',
-    redirectTo: 'sbom-lake',
+    redirectTo: '/security-risk/sbom-lake',
     pathMatch: 'full',
     data: { breadcrumb: 'Analytics' },
   },
   {
     path: 'sbom-lake',
-    loadComponent: () =>
-      import('./sbom-lake-page.component').then((m) => m.SbomLakePageComponent),
-    title: 'SBOM Lake',
-    data: { breadcrumb: 'SBOM Lake' },
+    pathMatch: 'full',
+    redirectTo: '/security-risk/sbom-lake',
   },
 ];
diff --git a/src/Web/StellaOps.Web/src/app/features/approvals/approval-detail-page.component.ts b/src/Web/StellaOps.Web/src/app/features/approvals/approval-detail-page.component.ts
index 05a59bade..a0ec57d80 100644
--- a/src/Web/StellaOps.Web/src/app/features/approvals/approval-detail-page.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/approvals/approval-detail-page.component.ts
@@ -1,54 +1,89 @@
-/**
- * Approval Detail Page Component
- * Sprint: SPRINT_20260118_005_FE_approvals_feature (APPR-003, APPR-008)
- *
- * Full approval workflow page with diff, gates, decision panel,
- * and ReachabilityWitnessPanel (THE MOAT feature).
- */
-
-import { Component, ChangeDetectionStrategy, signal, computed, inject, OnInit } from '@angular/core';
 import { CommonModule } from '@angular/common';
-import { ActivatedRoute, RouterLink } from '@angular/router';
+import { ChangeDetectionStrategy, Component, computed, inject, OnInit, signal } from '@angular/core';
 import { FormsModule } from '@angular/forms';
+import { ActivatedRoute, RouterLink } from '@angular/router';
 
-interface WitnessNode {
-  function: string;
-  file: string;
-  line: number;
-  type: 'entry' | 'call' | 'sink' | 'guard';
-}
-
-interface ReachabilityWitness {
-  findingId: string;
-  component: string;
-  version: string;
-  description: string;
-  state: 'reachable' | 'unreachable' | 'uncertain';
-  confidence: number;
-  confidenceExplanation: string;
-  callPath: WitnessNode[];
-  analysisDetails: {
-    guards: string[];
-    dynamicLoading: boolean;
-    reflection: boolean;
-    conditionalExecution: string | null;
-    dataFlowConfidence: number;
-  };
-}
-
+type GateResult = 'PASS' | 'WARN' | 'BLOCK';
+type HealthStatus = 'OK' | 'WARN' | 'FAIL';
 type ApprovalDecisionStatus = 'pending' | 'approved' | 'rejected';
+type ApprovalTabId =
+  | 'overview'
+  | 'gates'
+  | 'security'
+  | 'reachability'
+  | 'ops-data'
+  | 'evidence'
+  | 'replay'
+  | 'history';
 
 interface ApprovalDetailState {
-  releaseVersion: string;
+  id: string;
+  bundleVersion: string;
   bundleDigest: string;
-  fromEnv: string;
-  toEnv: string;
-  status: ApprovalDecisionStatus;
+  sourceEnvironment: string;
+  targetEnvironment: string;
+  workflow: string;
   requestedBy: string;
   requestedAt: string;
-  decidedBy: string;
-  decidedAt: string;
-  evidenceId: string;
+  status: ApprovalDecisionStatus;
+  approvals: string;
+  critR: number;
+  sbomFreshness: string;
+  birCoverage: string;
+  dataIntegrity: HealthStatus;
+  decidedBy?: string;
+  decidedAt?: string;
+}
+
+interface GateTraceRow {
+  id: string;
+  gate: string;
+  result: GateResult;
+  why: string;
+  inputs: string[];
+  timestamp: string;
+  evidenceAge: string;
+  fixLinks: Array<{ label: string; route: string }>;
+}
+
+interface SecurityFindingRow {
+  cve: string;
+  packageName: string;
+  component: string;
+  reachability: string;
+  vex: string;
+}
+
+interface ReachabilityRow {
+  component: string;
+  digest: string;
+  build: boolean;
+  image: boolean;
+  runtime: boolean;
+}
+
+interface DataHealthRow {
+  name: string;
+  status: HealthStatus;
+  detail: string;
+}
+
+interface EvidenceArtifact {
+  name: string;
+  status: 'ready' | 'pending';
+}
+
+interface ReplayEvent {
+  id: string;
+  requestedAt: string;
+  status: string;
+}
+
+interface HistoryEvent {
+  id: string;
+  when: string;
+  event: string;
+  detail: string;
 }
 
 @Component({
@@ -57,784 +92,947 @@ interface ApprovalDetailState {
   imports: [CommonModule, RouterLink, FormsModule],
   changeDetection: ChangeDetectionStrategy.OnPush,
   template: `
-    <div class="approval-detail">
-      <header class="page-header">
-        <a routerLink="/approvals" class="back-link">← Back to Approvals</a>
-        <div class="header-main">
-          <h1 class="page-title">{{ approval().releaseVersion }}: {{ approval().fromEnv }} → {{ approval().toEnv }}</h1>
-          <span class="status-badge" [class]="'status-badge--' + approval().status">
+    <div class="approval-detail-v2">
+      <header class="decision-header">
+        <a routerLink="/release-control/approvals" class="back-link">Back to Approvals</a>
+
+        <div class="decision-header__title-row">
+          <h1>Approval Detail</h1>
+          <span class="approval-status" [class]="'approval-status approval-status--' + approval().status">
             {{ approval().status | uppercase }}
           </span>
         </div>
-        <p class="page-subtitle">
-          Bundle: <code class="digest">{{ approval().bundleDigest }}</code>
-          · Requested by {{ approval().requestedBy }} · {{ approval().requestedAt }}
-        </p>
+
+        <div class="decision-header__identity-grid">
+          <div>
+            <span class="label">Bundle Version</span>
+            <strong>{{ approval().bundleVersion }}</strong>
+          </div>
+          <div>
+            <span class="label">Manifest Digest</span>
+            <code>{{ approval().bundleDigest }}</code>
+          </div>
+          <div>
+            <span class="label">Promotion Edge</span>
+            <strong>{{ approval().sourceEnvironment }} -> {{ approval().targetEnvironment }}</strong>
+          </div>
+          <div>
+            <span class="label">Workflow</span>
+            <strong>{{ approval().workflow }}</strong>
+          </div>
+          <div>
+            <span class="label">Requested By</span>
+            <strong>{{ approval().requestedBy }} ({{ approval().requestedAt }})</strong>
+          </div>
+        </div>
+
+        <div class="readiness-bar">
+          <span>Gates PASS/BLOCK: <strong>{{ gatePassCount() }}/{{ gateBlockCount() }}</strong></span>
+          <span>Approvals: <strong>{{ approval().approvals }}</strong></span>
+          <span>CritR: <strong>{{ approval().critR }}</strong></span>
+          <span>SBOM: <strong>{{ approval().sbomFreshness }}</strong></span>
+          <span>Hybrid B/I/R: <strong>{{ approval().birCoverage }}</strong></span>
+          <span class="status-pill" [class]="'status-pill status-pill--' + approval().dataIntegrity.toLowerCase()">
+            Data Integrity {{ approval().dataIntegrity }}
+          </span>
+        </div>
+
+        @if (approval().status === 'pending') {
+          <div class="decision-form">
+            <label for="approval-reason">Decision Reason</label>
+            <textarea
+              id="approval-reason"
+              [(ngModel)]="decisionReason"
+              rows="3"
+              placeholder="Provide the rationale for this decision">
+            </textarea>
+            <p>{{ decisionReasonLength() }}/{{ minDecisionReasonLength }} characters</p>
+          </div>
+        }
+
+        <div class="decision-actions">
+          <button type="button" (click)="approve()" [disabled]="!canApprove()">
+            Approve
+          </button>
+          <button type="button" (click)="reject()" [disabled]="!canReject()">
+            Reject
+          </button>
+          <button type="button" (click)="requestExceptionAction()">
+            Request Exception
+          </button>
+          <button type="button" (click)="setActiveTab('evidence')">
+            Export Decision Packet
+          </button>
+          <button type="button" (click)="setActiveTab('replay')">
+            Replay/Verify
+          </button>
+        </div>
       </header>
 
-      <div class="content-layout">
-        <!-- Main Content -->
-        <div class="main-content">
-          <!-- Security Diff Panel -->
-          <section class="panel">
-            <h3 class="panel-title">Security Diff</h3>
-            <p class="panel-subtitle">Changes from {{ approval().fromEnv }} to {{ approval().toEnv }}</p>
-            <div class="diff-summary">
-              <div class="diff-item diff-item--added">
-                <span class="diff-icon">+</span>
-                <span>2 new CVEs introduced</span>
-              </div>
-              <div class="diff-item diff-item--removed">
-                <span class="diff-icon">−</span>
-                <span>1 CVE resolved</span>
-              </div>
-              <div class="diff-item diff-item--changed">
-                <span class="diff-icon">~</span>
-                <span>3 components updated</span>
-              </div>
-            </div>
-            <table class="diff-table">
+      <nav class="tab-nav" aria-label="Approval detail tabs">
+        @for (tab of tabs; track tab.id) {
+          <button
+            type="button"
+            class="tab-nav__item"
+            [class.tab-nav__item--active]="activeTab() === tab.id"
+            (click)="setActiveTab(tab.id)">
+            {{ tab.label }}
+          </button>
+        }
+      </nav>
+
+      <section class="tab-panel" aria-live="polite">
+        @if (activeTab() === 'overview') {
+          <section>
+            <h2>Overview</h2>
+            <p>
+              Decision case-file for release approval {{ approval().id }} with governance, risk,
+              data confidence, and evidence context in one place.
+            </p>
+            <ul>
+              <li>Blocking gates: {{ gateBlockCount() }}</li>
+              <li>Requested path: {{ approval().sourceEnvironment }} -> {{ approval().targetEnvironment }}</li>
+              <li>Exception requested: {{ requestException ? 'Yes' : 'No' }}</li>
+            </ul>
+          </section>
+        }
+
+        @if (activeTab() === 'gates') {
+          <section>
+            <h2>Gates</h2>
+            <p class="muted">Data snapshot: OSV 35m, NVD 3h 12m, Nightly SBOM rescan WARN</p>
+            <p class="muted">Decision digest: <code>{{ decisionDigest }}</code></p>
+
+            <table>
               <thead>
                 <tr>
-                  <th>Finding</th>
-                  <th>Change</th>
-                  <th>Severity</th>
-                  <th>Reachable</th>
+                  <th>Gate</th>
+                  <th>Result</th>
+                  <th>Why</th>
+                  <th>Actions</th>
                 </tr>
               </thead>
               <tbody>
-                <tr class="diff-row diff-row--added">
-                  <td>CVE-2026-1234</td>
-                  <td><span class="change-badge change-badge--new">NEW</span></td>
-                  <td><span class="severity severity--high">HIGH</span></td>
-                  <td>
-                    <button type="button" class="reachability-chip reachability-chip--reachable" (click)="openWitness('CVE-2026-1234')">
-                      Reachable (82%)
-                    </button>
-                  </td>
-                </tr>
-                <tr class="diff-row diff-row--added">
-                  <td>CVE-2026-5678</td>
-                  <td><span class="change-badge change-badge--new">NEW</span></td>
-                  <td><span class="severity severity--medium">MEDIUM</span></td>
-                  <td>
-                    <button type="button" class="reachability-chip reachability-chip--unreachable" (click)="openWitness('CVE-2026-5678')">
-                      Unreachable (94%)
-                    </button>
-                  </td>
-                </tr>
-                <tr class="diff-row diff-row--removed">
-                  <td>CVE-2025-9999</td>
-                  <td><span class="change-badge change-badge--fixed">FIXED</span></td>
-                  <td><span class="severity severity--critical">CRITICAL</span></td>
-                  <td>—</td>
-                </tr>
+                @for (row of gateTraceRows; track row.id) {
+                  <tr>
+                    <td>{{ row.gate }}</td>
+                    <td>
+                      <span class="status-pill" [class]="'status-pill status-pill--' + row.result.toLowerCase()">
+                        {{ row.result }}
+                      </span>
+                    </td>
+                    <td>{{ row.why }}</td>
+                    <td>
+                      <button type="button" class="link-btn" (click)="toggleGateTrace(row.id)">
+                        Gate detail trace
+                      </button>
+                      @if (row.result === 'BLOCK') {
+                        <div class="fix-links">
+                          @for (link of row.fixLinks; track link.label) {
+                            <a [routerLink]="link.route">{{ link.label }}</a>
+                          }
+                        </div>
+                      }
+                    </td>
+                  </tr>
+                  @if (expandedGateId() === row.id) {
+                    <tr>
+                      <td colspan="4" class="trace-detail">
+                        <p><strong>Inputs:</strong> {{ row.inputs.join(', ') }}</p>
+                        <p><strong>Timestamp:</strong> {{ row.timestamp }}</p>
+                        <p><strong>Evidence age:</strong> {{ row.evidenceAge }}</p>
+                      </td>
+                    </tr>
+                  }
+                }
               </tbody>
             </table>
           </section>
+        }
 
-          <!-- Reachability Witness Panel (THE MOAT) -->
-          @if (selectedWitness()) {
-            <section class="panel witness-panel">
-              <div class="witness-header">
-                <div class="witness-header__info">
-                  <h3 class="panel-title">Reachability Witness</h3>
-                  <p class="panel-subtitle">{{ selectedWitness()!.findingId }} in {{ selectedWitness()!.component }}&#64;{{ selectedWitness()!.version }}</p>
-                </div>
-                <button type="button" class="btn btn--sm btn--secondary" (click)="closeWitness()">
-                  <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg> Close
-                </button>
+        @if (activeTab() === 'security') {
+          <section>
+            <h2>Security</h2>
+            <p>
+              CritR {{ approval().critR }} | VEX coverage 83% | SBOM freshness {{ approval().sbomFreshness }}
+            </p>
+
+            <div class="two-col">
+              <div>
+                <h3>By Environment</h3>
+                <ul>
+                  <li>Staging CritR: 1</li>
+                  <li>Production CritR: 3</li>
+                </ul>
               </div>
-
-              <!-- Finding Info -->
-              <div class="witness-finding">
-                <div class="finding-description">{{ selectedWitness()!.description }}</div>
+              <div>
+                <h3>Delta vs Deployed</h3>
+                <p>+2 critical reachable introduced / -1 resolved.</p>
               </div>
+            </div>
 
-              <!-- State & Confidence -->
-              <div class="witness-state">
-                <div class="state-indicator" [class]="'state-indicator--' + selectedWitness()!.state">
-                  <span class="state-label">{{ selectedWitness()!.state | uppercase }}</span>
-                  <span class="state-confidence">{{ selectedWitness()!.confidence }}% confidence</span>
-                </div>
-                <div class="confidence-explanation">
-                  {{ selectedWitness()!.confidenceExplanation }}
-                </div>
-              </div>
-
-              <!-- Call Path Visualization -->
-              <div class="witness-callpath">
-                <h4 class="section-title">Call Path</h4>
-                <div class="callpath-visualization">
-                  @for (node of selectedWitness()!.callPath; track node.function; let i = $index; let last = $last) {
-                    <div class="callpath-node" [class]="'callpath-node--' + node.type">
-                      <div class="node-icon">
-                        @switch (node.type) {
-                          @case ('entry') { <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><polygon points="5 3 19 12 5 21 5 3"/></svg> }
-                          @case ('call') { <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><line x1="5" y1="12" x2="19" y2="12"/><polyline points="12 5 19 12 12 19"/></svg> }
-                          @case ('guard') { <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> }
-                          @case ('sink') { <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z"/><line x1="12" y1="9" x2="12" y2="13"/><line x1="12" y1="17" x2="12.01" y2="17"/></svg> }
-                        }
-                      </div>
-                      <div class="node-info">
-                        <code class="node-function">{{ node.function }}</code>
-                        <span class="node-location">{{ node.file }}:{{ node.line }}</span>
-                      </div>
-                    </div>
-                    @if (!last) {
-                      <div class="callpath-arrow"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><polyline points="6 9 12 15 18 9"/></svg></div>
-                    }
-                  }
-                </div>
-              </div>
-
-              <!-- Analysis Details -->
-              <div class="witness-analysis">
-                <h4 class="section-title">Analysis Details</h4>
-                <div class="analysis-grid">
-                  <div class="analysis-item">
-                    <span class="analysis-label">Data Flow Confidence</span>
-                    <span class="analysis-value">{{ selectedWitness()!.analysisDetails.dataFlowConfidence }}%</span>
-                  </div>
-                  <div class="analysis-item">
-                    <span class="analysis-label">Dynamic Loading</span>
-                    <span class="analysis-value" [class.analysis-value--warning]="selectedWitness()!.analysisDetails.dynamicLoading">
-                      {{ selectedWitness()!.analysisDetails.dynamicLoading ? 'Detected' : 'None' }}
-                    </span>
-                  </div>
-                  <div class="analysis-item">
-                    <span class="analysis-label">Reflection</span>
-                    <span class="analysis-value" [class.analysis-value--warning]="selectedWitness()!.analysisDetails.reflection">
-                      {{ selectedWitness()!.analysisDetails.reflection ? 'Detected' : 'None' }}
-                    </span>
-                  </div>
-                  @if (selectedWitness()!.analysisDetails.conditionalExecution) {
-                    <div class="analysis-item analysis-item--full">
-                      <span class="analysis-label">Conditional Execution</span>
-                      <span class="analysis-value">{{ selectedWitness()!.analysisDetails.conditionalExecution }}</span>
-                    </div>
-                  }
-                </div>
-
-                @if (selectedWitness()!.analysisDetails.guards.length > 0) {
-                  <div class="guards-section">
-                    <span class="analysis-label">Guards Detected</span>
-                    <div class="guards-list">
-                      @for (guard of selectedWitness()!.analysisDetails.guards; track guard) {
-                        <span class="guard-badge"><svg width="12" height="12" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/></svg> {{ guard }}</span>
-                      }
-                    </div>
-                  </div>
+            <table>
+              <thead>
+                <tr>
+                  <th>CVE</th>
+                  <th>Package</th>
+                  <th>Component</th>
+                  <th>Reachability</th>
+                  <th>VEX</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (item of securityFindings; track item.cve) {
+                  <tr>
+                    <td>{{ item.cve }}</td>
+                    <td>{{ item.packageName }}</td>
+                    <td>{{ item.component }}</td>
+                    <td>{{ item.reachability }}</td>
+                    <td>{{ item.vex }}</td>
+                  </tr>
                 }
-              </div>
+              </tbody>
+            </table>
 
-              <!-- Actions -->
-              <div class="witness-actions">
-                <button type="button" class="btn btn--primary" (click)="openFullWitness()">
-                  Open Full Witness
-                </button>
-                <button type="button" class="btn btn--secondary" (click)="exportWitness('dot')">
-                  Export DOT
-                </button>
-                <button type="button" class="btn btn--secondary" (click)="exportWitness('mermaid')">
-                  Export Mermaid
-                </button>
-                <button type="button" class="btn btn--secondary" (click)="replayVerify()">
-                  Replay Verify
-                </button>
-              </div>
-            </section>
-          }
-
-          <!-- Gates Panel -->
-          <section class="panel">
-            <h3 class="panel-title">Gate Results</h3>
-            <p class="panel-subtitle">Policy: stg-baseline v3.1</p>
-            <div class="gate-list">
-              @for (gate of gates; track gate.name) {
-                <div class="gate-item">
-                  <span class="gate-badge" [class]="'gate-badge--' + gate.status.toLowerCase()">{{ gate.status }}</span>
-                  <span class="gate-name">{{ gate.name }}</span>
-                  <button type="button" class="btn btn--sm btn--link" (click)="explainGate(gate)">Explain</button>
-                </div>
-              }
+            <div class="footer-links">
+              <a routerLink="/security-risk/findings">Open Findings (filtered)</a>
+              <a routerLink="/security-risk/vex">Open VEX Hub</a>
+              <a routerLink="/administration/policy-governance/exceptions">Open Exceptions</a>
             </div>
           </section>
+        }
 
-          <!-- Comments -->
-          <section class="panel">
-            <h3 class="panel-title">Comments</h3>
-            <div class="comments-list">
-              @for (comment of comments; track comment.id) {
-                <div class="comment">
-                  <div class="comment-header">
-                    <span class="comment-author">{{ comment.author }}</span>
-                    <span class="comment-time">{{ comment.time }}</span>
-                  </div>
-                  <p class="comment-body">{{ comment.body }}</p>
-                </div>
+        @if (activeTab() === 'reachability') {
+          <section>
+            <h2>Reachability</h2>
+            <p>Coverage: Build 84% | Image 92% | Runtime 61%</p>
+            <p>Evidence age: Build 42m | Image 38m | Runtime 2h 11m</p>
+            <p class="muted">
+              Policy interpretation: Runtime coverage below 70% downgrades confidence and can
+              block strict production promotions.
+            </p>
+
+            <table>
+              <thead>
+                <tr>
+                  <th>Component</th>
+                  <th>Digest</th>
+                  <th>Build</th>
+                  <th>Image</th>
+                  <th>Runtime</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (item of reachabilityRows; track item.component) {
+                  <tr>
+                    <td>{{ item.component }}</td>
+                    <td><code>{{ item.digest }}</code></td>
+                    <td>{{ item.build ? 'Y' : 'N' }}</td>
+                    <td>{{ item.image ? 'Y' : 'N' }}</td>
+                    <td>{{ item.runtime ? 'Y' : 'N' }}</td>
+                  </tr>
+                }
+              </tbody>
+            </table>
+
+            <div class="footer-links">
+              <a routerLink="/platform-ops/data-integrity/reachability-ingest">Open Reachability Ingest Health</a>
+              <a routerLink="/release-control/environments">Open Env Detail</a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'ops-data') {
+          <section>
+            <h2>Ops/Data Health</h2>
+            <p class="muted">Live data pending dedicated aggregation contract; using validated stub lens.</p>
+
+            <div class="ops-grid">
+              <article>
+                <h3>Feeds</h3>
+                @for (row of feedsRows; track row.name) {
+                  <p>
+                    <span class="status-pill" [class]="'status-pill status-pill--' + row.status.toLowerCase()">
+                      {{ row.status }}
+                    </span>
+                    {{ row.name }} - {{ row.detail }}
+                  </p>
+                }
+              </article>
+              <article>
+                <h3>Nightly Jobs</h3>
+                @for (row of jobsRows; track row.name) {
+                  <p>
+                    <span class="status-pill" [class]="'status-pill status-pill--' + row.status.toLowerCase()">
+                      {{ row.status }}
+                    </span>
+                    {{ row.name }} - {{ row.detail }}
+                  </p>
+                }
+              </article>
+              <article>
+                <h3>Integrations</h3>
+                @for (row of integrationRows; track row.name) {
+                  <p>
+                    <span class="status-pill" [class]="'status-pill status-pill--' + row.status.toLowerCase()">
+                      {{ row.status }}
+                    </span>
+                    {{ row.name }} - {{ row.detail }}
+                  </p>
+                }
+              </article>
+              <article>
+                <h3>DLQ</h3>
+                @for (row of dlqRows; track row.name) {
+                  <p>
+                    <span class="status-pill" [class]="'status-pill status-pill--' + row.status.toLowerCase()">
+                      {{ row.status }}
+                    </span>
+                    {{ row.name }} - {{ row.detail }}
+                  </p>
+                }
+              </article>
+            </div>
+
+            <div class="footer-links">
+              <a routerLink="/platform-ops/data-integrity">Open Data Integrity</a>
+              <a routerLink="/integrations">Open Integrations</a>
+              <a routerLink="/platform-ops/scheduler/runs">Open Scheduler Runs</a>
+              <a routerLink="/platform-ops/dead-letter">Open DLQ</a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'evidence') {
+          <section>
+            <h2>Evidence</h2>
+            <ul>
+              @for (artifact of evidenceArtifacts; track artifact.name) {
+                <li>
+                  {{ artifact.name }} -
+                  <strong>{{ artifact.status === 'ready' ? 'ready' : 'pending seal' }}</strong>
+                </li>
+              }
+            </ul>
+            <p>Signature status: DSSE signed, transparency log anchored, replay metadata present.</p>
+            <div class="footer-links">
+              <button type="button" class="link-btn" (click)="exportPacket()">Export Packet</button>
+              <a routerLink="/evidence-audit/evidence/export">Open Export Center</a>
+              <a routerLink="/evidence-audit/proofs">Open Proof Chain</a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'replay') {
+          <section>
+            <h2>Replay/Verify</h2>
+            <div class="replay-form">
+              <label>Verdict ID<input [value]="approval().id" readonly /></label>
+              <label>Bundle Manifest<input [value]="approval().bundleDigest" readonly /></label>
+              <label>Baseline<input value="stg-baseline-v3.1" readonly /></label>
+              <label>Data Snapshot<input value="snapshot-2026-02-19T01:00:00Z" readonly /></label>
+            </div>
+            <button type="button" (click)="requestReplay()">Request Replay</button>
+
+            <h3>Recent Replays</h3>
+            <ul>
+              @for (event of replayEvents; track event.id) {
+                <li>{{ event.requestedAt }} - {{ event.status }}</li>
               } @empty {
-                <p class="no-comments">No comments yet</p>
+                <li>No replay requests yet.</li>
               }
-            </div>
-            <div class="comment-form">
-              <textarea
-                class="comment-input"
-                placeholder="Add a comment..."
-                [(ngModel)]="newComment"
-                rows="3"
-              ></textarea>
-              <button type="button" class="btn btn--secondary" (click)="addComment()">
-                Add Comment
-              </button>
+            </ul>
+
+            <div class="footer-links">
+              <a routerLink="/evidence-audit/replay">Open canonical Replay/Verify</a>
             </div>
           </section>
-        </div>
+        }
 
-        <!-- Decision Sidebar -->
-        <aside class="decision-sidebar">
-          <div class="decision-panel">
-            <h3>Decision</h3>
-
-            @if (approval().status === 'pending') {
-              <div class="decision-info">
-                <p>You are authorized to approve or reject this promotion request.</p>
-              </div>
-
-              <div class="decision-actions">
-                <button
-                  type="button"
-                  class="btn btn--success btn--lg"
-                  (click)="approve()"
-                >
-                  <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><polyline points="20 6 9 17 4 12"/></svg> Approve
-                </button>
-                <button
-                  type="button"
-                  class="btn btn--danger btn--lg"
-                  (click)="reject()"
-                >
-                  <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg> Reject
-                </button>
-              </div>
-
-              <div class="decision-options">
-                <label class="checkbox-label">
-                  <input type="checkbox" [(ngModel)]="requestException" />
-                  Request exception for blocked gates
-                </label>
-              </div>
-            } @else {
-              <div class="decision-result">
-                <p>
-                  <strong>{{ approval().status | uppercase }}</strong> by {{ approval().decidedBy }}
-                </p>
-                <p class="decision-time">{{ approval().decidedAt }}</p>
-              </div>
-            }
-
-            <div class="evidence-link">
-              <h4>Evidence</h4>
-              <a [routerLink]="['/evidence', approval().evidenceId]" class="btn btn--secondary btn--block">
-                <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><rect x="8" y="2" width="8" height="4" rx="1" ry="1"/><path d="M16 4h2a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2H6a2 2 0 0 1-2-2V6a2 2 0 0 1 2-2h2"/><line x1="12" y1="11" x2="12" y2="17"/><line x1="9" y1="14" x2="15" y2="14"/></svg> Open Evidence Packet
-              </a>
-            </div>
-          </div>
-        </aside>
-      </div>
+        @if (activeTab() === 'history') {
+          <section>
+            <h2>History</h2>
+            <ul class="history-list">
+              @for (item of historyEvents; track item.id) {
+                <li>
+                  <strong>{{ item.when }}</strong> - {{ item.event }}
+                  <p>{{ item.detail }}</p>
+                </li>
+              } @empty {
+                <li>No history events available.</li>
+              }
+            </ul>
+          </section>
+        }
+      </section>
     </div>
   `,
-  styles: [`
-    .approval-detail { max-width: 1400px; margin: 0 auto; }
+  styles: [
+    `
+      .approval-detail-v2 {
+        display: grid;
+        gap: 1rem;
+        max-width: 1280px;
+        margin: 0 auto;
+      }
 
-    .page-header { margin-bottom: 1.5rem; }
-    .back-link {
-      display: inline-block;
-      margin-bottom: 0.5rem;
-      font-size: 0.875rem;
-      color: var(--color-brand-primary);
-      text-decoration: none;
-    }
-    .header-main { display: flex; align-items: center; gap: 1rem; margin-bottom: 0.5rem; }
-    .page-title { margin: 0; font-size: 1.5rem; font-weight: var(--font-weight-semibold); }
-    .status-badge {
-      padding: 0.25rem 0.75rem;
-      border-radius: var(--radius-sm);
-      font-size: 0.75rem;
-      font-weight: var(--font-weight-semibold);
-    }
-    .status-badge--pending { background: var(--color-severity-medium-bg); color: var(--color-status-warning-text); }
-    .status-badge--approved { background: var(--color-severity-low-bg); color: var(--color-status-success-text); }
-    .status-badge--rejected { background: var(--color-severity-critical-bg); color: var(--color-status-error-text); }
-    .page-subtitle { margin: 0; color: var(--color-text-secondary); font-size: 0.875rem; }
-    .digest {
-      font-family: ui-monospace, SFMono-Regular, 'SF Mono', Menlo, Consolas, monospace;
-      font-size: 0.75rem;
-      padding: 0.125rem 0.375rem;
-      background: var(--color-surface-secondary);
-      border-radius: var(--radius-sm);
-    }
+      .decision-header,
+      .tab-panel {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-lg);
+        background: var(--color-surface-primary);
+        padding: 1rem;
+      }
 
-    .content-layout { display: grid; grid-template-columns: 1fr 320px; gap: 1.5rem; }
+      .back-link {
+        color: var(--color-brand-primary);
+        text-decoration: none;
+        font-size: 0.85rem;
+      }
 
-    .main-content { display: flex; flex-direction: column; gap: 1.5rem; }
+      .decision-header__title-row {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+        gap: 1rem;
+        margin-top: 0.5rem;
+      }
 
-    .panel {
-      padding: 1.25rem;
-      background: var(--color-surface-primary);
-      border: 1px solid var(--color-border-primary);
-      border-radius: var(--radius-lg);
-    }
-    .panel-title { margin: 0 0 0.25rem; font-size: 1rem; font-weight: var(--font-weight-semibold); }
-    .panel-subtitle { margin: 0 0 1rem; font-size: 0.875rem; color: var(--color-text-secondary); }
+      h1,
+      h2,
+      h3 {
+        margin: 0;
+      }
 
-    .diff-summary { display: flex; gap: 1.5rem; margin-bottom: 1rem; }
-    .diff-item { display: flex; align-items: center; gap: 0.5rem; font-size: 0.875rem; }
-    .diff-icon {
-      width: 1.25rem;
-      height: 1.25rem;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      border-radius: var(--radius-full);
-      font-weight: var(--font-weight-semibold);
-      font-size: 0.875rem;
-    }
-    .diff-item--added .diff-icon { background: var(--color-severity-critical-bg); color: var(--color-status-error-text); }
-    .diff-item--removed .diff-icon { background: var(--color-severity-low-bg); color: var(--color-status-success-text); }
-    .diff-item--changed .diff-icon { background: var(--color-severity-info-bg); color: var(--color-status-info-text); }
+      .approval-status {
+        border-radius: var(--radius-full);
+        padding: 0.15rem 0.6rem;
+        font-size: 0.7rem;
+        font-weight: var(--font-weight-semibold);
+      }
 
-    .diff-table { width: 100%; border-collapse: collapse; }
-    .diff-table th, .diff-table td {
-      padding: 0.75rem;
-      text-align: left;
-      border-bottom: 1px solid var(--color-border-primary);
-    }
-    .diff-table th {
-      font-size: 0.75rem;
-      font-weight: var(--font-weight-semibold);
-      color: var(--color-text-secondary);
-      text-transform: uppercase;
-    }
-    .diff-row--added { background: var(--color-severity-critical-bg); }
-    .diff-row--removed { background: var(--color-severity-low-bg); }
+      .approval-status--pending {
+        background: var(--color-status-warning-bg);
+        color: var(--color-status-warning-text);
+      }
 
-    .change-badge {
-      padding: 0.125rem 0.5rem;
-      border-radius: var(--radius-sm);
-      font-size: 0.625rem;
-      font-weight: var(--font-weight-semibold);
-    }
-    .change-badge--new { background: var(--color-severity-critical-bg); color: var(--color-status-error-text); }
-    .change-badge--fixed { background: var(--color-severity-low-bg); color: var(--color-status-success-text); }
+      .approval-status--approved {
+        background: var(--color-status-success-bg);
+        color: var(--color-status-success-text);
+      }
 
-    .severity {
-      padding: 0.125rem 0.5rem;
-      border-radius: var(--radius-sm);
-      font-size: 0.625rem;
-      font-weight: var(--font-weight-semibold);
-    }
-    .severity--critical { background: var(--color-status-excepted-bg); color: var(--color-status-excepted); }
-    .severity--high { background: var(--color-severity-critical-bg); color: var(--color-status-error-text); }
-    .severity--medium { background: var(--color-severity-medium-bg); color: var(--color-status-warning-text); }
+      .approval-status--rejected {
+        background: var(--color-status-error-bg);
+        color: var(--color-status-error-text);
+      }
 
-    .reachability-chip {
-      padding: 0.25rem 0.5rem;
-      border: 1px solid;
-      border-radius: var(--radius-sm);
-      font-size: 0.75rem;
-      cursor: pointer;
-      background: transparent;
-    }
-    .reachability-chip--reachable {
-      border-color: var(--color-severity-critical-border);
-      color: var(--color-status-error-text);
-    }
-    .reachability-chip--unreachable {
-      border-color: var(--color-severity-low-border);
-      color: var(--color-status-success-text);
-    }
+      .decision-header__identity-grid {
+        margin-top: 0.75rem;
+        display: grid;
+        grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
+        gap: 0.75rem;
+      }
 
-    .gate-list { display: flex; flex-direction: column; gap: 0.5rem; }
-    .gate-item { display: flex; align-items: center; gap: 0.5rem; }
-    .gate-badge {
-      padding: 0.125rem 0.5rem;
-      border-radius: var(--radius-sm);
-      font-size: 0.625rem;
-      font-weight: var(--font-weight-semibold);
-    }
-    .gate-badge--pass { background: var(--color-severity-low-bg); color: var(--color-status-success-text); }
-    .gate-badge--warn { background: var(--color-severity-medium-bg); color: var(--color-status-warning-text); }
-    .gate-badge--block { background: var(--color-severity-critical-bg); color: var(--color-status-error-text); }
-    .gate-name { flex: 1; }
+      .decision-header__identity-grid .label {
+        display: block;
+        font-size: 0.7rem;
+        text-transform: uppercase;
+        letter-spacing: 0.04em;
+        color: var(--color-text-secondary);
+      }
 
-    .comments-list { margin-bottom: 1rem; }
-    .comment {
-      padding: 0.75rem;
-      background: var(--color-surface-secondary);
-      border-radius: var(--radius-md);
-      margin-bottom: 0.5rem;
-    }
-    .comment-header { display: flex; justify-content: space-between; margin-bottom: 0.25rem; }
-    .comment-author { font-weight: var(--font-weight-medium); font-size: 0.875rem; }
-    .comment-time { font-size: 0.75rem; color: var(--color-text-secondary); }
-    .comment-body { margin: 0; font-size: 0.875rem; }
-    .no-comments { color: var(--color-text-secondary); font-size: 0.875rem; }
-    .comment-form { display: flex; flex-direction: column; gap: 0.5rem; }
-    .comment-input {
-      width: 100%;
-      padding: 0.5rem 0.75rem;
-      border: 1px solid var(--color-border-primary);
-      border-radius: var(--radius-md);
-      font-size: 0.875rem;
-      resize: vertical;
-    }
+      .decision-header__identity-grid code {
+        font-size: 0.75rem;
+      }
 
-    .decision-sidebar { position: sticky; top: 1rem; }
-    .decision-panel {
-      padding: 1.25rem;
-      background: var(--color-surface-primary);
-      border: 1px solid var(--color-border-primary);
-      border-radius: var(--radius-lg);
-    }
-    .decision-panel h3 { margin: 0 0 1rem; font-size: 1rem; font-weight: var(--font-weight-semibold); }
-    .decision-info { margin-bottom: 1rem; font-size: 0.875rem; color: var(--color-text-secondary); }
-    .decision-info p { margin: 0; }
-    .decision-actions { display: flex; flex-direction: column; gap: 0.75rem; margin-bottom: 1rem; }
-    .decision-options { margin-bottom: 1rem; }
-    .checkbox-label {
-      display: flex;
-      align-items: center;
-      gap: 0.5rem;
-      font-size: 0.875rem;
-      cursor: pointer;
-    }
-    .decision-result { margin-bottom: 1rem; }
-    .decision-time { font-size: 0.75rem; color: var(--color-text-secondary); }
-    .evidence-link h4 { margin: 0 0 0.5rem; font-size: 0.875rem; font-weight: var(--font-weight-semibold); }
+      .readiness-bar {
+        margin-top: 0.75rem;
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.75rem;
+        font-size: 0.82rem;
+      }
 
-    .btn {
-      padding: 0.5rem 1rem;
-      border-radius: var(--radius-md);
-      font-size: 0.875rem;
-      font-weight: var(--font-weight-medium);
-      cursor: pointer;
-      text-decoration: none;
-      display: inline-flex;
-      align-items: center;
-      justify-content: center;
-      gap: 0.25rem;
-    }
-    .btn--sm { padding: 0.25rem 0.5rem; font-size: 0.75rem; }
-    .btn--lg { padding: 0.75rem 1.5rem; font-size: 1rem; }
-    .btn--block { width: 100%; }
-    .btn--secondary { background: var(--color-surface-secondary); border: 1px solid var(--color-border-primary); color: var(--color-text-primary); }
-    .btn--success { background: var(--color-status-success-text); border: none; color: white; }
-    .btn--danger { background: var(--color-status-error-text); border: none; color: white; }
-    .btn--link { background: transparent; border: none; color: var(--color-brand-primary); padding: 0; }
-    .btn--primary { background: var(--color-brand-primary); border: none; color: var(--color-text-heading); }
+      .status-pill {
+        border-radius: var(--radius-full);
+        padding: 0.1rem 0.45rem;
+        font-size: 0.66rem;
+        font-weight: var(--font-weight-semibold);
+      }
 
-    /* Witness Panel Styles (APPR-008 - THE MOAT) */
-    .witness-panel {
-      border: 2px solid var(--color-brand-primary);
-      background: linear-gradient(to bottom, var(--color-severity-info-bg) 0%, var(--color-surface-primary) 100%);
-    }
-    .witness-header {
-      display: flex;
-      justify-content: space-between;
-      align-items: flex-start;
-      margin-bottom: 1rem;
-    }
-    .witness-header__info { flex: 1; }
+      .status-pill--pass,
+      .status-pill--ok {
+        background: var(--color-status-success-bg);
+        color: var(--color-status-success-text);
+      }
 
-    .witness-finding { margin-bottom: 1rem; }
-    .finding-description {
-      font-size: 0.875rem;
-      color: var(--color-text-secondary);
-      padding: 0.75rem;
-      background: var(--color-surface-secondary);
-      border-radius: var(--radius-md);
-    }
+      .status-pill--warn {
+        background: var(--color-status-warning-bg);
+        color: var(--color-status-warning-text);
+      }
 
-    .witness-state { margin-bottom: 1.25rem; }
-    .state-indicator {
-      display: inline-flex;
-      align-items: center;
-      gap: 0.75rem;
-      padding: 0.5rem 1rem;
-      border-radius: var(--radius-lg);
-      margin-bottom: 0.5rem;
-    }
-    .state-indicator--reachable {
-      background: var(--color-severity-critical-bg);
-      border: 1px solid var(--color-severity-critical-border);
-    }
-    .state-indicator--unreachable {
-      background: var(--color-severity-low-bg);
-      border: 1px solid var(--color-severity-low-border);
-    }
-    .state-indicator--uncertain {
-      background: var(--color-severity-medium-bg);
-      border: 1px solid var(--color-severity-medium-border);
-    }
-    .state-label {
-      font-weight: var(--font-weight-bold);
-      font-size: 0.875rem;
-    }
-    .state-indicator--reachable .state-label { color: var(--color-status-error-text); }
-    .state-indicator--unreachable .state-label { color: var(--color-status-success-text); }
-    .state-indicator--uncertain .state-label { color: var(--color-status-warning-text); }
-    .state-confidence {
-      font-size: 0.875rem;
-      color: var(--color-text-secondary);
-    }
-    .confidence-explanation {
-      font-size: 0.8125rem;
-      color: var(--color-text-secondary);
-      font-style: italic;
-    }
+      .status-pill--block,
+      .status-pill--fail {
+        background: var(--color-status-error-bg);
+        color: var(--color-status-error-text);
+      }
 
-    .witness-callpath { margin-bottom: 1.25rem; }
-    .section-title {
-      margin: 0 0 0.75rem;
-      font-size: 0.875rem;
-      font-weight: var(--font-weight-semibold);
-      color: var(--color-text-secondary);
-    }
-    .callpath-visualization {
-      display: flex;
-      flex-direction: column;
-      gap: 0.25rem;
-      padding: 1rem;
-      background: var(--color-surface-secondary);
-      border-radius: var(--radius-lg);
-      font-family: ui-monospace, SFMono-Regular, 'SF Mono', Menlo, Consolas, monospace;
-    }
-    .callpath-node {
-      display: flex;
-      align-items: center;
-      gap: 0.75rem;
-      padding: 0.5rem;
-      border-radius: var(--radius-md);
-    }
-    .callpath-node--entry { background: var(--color-severity-info-bg); }
-    .callpath-node--call { background: var(--color-severity-none-bg); }
-    .callpath-node--guard { background: var(--color-severity-medium-bg); }
-    .callpath-node--sink { background: var(--color-severity-critical-bg); }
-    .node-icon {
-      width: 1.5rem;
-      text-align: center;
-      font-size: 0.875rem;
-    }
-    .node-info { display: flex; flex-direction: column; gap: 0.125rem; }
-    .node-function { font-size: 0.8125rem; font-weight: var(--font-weight-medium); }
-    .node-location { font-size: 0.6875rem; color: var(--color-text-secondary); }
-    .callpath-arrow {
-      text-align: center;
-      color: var(--color-text-secondary);
-      font-size: 0.75rem;
-    }
+      .decision-form {
+        margin-top: 0.8rem;
+        display: grid;
+        gap: 0.35rem;
+      }
 
-    .witness-analysis { margin-bottom: 1.25rem; }
-    .analysis-grid {
-      display: grid;
-      grid-template-columns: repeat(3, 1fr);
-      gap: 0.75rem;
-      margin-bottom: 0.75rem;
-    }
-    .analysis-item {
-      padding: 0.75rem;
-      background: var(--color-surface-secondary);
-      border-radius: var(--radius-md);
-    }
-    .analysis-item--full { grid-column: 1 / -1; }
-    .analysis-label {
-      display: block;
-      font-size: 0.6875rem;
-      font-weight: var(--font-weight-semibold);
-      color: var(--color-text-secondary);
-      text-transform: uppercase;
-      margin-bottom: 0.25rem;
-    }
-    .analysis-value { font-size: 0.875rem; font-weight: var(--font-weight-medium); }
-    .analysis-value--warning { color: var(--color-status-warning-text); }
+      .decision-form label {
+        font-size: 0.8rem;
+      }
 
-    .guards-section { margin-top: 0.75rem; }
-    .guards-list { display: flex; flex-wrap: wrap; gap: 0.5rem; margin-top: 0.5rem; }
-    .guard-badge {
-      padding: 0.25rem 0.5rem;
-      background: var(--color-severity-medium-bg);
-      border: 1px solid var(--color-severity-medium-border);
-      border-radius: var(--radius-sm);
-      font-size: 0.75rem;
-    }
+      .decision-form textarea {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        color: var(--color-text-primary);
+        padding: 0.5rem;
+      }
 
-    .witness-actions {
-      display: flex;
-      gap: 0.5rem;
-      padding-top: 1rem;
-      border-top: 1px solid var(--color-border-primary);
-    }
+      .decision-form p {
+        margin: 0;
+        font-size: 0.72rem;
+        color: var(--color-text-secondary);
+      }
 
-    @media (max-width: 1024px) {
-      .content-layout { grid-template-columns: 1fr; }
-      .decision-sidebar { position: static; }
-    }
-  `]
+      .decision-actions {
+        margin-top: 0.8rem;
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.5rem;
+      }
+
+      .decision-actions button,
+      .tab-panel button {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-secondary);
+        color: var(--color-text-primary);
+        padding: 0.4rem 0.65rem;
+        cursor: pointer;
+      }
+
+      .decision-actions button:disabled {
+        opacity: 0.55;
+        cursor: not-allowed;
+      }
+
+      .tab-nav {
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.45rem;
+      }
+
+      .tab-nav__item {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        color: var(--color-text-secondary);
+        padding: 0.45rem 0.7rem;
+        font-size: 0.8rem;
+        cursor: pointer;
+      }
+
+      .tab-nav__item--active {
+        color: var(--color-brand-primary);
+        border-color: var(--color-brand-primary);
+        background: var(--color-brand-soft);
+      }
+
+      .tab-panel {
+        display: grid;
+        gap: 0.75rem;
+      }
+
+      .tab-panel p,
+      .tab-panel li {
+        font-size: 0.84rem;
+      }
+
+      .muted {
+        color: var(--color-text-secondary);
+      }
+
+      table {
+        width: 100%;
+        border-collapse: collapse;
+      }
+
+      th,
+      td {
+        text-align: left;
+        border-bottom: 1px solid var(--color-border-primary);
+        padding: 0.45rem;
+        vertical-align: top;
+        font-size: 0.8rem;
+      }
+
+      th {
+        text-transform: uppercase;
+        letter-spacing: 0.04em;
+        font-size: 0.68rem;
+        color: var(--color-text-secondary);
+      }
+
+      .trace-detail {
+        background: var(--color-surface-secondary);
+      }
+
+      .fix-links {
+        margin-top: 0.35rem;
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.45rem;
+      }
+
+      .fix-links a,
+      .footer-links a,
+      .link-btn {
+        color: var(--color-brand-primary);
+        text-decoration: none;
+        background: none;
+        border: none;
+        padding: 0;
+        cursor: pointer;
+      }
+
+      .footer-links {
+        margin-top: 0.8rem;
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.8rem;
+      }
+
+      .two-col {
+        display: grid;
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+        gap: 1rem;
+      }
+
+      .ops-grid {
+        display: grid;
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+        gap: 0.8rem;
+      }
+
+      .ops-grid article {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-secondary);
+        padding: 0.7rem;
+      }
+
+      .ops-grid p {
+        margin: 0.4rem 0 0;
+      }
+
+      .replay-form {
+        display: grid;
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+        gap: 0.7rem;
+      }
+
+      .replay-form label {
+        display: grid;
+        gap: 0.25rem;
+        font-size: 0.75rem;
+        color: var(--color-text-secondary);
+      }
+
+      .replay-form input {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-sm);
+        background: var(--color-surface-primary);
+        color: var(--color-text-primary);
+        padding: 0.35rem 0.45rem;
+      }
+
+      .history-list {
+        list-style: none;
+        margin: 0;
+        padding: 0;
+        display: grid;
+        gap: 0.6rem;
+      }
+
+      .history-list li {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        padding: 0.55rem;
+        background: var(--color-surface-secondary);
+      }
+
+      .history-list p {
+        margin: 0.2rem 0 0;
+        color: var(--color-text-secondary);
+      }
+
+      @media (max-width: 900px) {
+        .two-col,
+        .ops-grid,
+        .replay-form {
+          grid-template-columns: 1fr;
+        }
+      }
+    `,
+  ],
 })
 export class ApprovalDetailPageComponent implements OnInit {
-  private route = inject(ActivatedRoute);
+  private readonly route = inject(ActivatedRoute);
 
-  approvalId = signal('');
-  newComment = '';
-  requestException = false;
+  readonly minDecisionReasonLength = 10;
+  readonly activeTab = signal<ApprovalTabId>('overview');
+  readonly expandedGateId = signal<string | null>(null);
 
-  // Reachability Witness Panel state (APPR-008 - THE MOAT)
-  selectedWitness = signal<ReachabilityWitness | null>(null);
-
-  // Mock witness data for demonstration
-  private readonly mockWitnesses: Record<string, ReachabilityWitness> = {
-    'CVE-2026-1234': {
-      findingId: 'CVE-2026-1234',
-      component: 'log4j-core',
-      version: '2.14.1',
-      description: 'Remote code execution vulnerability in Apache Log4j2 allowing attackers to execute arbitrary code via JNDI lookups in log messages.',
-      state: 'reachable',
-      confidence: 82,
-      confidenceExplanation: 'High confidence due to direct call path from HTTP request handler to vulnerable logging method. No guards detected on the path.',
-      callPath: [
-        { function: 'main()', file: 'Application.java', line: 15, type: 'entry' },
-        { function: 'handleRequest(HttpRequest)', file: 'RequestController.java', line: 42, type: 'call' },
-        { function: 'processPayload(String)', file: 'PayloadProcessor.java', line: 78, type: 'call' },
-        { function: 'log.info(message)', file: 'PayloadProcessor.java', line: 85, type: 'call' },
-        { function: 'Logger.log(Level, String)', file: 'log4j-core-2.14.1.jar', line: 0, type: 'sink' },
-      ],
-      analysisDetails: {
-        guards: [],
-        dynamicLoading: false,
-        reflection: false,
-        conditionalExecution: null,
-        dataFlowConfidence: 91,
-      },
-    },
-    'CVE-2026-5678': {
-      findingId: 'CVE-2026-5678',
-      component: 'spring-boot',
-      version: '2.7.5',
-      description: 'Server-side request forgery (SSRF) vulnerability in Spring Boot actuator endpoints.',
-      state: 'unreachable',
-      confidence: 94,
-      confidenceExplanation: 'Actuator endpoints are disabled in production configuration. Guard detected: security config disables all actuator endpoints.',
-      callPath: [
-        { function: 'main()', file: 'Application.java', line: 15, type: 'entry' },
-        { function: 'SecurityConfig.configure()', file: 'SecurityConfig.java', line: 28, type: 'guard' },
-        { function: 'ActuatorEndpoint.invoke()', file: 'spring-boot-actuator-2.7.5.jar', line: 0, type: 'sink' },
-      ],
-      analysisDetails: {
-        guards: ['SecurityConfig: actuator.endpoints.enabled=false', 'WebSecurityConfig: /actuator/** denied'],
-        dynamicLoading: false,
-        reflection: false,
-        conditionalExecution: 'Endpoint only accessible when management.endpoints.web.exposure.include is configured',
-        dataFlowConfidence: 98,
-      },
-    },
-  };
-
-  approval = signal<ApprovalDetailState>({
-    releaseVersion: 'v1.2.5',
+  readonly approval = signal<ApprovalDetailState>({
+    id: 'apr-001',
+    bundleVersion: 'Platform Bundle 1.3.0-rc1',
     bundleDigest: 'sha256:7aa1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9',
-    fromEnv: 'QA',
-    toEnv: 'Staging',
-    status: 'pending',
-    requestedBy: 'user1',
+    sourceEnvironment: 'EU-West/stage',
+    targetEnvironment: 'EU-West/prod',
+    workflow: 'stage-to-prod-standard',
+    requestedBy: 'security-team',
     requestedAt: '2h ago',
-    decidedBy: '',
-    decidedAt: '',
-    evidenceId: 'EVD-2026-045',
+    status: 'pending',
+    approvals: '1/2',
+    critR: 2,
+    sbomFreshness: 'Fresh',
+    birCoverage: '2/3',
+    dataIntegrity: 'WARN',
   });
 
-  gates = [
-    { name: 'SBOM Signed', status: 'PASS' },
-    { name: 'Provenance', status: 'PASS' },
-    { name: 'Reachability', status: 'BLOCK' },
-    { name: 'VEX Consensus', status: 'WARN' },
+  readonly tabs: Array<{ id: ApprovalTabId; label: string }> = [
+    { id: 'overview', label: 'Overview' },
+    { id: 'gates', label: 'Gates' },
+    { id: 'security', label: 'Security' },
+    { id: 'reachability', label: 'Reachability' },
+    { id: 'ops-data', label: 'Ops/Data' },
+    { id: 'evidence', label: 'Evidence' },
+    { id: 'replay', label: 'Replay/Verify' },
+    { id: 'history', label: 'History' },
   ];
 
-  comments: Array<{ id: string; author: string; time: string; body: string }> = [];
+  decisionReason = '';
+  requestException = false;
+
+  readonly gateTraceRows: GateTraceRow[] = [
+    {
+      id: 'policy',
+      gate: 'Policy Pack',
+      result: 'PASS',
+      why: 'Policy rules and attestations satisfy release baseline.',
+      inputs: ['policy-pack-v3.1', 'bundle-manifest', 'promotion-edge'],
+      timestamp: '2026-02-19T18:10:00Z',
+      evidenceAge: '12m',
+      fixLinks: [],
+    },
+    {
+      id: 'reachability',
+      gate: 'Reachability Confidence',
+      result: 'BLOCK',
+      why: 'Runtime evidence coverage is below required threshold.',
+      inputs: ['build-trace-84%', 'image-trace-92%', 'runtime-trace-61%'],
+      timestamp: '2026-02-19T18:11:00Z',
+      evidenceAge: '2h 11m',
+      fixLinks: [
+        { label: 'Trigger SBOM Scan', route: '/platform-ops/data-integrity/scan-pipeline' },
+        { label: 'Open Finding', route: '/security-risk/findings' },
+        { label: 'Request Exception', route: '/administration/policy-governance/exceptions' },
+        { label: 'Open Data Integrity', route: '/platform-ops/data-integrity' },
+      ],
+    },
+    {
+      id: 'data-freshness',
+      gate: 'Data Freshness',
+      result: 'WARN',
+      why: 'NVD feed is stale beyond 2h SLO.',
+      inputs: ['nvd-lag=3h12m', 'osv-lag=35m', 'kev-lag=48m'],
+      timestamp: '2026-02-19T18:12:00Z',
+      evidenceAge: '18m',
+      fixLinks: [],
+    },
+  ];
+
+  readonly securityFindings: SecurityFindingRow[] = [
+    {
+      cve: 'CVE-2026-1234',
+      packageName: 'openssl',
+      component: 'api-gateway',
+      reachability: 'Critical Reachable',
+      vex: 'Not affected pending',
+    },
+    {
+      cve: 'CVE-2026-3101',
+      packageName: 'log4j-core',
+      component: 'payments-worker',
+      reachability: 'Critical Reachable',
+      vex: 'Under review',
+    },
+    {
+      cve: 'CVE-2025-9980',
+      packageName: 'libxml2',
+      component: 'event-router',
+      reachability: 'Not reachable',
+      vex: 'Not affected',
+    },
+  ];
+
+  readonly reachabilityRows: ReachabilityRow[] = [
+    {
+      component: 'api-gateway',
+      digest: 'sha256:api123',
+      build: true,
+      image: true,
+      runtime: false,
+    },
+    {
+      component: 'payments-worker',
+      digest: 'sha256:wrk456',
+      build: true,
+      image: true,
+      runtime: true,
+    },
+    {
+      component: 'event-router',
+      digest: 'sha256:evt789',
+      build: true,
+      image: false,
+      runtime: false,
+    },
+  ];
+
+  readonly feedsRows: DataHealthRow[] = [
+    { name: 'OSV freshness', status: 'OK', detail: '35m lag' },
+    { name: 'NVD freshness', status: 'WARN', detail: '3h 12m lag' },
+    { name: 'CISA KEV freshness', status: 'OK', detail: '48m lag' },
+  ];
+
+  readonly jobsRows: DataHealthRow[] = [
+    { name: 'sbom-nightly-rescan', status: 'WARN', detail: '2 stale bundles' },
+    { name: 'reachability-ingest-runtime', status: 'FAIL', detail: 'DLQ backlog elevated' },
+  ];
+
+  readonly integrationRows: DataHealthRow[] = [
+    { name: 'Harbor', status: 'OK', detail: 'Connected' },
+    { name: 'Jenkins', status: 'WARN', detail: 'Intermittent webhook failures' },
+    { name: 'Vault', status: 'OK', detail: 'Healthy' },
+    { name: 'Consul', status: 'WARN', detail: 'Read timeout spikes' },
+  ];
+
+  readonly dlqRows: DataHealthRow[] = [
+    { name: 'runtime-ingest bucket', status: 'WARN', detail: '3 pending replay items' },
+  ];
+
+  readonly evidenceArtifacts: EvidenceArtifact[] = [
+    { name: 'policy-decision.dsse', status: 'ready' },
+    { name: 'gate-trace.json', status: 'ready' },
+    { name: 'data-snapshot.json', status: 'ready' },
+    { name: 'proof-chain.json', status: 'pending' },
+  ];
+
+  readonly replayEvents: ReplayEvent[] = [
+    { id: 'r-001', requestedAt: '2026-02-19T17:50:00Z', status: 'Completed (No drift)' },
+  ];
+
+  readonly historyEvents: HistoryEvent[] = [
+    {
+      id: 'h-001',
+      when: '2026-02-19T18:10:00Z',
+      event: 'Gate evaluation completed',
+      detail: 'Policy PASS, Reachability BLOCK, Data Freshness WARN.',
+    },
+    {
+      id: 'h-002',
+      when: '2026-02-19T18:14:00Z',
+      event: 'Data integrity warning updated',
+      detail: 'NVD staleness increased to 3h 12m.',
+    },
+  ];
+
+  readonly decisionDigest = 'sha256:decision-gate-trace-0d6f4c28f9';
+
+  readonly gatePassCount = computed(
+    () => this.gateTraceRows.filter((row) => row.result === 'PASS').length
+  );
+
+  readonly gateBlockCount = computed(
+    () => this.gateTraceRows.filter((row) => row.result === 'BLOCK').length
+  );
+
+  readonly hasBlockingGates = computed(() => this.gateBlockCount() > 0);
 
   ngOnInit(): void {
-    this.route.params.subscribe(params => {
-      this.approvalId.set(params['id'] || '');
+    this.route.params.subscribe((params) => {
+      const id = params['id'];
+      if (id) {
+        this.approval.update((state) => ({ ...state, id }));
+      }
     });
   }
 
-  // Reachability Witness Panel methods (APPR-008 - THE MOAT)
-  openWitness(findingId: string = 'CVE-2026-1234'): void {
-    const witness = this.mockWitnesses[findingId];
-    if (witness) {
-      this.selectedWitness.set(witness);
-    }
+  setActiveTab(tab: ApprovalTabId): void {
+    this.activeTab.set(tab);
   }
 
-  closeWitness(): void {
-    this.selectedWitness.set(null);
+  toggleGateTrace(gateId: string): void {
+    this.expandedGateId.update((current) => (current === gateId ? null : gateId));
   }
 
-  openFullWitness(): void {
-    const witness = this.selectedWitness();
-    if (witness) {
-      console.log('Navigate to full witness viewer for:', witness.findingId);
-      // Would navigate to /security/reachability/witness/:findingId
-    }
+  decisionReasonLength(): number {
+    return this.decisionReason.trim().length;
   }
 
-  exportWitness(format: 'dot' | 'mermaid'): void {
-    const witness = this.selectedWitness();
-    if (witness) {
-      console.log(`Export witness for ${witness.findingId} as ${format.toUpperCase()}`);
-      // Would generate and download the graph in requested format
-    }
+  canApprove(): boolean {
+    return (
+      this.approval().status === 'pending' &&
+      this.decisionReasonLength() >= this.minDecisionReasonLength &&
+      !this.hasBlockingGates()
+    );
   }
 
-  replayVerify(): void {
-    const witness = this.selectedWitness();
-    if (witness) {
-      console.log('Replay verification for:', witness.findingId);
-      // Would trigger a re-analysis to verify the reachability status
-    }
+  canReject(): boolean {
+    return this.approval().status === 'pending' && this.decisionReasonLength() >= this.minDecisionReasonLength;
   }
 
-  explainGate(gate: { name: string; status: string }): void {
-    console.log('Explain gate:', gate.name);
+  requestExceptionAction(): void {
+    this.requestException = true;
   }
 
-  addComment(): void {
-    if (this.newComment.trim()) {
-      this.comments.push({
-        id: `comment-${Date.now()}`,
-        author: 'Current User',
-        time: 'Just now',
-        body: this.newComment,
-      });
-      this.newComment = '';
-    }
+  exportPacket(): void {
+    this.setActiveTab('evidence');
+  }
+
+  requestReplay(): void {
+    this.setActiveTab('replay');
   }
 
   approve(): void {
-    console.log('Approve with exception request:', this.requestException);
-    this.approval.update(a => ({
-      ...a,
-      status: 'approved' as const,
+    if (!this.canApprove()) {
+      return;
+    }
+
+    this.approval.update((state) => ({
+      ...state,
+      status: 'approved',
       decidedBy: 'Current User',
       decidedAt: 'Just now',
     }));
   }
 
   reject(): void {
-    console.log('Reject');
-    this.approval.update(a => ({
-      ...a,
-      status: 'rejected' as const,
+    if (!this.canReject()) {
+      return;
+    }
+
+    this.approval.update((state) => ({
+      ...state,
+      status: 'rejected',
       decidedBy: 'Current User',
       decidedAt: 'Just now',
     }));
diff --git a/src/Web/StellaOps.Web/src/app/features/approvals/approvals-inbox.component.ts b/src/Web/StellaOps.Web/src/app/features/approvals/approvals-inbox.component.ts
index 7646c502c..6c6265ff3 100644
--- a/src/Web/StellaOps.Web/src/app/features/approvals/approvals-inbox.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/approvals/approvals-inbox.component.ts
@@ -1,4 +1,4 @@
-import { Component, ChangeDetectionStrategy, OnInit, inject, signal } from '@angular/core';
+import { Component, ChangeDetectionStrategy, OnInit, computed, inject, signal } from '@angular/core';
 import { CommonModule } from '@angular/common';
 import { FormsModule } from '@angular/forms';
 import { Router, RouterLink } from '@angular/router';
@@ -6,6 +6,8 @@ import { catchError, of } from 'rxjs';
 import { APPROVAL_API } from '../../core/api/approval.client';
 import type { ApprovalRequest, ApprovalStatus } from '../../core/api/approval.models';
 
+type DataIntegrityStatus = 'OK' | 'WARN' | 'FAIL';
+
 /**
  * ApprovalsInboxComponent - Approval decision cockpit.
  * Wired to real APPROVAL_API for live data.
@@ -22,9 +24,23 @@ import type { ApprovalRequest, ApprovalStatus } from '../../core/api/approval.mo
             Decide promotions with policy + reachability, backed by signed evidence.
           </p>
         </div>
-        <a routerLink="/docs" class="btn btn--secondary">Docs &rarr;</a>
       </header>
 
+      @if (dataIntegrityBannerVisible()) {
+        <section class="data-integrity-banner" [class]="'data-integrity-banner data-integrity-banner--' + dataIntegrityStatus().toLowerCase()">
+          <div>
+            <p class="data-integrity-banner__title">
+              Data Integrity {{ dataIntegrityStatus() }}
+            </p>
+            <p class="data-integrity-banner__detail">{{ dataIntegritySummary() }}</p>
+          </div>
+          <div class="data-integrity-banner__actions">
+            <a routerLink="/platform-ops/data-integrity">Open Data Integrity</a>
+            <button type="button" (click)="dismissDataIntegrityBanner()">Dismiss</button>
+          </div>
+        </section>
+      }
+
       <!-- Filters -->
       <div class="approvals__filters">
         <div class="filter-group">
@@ -82,7 +98,7 @@ import type { ApprovalRequest, ApprovalStatus } from '../../core/api/approval.mo
           @for (approval of approvals(); track approval.id) {
             <div class="approval-card">
               <div class="approval-card__header">
-                <a [routerLink]="['/releases', approval.releaseId]" class="approval-card__release">
+                <a [routerLink]="['/release-control/releases', approval.releaseId]" class="approval-card__release">
                   {{ approval.releaseName }} v{{ approval.releaseVersion }}
                 </a>
                 <span class="approval-card__flow">{{ approval.sourceEnvironment }} &rarr; {{ approval.targetEnvironment }}</span>
@@ -112,7 +128,7 @@ import type { ApprovalRequest, ApprovalStatus } from '../../core/api/approval.mo
                   <button type="button" class="btn btn--success" (click)="approveRequest(approval.id)">Approve</button>
                   <button type="button" class="btn btn--danger" (click)="rejectRequest(approval.id)">Reject</button>
                 }
-                <a [routerLink]="['/approvals', approval.id]" class="btn btn--secondary">View Details</a>
+                <a [routerLink]="['/release-control/approvals', approval.id]" class="btn btn--secondary">View Details</a>
               </div>
             </div>
           } @empty {
@@ -154,6 +170,62 @@ import type { ApprovalRequest, ApprovalStatus } from '../../core/api/approval.mo
       flex-wrap: wrap;
     }
 
+    .data-integrity-banner {
+      margin-bottom: 1rem;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      padding: 0.75rem;
+      display: flex;
+      justify-content: space-between;
+      gap: 1rem;
+      align-items: flex-start;
+    }
+
+    .data-integrity-banner--warn {
+      background: var(--color-status-warning-bg);
+      border-color: var(--color-status-warning-text);
+    }
+
+    .data-integrity-banner--fail {
+      background: var(--color-status-error-bg);
+      border-color: var(--color-status-error-text);
+    }
+
+    .data-integrity-banner__title {
+      margin: 0;
+      font-size: 0.82rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .data-integrity-banner__detail {
+      margin: 0.2rem 0 0;
+      font-size: 0.8rem;
+      color: var(--color-text-secondary);
+    }
+
+    .data-integrity-banner__actions {
+      display: flex;
+      gap: 0.6rem;
+      align-items: center;
+      flex-wrap: wrap;
+    }
+
+    .data-integrity-banner__actions a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      font-size: 0.82rem;
+    }
+
+    .data-integrity-banner__actions button {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-md);
+      background: var(--color-surface-primary);
+      color: var(--color-text-primary);
+      padding: 0.25rem 0.55rem;
+      cursor: pointer;
+      font-size: 0.78rem;
+    }
+
     .filter-group {
       display: flex;
       align-items: center;
@@ -443,6 +515,13 @@ export class ApprovalsInboxComponent implements OnInit {
   private readonly api = inject(APPROVAL_API);
   private readonly router = inject(Router);
 
+  readonly dataIntegrityStatus = signal<DataIntegrityStatus>('WARN');
+  readonly dataIntegritySummary = signal('NVD stale 3h | SBOM rescan FAILED | Runtime ingest lagging');
+  readonly dataIntegrityDismissed = signal(false);
+  readonly dataIntegrityBannerVisible = computed(
+    () => this.dataIntegrityStatus() !== 'OK' && !this.dataIntegrityDismissed()
+  );
+
   readonly loading = signal(true);
   readonly error = signal<string | null>(null);
   readonly approvals = signal<ApprovalRequest[]>([]);
@@ -467,9 +546,17 @@ export class ApprovalsInboxComponent implements OnInit {
   searchQuery: string = '';
 
   ngOnInit(): void {
+    if (sessionStorage.getItem('approvals.data-integrity-banner-dismissed') === '1') {
+      this.dataIntegrityDismissed.set(true);
+    }
     this.loadApprovals();
   }
 
+  dismissDataIntegrityBanner(): void {
+    this.dataIntegrityDismissed.set(true);
+    sessionStorage.setItem('approvals.data-integrity-banner-dismissed', '1');
+  }
+
   onStatusChipClick(value: string): void {
     this.currentStatusFilter = value;
     this.loadApprovals();
@@ -492,12 +579,12 @@ export class ApprovalsInboxComponent implements OnInit {
   approveRequest(id: string): void {
     // Route to the detail page so the user can provide a decision reason
     // before the action fires. The detail page has the full Decision panel.
-    this.router.navigate(['/approvals', id]);
+    this.router.navigate(['/release-control/approvals', id]);
   }
 
   rejectRequest(id: string): void {
     // Route to the detail page so the user can provide a rejection reason.
-    this.router.navigate(['/approvals', id]);
+    this.router.navigate(['/release-control/approvals', id]);
   }
 
   timeAgo(dateStr: string): string {
diff --git a/src/Web/StellaOps.Web/src/app/features/bundles/bundle-version-detail.component.ts b/src/Web/StellaOps.Web/src/app/features/bundles/bundle-version-detail.component.ts
index b8036c52f..7b97c6e0b 100644
--- a/src/Web/StellaOps.Web/src/app/features/bundles/bundle-version-detail.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/bundles/bundle-version-detail.component.ts
@@ -375,7 +375,9 @@ export class BundleVersionDetailComponent implements OnInit {
 
   ngOnInit(): void {
     this.bundleId.set(this.route.snapshot.params['bundleId'] ?? '');
-    this.versionId.set(this.route.snapshot.params['version'] ?? '');
+    this.versionId.set(
+      this.route.snapshot.params['versionId'] ?? this.route.snapshot.params['version'] ?? ''
+    );
 
     if (!this.bundleId() || !this.versionId()) {
       this.loading.set(false);
diff --git a/src/Web/StellaOps.Web/src/app/features/bundles/bundles.routes.ts b/src/Web/StellaOps.Web/src/app/features/bundles/bundles.routes.ts
index 1721fa624..e10ff2458 100644
--- a/src/Web/StellaOps.Web/src/app/features/bundles/bundles.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/features/bundles/bundles.routes.ts
@@ -30,6 +30,15 @@ export const BUNDLE_ROUTES: Routes = [
       import('./bundle-builder.component').then((m) => m.BundleBuilderComponent),
   },
 
+  // Bundle organizer for an existing bundle
+  {
+    path: ':bundleId/organizer',
+    title: 'Bundle Organizer',
+    data: { breadcrumb: 'Bundle Organizer' },
+    loadComponent: () =>
+      import('./bundle-builder.component').then((m) => m.BundleBuilderComponent),
+  },
+
   // B4-02 — Bundle detail (with version history, config-contract, changelog)
   {
     path: ':bundleId',
@@ -41,10 +50,15 @@ export const BUNDLE_ROUTES: Routes = [
 
   // B4-04/B4-06 — Bundle version detail (component selector, materialization)
   {
-    path: ':bundleId/:version',
+    path: ':bundleId/versions/:versionId',
     title: 'Bundle Version',
     data: { breadcrumb: 'Bundle Version' },
     loadComponent: () =>
       import('./bundle-version-detail.component').then((m) => m.BundleVersionDetailComponent),
   },
+  {
+    path: ':bundleId/:version',
+    pathMatch: 'full',
+    redirectTo: ':bundleId/versions/:version',
+  },
 ];
diff --git a/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.html b/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.html
index 8dfab8ac6..07f527bda 100644
--- a/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.html
+++ b/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.html
@@ -1,9 +1,9 @@
 <section class="console-profile">
   <header class="console-profile__header">
     <div>
-      <h1>Console Session</h1>
+      <h1>Profile</h1>
       <p class="console-profile__subtitle">
-        Session details sourced from Authority console endpoints.
+        Identity and tenant profile details sourced from Authority.
       </p>
     </div>
     <button
@@ -11,7 +11,7 @@
       (click)="refresh()"
       [disabled]="loading()"
       [attr.aria-busy]="loading()"
-      >
+    >
       Refresh
     </button>
   </header>
@@ -24,34 +24,15 @@
 
   @if (loading()) {
     <div class="console-profile__loading">
-      Loading console context…
+      Loading profile context...
     </div>
   }
 
   @if (!loading()) {
-    <section class="console-profile__card console-profile__callout">
-      <header>
-        <h2>Policy Studio roles & scopes</h2>
-      </header>
-      <ul>
-        <li><strong>Author</strong>: policy:read, policy:author, policy:simulate</li>
-        <li><strong>Reviewer</strong>: policy:read, policy:review, policy:simulate</li>
-        <li><strong>Approver</strong>: policy:read, policy:approve, policy:simulate</li>
-        <li><strong>Operator</strong>: policy:read, policy:operate, policy:simulate</li>
-        <li><strong>Audit</strong>: policy:read, policy:audit</li>
-        <li><strong>Admin</strong>: policy:author/review/approve/operate/audit/simulate/read (or admin)</li>
-      </ul>
-      <p class="console-profile__hint">
-        Use this list to verify your token covers the flows you need (editor, simulate, approvals, dashboard, audit exports).
-      </p>
-      <p class="console-profile__hint">
-        For e2e, load stub sessions from <code>testing/auth-fixtures.ts</code> (author/reviewer/approver/operator/audit) and seed <code>AuthSessionStore</code> before navigating.
-      </p>
-    </section>
     @if (profile(); as profile) {
       <section class="console-profile__card">
         <header>
-          <h2>User Profile</h2>
+          <h2>Profile Details</h2>
           <span class="tenant-chip">
             Tenant
             <strong>{{ profile.tenant }}</strong>
@@ -59,28 +40,18 @@
         </header>
         <dl>
           <div>
-            <dt>Display name</dt>
+            <dt>Display Name</dt>
             <dd>{{ profile.displayName || 'n/a' }}</dd>
           </div>
           <div>
             <dt>Username</dt>
             <dd>{{ profile.username || 'n/a' }}</dd>
           </div>
-          <div>
-            <dt>Subject</dt>
-            <dd>{{ profile.subjectId || 'n/a' }}</dd>
-          </div>
-          <div>
-            <dt>Session ID</dt>
-            <dd>{{ profile.sessionId || 'n/a' }}</dd>
-          </div>
           <div>
             <dt>Roles</dt>
             <dd>
               @if (profile.roles.length) {
-                <span>
-                  {{ profile.roles.join(', ') }}
-                </span>
+                <span>{{ profile.roles.join(', ') }}</span>
               } @else {
                 n/a
               }
@@ -90,9 +61,7 @@
             <dt>Scopes</dt>
             <dd>
               @if (profile.scopes.length) {
-                <span>
-                  {{ profile.scopes.join(', ') }}
-                </span>
+                <span>{{ profile.scopes.join(', ') }}</span>
               } @else {
                 n/a
               }
@@ -102,111 +71,38 @@
             <dt>Audiences</dt>
             <dd>
               @if (profile.audiences.length) {
-                <span>
-                  {{ profile.audiences.join(', ') }}
-                </span>
+                <span>{{ profile.audiences.join(', ') }}</span>
               } @else {
                 n/a
               }
             </dd>
           </div>
           <div>
-            <dt>Authentication methods</dt>
+            <dt>Authentication Methods</dt>
             <dd>
               @if (profile.authenticationMethods.length) {
-                <span
-                  >
-                  {{ profile.authenticationMethods.join(', ') }}
-                </span>
+                <span>{{ profile.authenticationMethods.join(', ') }}</span>
               } @else {
                 n/a
               }
             </dd>
           </div>
           <div>
-            <dt>Issued at</dt>
-            <dd>
-              {{ profile.issuedAt ? (profile.issuedAt | date : 'medium') : 'n/a' }}
-            </dd>
+            <dt>Issued At</dt>
+            <dd>{{ profile.issuedAt ? (profile.issuedAt | date : 'medium') : 'n/a' }}</dd>
           </div>
           <div>
-            <dt>Authentication time</dt>
-            <dd>
-              {{
-              profile.authenticationTime
-              ? (profile.authenticationTime | date : 'medium')
-              : 'n/a'
-              }}
-            </dd>
+            <dt>Authentication Time</dt>
+            <dd>{{ profile.authenticationTime ? (profile.authenticationTime | date : 'medium') : 'n/a' }}</dd>
           </div>
           <div>
-            <dt>Expires at</dt>
-            <dd>
-              {{ profile.expiresAt ? (profile.expiresAt | date : 'medium') : 'n/a' }}
-            </dd>
+            <dt>Expires At</dt>
+            <dd>{{ profile.expiresAt ? (profile.expiresAt | date : 'medium') : 'n/a' }}</dd>
           </div>
         </dl>
       </section>
     }
-    @if (tokenInfo(); as token) {
-      <section class="console-profile__card">
-        <header>
-          <h2>Access Token</h2>
-          <span
-            class="chip"
-            [class.chip--active]="token.active"
-            [class.chip--inactive]="!token.active"
-            >
-            {{ token.active ? 'Active' : 'Inactive' }}
-          </span>
-        </header>
-        <dl>
-          <div>
-            <dt>Token ID</dt>
-            <dd>{{ token.tokenId || 'n/a' }}</dd>
-          </div>
-          <div>
-            <dt>Client ID</dt>
-            <dd>{{ token.clientId || 'n/a' }}</dd>
-          </div>
-          <div>
-            <dt>Issued at</dt>
-            <dd>
-              {{ token.issuedAt ? (token.issuedAt | date : 'medium') : 'n/a' }}
-            </dd>
-          </div>
-          <div>
-            <dt>Authentication time</dt>
-            <dd>
-              {{
-              token.authenticationTime
-              ? (token.authenticationTime | date : 'medium')
-              : 'n/a'
-              }}
-            </dd>
-          </div>
-          <div>
-            <dt>Expires at</dt>
-            <dd>
-              {{ token.expiresAt ? (token.expiresAt | date : 'medium') : 'n/a' }}
-            </dd>
-          </div>
-        </dl>
-        @if (freshAuthState(); as fresh) {
-          <div
-            class="fresh-auth"
-            [class.fresh-auth--active]="fresh.active"
-            [class.fresh-auth--stale]="!fresh.active"
-            >
-            Fresh auth:
-            <strong>{{ fresh.active ? 'Active' : 'Stale' }}</strong>
-            @if (fresh.expiresAt) {
-              (expires {{ fresh.expiresAt | date : 'mediumTime' }})
-            }
-          </div>
-        }
-      </section>
-    }
+
     @if (tenantCount() > 0) {
       <section class="console-profile__card">
         <header>
@@ -215,20 +111,16 @@
         </header>
         <ul class="tenant-list">
           @for (tenant of tenants(); track tenant) {
-            <li
-              [class.tenant-list__item--active]="tenant.id === selectedTenantId()"
-              >
+            <li [class.tenant-list__item--active]="tenant.id === selectedTenantId()">
               <button type="button" (click)="selectTenant(tenant.id)">
                 <div class="tenant-list__heading">
                   <span class="tenant-name">{{ tenant.displayName }}</span>
                   <span class="tenant-status">{{ tenant.status }}</span>
                 </div>
                 <div class="tenant-meta">
-                  Isolation: {{ tenant.isolationMode }} · Default roles:
+                  Isolation: {{ tenant.isolationMode }} - Default roles:
                   @if (tenant.defaultRoles.length) {
-                    <span>
-                      {{ tenant.defaultRoles.join(', ') }}
-                    </span>
+                    <span>{{ tenant.defaultRoles.join(', ') }}</span>
                   } @else {
                     n/a
                   }
@@ -239,9 +131,10 @@
         </ul>
       </section>
     }
+
     @if (!hasProfile() && tenantCount() === 0) {
       <p class="console-profile__empty">
-        No console session data available for the current identity.
+        No profile data is currently available for this identity.
       </p>
     }
   }
diff --git a/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.spec.ts b/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.spec.ts
index d7c6a608a..40aad74ad 100644
--- a/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.spec.ts
@@ -85,12 +85,13 @@ describe('ConsoleProfileComponent', () => {
 
     const compiled = fixture.nativeElement as HTMLElement;
     expect(compiled.querySelector('h1')?.textContent).toContain(
-      'Console Session'
+      'Profile'
     );
     expect(compiled.querySelector('.tenant-name')?.textContent).toContain(
       'Tenant Default'
     );
     expect(compiled.querySelector('dd')?.textContent).toContain('Console User');
+    expect(compiled.textContent).not.toContain('testing/auth-fixtures.ts');
     expect(service.loadConsoleContext).not.toHaveBeenCalled();
   });
 
diff --git a/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.ts b/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.ts
index 4161d6857..6b889b651 100644
--- a/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/console/console-profile.component.ts
@@ -24,22 +24,11 @@ export class ConsoleProfileComponent implements OnInit {
   readonly loading = this.store.loading;
   readonly error = this.store.error;
   readonly profile = this.store.profile;
-  readonly tokenInfo = this.store.tokenInfo;
   readonly tenants = this.store.tenants;
   readonly selectedTenantId = this.store.selectedTenantId;
 
   readonly hasProfile = computed(() => this.profile() !== null);
   readonly tenantCount = computed(() => this.tenants().length);
-  readonly freshAuthState = computed(() => {
-    const token = this.tokenInfo();
-    if (!token) {
-      return null;
-    }
-    return {
-      active: token.freshAuthActive,
-      expiresAt: token.freshAuthExpiresAt,
-    };
-  });
 
   async ngOnInit(): Promise<void> {
     if (!this.store.hasContext()) {
diff --git a/src/Web/StellaOps.Web/src/app/features/control-plane/control-plane-dashboard.component.ts b/src/Web/StellaOps.Web/src/app/features/control-plane/control-plane-dashboard.component.ts
index 56da9c777..424808cb8 100644
--- a/src/Web/StellaOps.Web/src/app/features/control-plane/control-plane-dashboard.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/control-plane/control-plane-dashboard.component.ts
@@ -43,14 +43,14 @@ import { LoadingStateComponent } from '../../shared/components/loading-state/loa
       <!-- Hero header: ALWAYS visible regardless of data state -->
       <header class="dashboard__header">
         <div>
-          <h1 class="dashboard__title">Control Plane</h1>
+          <h1 class="dashboard__title">Dashboard</h1>
           <p class="dashboard__subtitle">
             Release governance with evidence. Promote by digest. Explain every decision.
           </p>
         </div>
         <div class="dashboard__actions">
-          <a routerLink="/releases" class="btn btn--secondary">Releases</a>
-          <a routerLink="/approvals" class="btn btn--primary">Approvals</a>
+          <a routerLink="/release-control/releases" class="btn btn--secondary">Releases</a>
+          <a routerLink="/release-control/approvals" class="btn btn--primary">Approvals</a>
         </div>
       </header>
 
@@ -122,7 +122,7 @@ import { LoadingStateComponent } from '../../shared/components/loading-state/loa
                 @for (approval of pendingApprovals(); track approval.id) {
                   <li class="card__item">
                     <div class="card__item-header">
-                      <a [routerLink]="['/approvals', approval.id]" class="card__item-link">
+                      <a [routerLink]="['/release-control/approvals', approval.id]" class="card__item-link">
                         {{ approval.releaseName }} {{ approval.releaseVersion }}
                       </a>
                       <span class="card__urgency" [class]="'card__urgency--' + approval.urgency">
@@ -135,7 +135,7 @@ import { LoadingStateComponent } from '../../shared/components/loading-state/loa
               </ul>
             }
             <div class="card__actions">
-              <a routerLink="/approvals" class="btn btn--small">View All</a>
+              <a routerLink="/release-control/approvals" class="btn btn--small">View All</a>
             </div>
           </section>
 
@@ -187,7 +187,7 @@ import { LoadingStateComponent } from '../../shared/components/loading-state/loa
                   @for (release of recentReleases(); track release.id) {
                     <tr>
                       <td>
-                        <a [routerLink]="['/releases', release.id]">{{ release.name }}</a>
+                        <a [routerLink]="['/release-control/releases', release.id]">{{ release.name }}</a>
                       </td>
                       <td>{{ release.version }}</td>
                       <td>
@@ -199,7 +199,7 @@ import { LoadingStateComponent } from '../../shared/components/loading-state/loa
                       <td>{{ release.componentCount }}</td>
                       <td>
                         @if (release.status === 'ready' || release.status === 'promoting') {
-                          <a [routerLink]="['/approvals']" [queryParams]="{ releaseId: release.id }" class="btn btn--small btn--primary">
+                          <a [routerLink]="['/release-control/approvals']" [queryParams]="{ releaseId: release.id }" class="btn btn--small btn--primary">
                             Review
                           </a>
                         }
diff --git a/src/Web/StellaOps.Web/src/app/features/dashboard-v3/dashboard-v3.component.ts b/src/Web/StellaOps.Web/src/app/features/dashboard-v3/dashboard-v3.component.ts
index 086764640..576be601c 100644
--- a/src/Web/StellaOps.Web/src/app/features/dashboard-v3/dashboard-v3.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/dashboard-v3/dashboard-v3.component.ts
@@ -12,7 +12,7 @@ import {
   signal,
   computed,
 } from '@angular/core';
-import { TitleCasePipe } from '@angular/common';
+import { TitleCasePipe, UpperCasePipe } from '@angular/common';
 import { RouterLink } from '@angular/router';
 
 interface EnvironmentCard {
@@ -23,10 +23,18 @@ interface EnvironmentCard {
   sbomFreshness: 'fresh' | 'stale' | 'missing';
   critRCount: number;
   highRCount: number;
+  birCoverage: string;
   pendingApprovals: number;
   lastDeployedAt: string;
 }
 
+interface NightlyOpsSignal {
+  id: string;
+  label: string;
+  status: 'ok' | 'warn' | 'fail';
+  detail: string;
+}
+
 interface MissionSummary {
   activePromotions: number;
   blockedPromotions: number;
@@ -37,15 +45,15 @@ interface MissionSummary {
 @Component({
   selector: 'app-dashboard-v3',
   standalone: true,
-  imports: [RouterLink, TitleCasePipe],
+  imports: [RouterLink, TitleCasePipe, UpperCasePipe],
   changeDetection: ChangeDetectionStrategy.OnPush,
   template: `
     <div class="mission-board">
       <!-- Header: environment selector, date range filter, mission summary -->
       <header class="board-header">
         <div class="header-identity">
-          <h1 class="board-title">Mission Board</h1>
-          <p class="board-subtitle">Release pipeline health across all regions and environments</p>
+          <h1 class="board-title">Dashboard</h1>
+          <p class="board-subtitle">Mission board for release health across regions and environments</p>
         </div>
 
         <div class="header-controls">
@@ -151,6 +159,10 @@ interface MissionSummary {
                     {{ env.highRCount }}
                   </span>
                 </div>
+                <div class="metric">
+                  <span class="metric-label">B/I/R</span>
+                  <span class="metric-value">{{ env.birCoverage }}</span>
+                </div>
                 <div class="metric">
                   <span class="metric-label">Pending</span>
                   <span class="metric-value" [class.warning]="env.pendingApprovals > 0">
@@ -181,38 +193,79 @@ interface MissionSummary {
         </div>
       </section>
 
+      <section class="risk-table" aria-label="Environments at risk">
+        <div class="section-header">
+          <h2 class="section-title">Environments at Risk</h2>
+          <a routerLink="/release-control/environments" class="section-link">Open environments</a>
+        </div>
+
+        @if (riskEnvironments().length === 0) {
+          <div class="env-grid-empty">
+            <p>All environments are healthy.</p>
+          </div>
+        } @else {
+          <div class="risk-table__container">
+            <table class="risk-table__table">
+              <thead>
+                <tr>
+                  <th>Region/Env</th>
+                  <th>Deploy Health</th>
+                  <th>SBOM Status</th>
+                  <th>Crit Reach</th>
+                  <th>Hybrid B/I/R</th>
+                  <th>Last SBOM</th>
+                  <th>Action</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (env of riskEnvironments(); track env.id) {
+                  <tr>
+                    <td>{{ env.region }} / {{ env.name }}</td>
+                    <td>{{ env.deployStatus }}</td>
+                    <td>{{ env.sbomFreshness }}</td>
+                    <td [class.danger]="env.critRCount > 0">{{ env.critRCount }}</td>
+                    <td>{{ env.birCoverage }}</td>
+                    <td>{{ env.lastDeployedAt }}</td>
+                    <td>
+                      <a [routerLink]="['/release-control/environments', env.id]">Open</a>
+                    </td>
+                  </tr>
+                }
+              </tbody>
+            </table>
+          </div>
+        }
+      </section>
+
       <!-- Summary Cards Row -->
       <div class="cards-row">
         <!-- SBOM Snapshot Card -->
         <section class="domain-card" aria-label="SBOM snapshot">
           <div class="card-header">
-            <h2 class="card-title">SBOM Snapshot</h2>
+            <h2 class="card-title">SBOM Findings Snapshot</h2>
             <a routerLink="/security-risk/sbom" class="card-link">View SBOM</a>
           </div>
           <div class="card-body">
             <div class="snapshot-stat">
-              <span class="stat-value">{{ sbomStats().totalComponents.toLocaleString() }}</span>
-              <span class="stat-label">Total Components</span>
+              <span class="stat-value">{{ sbomStats().criticalEnvCount }}</span>
+              <span class="stat-label">Critical Reachable Environments</span>
             </div>
             <div class="snapshot-stat">
-              <span class="stat-value danger">{{ sbomStats().criticalFindings }}</span>
-              <span class="stat-label">Critical Findings</span>
+              <span class="stat-value danger">{{ sbomStats().totalCritR }}</span>
+              <span class="stat-label">Total Critical Reachable Findings</span>
             </div>
             <div class="snapshot-stat">
-              <span class="stat-value" [class.warning]="sbomStats().staleCount > 0">
-                {{ sbomStats().staleCount }}
+              <span class="stat-value" [class.warning]="sbomStats().noIssueCount > 0">
+                {{ sbomStats().noIssueCount }}
               </span>
-              <span class="stat-label">Stale SBOMs</span>
-            </div>
-            <div class="snapshot-stat">
-              <span class="stat-value" [class.danger]="sbomStats().missingCount > 0">
-                {{ sbomStats().missingCount }}
-              </span>
-              <span class="stat-label">Missing SBOMs</span>
+              <span class="stat-label">Environments with No Critical Findings</span>
             </div>
+            @if (sbomStats().totalCritR === 0) {
+              <p class="card-note">No critical reachable issues detected in current scope.</p>
+            }
           </div>
           <div class="card-footer">
-            <a routerLink="/security-risk/findings" class="card-action">Explore findings</a>
+            <a routerLink="/security-risk/findings" [queryParams]="{ reachability: 'critical' }" class="card-action">Open Findings</a>
             <a routerLink="/release-control" class="card-action">Release Control</a>
           </div>
         </section>
@@ -256,32 +309,25 @@ interface MissionSummary {
           </div>
         </section>
 
-        <!-- Data Integrity Summary Card -->
-        <section class="domain-card" aria-label="Data integrity summary">
+        <!-- Nightly Ops Signals Card -->
+        <section class="domain-card" aria-label="Nightly ops signals">
           <div class="card-header">
-            <h2 class="card-title">Data Integrity</h2>
-            <a routerLink="/platform-ops/data-integrity" class="card-link">Platform Ops detail</a>
+            <h2 class="card-title">Nightly Ops Signals</h2>
+            <a routerLink="/platform-ops/data-integrity" class="card-link">Open Data Integrity</a>
           </div>
           <div class="card-body">
-            <div class="integrity-stat" [class.warning]="dataIntegrityStats().staleFeedCount > 0">
-              <span class="stat-value">{{ dataIntegrityStats().staleFeedCount }}</span>
-              <span class="stat-label">Stale Feeds</span>
-            </div>
-            <div class="integrity-stat" [class.danger]="dataIntegrityStats().failedScans > 0">
-              <span class="stat-value">{{ dataIntegrityStats().failedScans }}</span>
-              <span class="stat-label">Failed Scans</span>
-            </div>
-            <div class="integrity-stat" [class.warning]="dataIntegrityStats().dlqDepth > 0">
-              <span class="stat-value">{{ dataIntegrityStats().dlqDepth }}</span>
-              <span class="stat-label">DLQ Depth</span>
-            </div>
-            <p class="card-note integrity-ownership-note">
-              Advisory source health is managed in
-              <a routerLink="/platform-ops/data-integrity">Platform Ops &gt; Data Integrity</a>.
-            </p>
+            @for (signal of nightlyOpsSignals(); track signal.id) {
+              <div class="integrity-stat" [class.warning]="signal.status === 'warn'" [class.danger]="signal.status === 'fail'">
+                <span class="stat-label">{{ signal.label }}</span>
+                <span class="integrity-status" [class]="'integrity-status--' + signal.status">
+                  {{ signal.status | uppercase }}
+                </span>
+                <span class="integrity-detail">{{ signal.detail }}</span>
+              </div>
+            }
           </div>
           <div class="card-footer">
-            <a routerLink="/platform-ops/data-integrity" class="card-action">Ops diagnostics</a>
+            <a routerLink="/platform-ops/data-integrity" class="card-action">Open Data Integrity</a>
           </div>
         </section>
       </div>
@@ -511,7 +557,7 @@ interface MissionSummary {
 
     .env-metrics {
       display: grid;
-      grid-template-columns: repeat(4, 1fr);
+      grid-template-columns: repeat(5, 1fr);
       padding: 0.75rem 1rem;
       gap: 0.5rem;
     }
@@ -567,6 +613,47 @@ interface MissionSummary {
       text-decoration: none;
     }
 
+    .risk-table {
+      background: var(--color-surface-primary);
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      padding: 1.25rem;
+    }
+
+    .risk-table__container {
+      overflow-x: auto;
+    }
+
+    .risk-table__table {
+      width: 100%;
+      border-collapse: collapse;
+      font-size: 0.84rem;
+    }
+
+    .risk-table__table th,
+    .risk-table__table td {
+      text-align: left;
+      border-bottom: 1px solid var(--color-border-primary);
+      padding: 0.55rem 0.45rem;
+    }
+
+    .risk-table__table th {
+      font-size: 0.72rem;
+      color: var(--color-text-secondary);
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+    }
+
+    .risk-table__table td a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+    }
+
+    .risk-table__table td.danger {
+      color: var(--color-status-error);
+      font-weight: var(--font-weight-semibold);
+    }
+
     /* Cards Row */
     .cards-row {
       display: grid;
@@ -694,18 +781,45 @@ interface MissionSummary {
 
     /* Data Integrity */
     .integrity-stat {
-      display: flex;
-      justify-content: space-between;
+      display: grid;
+      grid-template-columns: 1fr auto;
       align-items: center;
-      padding: 0.25rem 0;
+      gap: 0.25rem 0.75rem;
+      padding: 0.45rem 0;
+      border-bottom: 1px dashed var(--color-border-primary);
     }
 
-    .integrity-stat.warning .stat-value { color: var(--color-status-warning); }
-    .integrity-stat.danger .stat-value { color: var(--color-status-error); }
+    .integrity-stat:last-child {
+      border-bottom: 0;
+    }
 
-    .integrity-ownership-note a {
-      color: var(--color-brand-primary);
-      text-decoration: none;
+    .integrity-status {
+      font-size: 0.7rem;
+      font-weight: var(--font-weight-semibold);
+      border-radius: var(--radius-full);
+      padding: 0.15rem 0.5rem;
+      letter-spacing: 0.04em;
+    }
+
+    .integrity-status--ok {
+      background: var(--color-status-success-bg);
+      color: var(--color-status-success-text);
+    }
+
+    .integrity-status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .integrity-status--fail {
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error-text);
+    }
+
+    .integrity-detail {
+      grid-column: 1 / -1;
+      color: var(--color-text-muted);
+      font-size: 0.75rem;
     }
 
     /* Status dot */
@@ -791,6 +905,7 @@ export class DashboardV3Component {
       sbomFreshness: 'fresh',
       critRCount: 0,
       highRCount: 2,
+      birCoverage: '3/3',
       pendingApprovals: 0,
       lastDeployedAt: '2h ago',
     },
@@ -802,6 +917,7 @@ export class DashboardV3Component {
       sbomFreshness: 'stale',
       critRCount: 1,
       highRCount: 5,
+      birCoverage: '2/3',
       pendingApprovals: 2,
       lastDeployedAt: '6h ago',
     },
@@ -813,6 +929,7 @@ export class DashboardV3Component {
       sbomFreshness: 'fresh',
       critRCount: 3,
       highRCount: 8,
+      birCoverage: '3/3',
       pendingApprovals: 1,
       lastDeployedAt: '1d ago',
     },
@@ -824,6 +941,7 @@ export class DashboardV3Component {
       sbomFreshness: 'fresh',
       critRCount: 0,
       highRCount: 1,
+      birCoverage: '3/3',
       pendingApprovals: 0,
       lastDeployedAt: '3h ago',
     },
@@ -835,6 +953,7 @@ export class DashboardV3Component {
       sbomFreshness: 'missing',
       critRCount: 5,
       highRCount: 12,
+      birCoverage: '1/3',
       pendingApprovals: 3,
       lastDeployedAt: '3d ago',
     },
@@ -848,12 +967,26 @@ export class DashboardV3Component {
     );
   });
 
-  // Placeholder SBOM stats
-  readonly sbomStats = signal({
-    totalComponents: 24_850,
-    criticalFindings: 8,
-    staleCount: 2,
-    missingCount: 1,
+  readonly riskEnvironments = computed(() =>
+    this.filteredEnvironments().filter((env) => {
+      const isSbomRisk = env.sbomFreshness === 'stale' || env.sbomFreshness === 'missing';
+      const isReachabilityRisk = env.critRCount > 0;
+      const isDeployRisk = env.deployStatus === 'degraded' || env.deployStatus === 'blocked';
+      return isSbomRisk || isReachabilityRisk || isDeployRisk;
+    })
+  );
+
+  readonly sbomStats = computed(() => {
+    const envs = this.filteredEnvironments();
+    const criticalEnvCount = envs.filter((env) => env.critRCount > 0).length;
+    const totalCritR = envs.reduce((total, env) => total + env.critRCount, 0);
+    const noIssueCount = envs.filter((env) => env.critRCount === 0).length;
+
+    return {
+      criticalEnvCount,
+      totalCritR,
+      noIssueCount,
+    };
   });
 
   // Placeholder reachability stats
@@ -863,12 +996,32 @@ export class DashboardV3Component {
     rCoverage: 61,
   });
 
-  // Placeholder data integrity stats
-  readonly dataIntegrityStats = signal({
-    staleFeedCount: 1,
-    failedScans: 0,
-    dlqDepth: 3,
-  });
+  readonly nightlyOpsSignals = signal<NightlyOpsSignal[]>([
+    {
+      id: 'sbom-rescan',
+      label: 'SBOM rescan',
+      status: 'ok',
+      detail: 'Nightly SBOM rescan completed in 14m.',
+    },
+    {
+      id: 'nvd-feed',
+      label: 'NVD feed',
+      status: 'warn',
+      detail: 'Feed freshness is stale (3h 12m).',
+    },
+    {
+      id: 'integration-health',
+      label: 'Integration health',
+      status: 'ok',
+      detail: 'Key connectors are operational.',
+    },
+    {
+      id: 'dlq',
+      label: 'DLQ',
+      status: 'warn',
+      detail: '3 pending items require replay.',
+    },
+  ]);
 
   onRegionChange(event: Event): void {
     const select = event.target as HTMLSelectElement;
diff --git a/src/Web/StellaOps.Web/src/app/features/deadletter/deadletter-dashboard.component.ts b/src/Web/StellaOps.Web/src/app/features/deadletter/deadletter-dashboard.component.ts
index 07da2f4c0..1da7ff339 100644
--- a/src/Web/StellaOps.Web/src/app/features/deadletter/deadletter-dashboard.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/deadletter/deadletter-dashboard.component.ts
@@ -27,7 +27,7 @@ import {
         </div>
         <div class="header-actions">
           <button class="btn btn-secondary" (click)="exportData()">
-            <span class="icon">download</span>
+            <span class="icon" aria-hidden="true"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><path d="m7 10 5 5 5-5"/><path d="M12 15V3"/></svg></span>
             Export CSV
           </button>
           <button
@@ -35,11 +35,11 @@ import {
             (click)="replayAllRetryable()"
             [disabled]="!stats()?.stats?.retryable"
             >
-            <span class="icon">refresh</span>
+            <span class="icon" aria-hidden="true"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12a9 9 0 1 1-2.6-6.4"/><path d="M21 3v6h-6"/></svg></span>
             Replay All Retryable ({{ stats()?.stats?.retryable || 0 }})
           </button>
           <button class="btn btn-icon" (click)="refreshData()" [disabled]="loading()">
-            <span class="icon" [class.spinning]="refreshing()">refresh</span>
+            <span class="icon" [class.spinning]="refreshing()" aria-hidden="true"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12a9 9 0 1 1-2.6-6.4"/><path d="M21 3v6h-6"/></svg></span>
           </button>
         </div>
       </header>
diff --git a/src/Web/StellaOps.Web/src/app/features/deadletter/deadletter-entry-detail.component.ts b/src/Web/StellaOps.Web/src/app/features/deadletter/deadletter-entry-detail.component.ts
index b4ee2779d..c00c430a4 100644
--- a/src/Web/StellaOps.Web/src/app/features/deadletter/deadletter-entry-detail.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/deadletter/deadletter-entry-detail.component.ts
@@ -75,7 +75,7 @@ import {
             }
             @if (entry()?.state === 'replayed') {
               <span class="status-detail">
-                New Job: <a [href]="'/orchestrator/jobs/' + entry()?.replayedJobId">{{ entry()?.replayedJobId }}</a>
+                New Job: <a [href]="'/platform-ops/orchestrator/jobs/' + entry()?.replayedJobId">{{ entry()?.replayedJobId }}</a>
               </span>
             }
           </div>
@@ -654,7 +654,7 @@ export class DeadLetterEntryDetailComponent implements OnInit, OnDestroy {
         next: (response) => {
           this.hideReplayDialog();
           if (response.success && response.newJobId) {
-            window.location.href = `/orchestrator/jobs/${response.newJobId}`;
+            window.location.href = `/platform-ops/orchestrator/jobs/${response.newJobId}`;
           }
         },
       });
diff --git a/src/Web/StellaOps.Web/src/app/features/evidence-export/evidence-export.routes.ts b/src/Web/StellaOps.Web/src/app/features/evidence-export/evidence-export.routes.ts
index 64e647363..130a2124b 100644
--- a/src/Web/StellaOps.Web/src/app/features/evidence-export/evidence-export.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/features/evidence-export/evidence-export.routes.ts
@@ -9,47 +9,52 @@ import { Routes } from '@angular/router';
 export const evidenceExportRoutes: Routes = [
   {
     path: '',
-    redirectTo: 'bundles',
+    redirectTo: 'export',
     pathMatch: 'full',
   },
   {
     path: 'bundles',
+    title: 'Evidence Bundles',
+    data: { breadcrumb: 'Evidence Bundles' },
     loadComponent: () =>
       import('./evidence-bundles.component').then(
         (m) => m.EvidenceBundlesComponent
       ),
-    data: { title: 'Evidence Bundles' },
   },
   {
     path: 'export',
+    title: 'Export Center',
+    data: { breadcrumb: 'Export Center' },
     loadComponent: () =>
       import('./export-center.component').then(
         (m) => m.ExportCenterComponent
       ),
-    data: { title: 'Export Center' },
   },
   {
     path: 'replay',
+    title: 'Verdict Replay',
+    data: { breadcrumb: 'Verdict Replay' },
     loadComponent: () =>
       import('./replay-controls.component').then(
         (m) => m.ReplayControlsComponent
       ),
-    data: { title: 'Verdict Replay' },
   },
   {
     path: 'proof-chains',
+    title: 'Proof Chains',
+    data: { breadcrumb: 'Proof Chains' },
     loadComponent: () =>
       import('../proof-chain/proof-chain.component').then(
         (m) => m.ProofChainComponent
       ),
-    data: { title: 'Proof Chains' },
   },
   {
     path: 'provenance',
+    title: 'Evidence Provenance',
+    data: { breadcrumb: 'Evidence Provenance' },
     loadComponent: () =>
       import('./provenance-visualization.component').then(
         (m) => m.ProvenanceVisualizationComponent
       ),
-    data: { title: 'Evidence Provenance' },
   },
 ];
diff --git a/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.html b/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.html
index f4c0beec8..b8ad771c0 100644
--- a/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.html
+++ b/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.html
@@ -5,7 +5,7 @@
       <p class="dashboard-subtitle">Manage policy exceptions with auditable workflows.</p>
     </div>
     <div class="dashboard-actions">
-      <a class="btn-secondary" routerLink="/exceptions/approvals">Approval Queue</a>
+      <a class="btn-secondary" routerLink="approvals">Approval Queue</a>
       <button class="btn-secondary" (click)="refresh()">Refresh</button>
       <button class="btn-primary" (click)="openWizard()">+ New Exception</button>
     </div>
diff --git a/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.spec.ts b/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.spec.ts
index 0205a3eb4..436528fee 100644
--- a/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.spec.ts
@@ -231,7 +231,9 @@ describe('ExceptionDashboardComponent', () => {
     component.selectException(viewException);
 
     expect(component.selectedExceptionId()).toBe('exc-001');
-    expect(mockRouter.navigate).toHaveBeenCalledWith(['/exceptions', 'exc-001']);
+    expect(mockRouter.navigate).toHaveBeenCalledWith(['exc-001'], {
+      relativeTo: jasmine.anything(),
+    });
   });
 
   it('cleans up subscriptions on destroy', () => {
diff --git a/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.ts b/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.ts
index d1a41aea7..1a2c654e6 100644
--- a/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/exceptions/exception-dashboard.component.ts
@@ -90,7 +90,7 @@ export class ExceptionDashboardComponent implements OnInit, OnDestroy {
   ngOnInit(): void {
     this.refresh();
     this.routeSubscription = this.route.paramMap.subscribe((params) => {
-      const exceptionId = params.get('exceptionId');
+      const exceptionId = params.get('exceptionId') ?? params.get('id');
       this.selectedExceptionId.set(exceptionId);
     });
     this.subscribeToEvents();
@@ -140,12 +140,12 @@ export class ExceptionDashboardComponent implements OnInit, OnDestroy {
 
   selectException(exception: Exception): void {
     this.selectedExceptionId.set(exception.id);
-    this.router.navigate(['/exceptions', exception.id]);
+    this.router.navigate([exception.id], { relativeTo: this.route });
   }
 
   closeDetail(): void {
     this.selectedExceptionId.set(null);
-    this.router.navigate(['/exceptions']);
+    this.router.navigate(['../'], { relativeTo: this.route });
   }
 
   async handleTransition(payload: { exception: Exception; to: ExceptionStatus }): Promise<void> {
diff --git a/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.component.ts b/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.component.ts
index decb374b0..90e01efd4 100644
--- a/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.component.ts
@@ -57,7 +57,19 @@ import { IntegrationType } from './integration.models';
 
       <section class="hub-summary">
         <h2>Recent Activity</h2>
-        <p class="placeholder">Integration activity timeline coming soon...</p>
+        <div class="coming-soon" role="status" aria-live="polite">
+          <div class="coming-soon__icon" aria-hidden="true">
+            <svg viewBox="0 0 24 24" width="18" height="18" fill="none" stroke="currentColor" stroke-width="1.6">
+              <polyline points="22 12 18 12 15 21 9 3 6 12 2 12"></polyline>
+            </svg>
+          </div>
+          <div>
+            <p class="coming-soon__title">Activity stream is coming soon</p>
+            <p class="coming-soon__description">
+              Connector timeline events will appear here once ingestion telemetry is fully enabled.
+            </p>
+          </div>
+        </div>
       </section>
     </div>
   `,
@@ -160,9 +172,38 @@ import { IntegrationType } from './integration.models';
       margin: 0 0 1rem;
     }
 
-    .placeholder {
+    .coming-soon {
+      display: flex;
+      gap: 0.75rem;
+      align-items: flex-start;
+      padding: 1rem;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      background: var(--color-surface-primary);
+    }
+
+    .coming-soon__icon {
+      width: 2rem;
+      height: 2rem;
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      border-radius: var(--radius-full);
+      color: var(--color-brand-primary);
+      background: var(--color-brand-soft);
+      flex-shrink: 0;
+    }
+
+    .coming-soon__title {
+      margin: 0;
+      font-size: 0.9375rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .coming-soon__description {
+      margin: 0.25rem 0 0;
       color: var(--color-text-secondary);
-      font-style: italic;
+      font-size: 0.875rem;
     }
   `]
 })
diff --git a/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.routes.ts b/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.routes.ts
index aabc5d645..ffeb21a11 100644
--- a/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.routes.ts
@@ -71,6 +71,11 @@ export const integrationHubRoutes: Routes = [
     loadComponent: () =>
       import('./integration-list.component').then((m) => m.IntegrationListComponent),
   },
+  {
+    path: 'ci-cd',
+    pathMatch: 'full',
+    redirectTo: 'ci',
+  },
 
   // Category: Targets / Runtimes
   {
@@ -85,6 +90,11 @@ export const integrationHubRoutes: Routes = [
     pathMatch: 'full',
     redirectTo: 'hosts',
   },
+  {
+    path: 'targets',
+    pathMatch: 'full',
+    redirectTo: 'hosts',
+  },
 
   // Category: Secrets Managers
   {
diff --git a/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-list.component.ts b/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-list.component.ts
index 52a72e43d..eef5a79ae 100644
--- a/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-list.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/integration-hub/integration-list.component.ts
@@ -67,7 +67,7 @@ import {
             @for (integration of integrations; track integration.integrationId) {
               <tr>
                 <td>
-                  <a [routerLink]="['/settings/integrations', integration.integrationId]">{{ integration.name }}</a>
+                  <a [routerLink]="['/integrations', integration.integrationId]">{{ integration.name }}</a>
                 </td>
                 <td>{{ getProviderName(integration.provider) }}</td>
                 <td>
@@ -85,7 +85,7 @@ import {
                   <button (click)="editIntegration(integration)" title="Edit"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M17 3a2.83 2.83 0 1 1 4 4L7.5 20.5 2 22l1.5-5.5Z"/><path d="m15 5 4 4"/></svg></button>
                   <button (click)="testConnection(integration)" title="Test Connection"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M12 22v-5"/><path d="M9 7V2"/><path d="M15 7V2"/><path d="M6 13V8h12v5a4 4 0 0 1-4 4h-4a4 4 0 0 1-4-4Z"/></svg></button>
                   <button (click)="checkHealth(integration)" title="Check Health"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M20.84 4.61a5.5 5.5 0 0 0-7.78 0L12 5.67l-1.06-1.06a5.5 5.5 0 0 0-7.78 7.78l1.06 1.06L12 21.23l7.78-7.78 1.06-1.06a5.5 5.5 0 0 0 0-7.78z"/></svg></button>
-                  <a [routerLink]="['/settings/integrations', integration.integrationId]" title="View Details"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/></svg></a>
+                  <a [routerLink]="['/integrations', integration.integrationId]" title="View Details"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/></svg></a>
                 </td>
               </tr>
             }
@@ -331,12 +331,12 @@ export class IntegrationListComponent implements OnInit {
   }
 
   editIntegration(integration: Integration): void {
-    void this.router.navigate(['/settings/integrations', integration.integrationId], { queryParams: { edit: true } });
+    void this.router.navigate(['/integrations', integration.integrationId], { queryParams: { edit: true } });
   }
 
   addIntegration(): void {
     void this.router.navigate(
-      ['/settings/integrations/onboarding', this.getOnboardingTypeSegment(this.integrationType)]
+      ['/integrations/onboarding', this.getOnboardingTypeSegment(this.integrationType)]
     );
   }
 
diff --git a/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-dashboard.component.ts b/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-dashboard.component.ts
index 910aa99ab..9436ba4cb 100644
--- a/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-dashboard.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-dashboard.component.ts
@@ -23,14 +23,14 @@ import { AUTH_SERVICE, AuthService } from '../../core/auth';
       </header>
 
       <nav class="orch-dashboard__nav">
-        <a routerLink="/orchestrator/jobs" class="orch-dashboard__card">
+        <a routerLink="/platform-ops/orchestrator/jobs" class="orch-dashboard__card">
           <span class="orch-dashboard__card-icon"><svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M16 4h2a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2H6a2 2 0 0 1-2-2V6a2 2 0 0 1 2-2h2"/><rect x="8" y="2" width="8" height="4" rx="1" ry="1"/><line x1="8" y1="10" x2="16" y2="10"/><line x1="8" y1="14" x2="16" y2="14"/><line x1="8" y1="18" x2="12" y2="18"/></svg></span>
           <span class="orch-dashboard__card-title">Jobs</span>
           <span class="orch-dashboard__card-desc">View job status and history</span>
         </a>
 
         @if (authService.canOperateOrchestrator()) {
-          <a routerLink="/orchestrator/quotas" class="orch-dashboard__card">
+          <a routerLink="/platform-ops/orchestrator/quotas" class="orch-dashboard__card">
             <span class="orch-dashboard__card-icon"><svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 0 1 0 2.83 2 2 0 0 1-2.83 0l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 0 1-2 2 2 2 0 0 1-2-2v-.09A1.65 1.65 0 0 0 9 19.4a1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 0 1-2.83 0 2 2 0 0 1 0-2.83l.06-.06A1.65 1.65 0 0 0 4.68 15a1.65 1.65 0 0 0-1.51-1H3a2 2 0 0 1-2-2 2 2 0 0 1 2-2h.09A1.65 1.65 0 0 0 4.6 9a1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 0 1 0-2.83 2 2 0 0 1 2.83 0l.06.06A1.65 1.65 0 0 0 9 4.68a1.65 1.65 0 0 0 1-1.51V3a2 2 0 0 1 2-2 2 2 0 0 1 2 2v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 0 1 2.83 0 2 2 0 0 1 0 2.83l-.06.06a1.65 1.65 0 0 0-.33 1.82V9a1.65 1.65 0 0 0 1.51 1H21a2 2 0 0 1 2 2 2 2 0 0 1-2 2h-.09a1.65 1.65 0 0 0-1.51 1z"/></svg></span>
             <span class="orch-dashboard__card-title">Quotas</span>
             <span class="orch-dashboard__card-desc">Manage resource quotas</span>
diff --git a/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-job-detail.component.ts b/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-job-detail.component.ts
index bb3014000..7a073eed5 100644
--- a/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-job-detail.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-job-detail.component.ts
@@ -14,7 +14,7 @@ import { RouterLink } from '@angular/router';
     template: `
     <div class="orch-job-detail">
       <header class="orch-job-detail__header">
-        <a routerLink="/orchestrator/jobs" class="orch-job-detail__back">&larr; Back to Jobs</a>
+        <a routerLink="/platform-ops/orchestrator/jobs" class="orch-job-detail__back">&larr; Back to Jobs</a>
         <h1 class="orch-job-detail__title">Job Detail</h1>
         <p class="orch-job-detail__id">ID: {{ jobId }}</p>
         <div class="orch-job-detail__actions">
diff --git a/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-jobs.component.ts b/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-jobs.component.ts
index 60b6de839..2989c74c8 100644
--- a/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-jobs.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/orchestrator/orchestrator-jobs.component.ts
@@ -150,7 +150,7 @@ interface OrchestratorJob {
                 @if (job.parentJobId) {
                   <div class="job-parent">
                     <span class="label">Parent Job:</span>
-                    <a [routerLink]="['/orchestrator/jobs', job.parentJobId]">
+                    <a [routerLink]="['/platform-ops/orchestrator/jobs', job.parentJobId]">
                       {{ job.parentJobId }}
                     </a>
                   </div>
@@ -161,7 +161,7 @@ interface OrchestratorJob {
                     <span class="label">Child Jobs ({{ job.childJobIds.length }}):</span>
                     <div class="children-list">
                       @for (childId of job.childJobIds; track childId) {
-                        <a [routerLink]="['/orchestrator/jobs', childId]">{{ childId }}</a>
+                        <a [routerLink]="['/platform-ops/orchestrator/jobs', childId]">{{ childId }}</a>
                       }
                     </div>
                   </div>
@@ -190,7 +190,7 @@ interface OrchestratorJob {
                   }
                   <a
                     class="btn btn-secondary"
-                    [routerLink]="['/orchestrator/jobs', job.id]"
+                    [routerLink]="['/platform-ops/orchestrator/jobs', job.id]"
                     (click)="$event.stopPropagation()"
                   >
                     View Details
@@ -198,7 +198,7 @@ interface OrchestratorJob {
                   @if (job.childJobIds.length > 0) {
                     <a
                       class="btn btn-secondary"
-                      [routerLink]="['/orchestrator/jobs', job.id, 'dag']"
+                      [routerLink]="['/platform-ops/orchestrator/jobs', job.id, 'dag']"
                       (click)="$event.stopPropagation()"
                     >
                       View DAG
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity-overview.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity-overview.component.ts
index d7432ec1b..3a4c37f36 100644
--- a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity-overview.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity-overview.component.ts
@@ -1,254 +1,371 @@
 /**
  * Data Integrity Overview
- * Sprint: SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity (I3-02)
+ * Sprint: SPRINT_20260219_023_FE_operations_data_integrity_section
  *
- * Platform Ops-owned Data Integrity surface.
- * Provides overview and drilldown links for:
- * - Nightly data-quality reports
- * - Feed freshness status
- * - Scan pipeline health
- * - Reachability ingest health
- * - Integration connectivity status
- * - Dead-Letter Queue management
- * - SLO burn-rate monitoring
- *
- * Security Data ownership split:
- *   - THIS PAGE: connectivity health, feed freshness, pipeline operational state
- *   - Security & Risk: gating impact and decision context (consumer only)
+ * Platform Ops source of truth for feed freshness, scan health,
+ * reachability ingest, integration connectivity, and DLQ impact.
  */
 
-import { Component, ChangeDetectionStrategy } from '@angular/core';
+import { ChangeDetectionStrategy, Component, signal } from '@angular/core';
+import { UpperCasePipe } from '@angular/common';
 import { RouterLink } from '@angular/router';
 
-interface IntegritySection {
+type SignalStatus = 'ok' | 'warn' | 'fail';
+
+interface TrustSignal {
+  id: string;
+  label: string;
+  status: SignalStatus;
+  detail: string;
+  route: string;
+}
+
+interface ImpactedDecision {
+  id: string;
+  name: string;
+  reason: string;
+}
+
+interface FailureItem {
   id: string;
   title: string;
-  description: string;
+  detail: string;
   route: string;
-  ownerNote?: string;
 }
 
 @Component({
   selector: 'app-data-integrity-overview',
   standalone: true,
-  imports: [RouterLink],
+  imports: [RouterLink, UpperCasePipe],
+  changeDetection: ChangeDetectionStrategy.OnPush,
   template: `
-    <div class="di-overview">
-      <header class="di-overview__header">
-        <h1 class="di-overview__title">Data Integrity</h1>
-        <p class="di-overview__subtitle">
-          Platform Ops source of truth for feed freshness, pipeline health, and data quality SLOs.
-        </p>
-        <p class="di-overview__ownership-note">
-          <strong>Ownership:</strong> Platform Ops manages connectivity and freshness.
-          Gating impact is consumed by
-          <a routerLink="/security-risk/advisory-sources">Security &amp; Risk</a>.
+    <div class="data-integrity-overview">
+      <header class="header">
+        <h1>Data Integrity</h1>
+        <p>
+          Release-confidence view for feed freshness, scan pipeline health, reachability ingest,
+          integrations, and DLQ safety.
         </p>
       </header>
 
-      <div class="di-overview__grid">
-        @for (section of sections; track section.id) {
-          <a class="di-card" [routerLink]="section.route">
-            <div class="di-card__body">
-              <h2 class="di-card__title">{{ section.title }}</h2>
-              <p class="di-card__description">{{ section.description }}</p>
-              @if (section.ownerNote) {
-                <span class="di-card__owner">{{ section.ownerNote }}</span>
-              }
-            </div>
-          </a>
-        }
+      <section class="filters" aria-label="Scope filters">
+        <label>
+          Region
+          <select [value]="region()" (change)="onRegionChange($event)">
+            <option value="all">All regions</option>
+            <option value="eu-west">EU West</option>
+            <option value="us-east">US East</option>
+            <option value="ap-south">AP South</option>
+          </select>
+        </label>
+        <label>
+          Time window
+          <select [value]="timeWindow()" (change)="onTimeWindowChange($event)">
+            <option value="24h">Last 24h</option>
+            <option value="7d">Last 7d</option>
+            <option value="30d">Last 30d</option>
+          </select>
+        </label>
+      </section>
+
+      <section class="panel" aria-label="Data trust score">
+        <h2>Data Trust Score</h2>
+        <div class="trust-grid">
+          @for (item of trustSignals; track item.id) {
+            <a class="trust-item" [routerLink]="item.route">
+              <span class="trust-item__label">{{ item.label }}</span>
+              <span class="trust-item__status" [class]="'trust-item__status trust-item__status--' + item.status">
+                {{ item.status | uppercase }}
+              </span>
+              <span class="trust-item__detail">{{ item.detail }}</span>
+            </a>
+          }
+        </div>
+      </section>
+
+      <div class="grid-two">
+        <section class="panel" aria-label="Impacted decisions">
+          <h2>Impacted Decisions</h2>
+          <p class="panel-subtitle">{{ impactedDecisions.length }} approvals currently impacted by data quality signals.</p>
+          <ul class="list">
+            @for (decision of impactedDecisions; track decision.id) {
+              <li>
+                <a [routerLink]="'/release-control/approvals'" [queryParams]="{ releaseId: decision.id }">{{ decision.name }}</a>
+                <span>{{ decision.reason }}</span>
+              </li>
+            } @empty {
+              <li>No impacted approvals in selected scope.</li>
+            }
+          </ul>
+        </section>
+
+        <section class="panel" aria-label="Top failures">
+          <h2>Top Failures</h2>
+          <ul class="list">
+            @for (item of topFailures; track item.id) {
+              <li>
+                <a [routerLink]="item.route">{{ item.title }}</a>
+                <span>{{ item.detail }}</span>
+              </li>
+            }
+          </ul>
+        </section>
       </div>
 
-      <section class="di-overview__related">
-        <h2 class="di-overview__section-heading">Related Operational Controls</h2>
-        <ul class="di-overview__links">
-          <li><a routerLink="/platform-ops/feeds">Feeds &amp; Mirrors</a> — feed source management</li>
-          <li><a routerLink="/platform-ops/dead-letter">Dead-Letter Queue</a> — failed message replay</li>
-          <li><a routerLink="/platform-ops/slo">SLO Monitoring</a> — burn-rate and error budgets</li>
-          <li><a routerLink="/platform-ops/doctor">Diagnostics</a> — registry connectivity checks</li>
-        </ul>
-        <h2 class="di-overview__section-heading">Security &amp; Risk Consumers</h2>
-        <ul class="di-overview__links">
-          <li>
-            <a routerLink="/security-risk/advisory-sources">Advisory Sources</a> — gating impact from fresh data
-          </li>
-        </ul>
+      <section class="panel" aria-label="Drilldowns">
+        <h2>Drilldowns</h2>
+        <div class="drilldowns">
+          <a routerLink="/platform-ops/data-integrity/nightly-ops">Nightly Ops Report</a>
+          <a routerLink="/platform-ops/data-integrity/feeds-freshness">Feeds Freshness</a>
+          <a routerLink="/platform-ops/data-integrity/scan-pipeline">Scan Pipeline Health</a>
+          <a routerLink="/platform-ops/data-integrity/reachability-ingest">Reachability Ingest Health</a>
+          <a routerLink="/platform-ops/data-integrity/integration-connectivity">Integration Connectivity</a>
+          <a routerLink="/platform-ops/data-integrity/dlq">DLQ and Replays</a>
+          <a routerLink="/platform-ops/data-integrity/slos">Data Quality SLOs</a>
+        </div>
       </section>
     </div>
   `,
   styles: [`
-    .di-overview {
+    .data-integrity-overview {
       padding: 1.5rem;
-      max-width: 1000px;
-    }
-
-    .di-overview__header {
-      margin-bottom: 2rem;
-    }
-
-    .di-overview__title {
-      font-size: 1.5rem;
-      font-weight: 600;
-      margin: 0 0 0.5rem;
-    }
-
-    .di-overview__subtitle {
-      color: var(--color-text-secondary, #666);
-      margin: 0 0 0.75rem;
-    }
-
-    .di-overview__ownership-note {
-      font-size: 0.8125rem;
-      color: var(--color-text-secondary, #666);
-      background: var(--color-surface-alt, #f9fafb);
-      border: 1px solid var(--color-border, #e5e7eb);
-      border-radius: var(--radius-sm, 4px);
-      padding: 0.5rem 0.75rem;
-      margin: 0;
-    }
-
-    .di-overview__ownership-note a {
-      color: var(--color-brand-primary, #4f46e5);
-      text-decoration: none;
-    }
-
-    .di-overview__ownership-note a:hover {
-      text-decoration: underline;
-    }
-
-    .di-overview__grid {
-      display: grid;
-      grid-template-columns: repeat(auto-fill, minmax(280px, 1fr));
-      gap: 1rem;
-      margin-bottom: 2rem;
-    }
-
-    .di-card {
-      display: block;
-      padding: 1.25rem;
-      background: var(--color-surface, #fff);
-      border: 1px solid var(--color-border, #e5e7eb);
-      border-radius: var(--radius-md, 8px);
-      text-decoration: none;
-      color: inherit;
-      transition: border-color 0.15s, box-shadow 0.15s;
-    }
-
-    .di-card:hover {
-      border-color: var(--color-brand-primary, #4f46e5);
-      box-shadow: 0 2px 8px rgba(0,0,0,0.08);
-    }
-
-    .di-card__title {
-      font-size: 0.9375rem;
-      font-weight: 600;
-      margin: 0 0 0.25rem;
-    }
-
-    .di-card__description {
-      font-size: 0.8125rem;
-      color: var(--color-text-secondary, #666);
-      margin: 0 0 0.25rem;
-    }
-
-    .di-card__owner {
-      font-size: 0.75rem;
-      color: var(--color-text-muted, #9ca3af);
-      font-style: italic;
-    }
-
-    .di-overview__section-heading {
-      font-size: 0.875rem;
-      font-weight: 600;
-      margin: 0 0 0.75rem;
-      text-transform: uppercase;
-      letter-spacing: 0.05em;
-      color: var(--color-text-secondary, #666);
-    }
-
-    .di-overview__related {
+      max-width: 1200px;
       display: flex;
       flex-direction: column;
       gap: 1rem;
     }
 
-    .di-overview__links {
+    .header h1 {
+      margin: 0;
+      font-size: 1.5rem;
+    }
+
+    .header p {
+      margin: 0.25rem 0 0;
+      color: var(--color-text-secondary);
+    }
+
+    .filters {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 1rem;
+    }
+
+    .filters label {
+      display: grid;
+      gap: 0.25rem;
+      font-size: 0.78rem;
+      color: var(--color-text-secondary);
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+    }
+
+    .filters select {
+      min-width: 150px;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-sm);
+      padding: 0.45rem 0.6rem;
+      background: var(--color-surface-primary);
+      color: var(--color-text-primary);
+      text-transform: none;
+      letter-spacing: normal;
+    }
+
+    .panel {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      background: var(--color-surface-primary);
+      padding: 1rem;
+    }
+
+    .panel h2 {
+      margin: 0 0 0.5rem;
+      font-size: 1rem;
+    }
+
+    .panel-subtitle {
+      margin: 0 0 0.75rem;
+      color: var(--color-text-secondary);
+      font-size: 0.85rem;
+    }
+
+    .trust-grid {
+      display: grid;
+      grid-template-columns: repeat(auto-fit, minmax(210px, 1fr));
+      gap: 0.7rem;
+    }
+
+    .trust-item {
+      display: grid;
+      gap: 0.2rem;
+      text-decoration: none;
+      color: inherit;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-md);
+      padding: 0.65rem;
+      background: var(--color-surface-secondary);
+    }
+
+    .trust-item__label {
+      font-size: 0.78rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .trust-item__status {
+      width: fit-content;
+      border-radius: var(--radius-full);
+      padding: 0.1rem 0.45rem;
+      font-size: 0.68rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .trust-item__status--ok {
+      background: var(--color-status-success-bg);
+      color: var(--color-status-success-text);
+    }
+
+    .trust-item__status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .trust-item__status--fail {
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error-text);
+    }
+
+    .trust-item__detail {
+      font-size: 0.74rem;
+      color: var(--color-text-muted);
+    }
+
+    .grid-two {
+      display: grid;
+      grid-template-columns: repeat(2, minmax(0, 1fr));
+      gap: 1rem;
+    }
+
+    .list {
       list-style: none;
       margin: 0;
       padding: 0;
-      display: flex;
-      flex-direction: column;
-      gap: 0.5rem;
+      display: grid;
+      gap: 0.55rem;
     }
 
-    .di-overview__links li {
-      font-size: 0.875rem;
-      color: var(--color-text-secondary, #666);
+    .list li {
+      display: grid;
+      gap: 0.1rem;
+      font-size: 0.84rem;
     }
 
-    .di-overview__links a {
-      color: var(--color-brand-primary, #4f46e5);
+    .list a,
+    .drilldowns a {
+      color: var(--color-brand-primary);
       text-decoration: none;
     }
 
-    .di-overview__links a:hover {
-      text-decoration: underline;
+    .list span {
+      color: var(--color-text-secondary);
+      font-size: 0.76rem;
+    }
+
+    .drilldowns {
+      display: grid;
+      grid-template-columns: repeat(auto-fit, minmax(210px, 1fr));
+      gap: 0.5rem;
+    }
+
+    @media (max-width: 900px) {
+      .grid-two {
+        grid-template-columns: 1fr;
+      }
     }
   `],
-  changeDetection: ChangeDetectionStrategy.OnPush,
 })
 export class DataIntegrityOverviewComponent {
-  readonly sections: IntegritySection[] = [
+  readonly region = signal('all');
+  readonly timeWindow = signal('24h');
+
+  readonly trustSignals: TrustSignal[] = [
     {
-      id: 'nightly-report',
-      title: 'Nightly Data Quality Report',
-      description: 'Aggregated quality metrics, freshness scores, and anomaly flags from last run.',
-      route: '/platform-ops/health',
-      ownerNote: 'Platform Ops — source of truth',
+      id: 'feeds',
+      label: 'Feeds Freshness',
+      status: 'warn',
+      detail: 'NVD feed stale by 3h 12m',
+      route: '/platform-ops/data-integrity/feeds-freshness',
     },
     {
-      id: 'feeds-freshness',
-      title: 'Feeds Freshness',
-      description: 'Advisory feed source staleness, last-sync timestamps, and delta alerts.',
-      route: '/platform-ops/feeds',
-      ownerNote: 'Platform Ops — connectivity ownership',
+      id: 'scan',
+      label: 'SBOM Pipeline',
+      status: 'ok',
+      detail: 'Nightly rescan completed',
+      route: '/platform-ops/data-integrity/scan-pipeline',
     },
     {
-      id: 'scan-pipeline',
-      title: 'Scan Pipeline Health',
-      description: 'Scanner queue depth, throughput rates, and error rates.',
-      route: '/platform-ops/health',
-      ownerNote: 'Platform Ops — pipeline operations',
+      id: 'reachability',
+      label: 'Reachability Ingest',
+      status: 'warn',
+      detail: 'Runtime backlog elevated',
+      route: '/platform-ops/data-integrity/reachability-ingest',
     },
     {
-      id: 'reachability-ingest',
-      title: 'Reachability Ingest Health',
-      description: 'Reachability graph ingestion status and stale-graph detection.',
-      route: '/platform-ops/health',
-      ownerNote: 'Platform Ops — ingest operations',
+      id: 'integrations',
+      label: 'Integrations',
+      status: 'ok',
+      detail: 'Core connectors are reachable',
+      route: '/platform-ops/data-integrity/integration-connectivity',
     },
     {
-      id: 'integration-connectivity',
-      title: 'Integration Connectivity',
-      description: 'Live connectivity status for all registered integration connectors.',
-      route: '/integrations',
-      ownerNote: 'Integrations — connector ownership',
-    },
-    {
-      id: 'dlq-replays',
-      title: 'DLQ & Replays',
-      description: 'Dead-letter queue contents, replay operations, and failure investigation.',
-      route: '/platform-ops/dead-letter',
-      ownerNote: 'Platform Ops — operations',
-    },
-    {
-      id: 'slo-burn',
-      title: 'Data Quality SLOs',
-      description: 'Error-budget burn rates and latency targets for data pipeline SLOs.',
-      route: '/platform-ops/slo',
-      ownerNote: 'Platform Ops — SLO ownership',
+      id: 'dlq',
+      label: 'DLQ',
+      status: 'warn',
+      detail: '3 items pending replay',
+      route: '/platform-ops/data-integrity/dlq',
     },
   ];
-}
 
+  readonly impactedDecisions: ImpactedDecision[] = [
+    {
+      id: 'rel-hotfix-124',
+      name: 'Hotfix 1.2.4',
+      reason: 'Waiting for feed freshness to recover',
+    },
+    {
+      id: 'rel-platform-130-rc1',
+      name: 'Platform Release 1.3.0-rc1',
+      reason: 'Runtime ingest coverage below threshold',
+    },
+  ];
+
+  readonly topFailures: FailureItem[] = [
+    {
+      id: 'failure-nvd',
+      title: 'NVD sync lag',
+      detail: 'Feed lag exceeds SLA for release-critical path.',
+      route: '/platform-ops/data-integrity/feeds-freshness',
+    },
+    {
+      id: 'failure-runtime',
+      title: 'Runtime ingest backlog',
+      detail: 'Runtime source queue depth is increasing.',
+      route: '/platform-ops/data-integrity/reachability-ingest',
+    },
+    {
+      id: 'failure-dlq',
+      title: 'DLQ replay queue',
+      detail: 'Pending replay items block confidence for approvals.',
+      route: '/platform-ops/data-integrity/dlq',
+    },
+  ];
+
+  onRegionChange(event: Event): void {
+    const select = event.target as HTMLSelectElement;
+    this.region.set(select.value);
+  }
+
+  onTimeWindowChange(event: Event): void {
+    const select = event.target as HTMLSelectElement;
+    this.timeWindow.set(select.value);
+  }
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/data-integrity.routes.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/data-integrity.routes.ts
new file mode 100644
index 000000000..d2fe788ea
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/data-integrity.routes.ts
@@ -0,0 +1,84 @@
+import { Routes } from '@angular/router';
+
+export const dataIntegrityRoutes: Routes = [
+  {
+    path: '',
+    title: 'Data Integrity - StellaOps',
+    data: { breadcrumb: 'Data Integrity' },
+    loadComponent: () =>
+      import('../data-integrity-overview.component').then(
+        (m) => m.DataIntegrityOverviewComponent
+      ),
+  },
+  {
+    path: 'nightly-ops',
+    title: 'Nightly Ops Report - StellaOps',
+    data: { breadcrumb: 'Nightly Ops Report' },
+    loadComponent: () =>
+      import('./nightly-ops-report-page.component').then(
+        (m) => m.NightlyOpsReportPageComponent
+      ),
+  },
+  {
+    path: 'nightly-ops/:runId',
+    title: 'Job Run Detail - StellaOps',
+    loadComponent: () =>
+      import('./job-run-detail-page.component').then(
+        (m) => m.DataIntegrityJobRunDetailPageComponent
+      ),
+  },
+  {
+    path: 'feeds-freshness',
+    title: 'Feeds Freshness - StellaOps',
+    data: { breadcrumb: 'Feeds Freshness' },
+    loadComponent: () =>
+      import('./feeds-freshness-page.component').then(
+        (m) => m.FeedsFreshnessPageComponent
+      ),
+  },
+  {
+    path: 'scan-pipeline',
+    title: 'Scan Pipeline Health - StellaOps',
+    data: { breadcrumb: 'Scan Pipeline Health' },
+    loadComponent: () =>
+      import('./scan-pipeline-health-page.component').then(
+        (m) => m.ScanPipelineHealthPageComponent
+      ),
+  },
+  {
+    path: 'reachability-ingest',
+    title: 'Reachability Ingest Health - StellaOps',
+    data: { breadcrumb: 'Reachability Ingest Health' },
+    loadComponent: () =>
+      import('./reachability-ingest-health-page.component').then(
+        (m) => m.ReachabilityIngestHealthPageComponent
+      ),
+  },
+  {
+    path: 'integration-connectivity',
+    title: 'Integration Connectivity - StellaOps',
+    data: { breadcrumb: 'Integration Connectivity' },
+    loadComponent: () =>
+      import('./integration-connectivity-page.component').then(
+        (m) => m.IntegrationConnectivityPageComponent
+      ),
+  },
+  {
+    path: 'dlq',
+    title: 'DLQ and Replays - StellaOps',
+    data: { breadcrumb: 'DLQ and Replays' },
+    loadComponent: () =>
+      import('./dlq-replays-page.component').then(
+        (m) => m.DlqReplaysPageComponent
+      ),
+  },
+  {
+    path: 'slos',
+    title: 'Data Quality SLOs - StellaOps',
+    data: { breadcrumb: 'Data Quality SLOs' },
+    loadComponent: () =>
+      import('./data-quality-slos-page.component').then(
+        (m) => m.DataQualitySlosPageComponent
+      ),
+  },
+];
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/data-quality-slos-page.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/data-quality-slos-page.component.ts
new file mode 100644
index 000000000..c99ef740b
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/data-quality-slos-page.component.ts
@@ -0,0 +1,162 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+type SloStatus = 'OK' | 'WARN' | 'FAIL';
+
+interface SloRow {
+  id: string;
+  slo: string;
+  target: string;
+  current: string;
+  status: SloStatus;
+  approvalImpact: string;
+}
+
+@Component({
+  selector: 'app-data-quality-slos-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="di-page">
+      <header>
+        <h1>Data Quality SLOs</h1>
+        <p>SLO status for data signals that affect promotion and approval confidence.</p>
+      </header>
+
+      <table class="table" aria-label="Data quality slos table">
+        <thead>
+          <tr>
+            <th>SLO</th>
+            <th>Target</th>
+            <th>Current</th>
+            <th>Status</th>
+            <th>Approval impact</th>
+          </tr>
+        </thead>
+        <tbody>
+          @for (row of rows; track row.id) {
+            <tr>
+              <td>{{ row.slo }}</td>
+              <td>{{ row.target }}</td>
+              <td>{{ row.current }}</td>
+              <td><span class="status" [class]="'status status--' + row.status.toLowerCase()">{{ row.status }}</span></td>
+              <td>{{ row.approvalImpact }}</td>
+            </tr>
+          }
+        </tbody>
+      </table>
+
+      <footer class="links">
+        <a routerLink="/administration/system">Open System SLO Monitoring</a>
+        <a routerLink="/release-control/approvals">Open impacted approvals</a>
+      </footer>
+    </div>
+  `,
+  styles: [`
+    .di-page {
+      padding: 1.5rem;
+      max-width: 1100px;
+      display: grid;
+      gap: 1rem;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 1.35rem;
+    }
+
+    p {
+      margin: 0.2rem 0 0;
+      color: var(--color-text-secondary);
+    }
+
+    .table {
+      width: 100%;
+      border-collapse: collapse;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      overflow: hidden;
+      background: var(--color-surface-primary);
+    }
+
+    .table th,
+    .table td {
+      padding: 0.55rem 0.5rem;
+      border-bottom: 1px solid var(--color-border-primary);
+      text-align: left;
+      font-size: 0.82rem;
+      vertical-align: top;
+    }
+
+    .table th {
+      font-size: 0.7rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+      background: var(--color-surface-secondary);
+    }
+
+    .status {
+      border-radius: var(--radius-full);
+      padding: 0.1rem 0.45rem;
+      font-size: 0.66rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .status--ok {
+      background: var(--color-status-success-bg);
+      color: var(--color-status-success-text);
+    }
+
+    .status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .status--fail {
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error-text);
+    }
+
+    .links {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 1rem;
+    }
+
+    .links a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      font-size: 0.84rem;
+    }
+  `],
+})
+export class DataQualitySlosPageComponent {
+  readonly rows: SloRow[] = [
+    {
+      id: 'nvd-freshness',
+      slo: 'CVE feed freshness (NVD/OSV)',
+      target: '< 2h',
+      current: '3h 12m',
+      status: 'WARN',
+      approvalImpact: 'Approval confidence reduced for critical CVE gates.',
+    },
+    {
+      id: 'sbom-staleness',
+      slo: 'SBOM staleness (production)',
+      target: '< 24h',
+      current: '21h 40m',
+      status: 'OK',
+      approvalImpact: 'No active impact in current scope.',
+    },
+    {
+      id: 'runtime-coverage',
+      slo: 'Runtime reachability coverage (prod)',
+      target: '> 50%',
+      current: '46%',
+      status: 'WARN',
+      approvalImpact: 'Reachability confidence downgrade for production approvals.',
+    },
+  ];
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/dlq-replays-page.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/dlq-replays-page.component.ts
new file mode 100644
index 000000000..155d9f5c3
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/dlq-replays-page.component.ts
@@ -0,0 +1,218 @@
+import { ChangeDetectionStrategy, Component, computed, signal } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+interface DlqBucket {
+  id: string;
+  name: string;
+  count: number;
+}
+
+interface DlqItem {
+  id: string;
+  bucketId: string;
+  payload: string;
+  age: string;
+}
+
+@Component({
+  selector: 'app-dlq-replays-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="di-page">
+      <header>
+        <h1>DLQ and Replays</h1>
+        <p>Data-integrity view of dead-letter queues and replay impact.</p>
+      </header>
+
+      <div class="layout">
+        <section class="panel">
+          <h2>Buckets</h2>
+          <ul class="buckets">
+            @for (bucket of buckets; track bucket.id) {
+              <li>
+                <button
+                  type="button"
+                  [class.active]="selectedBucketId() === bucket.id"
+                  (click)="selectedBucketId.set(bucket.id)">
+                  <span>{{ bucket.name }}</span>
+                  <strong>{{ bucket.count }}</strong>
+                </button>
+              </li>
+            }
+          </ul>
+        </section>
+
+        <section class="panel">
+          <h2>Items</h2>
+          <table class="table" aria-label="DLQ item table">
+            <thead>
+              <tr>
+                <th>Payload</th>
+                <th>Age</th>
+                <th>Actions</th>
+              </tr>
+            </thead>
+            <tbody>
+              @for (item of selectedItems(); track item.id) {
+                <tr>
+                  <td>{{ item.payload }}</td>
+                  <td>{{ item.age }}</td>
+                  <td class="actions">
+                    <a routerLink="/platform-ops/dead-letter">Replay</a>
+                    <a routerLink="/platform-ops/dead-letter">View</a>
+                    <a routerLink="/platform-ops/data-integrity/nightly-ops">Link job</a>
+                  </td>
+                </tr>
+              } @empty {
+                <tr>
+                  <td colspan="3">No DLQ items in selected bucket.</td>
+                </tr>
+              }
+            </tbody>
+          </table>
+        </section>
+      </div>
+
+      <footer class="links">
+        <a routerLink="/platform-ops/dead-letter">Open Dead Letter</a>
+      </footer>
+    </div>
+  `,
+  styles: [`
+    .di-page {
+      padding: 1.5rem;
+      max-width: 1150px;
+      display: grid;
+      gap: 1rem;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 1.35rem;
+    }
+
+    p {
+      margin: 0.2rem 0 0;
+      color: var(--color-text-secondary);
+    }
+
+    .layout {
+      display: grid;
+      grid-template-columns: 280px 1fr;
+      gap: 1rem;
+    }
+
+    .panel {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      background: var(--color-surface-primary);
+      padding: 1rem;
+    }
+
+    .panel h2 {
+      margin: 0 0 0.65rem;
+      font-size: 0.95rem;
+    }
+
+    .buckets {
+      list-style: none;
+      margin: 0;
+      padding: 0;
+      display: grid;
+      gap: 0.4rem;
+    }
+
+    .buckets button {
+      width: 100%;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-md);
+      background: var(--color-surface-secondary);
+      padding: 0.45rem 0.55rem;
+      text-align: left;
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      cursor: pointer;
+      color: var(--color-text-primary);
+    }
+
+    .buckets button.active {
+      border-color: var(--color-brand-primary);
+      background: rgba(245, 166, 35, 0.08);
+    }
+
+    .table {
+      width: 100%;
+      border-collapse: collapse;
+    }
+
+    .table th,
+    .table td {
+      border-bottom: 1px solid var(--color-border-primary);
+      padding: 0.5rem 0.45rem;
+      text-align: left;
+      font-size: 0.82rem;
+      vertical-align: top;
+    }
+
+    .table th {
+      font-size: 0.7rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+    }
+
+    .actions {
+      display: grid;
+      gap: 0.2rem;
+    }
+
+    a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      font-size: 0.82rem;
+    }
+
+    @media (max-width: 850px) {
+      .layout {
+        grid-template-columns: 1fr;
+      }
+    }
+  `],
+})
+export class DlqReplaysPageComponent {
+  readonly buckets: DlqBucket[] = [
+    { id: 'reach-runtime', name: 'reachability-runtime-ingest', count: 2 },
+    { id: 'sbom-rescan', name: 'sbom-nightly-rescan', count: 1 },
+    { id: 'evidence-seal', name: 'evidence-seal-bundles', count: 0 },
+  ];
+
+  readonly items: DlqItem[] = [
+    {
+      id: 'item-1',
+      bucketId: 'reach-runtime',
+      payload: 'runtime batch 2026-02-19T03:49Z',
+      age: '1h 12m',
+    },
+    {
+      id: 'item-2',
+      bucketId: 'reach-runtime',
+      payload: 'runtime batch 2026-02-19T03:51Z',
+      age: '1h 10m',
+    },
+    {
+      id: 'item-3',
+      bucketId: 'sbom-rescan',
+      payload: 'rescan bundle platform-130-rc1',
+      age: '4h 02m',
+    },
+  ];
+
+  readonly selectedBucketId = signal(this.buckets[0].id);
+
+  readonly selectedItems = computed(() =>
+    this.items.filter((item) => item.bucketId === this.selectedBucketId())
+  );
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/feeds-freshness-page.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/feeds-freshness-page.component.ts
new file mode 100644
index 000000000..42c211336
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/feeds-freshness-page.component.ts
@@ -0,0 +1,162 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+type FeedStatus = 'OK' | 'WARN' | 'FAIL';
+
+interface FeedRow {
+  id: string;
+  source: string;
+  status: FeedStatus;
+  lastSync: string;
+  sla: string;
+  gateImpact: string;
+}
+
+@Component({
+  selector: 'app-feeds-freshness-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="di-page">
+      <header>
+        <h1>Feeds Freshness</h1>
+        <p>Read-only freshness lens for release decision confidence.</p>
+      </header>
+
+      <table class="table" aria-label="Feeds freshness table">
+        <thead>
+          <tr>
+            <th>Source</th>
+            <th>Status</th>
+            <th>Last Sync</th>
+            <th>SLA</th>
+            <th>Resulting gate impact</th>
+          </tr>
+        </thead>
+        <tbody>
+          @for (row of rows; track row.id) {
+            <tr>
+              <td>{{ row.source }}</td>
+              <td><span class="status" [class]="'status status--' + row.status.toLowerCase()">{{ row.status }}</span></td>
+              <td>{{ row.lastSync }}</td>
+              <td>{{ row.sla }}</td>
+              <td>{{ row.gateImpact }}</td>
+            </tr>
+          }
+        </tbody>
+      </table>
+
+      <footer class="links">
+        <a routerLink="/platform-ops/feeds">Open Feeds and AirGap Ops</a>
+        <a routerLink="/platform-ops/feeds/locks">Apply Version Lock</a>
+        <a routerLink="/platform-ops/feeds/mirror">Retry source sync</a>
+      </footer>
+    </div>
+  `,
+  styles: [`
+    .di-page {
+      padding: 1.5rem;
+      max-width: 1100px;
+      display: grid;
+      gap: 1rem;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 1.35rem;
+    }
+
+    p {
+      margin: 0.2rem 0 0;
+      color: var(--color-text-secondary);
+    }
+
+    .table {
+      width: 100%;
+      border-collapse: collapse;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      overflow: hidden;
+      background: var(--color-surface-primary);
+    }
+
+    .table th,
+    .table td {
+      padding: 0.55rem 0.5rem;
+      border-bottom: 1px solid var(--color-border-primary);
+      text-align: left;
+      font-size: 0.82rem;
+    }
+
+    .table th {
+      font-size: 0.7rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+      background: var(--color-surface-secondary);
+    }
+
+    .status {
+      border-radius: var(--radius-full);
+      padding: 0.12rem 0.45rem;
+      font-size: 0.68rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .status--ok {
+      background: var(--color-status-success-bg);
+      color: var(--color-status-success-text);
+    }
+
+    .status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .status--fail {
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error-text);
+    }
+
+    .links {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 1rem;
+    }
+
+    .links a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      font-size: 0.84rem;
+    }
+  `],
+})
+export class FeedsFreshnessPageComponent {
+  readonly rows: FeedRow[] = [
+    {
+      id: 'osv',
+      source: 'OSV',
+      status: 'OK',
+      lastSync: '2026-02-19 01:02 UTC',
+      sla: '<= 2h',
+      gateImpact: 'Fresh source keeps CVE gates trusted.',
+    },
+    {
+      id: 'nvd',
+      source: 'NVD',
+      status: 'WARN',
+      lastSync: '2026-02-18 22:49 UTC',
+      sla: '<= 2h',
+      gateImpact: 'Staleness can downgrade approval confidence.',
+    },
+    {
+      id: 'cisa-kev',
+      source: 'CISA KEV',
+      status: 'OK',
+      lastSync: '2026-02-19 00:35 UTC',
+      sla: '<= 6h',
+      gateImpact: 'Critical exploit intel remains up to date.',
+    },
+  ];
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/integration-connectivity-page.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/integration-connectivity-page.component.ts
new file mode 100644
index 000000000..d790d7477
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/integration-connectivity-page.component.ts
@@ -0,0 +1,176 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+type ConnectorStatus = 'OK' | 'WARN' | 'FAIL';
+
+interface ConnectorRow {
+  id: string;
+  connector: string;
+  status: ConnectorStatus;
+  dependentPipelines: string;
+  impact: string;
+}
+
+@Component({
+  selector: 'app-integration-connectivity-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="di-page">
+      <header>
+        <h1>Integration Connectivity</h1>
+        <p>Data integrity lens that maps connector health to release impact.</p>
+      </header>
+
+      <table class="table" aria-label="Integration connectivity table">
+        <thead>
+          <tr>
+            <th>Connector</th>
+            <th>Status</th>
+            <th>Dependent pipelines</th>
+            <th>Impact</th>
+            <th>Actions</th>
+          </tr>
+        </thead>
+        <tbody>
+          @for (row of rows; track row.id) {
+            <tr>
+              <td>{{ row.connector }}</td>
+              <td><span class="status" [class]="'status status--' + row.status.toLowerCase()">{{ row.status }}</span></td>
+              <td>{{ row.dependentPipelines }}</td>
+              <td>{{ row.impact }}</td>
+              <td class="actions">
+                <a routerLink="/integrations">Open Detail</a>
+                <a routerLink="/integrations">Test</a>
+                <a routerLink="/platform-ops/data-integrity/nightly-ops">View dependent jobs</a>
+                <a routerLink="/release-control/approvals">View impacted approvals</a>
+              </td>
+            </tr>
+          }
+        </tbody>
+      </table>
+
+      <footer class="links">
+        <a routerLink="/integrations">Open Integrations Hub</a>
+      </footer>
+    </div>
+  `,
+  styles: [`
+    .di-page {
+      padding: 1.5rem;
+      max-width: 1150px;
+      display: grid;
+      gap: 1rem;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 1.35rem;
+    }
+
+    p {
+      margin: 0.2rem 0 0;
+      color: var(--color-text-secondary);
+    }
+
+    .table {
+      width: 100%;
+      border-collapse: collapse;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      overflow: hidden;
+      background: var(--color-surface-primary);
+    }
+
+    .table th,
+    .table td {
+      padding: 0.55rem 0.5rem;
+      border-bottom: 1px solid var(--color-border-primary);
+      text-align: left;
+      font-size: 0.82rem;
+      vertical-align: top;
+    }
+
+    .table th {
+      font-size: 0.7rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+      background: var(--color-surface-secondary);
+    }
+
+    .status {
+      border-radius: var(--radius-full);
+      padding: 0.1rem 0.45rem;
+      font-size: 0.66rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .status--ok {
+      background: var(--color-status-success-bg);
+      color: var(--color-status-success-text);
+    }
+
+    .status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .status--fail {
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error-text);
+    }
+
+    .actions {
+      display: grid;
+      gap: 0.2rem;
+    }
+
+    a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      font-size: 0.82rem;
+      white-space: nowrap;
+    }
+  `],
+})
+export class IntegrationConnectivityPageComponent {
+  readonly rows: ConnectorRow[] = [
+    {
+      id: 'harbor',
+      connector: 'Harbor Registry',
+      status: 'OK',
+      dependentPipelines: 'Image discovery, SBOM ingest',
+      impact: 'No release impact.',
+    },
+    {
+      id: 'jenkins',
+      connector: 'Jenkins',
+      status: 'WARN',
+      dependentPipelines: 'Build metadata ingest',
+      impact: 'Build evidence lag impacts policy confidence.',
+    },
+    {
+      id: 'vault',
+      connector: 'Vault',
+      status: 'OK',
+      dependentPipelines: 'Secret materialization checks',
+      impact: 'No active risk signal.',
+    },
+    {
+      id: 'consul',
+      connector: 'Consul',
+      status: 'WARN',
+      dependentPipelines: 'Config-readiness checks',
+      impact: 'Readiness checks may require manual confirmation.',
+    },
+    {
+      id: 'nvd-source',
+      connector: 'NVD Source',
+      status: 'FAIL',
+      dependentPipelines: 'CVE update pipeline',
+      impact: 'Approvals may block due to stale advisory data.',
+    },
+  ];
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/job-run-detail-page.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/job-run-detail-page.component.ts
new file mode 100644
index 000000000..3660df2d1
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/job-run-detail-page.component.ts
@@ -0,0 +1,151 @@
+import { ChangeDetectionStrategy, Component, inject, OnDestroy, OnInit } from '@angular/core';
+import { ActivatedRoute, RouterLink } from '@angular/router';
+import { BreadcrumbService } from '../../../layout/breadcrumb';
+
+interface AffectedItem {
+  id: string;
+  target: string;
+  reason: string;
+}
+
+@Component({
+  selector: 'app-data-integrity-job-run-detail-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="di-page">
+      <header class="panel">
+        <h1>Run {{ runId }}</h1>
+        <p>Job: reachability-ingest-runtime</p>
+        <p>Status: <span class="status status--warn">WARN</span></p>
+        <p>Started: 2026-02-19 03:51 UTC</p>
+        <p>Finished: 2026-02-19 03:58 UTC</p>
+        <p>Error: Runtime queue backlog exceeded ingest threshold.</p>
+      </header>
+
+      <section class="panel">
+        <h2>Integration Reference</h2>
+        <a routerLink="/integrations">Jenkins connector (job trigger source)</a>
+      </section>
+
+      <section class="panel">
+        <h2>Affected Items</h2>
+        <ul class="items">
+          @for (item of affectedItems; track item.id) {
+            <li>
+              <strong>{{ item.target }}</strong>
+              <span>{{ item.reason }}</span>
+            </li>
+          } @empty {
+            <li>No affected items in this run.</li>
+          }
+        </ul>
+      </section>
+
+      <footer class="links">
+        <a routerLink="/release-control/approvals">Open impacted approvals</a>
+        <a routerLink="/release-control/bundles">Open bundles</a>
+        <a routerLink="/platform-ops/data-integrity/dlq">Open DLQ bucket</a>
+        <a routerLink="/platform-ops/orchestrator/jobs">Open logs</a>
+      </footer>
+    </div>
+  `,
+  styles: [`
+    .di-page {
+      padding: 1.5rem;
+      max-width: 950px;
+      display: grid;
+      gap: 1rem;
+    }
+
+    .panel {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      background: var(--color-surface-primary);
+      padding: 1rem;
+      display: grid;
+      gap: 0.25rem;
+    }
+
+    h1,
+    h2 {
+      margin: 0;
+    }
+
+    p,
+    span {
+      font-size: 0.84rem;
+      color: var(--color-text-secondary);
+      margin: 0;
+    }
+
+    .status {
+      border-radius: var(--radius-full);
+      padding: 0.1rem 0.45rem;
+      font-size: 0.66rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .items {
+      margin: 0;
+      padding: 0;
+      list-style: none;
+      display: grid;
+      gap: 0.5rem;
+    }
+
+    .items li {
+      display: grid;
+      gap: 0.1rem;
+    }
+
+    .items strong {
+      font-size: 0.85rem;
+    }
+
+    .links {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 1rem;
+    }
+
+    a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      font-size: 0.84rem;
+    }
+  `],
+})
+export class DataIntegrityJobRunDetailPageComponent implements OnInit, OnDestroy {
+  private readonly route = inject(ActivatedRoute);
+  private readonly breadcrumbService = inject(BreadcrumbService);
+
+  readonly runId = this.route.snapshot.paramMap.get('runId') ?? 'unknown';
+
+  readonly affectedItems: AffectedItem[] = [
+    {
+      id: 'api-gateway',
+      target: 'api-gateway:2.3.1',
+      reason: 'Runtime evidence missing for current digest.',
+    },
+    {
+      id: 'payments-worker',
+      target: 'payments-worker:5.4.0',
+      reason: 'Runtime source backlog blocked ingest completion.',
+    },
+  ];
+
+  ngOnInit(): void {
+    this.breadcrumbService.setContextCrumbs([{ label: `Run #${this.runId}` }]);
+  }
+
+  ngOnDestroy(): void {
+    this.breadcrumbService.clearContextCrumbs();
+  }
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/nightly-ops-report-page.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/nightly-ops-report-page.component.ts
new file mode 100644
index 000000000..f915773b9
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/nightly-ops-report-page.component.ts
@@ -0,0 +1,252 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+type JobStatus = 'OK' | 'WARN' | 'FAIL';
+
+interface NightlyJobRow {
+  id: string;
+  runId: string;
+  job: string;
+  schedule: string;
+  lastRun: string;
+  status: JobStatus;
+  impact: string;
+}
+
+@Component({
+  selector: 'app-nightly-ops-report-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="di-page">
+      <header>
+        <h1>Nightly Ops Report</h1>
+        <p>Release-impact view of overnight data and integrity jobs.</p>
+      </header>
+
+      <div class="filters">
+        <label>
+          Window
+          <select>
+            <option>24h</option>
+            <option>7d</option>
+            <option>30d</option>
+          </select>
+        </label>
+        <label>
+          Region
+          <select>
+            <option>All regions</option>
+            <option>EU West</option>
+            <option>US East</option>
+            <option>AP South</option>
+          </select>
+        </label>
+      </div>
+
+      <table class="table" aria-label="Nightly ops report table">
+        <thead>
+          <tr>
+            <th>Job</th>
+            <th>Schedule</th>
+            <th>Last Run</th>
+            <th>Status</th>
+            <th>Why it matters</th>
+            <th>Actions</th>
+          </tr>
+        </thead>
+        <tbody>
+          @for (row of rows; track row.id) {
+            <tr>
+              <td>{{ row.job }}</td>
+              <td>{{ row.schedule }}</td>
+              <td>{{ row.lastRun }}</td>
+              <td>
+                <span class="status" [class]="'status status--' + row.status.toLowerCase()">{{ row.status }}</span>
+              </td>
+              <td>{{ row.impact }}</td>
+              <td class="actions">
+                <a [routerLink]="['/platform-ops/data-integrity/nightly-ops', row.runId]">View Run</a>
+                <a routerLink="/platform-ops/scheduler/runs">Open Scheduler</a>
+                <a routerLink="/platform-ops/orchestrator/jobs">Open Orchestrator</a>
+                <a routerLink="/integrations">Open Integration</a>
+                <a routerLink="/platform-ops/dead-letter">Open DLQ</a>
+              </td>
+            </tr>
+          }
+        </tbody>
+      </table>
+    </div>
+  `,
+  styles: [`
+    .di-page {
+      padding: 1.5rem;
+      max-width: 1200px;
+      display: grid;
+      gap: 1rem;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 1.4rem;
+    }
+
+    p {
+      margin: 0.2rem 0 0;
+      color: var(--color-text-secondary);
+    }
+
+    .filters {
+      display: flex;
+      gap: 1rem;
+      flex-wrap: wrap;
+    }
+
+    label {
+      display: grid;
+      gap: 0.25rem;
+      font-size: 0.75rem;
+      text-transform: uppercase;
+      color: var(--color-text-secondary);
+      letter-spacing: 0.04em;
+    }
+
+    select {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-sm);
+      padding: 0.4rem 0.55rem;
+      background: var(--color-surface-primary);
+      color: var(--color-text-primary);
+      min-width: 130px;
+      text-transform: none;
+      letter-spacing: normal;
+    }
+
+    .table {
+      width: 100%;
+      border-collapse: collapse;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      overflow: hidden;
+      background: var(--color-surface-primary);
+    }
+
+    .table th,
+    .table td {
+      border-bottom: 1px solid var(--color-border-primary);
+      padding: 0.55rem 0.5rem;
+      text-align: left;
+      font-size: 0.82rem;
+      vertical-align: top;
+    }
+
+    .table th {
+      font-size: 0.7rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+      background: var(--color-surface-secondary);
+    }
+
+    .status {
+      border-radius: var(--radius-full);
+      padding: 0.12rem 0.5rem;
+      font-size: 0.68rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .status--ok {
+      background: var(--color-status-success-bg);
+      color: var(--color-status-success-text);
+    }
+
+    .status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .status--fail {
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error-text);
+    }
+
+    .actions {
+      display: grid;
+      gap: 0.2rem;
+    }
+
+    .actions a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      white-space: nowrap;
+    }
+  `],
+})
+export class NightlyOpsReportPageComponent {
+  readonly rows: NightlyJobRow[] = [
+    {
+      id: 'job-osv',
+      runId: 'run-24021',
+      job: 'cve-sync-osv',
+      schedule: '0 1 * * *',
+      lastRun: '2026-02-19 01:02 UTC',
+      status: 'OK',
+      impact: 'Fresh advisory feed supports accurate approval gating.',
+    },
+    {
+      id: 'job-nvd',
+      runId: 'run-24022',
+      job: 'cve-sync-nvd',
+      schedule: '0 1 * * *',
+      lastRun: '2026-02-19 01:06 UTC',
+      status: 'WARN',
+      impact: 'Stale CVE feed can block promotions due to confidence downgrade.',
+    },
+    {
+      id: 'job-sbom-ingest',
+      runId: 'run-24023',
+      job: 'sbom-ingest-registry',
+      schedule: '0 2 * * *',
+      lastRun: '2026-02-19 02:08 UTC',
+      status: 'OK',
+      impact: 'Maintains complete component inventory for release checks.',
+    },
+    {
+      id: 'job-sbom-rescan',
+      runId: 'run-24024',
+      job: 'sbom-nightly-rescan',
+      schedule: '30 2 * * *',
+      lastRun: '2026-02-19 02:40 UTC',
+      status: 'WARN',
+      impact: 'Stale SBOMs can force manual review in approval workflow.',
+    },
+    {
+      id: 'job-reach-image',
+      runId: 'run-24025',
+      job: 'reachability-ingest-image',
+      schedule: '15 3 * * *',
+      lastRun: '2026-02-19 03:18 UTC',
+      status: 'OK',
+      impact: 'Image evidence supports B/I/R risk interpretation.',
+    },
+    {
+      id: 'job-reach-runtime',
+      runId: 'run-24026',
+      job: 'reachability-ingest-runtime',
+      schedule: '45 3 * * *',
+      lastRun: '2026-02-19 03:51 UTC',
+      status: 'FAIL',
+      impact: 'Missing runtime ingest lowers confidence for production decisions.',
+    },
+    {
+      id: 'job-seal',
+      runId: 'run-24027',
+      job: 'evidence-seal-bundles',
+      schedule: '0 4 * * *',
+      lastRun: '2026-02-19 04:02 UTC',
+      status: 'OK',
+      impact: 'Evidence packet sealing preserves auditability of release actions.',
+    },
+  ];
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/reachability-ingest-health-page.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/reachability-ingest-health-page.component.ts
new file mode 100644
index 000000000..f33a6a9b2
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/reachability-ingest-health-page.component.ts
@@ -0,0 +1,200 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+type SourceStatus = 'OK' | 'WARN' | 'FAIL';
+
+interface IngestRow {
+  id: string;
+  source: string;
+  lastBatch: string;
+  backlog: number;
+  status: SourceStatus;
+}
+
+@Component({
+  selector: 'app-reachability-ingest-health-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="di-page">
+      <header>
+        <h1>Reachability Ingest Health</h1>
+        <p>Hybrid B/I/R ingest confidence for release-policy interpretation.</p>
+      </header>
+
+      <section class="coverage" aria-label="Coverage summary">
+        <div><span>Build</span><strong>{{ buildCoverage }}%</strong></div>
+        <div><span>Image</span><strong>{{ imageCoverage }}%</strong></div>
+        <div><span>Runtime</span><strong>{{ runtimeCoverage }}%</strong></div>
+      </section>
+
+      <table class="table" aria-label="Reachability ingest table">
+        <thead>
+          <tr>
+            <th>Source</th>
+            <th>Last batch</th>
+            <th>Backlog</th>
+            <th>Status</th>
+          </tr>
+        </thead>
+        <tbody>
+          @for (row of rows; track row.id) {
+            <tr>
+              <td>{{ row.source }}</td>
+              <td>{{ row.lastBatch }}</td>
+              <td>{{ row.backlog }}</td>
+              <td>
+                <span class="status" [class]="'status status--' + row.status.toLowerCase()">{{ row.status }}</span>
+              </td>
+            </tr>
+          }
+        </tbody>
+      </table>
+
+      <footer class="links">
+        <a routerLink="/platform-ops/agents">Open Agents</a>
+        <a routerLink="/platform-ops/data-integrity/dlq">Open DLQ bucket</a>
+        <a routerLink="/release-control/approvals">Open impacted approvals</a>
+      </footer>
+    </div>
+  `,
+  styles: [`
+    .di-page {
+      padding: 1.5rem;
+      max-width: 950px;
+      display: grid;
+      gap: 1rem;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 1.35rem;
+    }
+
+    p {
+      margin: 0.2rem 0 0;
+      color: var(--color-text-secondary);
+    }
+
+    .coverage {
+      display: grid;
+      grid-template-columns: repeat(3, minmax(0, 1fr));
+      gap: 0.65rem;
+    }
+
+    .coverage div {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-md);
+      background: var(--color-surface-primary);
+      padding: 0.65rem;
+      display: grid;
+      gap: 0.2rem;
+    }
+
+    .coverage span {
+      font-size: 0.72rem;
+      color: var(--color-text-secondary);
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+    }
+
+    .coverage strong {
+      font-size: 1.05rem;
+    }
+
+    .table {
+      width: 100%;
+      border-collapse: collapse;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      overflow: hidden;
+      background: var(--color-surface-primary);
+    }
+
+    .table th,
+    .table td {
+      padding: 0.55rem 0.5rem;
+      border-bottom: 1px solid var(--color-border-primary);
+      text-align: left;
+      font-size: 0.82rem;
+    }
+
+    .table th {
+      font-size: 0.7rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+      background: var(--color-surface-secondary);
+    }
+
+    .status {
+      border-radius: var(--radius-full);
+      padding: 0.1rem 0.45rem;
+      font-size: 0.66rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .status--ok {
+      background: var(--color-status-success-bg);
+      color: var(--color-status-success-text);
+    }
+
+    .status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .status--fail {
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error-text);
+    }
+
+    .links {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 1rem;
+    }
+
+    .links a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      font-size: 0.84rem;
+    }
+
+    @media (max-width: 700px) {
+      .coverage {
+        grid-template-columns: 1fr;
+      }
+    }
+  `],
+})
+export class ReachabilityIngestHealthPageComponent {
+  readonly buildCoverage = 84;
+  readonly imageCoverage = 92;
+  readonly runtimeCoverage = 61;
+
+  readonly rows: IngestRow[] = [
+    {
+      id: 'image',
+      source: 'Image / Dover',
+      lastBatch: '2026-02-19 03:18 UTC',
+      backlog: 7,
+      status: 'OK',
+    },
+    {
+      id: 'build',
+      source: 'Build',
+      lastBatch: '2026-02-19 03:12 UTC',
+      backlog: 4,
+      status: 'OK',
+    },
+    {
+      id: 'runtime',
+      source: 'Runtime',
+      lastBatch: '2026-02-19 03:51 UTC',
+      backlog: 43,
+      status: 'WARN',
+    },
+  ];
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/scan-pipeline-health-page.component.ts b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/scan-pipeline-health-page.component.ts
new file mode 100644
index 000000000..0ba40ea27
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/platform-ops/data-integrity/scan-pipeline-health-page.component.ts
@@ -0,0 +1,175 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+type StageStatus = 'OK' | 'WARN' | 'FAIL';
+
+interface Stage {
+  id: string;
+  name: string;
+  detail: string;
+  status: StageStatus;
+}
+
+@Component({
+  selector: 'app-scan-pipeline-health-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="di-page">
+      <header>
+        <h1>Scan Pipeline Health</h1>
+        <p>End-to-end SBOM and finding pipeline readiness for release decisions.</p>
+      </header>
+
+      <section class="panel" aria-label="Pipeline stages">
+        <h2>Pipeline Stages</h2>
+        <ul class="stages">
+          @for (stage of stages; track stage.id) {
+            <li>
+              <span>{{ stage.name }}</span>
+              <span class="status" [class]="'status status--' + stage.status.toLowerCase()">{{ stage.status }}</span>
+              <span>{{ stage.detail }}</span>
+            </li>
+          }
+        </ul>
+      </section>
+
+      <section class="panel" aria-label="Impact summary">
+        <h2>Impact Summary</h2>
+        <p>Environments affected: <strong>{{ affectedEnvironments }}</strong></p>
+        <p>Approvals blocked: <strong>{{ blockedApprovals }}</strong></p>
+      </section>
+
+      <footer class="links">
+        <a routerLink="/platform-ops/data-integrity/nightly-ops">Nightly Ops Report</a>
+        <a routerLink="/platform-ops/data-integrity/feeds-freshness">Feeds Freshness</a>
+        <a routerLink="/integrations">Integrations</a>
+        <a routerLink="/security-risk/findings">Security Findings</a>
+      </footer>
+    </div>
+  `,
+  styles: [`
+    .di-page {
+      padding: 1.5rem;
+      max-width: 1000px;
+      display: grid;
+      gap: 1rem;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 1.35rem;
+    }
+
+    p {
+      margin: 0.2rem 0 0;
+      color: var(--color-text-secondary);
+    }
+
+    .panel {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      background: var(--color-surface-primary);
+      padding: 1rem;
+    }
+
+    .panel h2 {
+      margin: 0 0 0.6rem;
+      font-size: 0.95rem;
+    }
+
+    .stages {
+      list-style: none;
+      margin: 0;
+      padding: 0;
+      display: grid;
+      gap: 0.45rem;
+    }
+
+    .stages li {
+      display: grid;
+      grid-template-columns: 220px auto 1fr;
+      gap: 0.55rem;
+      align-items: center;
+      font-size: 0.82rem;
+    }
+
+    .status {
+      border-radius: var(--radius-full);
+      padding: 0.1rem 0.45rem;
+      font-size: 0.66rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .status--ok {
+      background: var(--color-status-success-bg);
+      color: var(--color-status-success-text);
+    }
+
+    .status--warn {
+      background: var(--color-status-warning-bg);
+      color: var(--color-status-warning-text);
+    }
+
+    .status--fail {
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error-text);
+    }
+
+    .links {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 1rem;
+    }
+
+    .links a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      font-size: 0.84rem;
+    }
+
+    @media (max-width: 850px) {
+      .stages li {
+        grid-template-columns: 1fr;
+      }
+    }
+  `],
+})
+export class ScanPipelineHealthPageComponent {
+  readonly stages: Stage[] = [
+    {
+      id: 'image-discovery',
+      name: 'Image discovery (registry)',
+      detail: '482 images discovered in current scope.',
+      status: 'OK',
+    },
+    {
+      id: 'sbom-generation',
+      name: 'SBOM generation and ingest',
+      detail: '14 pending SBOM ingests.',
+      status: 'WARN',
+    },
+    {
+      id: 'nightly-rescan',
+      name: 'Nightly SBOM rescan',
+      detail: '2 production SBOMs are stale.',
+      status: 'WARN',
+    },
+    {
+      id: 'feed-sync',
+      name: 'CVE feeds sync',
+      detail: 'NVD lag exceeds expected SLA window.',
+      status: 'WARN',
+    },
+    {
+      id: 'match-update',
+      name: 'CVE to SBOM match and update',
+      detail: 'Mapping coverage at 98.1 percent.',
+      status: 'OK',
+    },
+  ];
+
+  readonly affectedEnvironments = 3;
+  readonly blockedApprovals = 2;
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.html b/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.html
index 1f819df05..3730cb557 100644
--- a/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.html
+++ b/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.html
@@ -1,6 +1,6 @@
 <div class="proof-chain-container" [class.expanded]="expandedView">
   <div class="proof-chain-header">
-    <h2>Evidence Chain</h2>
+    <h2>Proof Chains</h2>
     <div class="proof-chain-actions">
       @if (hasData()) {
         <button class="btn-icon" (click)="refresh()" [disabled]="loading()" title="Refresh proof chain">
@@ -10,6 +10,27 @@
     </div>
   </div>
 
+  <form class="proof-chain-search" (submit)="$event.preventDefault(); onSearchSubmit()">
+    <label for="proof-chain-digest" class="proof-chain-search__label">Subject Digest</label>
+    <div class="proof-chain-search__controls">
+      <input
+        id="proof-chain-digest"
+        type="text"
+        [ngModel]="inputDigest()"
+        (ngModelChange)="inputDigest.set($event)"
+        name="subjectDigest"
+        placeholder="sha256:..."
+      />
+      <button type="submit" class="btn-primary">Search</button>
+    </div>
+  </form>
+
+  @if (validationError(); as validationMessage) {
+    <div class="error-state">
+      <p>{{ validationMessage }}</p>
+    </div>
+  }
+
   @if (loading()) {
     <div class="loading-state">
       <div class="spinner"></div>
@@ -54,8 +75,8 @@
       <div class="proof-chain-graph">
         @if (nodeCount() === 0) {
           <div class="empty-graph-state" role="status" aria-live="polite">
-            <p class="empty-graph-title">No proof nodes are available for this subject.</p>
-            <p class="empty-graph-description">Refresh to check whether new attestations were published.</p>
+            <p class="empty-graph-title">No proof chain found for this subject.</p>
+            <p class="empty-graph-description">Try another digest or refresh to check for recently published attestations.</p>
             <button class="btn-secondary" type="button" (click)="refresh()">Refresh graph</button>
           </div>
         } @else {
diff --git a/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.scss b/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.scss
index d806870db..3bff6c4a0 100644
--- a/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.scss
+++ b/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.scss
@@ -35,6 +35,31 @@
   gap: var(--space-2);
 }
 
+.proof-chain-search {
+  display: grid;
+  gap: var(--space-2);
+}
+
+.proof-chain-search__label {
+  font-size: var(--font-size-base);
+  font-weight: var(--font-weight-semibold);
+  color: var(--color-text-secondary);
+}
+
+.proof-chain-search__controls {
+  display: flex;
+  gap: var(--space-2);
+}
+
+.proof-chain-search input {
+  flex: 1;
+  border: 1px solid var(--color-border-primary);
+  border-radius: var(--radius-sm);
+  padding: var(--space-2) var(--space-3);
+  background: var(--color-surface-primary);
+  color: var(--color-text-primary);
+}
+
 .btn-icon {
   background: none;
   border: 1px solid var(--color-border-primary);
diff --git a/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.ts b/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.ts
index a5c7875e3..ec6e05c6b 100644
--- a/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/proof-chain/proof-chain.component.ts
@@ -12,8 +12,11 @@ import {
   signal,
   computed,
   effect,
+  inject,
 } from '@angular/core';
 import { CommonModule } from '@angular/common';
+import { FormsModule } from '@angular/forms';
+import { ActivatedRoute } from '@angular/router';
 import { ProofChainService } from './proof-chain.service';
 import { ProofNode, ProofChainResponse } from './proof-chain.models';
 
@@ -43,7 +46,7 @@ import { ProofNode, ProofChainResponse } from './proof-chain.models';
  */
 @Component({
     selector: 'stella-proof-chain',
-    imports: [CommonModule],
+    imports: [CommonModule, FormsModule],
     templateUrl: './proof-chain.component.html',
     styleUrls: ['./proof-chain.component.scss'],
     changeDetection: ChangeDetectionStrategy.OnPush
@@ -64,6 +67,8 @@ export class ProofChainComponent implements OnInit, AfterViewInit, OnDestroy {
   readonly error = signal<string | null>(null);
   readonly proofChain = signal<ProofChainResponse | null>(null);
   readonly selectedNode = signal<ProofNode | null>(null);
+  readonly inputDigest = signal('');
+  readonly validationError = signal<string | null>(null);
 
   // Computed values
   readonly hasData = computed(() => this.proofChain() !== null);
@@ -72,6 +77,7 @@ export class ProofChainComponent implements OnInit, AfterViewInit, OnDestroy {
 
   private cytoscapeInstance: any = null;
   private readonly proofChainService: ProofChainService;
+  private readonly route = inject(ActivatedRoute);
 
   constructor(private readonly service: ProofChainService) {
     this.proofChainService = service;
@@ -86,7 +92,14 @@ export class ProofChainComponent implements OnInit, AfterViewInit, OnDestroy {
   }
 
   ngOnInit(): void {
-    this.loadProofChain();
+    const routeDigest = this.route.snapshot.paramMap.get('subjectDigest') ?? '';
+    const initialDigest = (this.subjectDigest || routeDigest).trim();
+    this.inputDigest.set(initialDigest);
+
+    if (initialDigest) {
+      this.subjectDigest = initialDigest;
+      this.loadProofChain();
+    }
   }
 
   ngAfterViewInit(): void {
@@ -107,26 +120,45 @@ export class ProofChainComponent implements OnInit, AfterViewInit, OnDestroy {
    * Load proof chain from API
    */
   loadProofChain(): void {
-    if (!this.subjectDigest) {
-      this.error.set('Subject digest is required');
+    const digest = this.subjectDigest.trim();
+    if (!digest) {
+      this.validationError.set('A subject digest is required.');
       return;
     }
 
     this.loading.set(true);
     this.error.set(null);
+    this.validationError.set(null);
+    this.subjectDigest = digest;
 
-    this.proofChainService.getProofChain(this.subjectDigest, this.maxDepth).subscribe({
+    this.proofChainService.getProofChain(digest, this.maxDepth).subscribe({
       next: (chain) => {
         this.proofChain.set(chain);
         this.loading.set(false);
       },
       error: (err) => {
-        this.error.set(`Failed to load proof chain: ${err.message || 'Unknown error'}`);
+        if (err?.status === 404) {
+          this.error.set('No proof chain found for this subject digest.');
+        } else {
+          this.error.set(`Failed to load proof chain: ${err.message || 'Unknown error'}`);
+        }
         this.loading.set(false);
       },
     });
   }
 
+  onSearchSubmit(): void {
+    const digest = this.inputDigest().trim();
+    if (!digest) {
+      this.validationError.set('A subject digest is required.');
+      return;
+    }
+
+    this.subjectDigest = digest;
+    this.selectedNode.set(null);
+    this.loadProofChain();
+  }
+
   /**
    * Render the proof chain graph using Cytoscape.js
    * Note: This is a placeholder implementation. In production, install cytoscape via npm.
diff --git a/src/Web/StellaOps.Web/src/app/features/quota-dashboard/quota-dashboard.component.ts b/src/Web/StellaOps.Web/src/app/features/quota-dashboard/quota-dashboard.component.ts
index e23cf43dd..24bd95129 100644
--- a/src/Web/StellaOps.Web/src/app/features/quota-dashboard/quota-dashboard.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/quota-dashboard/quota-dashboard.component.ts
@@ -25,15 +25,15 @@ import {
         </div>
         <div class="header-actions">
           <button class="btn btn-secondary" routerLink="alerts">
-            <span class="icon">bell</span>
+            <span class="icon" aria-hidden="true"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M15 17h5l-1.4-1.4A2 2 0 0 1 18 14.2V11a6 6 0 1 0-12 0v3.2a2 2 0 0 1-.6 1.4L4 17h5"/><path d="M10 17a2 2 0 1 0 4 0"/></svg></span>
             Configure Alerts
           </button>
           <button class="btn btn-secondary" routerLink="reports">
-            <span class="icon">download</span>
+            <span class="icon" aria-hidden="true"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><path d="m7 10 5 5 5-5"/><path d="M12 15V3"/></svg></span>
             Export Report
           </button>
           <button class="btn btn-icon" (click)="refreshData()" [disabled]="loading()">
-            <span class="icon" [class.spinning]="refreshing()">refresh</span>
+            <span class="icon" [class.spinning]="refreshing()" aria-hidden="true"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12a9 9 0 1 1-2.6-6.4"/><path d="M21 3v6h-6"/></svg></span>
           </button>
         </div>
       </header>
@@ -289,7 +289,7 @@ import {
             }
             @if (!recentViolations().length) {
               <div class="empty-state success">
-                <span class="icon">check-circle</span>
+                <span class="icon" aria-hidden="true"><svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M9 12.75 11.5 15 15.5 9.5"/><circle cx="12" cy="12" r="9"/></svg></span>
                 <p>No throttle events in the last 24 hours</p>
               </div>
             }
diff --git a/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance-hub.component.ts b/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance-hub.component.ts
new file mode 100644
index 000000000..38b3f29cc
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance-hub.component.ts
@@ -0,0 +1,82 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+@Component({
+  selector: 'app-release-control-governance-hub',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <section class="governance-hub">
+      <header class="header">
+        <h1>Governance</h1>
+        <p>Policy and exception controls anchored under Release Control.</p>
+      </header>
+
+      <div class="cards">
+        <a routerLink="/release-control/governance/baselines" class="card">
+          <h2>Policy Baselines</h2>
+          <p>Environment-scoped baseline definitions and lock rules.</p>
+        </a>
+        <a routerLink="/release-control/governance/rules" class="card">
+          <h2>Governance Rules</h2>
+          <p>Rule catalog for release control gate enforcement.</p>
+        </a>
+        <a routerLink="/release-control/governance/simulation" class="card">
+          <h2>Policy Simulation</h2>
+          <p>Dry-run policy evaluations before production rollout.</p>
+        </a>
+        <a routerLink="/release-control/governance/exceptions" class="card">
+          <h2>Exception Workflow</h2>
+          <p>Exception requests, approvals, and expiry management.</p>
+        </a>
+      </div>
+    </section>
+  `,
+  styles: [
+    `
+      .governance-hub {
+        display: grid;
+        gap: 0.8rem;
+      }
+
+      .header h1 {
+        margin: 0 0 0.2rem;
+        font-size: 1.4rem;
+      }
+
+      .header p {
+        margin: 0;
+        color: var(--color-text-secondary);
+        font-size: 0.84rem;
+      }
+
+      .cards {
+        display: grid;
+        gap: 0.7rem;
+        grid-template-columns: repeat(auto-fit, minmax(220px, 1fr));
+      }
+
+      .card {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        padding: 0.72rem 0.8rem;
+        text-decoration: none;
+        color: inherit;
+      }
+
+      .card h2 {
+        margin: 0 0 0.25rem;
+        font-size: 0.95rem;
+      }
+
+      .card p {
+        margin: 0;
+        font-size: 0.8rem;
+        color: var(--color-text-secondary);
+      }
+    `,
+  ],
+})
+export class ReleaseControlGovernanceHubComponent {}
diff --git a/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance-section.component.ts b/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance-section.component.ts
new file mode 100644
index 000000000..3f9748655
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance-section.component.ts
@@ -0,0 +1,59 @@
+import { ChangeDetectionStrategy, Component, inject, signal } from '@angular/core';
+import { ActivatedRoute, RouterLink } from '@angular/router';
+
+@Component({
+  selector: 'app-release-control-governance-section',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <section class="governance-section">
+      <header>
+        <h1>{{ sectionTitle() }}</h1>
+        <p>This governance area is scaffolded and ready for backend contract binding.</p>
+      </header>
+
+      <p class="note">Canonical location: Release Control &gt; Governance.</p>
+      <a routerLink="/release-control/governance">Back to Governance Hub</a>
+    </section>
+  `,
+  styles: [
+    `
+      .governance-section {
+        display: grid;
+        gap: 0.7rem;
+      }
+
+      h1 {
+        margin: 0 0 0.2rem;
+        font-size: 1.35rem;
+      }
+
+      p {
+        margin: 0;
+        font-size: 0.82rem;
+        color: var(--color-text-secondary);
+      }
+
+      .note {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        padding: 0.55rem 0.65rem;
+      }
+
+      a {
+        color: var(--color-brand-primary);
+        text-decoration: none;
+        font-size: 0.82rem;
+      }
+    `,
+  ],
+})
+export class ReleaseControlGovernanceSectionComponent {
+  private readonly route = inject(ActivatedRoute);
+
+  readonly sectionTitle = signal(
+    (this.route.snapshot.data['sectionTitle'] as string | undefined) ?? 'Governance'
+  );
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance.routes.ts b/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance.routes.ts
new file mode 100644
index 000000000..a68a8377d
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/release-control/governance/release-control-governance.routes.ts
@@ -0,0 +1,49 @@
+import { Routes } from '@angular/router';
+
+export const RELEASE_CONTROL_GOVERNANCE_ROUTES: Routes = [
+  {
+    path: '',
+    title: 'Governance',
+    data: { breadcrumb: 'Governance' },
+    loadComponent: () =>
+      import('./release-control-governance-hub.component').then(
+        (m) => m.ReleaseControlGovernanceHubComponent
+      ),
+  },
+  {
+    path: 'baselines',
+    title: 'Policy Baselines',
+    data: { breadcrumb: 'Policy Baselines', sectionTitle: 'Policy Baselines' },
+    loadComponent: () =>
+      import('./release-control-governance-section.component').then(
+        (m) => m.ReleaseControlGovernanceSectionComponent
+      ),
+  },
+  {
+    path: 'rules',
+    title: 'Governance Rules',
+    data: { breadcrumb: 'Governance Rules', sectionTitle: 'Governance Rules' },
+    loadComponent: () =>
+      import('./release-control-governance-section.component').then(
+        (m) => m.ReleaseControlGovernanceSectionComponent
+      ),
+  },
+  {
+    path: 'simulation',
+    title: 'Policy Simulation',
+    data: { breadcrumb: 'Policy Simulation', sectionTitle: 'Policy Simulation' },
+    loadComponent: () =>
+      import('./release-control-governance-section.component').then(
+        (m) => m.ReleaseControlGovernanceSectionComponent
+      ),
+  },
+  {
+    path: 'exceptions',
+    title: 'Exception Workflow',
+    data: { breadcrumb: 'Exception Workflow', sectionTitle: 'Exception Workflow' },
+    loadComponent: () =>
+      import('./release-control-governance-section.component').then(
+        (m) => m.ReleaseControlGovernanceSectionComponent
+      ),
+  },
+];
diff --git a/src/Web/StellaOps.Web/src/app/features/release-control/hotfixes/hotfixes-queue.component.ts b/src/Web/StellaOps.Web/src/app/features/release-control/hotfixes/hotfixes-queue.component.ts
new file mode 100644
index 000000000..729f4c62b
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/release-control/hotfixes/hotfixes-queue.component.ts
@@ -0,0 +1,125 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+
+interface HotfixRow {
+  bundle: string;
+  targetEnv: string;
+  urgency: string;
+  gates: string;
+}
+
+@Component({
+  selector: 'app-hotfixes-queue',
+  standalone: true,
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <section class="hotfixes">
+      <header class="header">
+        <h1>Hotfixes</h1>
+        <p>Dedicated queue for expedited release-control promotions.</p>
+      </header>
+
+      <button type="button" class="create-btn">+ Create Hotfix</button>
+
+      @if (hotfixes.length === 0) {
+        <p class="empty">No active hotfixes.</p>
+      } @else {
+        <table>
+          <thead>
+            <tr>
+              <th>Bundle</th>
+              <th>Target Env</th>
+              <th>Urgency</th>
+              <th>Gates</th>
+              <th>Action</th>
+            </tr>
+          </thead>
+          <tbody>
+            @for (row of hotfixes; track row.bundle + row.targetEnv) {
+              <tr>
+                <td>{{ row.bundle }}</td>
+                <td>{{ row.targetEnv }}</td>
+                <td>{{ row.urgency }}</td>
+                <td>{{ row.gates }}</td>
+                <td><button type="button">Review</button></td>
+              </tr>
+            }
+          </tbody>
+        </table>
+      }
+    </section>
+  `,
+  styles: [
+    `
+      .hotfixes {
+        display: grid;
+        gap: 0.8rem;
+      }
+
+      .header h1 {
+        margin: 0 0 0.2rem;
+        font-size: 1.4rem;
+      }
+
+      .header p {
+        margin: 0;
+        color: var(--color-text-secondary);
+        font-size: 0.84rem;
+      }
+
+      .create-btn {
+        justify-self: start;
+        border: 1px solid var(--color-border-primary);
+        background: var(--color-surface-primary);
+        border-radius: var(--radius-md);
+        padding: 0.45rem 0.72rem;
+        font-size: 0.8rem;
+        cursor: pointer;
+      }
+
+      .empty {
+        margin: 0;
+        color: var(--color-text-secondary);
+        font-size: 0.83rem;
+      }
+
+      table {
+        width: 100%;
+        border-collapse: collapse;
+      }
+
+      th,
+      td {
+        border-bottom: 1px solid var(--color-border-primary);
+        text-align: left;
+        padding: 0.46rem;
+        font-size: 0.8rem;
+      }
+
+      th {
+        font-size: 0.7rem;
+        text-transform: uppercase;
+        letter-spacing: 0.04em;
+        color: var(--color-text-secondary);
+      }
+
+      td button {
+        border: 1px solid var(--color-border-primary);
+        background: var(--color-surface-primary);
+        border-radius: var(--radius-md);
+        padding: 0.25rem 0.45rem;
+        font-size: 0.74rem;
+        cursor: pointer;
+      }
+    `,
+  ],
+})
+export class HotfixesQueueComponent {
+  readonly hotfixes: HotfixRow[] = [
+    {
+      bundle: 'platform-bundle@1.3.1-hotfix1',
+      targetEnv: 'prod-eu',
+      urgency: 'Critical',
+      gates: 'WARN',
+    },
+  ];
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/release-control/regions/region-detail.component.ts b/src/Web/StellaOps.Web/src/app/features/release-control/regions/region-detail.component.ts
new file mode 100644
index 000000000..bfe647ac8
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/release-control/regions/region-detail.component.ts
@@ -0,0 +1,129 @@
+import { ChangeDetectionStrategy, Component, inject, signal } from '@angular/core';
+import { ActivatedRoute, RouterLink } from '@angular/router';
+
+interface EnvironmentNode {
+  id: string;
+  stage: string;
+  status: string;
+}
+
+@Component({
+  selector: 'app-region-detail',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <section class="region-detail">
+      <header class="header">
+        <h1>{{ regionLabel() }} Region</h1>
+        <p>Pipeline posture by environment with promotion flow context.</p>
+      </header>
+
+      <section class="summary">
+        <article>
+          <span>Total environments</span>
+          <strong>{{ environments.length }}</strong>
+        </article>
+        <article>
+          <span>Overall health</span>
+          <strong>DEGRADED</strong>
+        </article>
+        <article>
+          <span>SBOM posture</span>
+          <strong>WARN</strong>
+        </article>
+      </section>
+
+      <section class="pipeline">
+        @for (env of environments; track env.id) {
+          <a class="pipeline-node" [routerLink]="['/release-control/regions', regionLabel(), 'environments', env.id]">
+            <h2>{{ env.id }}</h2>
+            <p>{{ env.stage }}</p>
+            <p>Status: {{ env.status }}</p>
+          </a>
+        }
+      </section>
+    </section>
+  `,
+  styles: [
+    `
+      .region-detail {
+        display: grid;
+        gap: 0.9rem;
+      }
+
+      .header h1 {
+        margin: 0 0 0.2rem;
+        font-size: 1.42rem;
+      }
+
+      .header p {
+        margin: 0;
+        color: var(--color-text-secondary);
+        font-size: 0.84rem;
+      }
+
+      .summary {
+        display: grid;
+        gap: 0.65rem;
+        grid-template-columns: repeat(auto-fit, minmax(170px, 1fr));
+      }
+
+      .summary article {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        padding: 0.6rem 0.7rem;
+      }
+
+      .summary span {
+        display: block;
+        font-size: 0.72rem;
+        color: var(--color-text-secondary);
+        text-transform: uppercase;
+        letter-spacing: 0.04em;
+      }
+
+      .summary strong {
+        font-size: 1.08rem;
+      }
+
+      .pipeline {
+        display: grid;
+        gap: 0.7rem;
+        grid-template-columns: repeat(auto-fit, minmax(210px, 1fr));
+      }
+
+      .pipeline-node {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        padding: 0.65rem 0.75rem;
+        text-decoration: none;
+        color: inherit;
+      }
+
+      .pipeline-node h2 {
+        margin: 0 0 0.2rem;
+        font-size: 0.98rem;
+      }
+
+      .pipeline-node p {
+        margin: 0.14rem 0;
+        font-size: 0.8rem;
+        color: var(--color-text-secondary);
+      }
+    `,
+  ],
+})
+export class RegionDetailComponent {
+  private readonly route = inject(ActivatedRoute);
+
+  readonly regionLabel = signal(this.route.snapshot.paramMap.get('region') ?? 'global');
+
+  readonly environments: EnvironmentNode[] = [
+    { id: 'dev', stage: 'Development', status: 'HEALTHY' },
+    { id: 'stage', stage: 'Staging', status: 'HEALTHY' },
+    { id: 'prod', stage: 'Production', status: 'DEGRADED' },
+  ];
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/release-control/regions/regions-overview.component.ts b/src/Web/StellaOps.Web/src/app/features/release-control/regions/regions-overview.component.ts
new file mode 100644
index 000000000..3ea38b1b3
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/release-control/regions/regions-overview.component.ts
@@ -0,0 +1,99 @@
+import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
+
+interface RegionCard {
+  id: string;
+  name: string;
+  envCount: number;
+  health: string;
+  sbomPosture: string;
+}
+
+@Component({
+  selector: 'app-regions-overview',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <section class="regions-overview">
+      <header class="header">
+        <h1>Regions & Environments</h1>
+        <p>Region-first release control posture with environment health and SBOM coverage context.</p>
+      </header>
+
+      <div class="cards">
+        @for (region of regions; track region.id) {
+          <a class="card" [routerLink]="['/release-control/regions', region.id]">
+            <h2>{{ region.name }}</h2>
+            <p>Environments: {{ region.envCount }}</p>
+            <p>Health: {{ region.health }}</p>
+            <p>SBOM posture: {{ region.sbomPosture }}</p>
+          </a>
+        }
+      </div>
+    </section>
+  `,
+  styles: [
+    `
+      .regions-overview {
+        display: grid;
+        gap: 0.9rem;
+      }
+
+      .header h1 {
+        margin: 0 0 0.2rem;
+        font-size: 1.45rem;
+      }
+
+      .header p {
+        margin: 0;
+        color: var(--color-text-secondary);
+        font-size: 0.84rem;
+      }
+
+      .cards {
+        display: grid;
+        gap: 0.75rem;
+        grid-template-columns: repeat(auto-fit, minmax(240px, 1fr));
+      }
+
+      .card {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        padding: 0.75rem 0.85rem;
+        text-decoration: none;
+        color: inherit;
+      }
+
+      .card h2 {
+        margin: 0 0 0.35rem;
+        font-size: 1rem;
+      }
+
+      .card p {
+        margin: 0.15rem 0;
+        font-size: 0.82rem;
+        color: var(--color-text-secondary);
+      }
+    `,
+  ],
+})
+export class RegionsOverviewComponent {
+  readonly regions: RegionCard[] = [
+    {
+      id: 'global',
+      name: 'Global',
+      envCount: 4,
+      health: 'DEGRADED',
+      sbomPosture: 'WARN',
+    },
+    {
+      id: 'eu-west',
+      name: 'EU West',
+      envCount: 3,
+      health: 'HEALTHY',
+      sbomPosture: 'OK',
+    },
+  ];
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environment-detail/environment-detail.component.ts b/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environment-detail/environment-detail.component.ts
index 426b89829..6adb43ae0 100644
--- a/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environment-detail/environment-detail.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environment-detail/environment-detail.component.ts
@@ -1,497 +1,811 @@
-import { Component, OnInit, inject, signal, computed } from '@angular/core';
+import { CommonModule } from '@angular/common';
+import { ChangeDetectionStrategy, Component, inject, OnDestroy, OnInit, signal } from '@angular/core';
+import { Title } from '@angular/platform-browser';
+import { ActivatedRoute, RouterLink } from '@angular/router';
 
-import { FormsModule } from '@angular/forms';
-import { ActivatedRoute, RouterModule } from '@angular/router';
-import { ReleaseEnvironmentStore } from '../environment.store';
-import { TargetListComponent } from '../components/target-list/target-list.component';
-import { FreezeWindowEditorComponent } from '../components/freeze-window-editor/freeze-window-editor.component';
-import { EnvironmentSettingsComponent } from '../components/environment-settings/environment-settings.component';
-import { getHealthPercentage } from '../../../../core/api/release-environment.models';
+import { BreadcrumbService } from '../../../../layout/breadcrumb';
+
+type StatusTone = 'healthy' | 'degraded' | 'unknown';
+type DataTone = 'OK' | 'WARN' | 'FAIL';
+type EnvTabId =
+  | 'overview'
+  | 'deploy-status'
+  | 'sbom-findings'
+  | 'reachability'
+  | 'inputs'
+  | 'promotions'
+  | 'data-confidence'
+  | 'evidence-audit';
+
+interface TargetRow {
+  name: string;
+  agent: string;
+  health: StatusTone;
+  heartbeat: string;
+}
+
+interface ServiceRow {
+  name: string;
+  status: string;
+  digest: string;
+  replicas: string;
+}
+
+interface InventoryRow {
+  component: string;
+  version: string;
+  digest: string;
+  sbom: 'OK' | 'PENDING' | 'STALE';
+  critR: number;
+}
+
+interface ReachabilityRow {
+  component: string;
+  digest: string;
+  build: boolean;
+  image: boolean;
+  runtime: boolean;
+}
+
+interface InputBindingRow {
+  service: string;
+  variable: string;
+  source: string;
+  status: 'BOUND' | 'MISSING';
+}
+
+interface PromotionRow {
+  date: string;
+  bundle: string;
+  status: string;
+}
+
+interface AuditEventRow {
+  when: string;
+  who: string;
+  action: string;
+}
 
-/**
- * Environment detail component showing targets, freeze windows, and settings.
- * Sprint: SPRINT_20260110_111_002_FE_environment_management_ui
- */
 @Component({
-    selector: 'app-environment-detail',
-    imports: [
-    FormsModule,
-    RouterModule,
-    TargetListComponent,
-    FreezeWindowEditorComponent,
-    EnvironmentSettingsComponent
-],
-    template: `
-    <div class="environment-detail">
-      @if (store.loading() && !env()) {
-        <div class="loading">Loading environment...</div>
-      } @else if (!env()) {
-        <div class="not-found">
-          <h2>Environment Not Found</h2>
-          <p>The environment you're looking for doesn't exist.</p>
-          <a routerLink="/release-orchestrator/environments" class="btn-primary">Back to Environments</a>
-        </div>
-      } @else {
-        <header class="detail-header">
-          <nav class="breadcrumb">
-            <a routerLink="/release-orchestrator">Release Orchestrator</a>
-            <span>/</span>
-            <a routerLink="/release-orchestrator/environments">Environments</a>
-            <span>/</span>
-            <span>{{ env()!.displayName }}</span>
-          </nav>
+  selector: 'app-environment-detail',
+  standalone: true,
+  imports: [CommonModule, RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <div class="env-casefile">
+      <header class="env-header">
+        <a routerLink="/release-control/regions" class="back-link">Back to Regions & Environments</a>
 
-          <div class="header-row">
-            <div class="header-title">
-              <h1>
-                {{ env()!.displayName }}
-                @if (env()!.isProduction) {
-                  <span class="production-badge">Production</span>
-                }
-              </h1>
-              <p class="description">{{ env()!.description || 'No description' }}</p>
-            </div>
-            <div class="header-actions">
-              <button class="btn-secondary" (click)="showEditDialog = true">Edit</button>
-            </div>
-          </div>
-
-          <div class="stats-cards">
-            <div class="stat-card">
-              <div class="stat-icon"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><rect x="2" y="3" width="20" height="14" rx="2" ry="2"/><line x1="8" y1="21" x2="16" y2="21"/><line x1="12" y1="17" x2="12" y2="21"/></svg></div>
-              <div class="stat-content">
-                <span class="stat-value">{{ env()!.targetCount }}</span>
-                <span class="stat-label">Deployment Targets</span>
-              </div>
-            </div>
-            <div class="stat-card">
-              <div class="stat-icon"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/><circle cx="12" cy="7" r="4"/></svg></div>
-              <div class="stat-content">
-                <span class="stat-value">{{ env()!.requiredApprovers }}</span>
-                <span class="stat-label">Required Approvers</span>
-              </div>
-            </div>
-            <div class="stat-card">
-              <div class="stat-icon"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><rect x="3" y="4" width="18" height="18" rx="2" ry="2"/><line x1="16" y1="2" x2="16" y2="6"/><line x1="8" y1="2" x2="8" y2="6"/><line x1="3" y1="10" x2="21" y2="10"/></svg></div>
-              <div class="stat-content">
-                <span class="stat-value">{{ env()!.freezeWindowCount }}</span>
-                <span class="stat-label">Freeze Windows</span>
-              </div>
-            </div>
-            <div class="stat-card" [class]="getHealthClass()">
-              <div class="stat-icon"><svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true"><path d="M20.84 4.61a5.5 5.5 0 0 0-7.78 0L12 5.67l-1.06-1.06a5.5 5.5 0 0 0-7.78 7.78l1.06 1.06L12 21.23l7.78-7.78 1.06-1.06a5.5 5.5 0 0 0 0-7.78z"/></svg></div>
-              <div class="stat-content">
-                <span class="stat-value">{{ getHealthPct() }}%</span>
-                <span class="stat-label">Target Health</span>
-              </div>
-            </div>
-          </div>
-        </header>
-
-        <div class="tab-navigation">
-          <button
-            class="tab-btn"
-            [class.active]="activeTab() === 'targets'"
-            (click)="activeTab.set('targets')"
-          >
-            Targets ({{ store.targetCount() }})
-          </button>
-          <button
-            class="tab-btn"
-            [class.active]="activeTab() === 'freeze'"
-            (click)="activeTab.set('freeze')"
-          >
-            Freeze Windows ({{ store.freezeWindowCount() }})
-          </button>
-          <button
-            class="tab-btn"
-            [class.active]="activeTab() === 'settings'"
-            (click)="activeTab.set('settings')"
-          >
-            Settings
-          </button>
+        <div class="header-row">
+          <h1>{{ regionLabel() }}/{{ envLabel() }} Environment</h1>
+          <span class="type-pill">{{ envType() }}</span>
         </div>
 
-        <div class="tab-content">
-          @switch (activeTab()) {
-            @case ('targets') {
-              <app-target-list
-                [targets]="store.targets()"
-                [environmentId]="env()!.id"
-                [loading]="store.loading()"
-              />
-            }
-            @case ('freeze') {
-              <app-freeze-window-editor
-                [freezeWindows]="store.freezeWindows()"
-                [environmentId]="env()!.id"
-                [loading]="store.loading()"
-              />
-            }
-            @case ('settings') {
-              <app-environment-settings
-                [environment]="env()!"
-                [loading]="store.loading()"
-              />
-            }
-          }
+        <div class="header-grid">
+          <div>
+            <span class="k">Deploy</span>
+            <span class="v">{{ deployStatus() }} | targets {{ healthyTargets() }}/{{ totalTargets() }} healthy</span>
+          </div>
+          <div>
+            <span class="k">SBOM</span>
+            <span class="v">{{ sbomStatus() }} | scanned {{ sbomScanned() }}/{{ sbomTotal() }} | pending {{ sbomPending() }}</span>
+          </div>
+          <div>
+            <span class="k">Findings (target env)</span>
+            <span class="v">CritR={{ critR() }} | HighR={{ highR() }} | HighNR={{ highNR() }} | VEX={{ vexCoverage() }}%</span>
+          </div>
+          <div>
+            <span class="k">Hybrid Reach Coverage</span>
+            <span class="v">
+              Build {{ buildCoverage() }}% | Image {{ imageCoverage() }}% | Runtime {{ runtimeCoverage() }}%
+              (age B {{ buildAge() }} / I {{ imageAge() }} / R {{ runtimeAge() }})
+            </span>
+          </div>
+          <div>
+            <span class="k">Data Confidence</span>
+            <span class="v">{{ dataConfidence() }} ({{ dataIssueSummary() }})</span>
+          </div>
+          <div>
+            <span class="k">Policy Baseline / Version Lock</span>
+            <span class="v">{{ policyBaseline() }} / {{ versionLock() }}</span>
+          </div>
+          <div>
+            <span class="k">Deployed Bundle</span>
+            <span class="v">{{ deployedBundle() }} (<code>{{ manifestDigest() }}</code>)</span>
+          </div>
         </div>
 
-        <!-- Edit Dialog -->
-        @if (showEditDialog) {
-          <div class="dialog-overlay" (click)="closeEditDialog()">
-            <div class="dialog" (click)="$event.stopPropagation()">
-              <h2>Edit Environment</h2>
-              <form (ngSubmit)="saveEdit()">
-                <div class="form-field">
-                  <label>Name (slug)</label>
-                  <input type="text" [value]="env()!.name" disabled />
-                  <small>Name cannot be changed after creation</small>
-                </div>
-                <div class="form-field">
-                  <label for="displayName">Display Name</label>
-                  <input
-                    id="displayName"
-                    type="text"
-                    [(ngModel)]="editForm.displayName"
-                    name="displayName"
-                    required
-                  />
-                </div>
-                <div class="form-field">
-                  <label for="description">Description</label>
-                  <textarea
-                    id="description"
-                    [(ngModel)]="editForm.description"
-                    name="description"
-                    rows="3"
-                  ></textarea>
-                </div>
-                <div class="form-field">
-                  <label for="order">Order</label>
-                  <input
-                    id="order"
-                    type="number"
-                    [(ngModel)]="editForm.order"
-                    name="order"
-                    min="1"
-                  />
-                </div>
-                <div class="form-field checkbox">
-                  <input
-                    id="isProduction"
-                    type="checkbox"
-                    [(ngModel)]="editForm.isProduction"
-                    name="isProduction"
-                  />
-                  <label for="isProduction">Is Production Environment</label>
-                </div>
-                <div class="dialog-actions">
-                  <button type="button" class="btn-secondary" (click)="closeEditDialog()">Cancel</button>
-                  <button type="submit" class="btn-primary">Save Changes</button>
-                </div>
-              </form>
-            </div>
-          </div>
+        <div class="quick-links">
+          <a routerLink="/release-control/bundles">Open Deployed Bundle</a>
+          <a routerLink="/security-risk/findings">Open Findings</a>
+          <a [routerLink]="['/platform-ops/data-integrity']" [queryParams]="{ region: regionLabel(), env: envLabel() }">Open Data Integrity</a>
+          <a routerLink="/release-control/runs">Open Promotion Run</a>
+        </div>
+      </header>
+
+      <nav class="tab-nav">
+        @for (tab of tabs; track tab.id) {
+          <button
+            type="button"
+            [class.active]="activeTab() === tab.id"
+            (click)="setTab(tab.id)">
+            {{ tab.label }}
+          </button>
         }
-      }
+      </nav>
+
+      <section class="tab-panel">
+        @if (activeTab() === 'overview') {
+          <section>
+            <h2>Overview</h2>
+            <div class="two-col">
+              <div class="card">
+                <h3>Current Deployment</h3>
+                <p>{{ deployedBundle() }}</p>
+                <p>Manifest: <code>{{ manifestDigest() }}</code></p>
+                <p>Last promoted by: platform-release-bot</p>
+                <p>Components: 12 services</p>
+              </div>
+              <div class="card">
+                <h3>Promotion Posture</h3>
+                <p>Pending approvals: 2</p>
+                <p>Active runs: 1</p>
+                <p>Next scheduled: 2026-02-20 01:00 UTC</p>
+              </div>
+            </div>
+            <div class="actions">
+              <button type="button">Trigger SBOM rescan</button>
+              <button type="button">Retry NVD sync</button>
+              <button type="button" (click)="setTab('inputs')">Open Inputs</button>
+              <button type="button">Open Run</button>
+              <button type="button">Export Env Snapshot</button>
+            </div>
+            <h3>Top Risks</h3>
+            <ul>
+              @for (risk of topRisks; track risk) {
+                <li>{{ risk }}</li>
+              } @empty {
+                <li>No current risks</li>
+              }
+            </ul>
+            <div class="footer-links">
+              <a routerLink="/security-risk/findings">Open Findings</a>
+              <a [routerLink]="['/platform-ops/data-integrity']" [queryParams]="{ region: regionLabel(), env: envLabel() }">
+                Open Data Integrity
+              </a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'deploy-status') {
+          <section>
+            <h2>Deploy Status</h2>
+            <table>
+              <thead>
+                <tr>
+                  <th>Name</th>
+                  <th>Agent</th>
+                  <th>Health</th>
+                  <th>Heartbeat</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (row of targetRows; track row.name) {
+                  <tr>
+                    <td>{{ row.name }}</td>
+                    <td>{{ row.agent }}</td>
+                    <td><span class="status-chip" [class]="'status-chip status-chip--' + row.health">{{ row.health }}</span></td>
+                    <td>{{ row.heartbeat }}</td>
+                  </tr>
+                }
+              </tbody>
+            </table>
+
+            <table>
+              <thead>
+                <tr>
+                  <th>Name</th>
+                  <th>Status</th>
+                  <th>Digest</th>
+                  <th>Replicas</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (row of serviceRows; track row.name) {
+                  <tr>
+                    <td>{{ row.name }}</td>
+                    <td>{{ row.status }}</td>
+                    <td><code>{{ row.digest }}</code></td>
+                    <td>{{ row.replicas }}</td>
+                  </tr>
+                }
+              </tbody>
+            </table>
+
+            <div class="footer-links">
+              <a routerLink="/release-control/runs">Open last Promotion Run</a>
+              <a routerLink="/platform-ops/agents">Open agent logs</a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'sbom-findings') {
+          <section>
+            <h2>SBOM & Findings</h2>
+            <p>
+              CritR {{ critR() }} | HighR {{ highR() }} | HighNR {{ highNR() }} |
+              VEX {{ vexCoverage() }}% | SBOM freshness {{ sbomStatus() }} | Missing SBOM {{ missingSbom() }}
+            </p>
+            <table>
+              <thead>
+                <tr>
+                  <th>Component</th>
+                  <th>Version label</th>
+                  <th>Digest</th>
+                  <th>SBOM status</th>
+                  <th>Findings (CritR)</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (row of inventoryRows; track row.component) {
+                  <tr>
+                    <td>{{ row.component }}</td>
+                    <td>{{ row.version }}</td>
+                    <td><code>{{ row.digest }}</code></td>
+                    <td><span class="status-chip" [class]="'status-chip status-chip--' + row.sbom.toLowerCase()">{{ row.sbom }}</span></td>
+                    <td>{{ row.critR }}</td>
+                  </tr>
+                }
+              </tbody>
+            </table>
+
+            <h3>Top CVE Issues</h3>
+            <ul>
+              <li>CVE-2026-1234 in openssl (Critical Reachable)</li>
+              <li>CVE-2026-3101 in log4j-core (Critical Reachable)</li>
+            </ul>
+
+            <div class="footer-links">
+              <a routerLink="/platform-ops/data-integrity/scan-pipeline">Trigger SBOM scan/rescan</a>
+              <a routerLink="/security-risk/findings">Open Findings</a>
+              <a routerLink="/security-risk/vex">Open VEX/Exceptions</a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'reachability') {
+          <section>
+            <h2>Reachability</h2>
+            <p>
+              Coverage: Build {{ buildCoverage() }}% | Image {{ imageCoverage() }}% | Runtime {{ runtimeCoverage() }}%
+              | Evidence age: Build {{ buildAge() }} | Image {{ imageAge() }} | Runtime {{ runtimeAge() }}
+            </p>
+            <p class="muted">
+              Policy interpretation: runtime coverage below 70% marks this environment as degraded for strict promotion gates.
+            </p>
+            <table>
+              <thead>
+                <tr>
+                  <th>Component</th>
+                  <th>Digest</th>
+                  <th>Build</th>
+                  <th>Image</th>
+                  <th>Runtime</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (row of reachabilityRows; track row.component) {
+                  <tr>
+                    <td>{{ row.component }}</td>
+                    <td><code>{{ row.digest }}</code></td>
+                    <td>{{ row.build ? 'Y' : 'N' }}</td>
+                    <td>{{ row.image ? 'Y' : 'N' }}</td>
+                    <td>{{ row.runtime ? 'Y' : 'N' }}</td>
+                  </tr>
+                }
+              </tbody>
+            </table>
+            <div class="footer-links">
+              <a routerLink="/platform-ops/data-integrity/reachability-ingest">Open Reachability Ingest Health</a>
+              <a routerLink="/security-risk/findings">Open component version details</a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'inputs') {
+          <section>
+            <h2>Inputs</h2>
+            @if (hasMissingBinding()) {
+              <div class="warning-banner">
+                Impact: promotions using this env will BLOCK at Materialize Inputs.
+              </div>
+            }
+            <table>
+              <thead>
+                <tr>
+                  <th>Service</th>
+                  <th>Variable</th>
+                  <th>Source</th>
+                  <th>Status</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (row of inputBindings; track row.service + row.variable) {
+                  <tr [class.missing-row]="row.status === 'MISSING'">
+                    <td>{{ row.service }}</td>
+                    <td>{{ row.variable }}</td>
+                    <td>{{ row.source }}</td>
+                    <td>{{ row.status }}</td>
+                  </tr>
+                }
+              </tbody>
+            </table>
+            @if (hasMissingBinding()) {
+              <button type="button">Bind missing var</button>
+            }
+            <div class="footer-links">
+              <a routerLink="/integrations/secrets">Open Vault integration</a>
+              <a routerLink="/integrations/secrets">Open Consul integration</a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'promotions') {
+          <section>
+            <h2>Promotions & Approvals</h2>
+            <h3>Pending approvals</h3>
+            <ul>
+              <li>
+                Platform Bundle 1.3.0-rc1 -> prod
+                <a routerLink="/release-control/approvals">Open Approval</a>
+              </li>
+            </ul>
+
+            <table>
+              <thead>
+                <tr>
+                  <th>Date</th>
+                  <th>Bundle</th>
+                  <th>Status</th>
+                  <th>Actions</th>
+                </tr>
+              </thead>
+              <tbody>
+                @for (row of promotionRows; track row.bundle + row.date) {
+                  <tr>
+                    <td>{{ row.date }}</td>
+                    <td>{{ row.bundle }}</td>
+                    <td>{{ row.status }}</td>
+                    <td>
+                      <a routerLink="/release-control/runs">Open Run</a>
+                      <a routerLink="/evidence-audit/evidence">Evidence</a>
+                    </td>
+                  </tr>
+                }
+              </tbody>
+            </table>
+
+            <p>Diff: proposed vs deployed indicates 2 component digest changes and 1 config snapshot delta.</p>
+            <div class="footer-links">
+              <a routerLink="/release-control/releases">Open Releases filtered to this env</a>
+              <a routerLink="/release-control/approvals">Open Approvals filtered to this env</a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'data-confidence') {
+          <section>
+            <h2>Data Confidence</h2>
+            <div class="two-col">
+              <div class="card">
+                <h3>Feeds</h3>
+                <p>OSV OK (35m)</p>
+                <p>NVD WARN (3h 12m)</p>
+                <p>KEV OK (48m)</p>
+              </div>
+              <div class="card">
+                <h3>Jobs</h3>
+                <p>sbom-nightly-rescan WARN</p>
+                <p>reachability-runtime-ingest FAIL</p>
+              </div>
+              <div class="card">
+                <h3>Integrations</h3>
+                <p>Harbor OK</p>
+                <p>Jenkins WARN</p>
+              </div>
+              <div class="card">
+                <h3>DLQ</h3>
+                <p>runtime-ingest bucket: 3 items</p>
+              </div>
+            </div>
+            <div class="footer-links">
+              <a [routerLink]="['/platform-ops/data-integrity']" [queryParams]="{ region: regionLabel(), env: envLabel() }">
+                Open Data Integrity
+              </a>
+            </div>
+          </section>
+        }
+
+        @if (activeTab() === 'evidence-audit') {
+          <section>
+            <h2>Evidence & Audit</h2>
+            <button type="button">Export Env Snapshot</button>
+            <p>Latest promotion evidence pack: EVD-2026-101</p>
+            <p>Proof chain refs: proof://release/platform-bundle-1.3.0-rc1</p>
+            <h3>Audit Trail</h3>
+            <ul>
+              @for (event of auditEvents; track event.when + event.action) {
+                <li>{{ event.when }} - {{ event.who }} - {{ event.action }}</li>
+              }
+            </ul>
+            <div class="footer-links">
+              <a routerLink="/evidence-audit/evidence/export">Open Evidence Export Center</a>
+            </div>
+          </section>
+        }
+      </section>
     </div>
   `,
-    styles: [`
-    .environment-detail {
-      padding: 2rem;
-      max-width: 1200px;
-      margin: 0 auto;
-    }
+  styles: [
+    `
+      .env-casefile {
+        max-width: 1280px;
+        margin: 0 auto;
+        display: grid;
+        gap: 1rem;
+      }
 
-    .loading, .not-found {
-      text-align: center;
-      padding: 4rem 2rem;
-      color: var(--color-text-secondary);
-    }
+      .env-header,
+      .tab-panel {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-lg);
+        background: var(--color-surface-primary);
+        padding: 1rem;
+      }
 
-    .breadcrumb {
-      display: flex;
-      gap: 0.5rem;
-      margin-bottom: 1rem;
-      font-size: 0.875rem;
-    }
+      .back-link {
+        color: var(--color-brand-primary);
+        text-decoration: none;
+        font-size: 0.82rem;
+      }
 
-    .breadcrumb a {
-      color: var(--color-brand-primary);
-      text-decoration: none;
-    }
+      .header-row {
+        margin-top: 0.5rem;
+        display: flex;
+        justify-content: space-between;
+        gap: 0.75rem;
+        align-items: center;
+      }
 
-    .breadcrumb span {
-      color: var(--color-text-secondary);
-    }
+      h1,
+      h2,
+      h3 {
+        margin: 0;
+      }
 
-    .header-row {
-      display: flex;
-      justify-content: space-between;
-      align-items: flex-start;
-      margin-bottom: 1.5rem;
-    }
+      .type-pill {
+        font-size: 0.72rem;
+        padding: 0.15rem 0.5rem;
+        border-radius: var(--radius-full);
+        background: var(--color-surface-secondary);
+      }
 
-    .header-title h1 {
-      margin: 0;
-      display: flex;
-      align-items: center;
-      gap: 0.75rem;
-    }
+      .header-grid {
+        margin-top: 0.75rem;
+        display: grid;
+        grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
+        gap: 0.65rem;
+      }
 
-    .production-badge {
-      background: var(--color-status-error);
-      color: white;
-      padding: 0.25rem 0.5rem;
-      border-radius: var(--radius-sm);
-      font-size: 0.75rem;
-      text-transform: uppercase;
-      font-weight: var(--font-weight-semibold);
-    }
+      .header-grid .k {
+        display: block;
+        font-size: 0.68rem;
+        color: var(--color-text-secondary);
+        text-transform: uppercase;
+        letter-spacing: 0.04em;
+      }
 
-    .description {
-      color: var(--color-text-secondary);
-      margin: 0.5rem 0 0;
-    }
+      .header-grid .v {
+        font-size: 0.82rem;
+      }
 
-    .header-actions {
-      display: flex;
-      gap: 0.5rem;
-    }
+      .quick-links {
+        margin-top: 0.8rem;
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.75rem;
+      }
 
-    .btn-primary {
-      padding: 0.5rem 1rem;
-      background: var(--color-brand-primary);
-      color: var(--color-text-heading);
-      border: none;
-      border-radius: var(--radius-md);
-      cursor: pointer;
-      text-decoration: none;
-    }
+      .quick-links a,
+      .footer-links a {
+        color: var(--color-brand-primary);
+        text-decoration: none;
+        font-size: 0.82rem;
+      }
 
-    .btn-secondary {
-      padding: 0.5rem 1rem;
-      background: var(--color-surface-primary);
-      color: var(--color-text-primary);
-      border: 1px solid var(--color-border-primary);
-      border-radius: var(--radius-md);
-      cursor: pointer;
-    }
+      .tab-nav {
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.45rem;
+      }
 
-    .stats-cards {
-      display: grid;
-      grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
-      gap: 1rem;
-      margin-bottom: 2rem;
-    }
+      .tab-nav button {
+        border: 1px solid var(--color-border-primary);
+        background: var(--color-surface-primary);
+        color: var(--color-text-secondary);
+        padding: 0.45rem 0.7rem;
+        border-radius: var(--radius-md);
+        cursor: pointer;
+        font-size: 0.8rem;
+      }
 
-    .stat-card {
-      display: flex;
-      align-items: center;
-      gap: 1rem;
-      background: var(--color-surface-primary);
-      border: 1px solid var(--color-border-primary);
-      border-radius: var(--radius-lg);
-      padding: 1rem;
-    }
+      .tab-nav button.active {
+        color: var(--color-brand-primary);
+        border-color: var(--color-brand-primary);
+        background: var(--color-brand-soft);
+      }
 
-    .stat-card.health--good { border-left: 4px solid var(--color-status-success); }
-    .stat-card.health--warning { border-left: 4px solid var(--color-status-warning); }
-    .stat-card.health--critical { border-left: 4px solid var(--color-status-error); }
+      .tab-panel {
+        display: grid;
+        gap: 0.75rem;
+      }
 
-    .stat-icon {
-      font-size: 1.5rem;
-    }
+      .tab-panel p,
+      .tab-panel li {
+        font-size: 0.84rem;
+      }
 
-    .stat-content {
-      display: flex;
-      flex-direction: column;
-    }
+      .two-col {
+        display: grid;
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+        gap: 0.75rem;
+      }
 
-    .stat-value {
-      font-size: 1.5rem;
-      font-weight: var(--font-weight-semibold);
-      color: var(--color-text-primary);
-    }
+      .card {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-secondary);
+        padding: 0.65rem;
+      }
 
-    .stat-label {
-      font-size: 0.75rem;
-      color: var(--color-text-secondary);
-    }
+      .actions {
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.45rem;
+        margin-top: 0.75rem;
+      }
 
-    .tab-navigation {
-      display: flex;
-      gap: 0.25rem;
-      border-bottom: 1px solid var(--color-border-primary);
-      margin-bottom: 1.5rem;
-    }
+      button {
+        border: 1px solid var(--color-border-primary);
+        background: var(--color-surface-primary);
+        color: var(--color-text-primary);
+        border-radius: var(--radius-md);
+        padding: 0.35rem 0.55rem;
+        font-size: 0.8rem;
+        cursor: pointer;
+      }
 
-    .tab-btn {
-      padding: 0.75rem 1.5rem;
-      background: none;
-      border: none;
-      border-bottom: 2px solid transparent;
-      cursor: pointer;
-      font-size: 0.9rem;
-      color: var(--color-text-secondary);
-      transition: all 0.2s;
-    }
+      table {
+        width: 100%;
+        border-collapse: collapse;
+        margin-top: 0.65rem;
+      }
 
-    .tab-btn:hover {
-      color: var(--color-text-primary);
-    }
+      th,
+      td {
+        border-bottom: 1px solid var(--color-border-primary);
+        padding: 0.45rem;
+        text-align: left;
+        font-size: 0.8rem;
+        vertical-align: top;
+      }
 
-    .tab-btn.active {
-      color: var(--color-brand-primary);
-      border-bottom-color: var(--color-brand-primary);
-    }
+      th {
+        font-size: 0.68rem;
+        text-transform: uppercase;
+        letter-spacing: 0.04em;
+        color: var(--color-text-secondary);
+      }
 
-    .tab-content {
-      background: var(--color-surface-primary);
-      border: 1px solid var(--color-border-primary);
-      border-radius: var(--radius-lg);
-      padding: 1.5rem;
-    }
+      code {
+        font-size: 0.72rem;
+      }
 
-    /* Dialog styles */
-    .dialog-overlay {
-      position: fixed;
-      inset: 0;
-      background: rgba(0, 0, 0, 0.5);
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      z-index: 1000;
-    }
+      .status-chip {
+        border-radius: var(--radius-full);
+        padding: 0.1rem 0.42rem;
+        font-size: 0.65rem;
+        font-weight: var(--font-weight-semibold);
+      }
 
-    .dialog {
-      background: var(--color-surface-primary);
-      border-radius: var(--radius-lg);
-      padding: 2rem;
-      width: 100%;
-      max-width: 500px;
-      max-height: 90vh;
-      overflow-y: auto;
-    }
+      .status-chip--healthy,
+      .status-chip--ok {
+        background: var(--color-status-success-bg);
+        color: var(--color-status-success-text);
+      }
 
-    .dialog h2 {
-      margin: 0 0 1.5rem;
-    }
+      .status-chip--degraded,
+      .status-chip--pending,
+      .status-chip--stale,
+      .status-chip--warn {
+        background: var(--color-status-warning-bg);
+        color: var(--color-status-warning-text);
+      }
 
-    .form-field {
-      margin-bottom: 1rem;
-    }
+      .status-chip--unknown,
+      .status-chip--fail,
+      .status-chip--missing {
+        background: var(--color-status-error-bg);
+        color: var(--color-status-error-text);
+      }
 
-    .form-field label {
-      display: block;
-      margin-bottom: 0.25rem;
-      font-weight: var(--font-weight-medium);
-    }
+      .warning-banner {
+        border: 1px solid var(--color-status-error-text);
+        background: var(--color-status-error-bg);
+        color: var(--color-status-error-text);
+        border-radius: var(--radius-md);
+        padding: 0.55rem;
+        margin-bottom: 0.55rem;
+        font-size: 0.82rem;
+      }
 
-    .form-field input[type="text"],
-    .form-field input[type="number"],
-    .form-field textarea {
-      width: 100%;
-      padding: 0.5rem;
-      border: 1px solid var(--color-border-primary);
-      border-radius: var(--radius-sm);
-    }
+      .missing-row {
+        background: rgba(220, 38, 38, 0.08);
+      }
 
-    .form-field input:disabled {
-      background: var(--color-surface-primary);
-      color: var(--color-text-secondary);
-    }
+      .footer-links {
+        margin-top: 0.7rem;
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.7rem;
+      }
 
-    .form-field small {
-      display: block;
-      color: var(--color-text-secondary);
-      font-size: 0.75rem;
-      margin-top: 0.25rem;
-    }
+      .muted {
+        color: var(--color-text-secondary);
+      }
 
-    .form-field.checkbox {
-      display: flex;
-      align-items: center;
-      gap: 0.5rem;
-    }
-
-    .form-field.checkbox label {
-      margin: 0;
-    }
-
-    .dialog-actions {
-      display: flex;
-      justify-content: flex-end;
-      gap: 0.5rem;
-      margin-top: 1.5rem;
-    }
-  `]
+      @media (max-width: 900px) {
+        .two-col {
+          grid-template-columns: 1fr;
+        }
+      }
+    `,
+  ],
 })
-export class EnvironmentDetailComponent implements OnInit {
+export class EnvironmentDetailComponent implements OnInit, OnDestroy {
   private readonly route = inject(ActivatedRoute);
-  readonly store = inject(ReleaseEnvironmentStore);
+  private readonly title = inject(Title);
+  private readonly breadcrumbService = inject(BreadcrumbService);
 
-  activeTab = signal<'targets' | 'freeze' | 'settings'>('targets');
-  showEditDialog = false;
-  editForm = {
-    displayName: '',
-    description: '',
-    order: 1,
-    isProduction: false,
-  };
+  readonly activeTab = signal<EnvTabId>('overview');
 
-  env = computed(() => this.store.selectedEnvironment());
+  readonly regionLabel = signal('global');
+  readonly envLabel = signal('prod');
+  readonly envType = signal('Production');
+
+  readonly deployStatus = signal('DEGRADED');
+  readonly healthyTargets = signal(2);
+  readonly totalTargets = signal(3);
+
+  readonly sbomStatus = signal('STALE');
+  readonly sbomScanned = signal(10);
+  readonly sbomTotal = signal(12);
+  readonly sbomPending = signal(2);
+
+  readonly critR = signal(3);
+  readonly highR = signal(6);
+  readonly highNR = signal(9);
+  readonly vexCoverage = signal(83);
+
+  readonly buildCoverage = signal(84);
+  readonly imageCoverage = signal(92);
+  readonly runtimeCoverage = signal(61);
+  readonly buildAge = signal('42m');
+  readonly imageAge = signal('38m');
+  readonly runtimeAge = signal('2h 11m');
+
+  readonly dataConfidence = signal<DataTone>('WARN');
+  readonly dataIssueSummary = signal('NVD stale, runtime ingest lagging');
+  readonly policyBaseline = signal('prod-baseline-v4.2');
+  readonly versionLock = signal('prod-lock-2026-02');
+
+  readonly deployedBundle = signal('Platform Bundle 1.3.0-rc1');
+  readonly manifestDigest = signal('sha256:env-manifest-7aa1b2c3d4e5f6a7b8');
+  readonly missingSbom = signal(2);
+
+  readonly tabs: Array<{ id: EnvTabId; label: string }> = [
+    { id: 'overview', label: 'Overview' },
+    { id: 'deploy-status', label: 'Deploy Status' },
+    { id: 'sbom-findings', label: 'SBOM & Findings' },
+    { id: 'reachability', label: 'Reachability' },
+    { id: 'inputs', label: 'Inputs' },
+    { id: 'promotions', label: 'Promotions' },
+    { id: 'data-confidence', label: 'Data Confidence' },
+    { id: 'evidence-audit', label: 'Evidence & Audit' },
+  ];
+
+  readonly topRisks = [
+    'CVE-2026-1234 in openssl is critical reachable in api-gateway',
+    'Runtime ingest backlog may downgrade promotion confidence',
+    '2 stale SBOM artifacts for production services',
+  ];
+
+  readonly targetRows: TargetRow[] = [
+    { name: 'prod-eu-01', agent: 'agent-eu-a', health: 'healthy', heartbeat: '23s ago' },
+    { name: 'prod-eu-02', agent: 'agent-eu-b', health: 'degraded', heartbeat: '58s ago' },
+    { name: 'prod-eu-03', agent: 'agent-eu-c', health: 'unknown', heartbeat: '4m ago' },
+  ];
+
+  readonly serviceRows: ServiceRow[] = [
+    { name: 'api-gateway', status: 'Running', digest: 'sha256:api123', replicas: '3/3' },
+    { name: 'payments-worker', status: 'Degraded', digest: 'sha256:wrk456', replicas: '1/2' },
+    { name: 'event-router', status: 'Running', digest: 'sha256:evt789', replicas: '2/2' },
+  ];
+
+  readonly inventoryRows: InventoryRow[] = [
+    { component: 'api-gateway', version: '2.3.1', digest: 'sha256:api123', sbom: 'OK', critR: 1 },
+    { component: 'payments-worker', version: '5.4.0', digest: 'sha256:wrk456', sbom: 'STALE', critR: 2 },
+    { component: 'event-router', version: '1.9.2', digest: 'sha256:evt789', sbom: 'PENDING', critR: 0 },
+  ];
+
+  readonly reachabilityRows: ReachabilityRow[] = [
+    { component: 'api-gateway', digest: 'sha256:api123', build: true, image: true, runtime: false },
+    { component: 'payments-worker', digest: 'sha256:wrk456', build: true, image: true, runtime: true },
+    { component: 'event-router', digest: 'sha256:evt789', build: true, image: false, runtime: false },
+  ];
+
+  readonly inputBindings: InputBindingRow[] = [
+    { service: 'api-gateway', variable: 'DB_URL', source: 'vault://kv/prod/api/db_url', status: 'BOUND' },
+    { service: 'payments-worker', variable: 'REDIS_URL', source: 'consul://prod/payments/redis', status: 'BOUND' },
+    { service: 'payments-worker', variable: 'KMS_KEY', source: 'vault://kv/prod/payments/kms_key', status: 'MISSING' },
+  ];
+
+  readonly promotionRows: PromotionRow[] = [
+    { date: '2026-02-19 17:10 UTC', bundle: 'Platform Bundle 1.3.0-rc1', status: 'PROMOTING' },
+    { date: '2026-02-18 03:10 UTC', bundle: 'Platform Bundle 1.2.9', status: 'DEPLOYED' },
+  ];
+
+  readonly auditEvents: AuditEventRow[] = [
+    { when: '2026-02-19 16:42 UTC', who: 'ops-admin', action: 'Updated Vault path mapping for KMS_KEY' },
+    { when: '2026-02-19 14:18 UTC', who: 'release-bot', action: 'Applied bundle lock prod-lock-2026-02' },
+  ];
 
   ngOnInit(): void {
-    const id = this.route.snapshot.paramMap.get('id');
-    if (id) {
-      this.store.selectEnvironment(id);
-    }
+    const params = this.route.snapshot.paramMap;
+    const region = params.get('region') ?? 'global';
+    const env = params.get('env') ?? params.get('id') ?? 'prod';
 
-    // Check for settings tab in URL
-    if (this.route.snapshot.url.some(s => s.path === 'settings')) {
-      this.activeTab.set('settings');
+    this.regionLabel.set(region);
+    this.envLabel.set(env);
+    this.envType.set(this.isProductionEnv(env) ? 'Production' : 'Staging');
+    this.title.setTitle(`${region}/${env} Environment - StellaOps`);
+    this.breadcrumbService.setContextCrumbs([
+      { label: region, route: `/release-control/regions/${region}` },
+      { label: env },
+    ]);
+
+    const queryTab = this.route.snapshot.queryParamMap.get('tab') as EnvTabId | null;
+    const routeTab = this.route.snapshot.data['initialTab'] as EnvTabId | undefined;
+    const initialTab = queryTab ?? routeTab ?? null;
+    if (initialTab && this.tabs.some((tab) => tab.id === initialTab)) {
+      this.activeTab.set(initialTab);
     }
   }
 
-  getHealthPct(): number {
-    const e = this.env();
-    return e ? getHealthPercentage(e) : 0;
+  ngOnDestroy(): void {
+    this.breadcrumbService.clearContextCrumbs();
   }
 
-  getHealthClass(): string {
-    const pct = this.getHealthPct();
-    if (pct >= 90) return 'health--good';
-    if (pct >= 70) return 'health--warning';
-    return 'health--critical';
+  setTab(tab: EnvTabId): void {
+    this.activeTab.set(tab);
   }
 
-  closeEditDialog(): void {
-    this.showEditDialog = false;
+  hasMissingBinding(): boolean {
+    return this.inputBindings.some((row) => row.status === 'MISSING');
   }
 
-  saveEdit(): void {
-    const e = this.env();
-    if (!e) return;
-
-    // Initialize form with current values if opening
-    if (this.showEditDialog && !this.editForm.displayName) {
-      this.editForm = {
-        displayName: e.displayName,
-        description: e.description,
-        order: e.order,
-        isProduction: e.isProduction,
-      };
-    }
-
-    this.store.updateEnvironment(e.id, {
-      displayName: this.editForm.displayName,
-      description: this.editForm.description,
-      order: this.editForm.order,
-      isProduction: this.editForm.isProduction,
-    });
-
-    this.closeEditDialog();
+  private isProductionEnv(env: string): boolean {
+    const normalized = env.toLowerCase();
+    return normalized.includes('prod') || normalized.includes('production');
   }
 }
diff --git a/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environment-list/environment-list.component.ts b/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environment-list/environment-list.component.ts
index 89ae0593b..d71bb9c66 100644
--- a/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environment-list/environment-list.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environment-list/environment-list.component.ts
@@ -59,7 +59,7 @@ import {
             <div class="environment-card" [class.is-production]="env.isProduction">
               <div class="card-header">
                 <span class="order-badge">#{{ env.order }}</span>
-                <a [routerLink]="['/release-orchestrator/environments', env.id]" class="env-name">
+                <a [routerLink]="['/release-control/regions', 'global', 'environments', env.id]" class="env-name">
                   {{ env.displayName }}
                 </a>
                 @if (env.isProduction) {
@@ -69,8 +69,8 @@ import {
                   <button class="menu-btn" (click)="toggleMenu(env.id, $event)">...</button>
                   @if (openMenuId === env.id) {
                     <div class="dropdown-menu">
-                      <a [routerLink]="['/release-orchestrator/environments', env.id]">View Details</a>
-                      <a [routerLink]="['/release-orchestrator/environments', env.id, 'settings']">Settings</a>
+                      <a [routerLink]="['/release-control/regions', 'global', 'environments', env.id]">View Details</a>
+                      <a [routerLink]="['/release-control/regions', 'global', 'environments', env.id, 'settings']">Settings</a>
                       <hr />
                       <button class="danger" (click)="confirmDelete(env)">Delete</button>
                     </div>
diff --git a/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environments.routes.ts b/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environments.routes.ts
index 6fad75396..2877dffd4 100644
--- a/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environments.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/environments.routes.ts
@@ -16,31 +16,40 @@ export const ENVIRONMENT_ROUTES: Routes = [
       ),
   },
   {
-    path: ':id',
-    data: {
-      breadcrumb: 'Environment Detail',
-      tabs: [
-        'overview',
-        'deployments',
-        'sbom',
-        'reachability',
-        'inputs',
-        'promotions',
-        'data-integrity',
-        'evidence',
-      ],
-    },
+    path: ':region/:env',
+    title: 'Environment Detail',
     loadComponent: () =>
       import('./environment-detail/environment-detail.component').then(
         (m) => m.EnvironmentDetailComponent
       ),
   },
   {
-    path: ':id/settings',
-    data: { breadcrumb: 'Environment Settings', tab: 'settings' },
+    path: ':region/:env/settings',
+    title: 'Environment Detail',
+    data: { initialTab: 'inputs' },
     loadComponent: () =>
       import('./environment-detail/environment-detail.component').then(
         (m) => m.EnvironmentDetailComponent
       ),
   },
+  {
+    path: ':id',
+    redirectTo: 'global/:id',
+    pathMatch: 'full',
+  },
+  {
+    path: ':id/settings',
+    redirectTo: 'global/:id/settings',
+    pathMatch: 'full',
+  },
+  {
+    path: ':id/:page',
+    redirectTo: 'global/:id',
+    pathMatch: 'full',
+  },
+  {
+    path: '**',
+    redirectTo: '',
+    pathMatch: 'full',
+  },
 ];
diff --git a/src/Web/StellaOps.Web/src/app/features/scheduler-ops/schedule-management.component.ts b/src/Web/StellaOps.Web/src/app/features/scheduler-ops/schedule-management.component.ts
index 2ce520878..d2720ae47 100644
--- a/src/Web/StellaOps.Web/src/app/features/scheduler-ops/schedule-management.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/scheduler-ops/schedule-management.component.ts
@@ -28,7 +28,7 @@ import { SCHEDULER_API, type CreateScheduleDto } from '../../core/api/scheduler.
     <div class="schedule-management">
       <header class="page-header">
         <div class="header-content">
-          <a routerLink="/scheduler/runs" class="back-link">&larr; Back to Runs</a>
+          <a routerLink="/platform-ops/scheduler/runs" class="back-link">&larr; Back to Runs</a>
           <h1>Schedule Management</h1>
           <p>Create, edit, and manage scheduled tasks.</p>
         </div>
diff --git a/src/Web/StellaOps.Web/src/app/features/scheduler-ops/scheduler-runs.component.ts b/src/Web/StellaOps.Web/src/app/features/scheduler-ops/scheduler-runs.component.ts
index 058ee6c3b..e0e2f240e 100644
--- a/src/Web/StellaOps.Web/src/app/features/scheduler-ops/scheduler-runs.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/scheduler-ops/scheduler-runs.component.ts
@@ -28,10 +28,10 @@ import { SchedulerRun, SchedulerRunStatus } from './scheduler-ops.models';
           <p>Monitor and manage scheduled task executions.</p>
         </div>
         <div class="header-actions">
-          <button class="btn btn-secondary" routerLink="/scheduler/schedules">
+          <button class="btn btn-secondary" routerLink="/platform-ops/scheduler/schedules">
             Manage Schedules
           </button>
-          <button class="btn btn-secondary" routerLink="/scheduler/workers">
+          <button class="btn btn-secondary" routerLink="/platform-ops/scheduler/workers">
             Worker Fleet
           </button>
         </div>
@@ -194,7 +194,7 @@ import { SchedulerRun, SchedulerRunStatus } from './scheduler-ops.models';
                   </button>
                   <a
                     class="btn btn-secondary"
-                    [routerLink]="['/scheduler/runs', run.id, 'stream']"
+                    [routerLink]="['/platform-ops/scheduler/runs', run.id, 'stream']"
                     (click)="$event.stopPropagation()"
                   >
                     Live Stream
diff --git a/src/Web/StellaOps.Web/src/app/features/scheduler-ops/worker-fleet.component.ts b/src/Web/StellaOps.Web/src/app/features/scheduler-ops/worker-fleet.component.ts
index fb565f56e..d86e5dd88 100644
--- a/src/Web/StellaOps.Web/src/app/features/scheduler-ops/worker-fleet.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/scheduler-ops/worker-fleet.component.ts
@@ -24,7 +24,7 @@ import {
     <div class="worker-fleet">
       <header class="page-header">
         <div class="header-content">
-          <a routerLink="/scheduler/runs" class="back-link"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" style="display:inline;vertical-align:middle"><line x1="19" y1="12" x2="5" y2="12"/><polyline points="12 19 5 12 12 5"/></svg> Back to Runs</a>
+          <a routerLink="/platform-ops/scheduler/runs" class="back-link"><svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" aria-hidden="true" style="display:inline;vertical-align:middle"><line x1="19" y1="12" x2="5" y2="12"/><polyline points="12 19 5 12 12 5"/></svg> Back to Runs</a>
           <h1>Worker Fleet</h1>
           <p>Monitor worker status, load distribution, and health.</p>
         </div>
diff --git a/src/Web/StellaOps.Web/src/app/features/security-risk/advisory-sources.component.ts b/src/Web/StellaOps.Web/src/app/features/security-risk/advisory-sources.component.ts
index 94a79cc5b..6aecfb2bc 100644
--- a/src/Web/StellaOps.Web/src/app/features/security-risk/advisory-sources.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/security-risk/advisory-sources.component.ts
@@ -79,7 +79,7 @@ interface AdvisorySummaryVm {
         <div>
           <h1>Advisory Sources</h1>
           <p>
-            Security and Risk decision-impact surface. Connectivity belongs to Integrations. Mirror
+            Security &amp; Risk decision-impact surface. Connectivity belongs to Integrations. Mirror
             and freshness operations belong to Platform Ops.
           </p>
         </div>
@@ -179,7 +179,7 @@ interface AdvisorySummaryVm {
         @if (rows().length === 0) {
           <section class="empty" aria-label="No advisory sources">
             <h2>No advisory sources configured</h2>
-            <p>Configure the first source in Integrations before Security and Risk can evaluate impact.</p>
+            <p>Configure the first source in Integrations before Security &amp; Risk can evaluate impact.</p>
             <a routerLink="/integrations/feeds">Open Integrations Feeds</a>
           </section>
         } @else {
diff --git a/src/Web/StellaOps.Web/src/app/features/security-risk/finding-detail-page.component.ts b/src/Web/StellaOps.Web/src/app/features/security-risk/finding-detail-page.component.ts
new file mode 100644
index 000000000..ba8ba2166
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/security-risk/finding-detail-page.component.ts
@@ -0,0 +1,100 @@
+import { ChangeDetectionStrategy, Component, inject, signal } from '@angular/core';
+import { ActivatedRoute, RouterLink } from '@angular/router';
+
+@Component({
+  selector: 'app-finding-detail-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <section class="finding-detail">
+      <header class="header">
+        <h1>Finding {{ findingId() }}</h1>
+        <p>CVE-2026-1234 | openssl | Critical | api-gateway | sha256:api123 | prod-eu</p>
+      </header>
+
+      <section class="panel">
+        <h2>Reachability</h2>
+        <p>REACHABLE (confidence 91%)</p>
+        <p>B/I/R evidence age: B 42m | I 38m | R 2h 11m</p>
+      </section>
+
+      <section class="panel">
+        <h2>Impact</h2>
+        <p>Affected environments: 3 | Affected bundle versions: 2</p>
+        <p>
+          Blocked approvals:
+          <a [routerLink]="['/release-control/approvals']" [queryParams]="{ finding: findingId() }">2 approvals</a>
+        </p>
+      </section>
+
+      <section class="panel">
+        <h2>Disposition</h2>
+        <p>VEX statements: 1 linked</p>
+        <p>Exceptions: none active</p>
+      </section>
+
+      <section class="actions">
+        <button type="button">Create Exception Request</button>
+        <button type="button">Search/Import VEX</button>
+        <button type="button">Export as Evidence</button>
+      </section>
+    </section>
+  `,
+  styles: [
+    `
+      .finding-detail {
+        display: grid;
+        gap: 0.85rem;
+      }
+
+      .header h1 {
+        margin: 0 0 0.2rem;
+        font-size: 1.4rem;
+      }
+
+      .header p {
+        margin: 0;
+        color: var(--color-text-secondary);
+        font-size: 0.84rem;
+      }
+
+      .panel {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        padding: 0.7rem 0.8rem;
+      }
+
+      .panel h2 {
+        margin: 0 0 0.35rem;
+        font-size: 0.9rem;
+      }
+
+      .panel p {
+        margin: 0.2rem 0;
+        font-size: 0.82rem;
+      }
+
+      .actions {
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.5rem;
+      }
+
+      .actions button {
+        border: 1px solid var(--color-border-primary);
+        background: var(--color-surface-primary);
+        border-radius: var(--radius-md);
+        padding: 0.45rem 0.7rem;
+        font-size: 0.8rem;
+        cursor: pointer;
+      }
+    `,
+  ],
+})
+export class FindingDetailPageComponent {
+  private readonly route = inject(ActivatedRoute);
+
+  readonly findingId = signal(this.route.snapshot.paramMap.get('findingId') ?? 'unknown-finding');
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/security-risk/security-risk-overview.component.ts b/src/Web/StellaOps.Web/src/app/features/security-risk/security-risk-overview.component.ts
index 382d491e0..4564ee72d 100644
--- a/src/Web/StellaOps.Web/src/app/features/security-risk/security-risk-overview.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/security-risk/security-risk-overview.component.ts
@@ -38,6 +38,12 @@ interface RiskSummaryCard {
         </div>
       </header>
 
+      <section class="data-confidence-banner" role="status">
+        <strong>Data Confidence: WARN</strong>
+        <span>NVD stale 3h; SBOM rescan FAIL; runtime ingest lagging</span>
+        <a routerLink="/platform-ops/data-integrity">Open Data Integrity</a>
+      </section>
+
       <!-- Primary cards: risk-blocking decisions first -->
       <section class="cards-grid primary-cards" aria-label="Security risk summary">
         <!-- Risk Score Card -->
@@ -92,6 +98,29 @@ interface RiskSummaryCard {
         </a>
       </section>
 
+      <section class="critical-by-env" aria-label="Critical reachable by environment">
+        <h2 class="context-links-title">Critical Reachable by Environment</h2>
+        <div class="critical-grid">
+          @for (env of criticalReachableByEnvironment(); track env.name) {
+            <article>
+              <span>{{ env.name }}</span>
+              <strong>{{ env.count }}</strong>
+            </article>
+          }
+        </div>
+      </section>
+
+      <section class="posture-grid" aria-label="SBOM and VEX posture">
+        <article class="posture-card">
+          <h2>SBOM Posture</h2>
+          <p>Coverage {{ sbomPosture().coverage }}% | Freshness {{ sbomPosture().freshness }} | Pending scans {{ sbomPosture().pending }}</p>
+        </article>
+        <article class="posture-card">
+          <h2>VEX &amp; Exceptions</h2>
+          <p>Statements {{ vexPosture().statements }} | Expiring exceptions {{ vexPosture().expiringExceptions }}</p>
+        </article>
+      </section>
+
       <!-- Contextual navigation links -->
       <section class="context-links" aria-label="Related surfaces">
         <h2 class="context-links-title">More in Security &amp; Risk</h2>
@@ -149,6 +178,25 @@ interface RiskSummaryCard {
       margin: 0.35rem 0 0;
     }
 
+    .data-confidence-banner {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 0.55rem;
+      align-items: center;
+      border: 1px solid #f59e0b;
+      background: #fffbeb;
+      color: #92400e;
+      border-radius: var(--radius-md);
+      padding: 0.62rem 0.78rem;
+      font-size: 0.82rem;
+    }
+
+    .data-confidence-banner a {
+      color: var(--color-brand-primary);
+      text-decoration: none;
+      margin-left: auto;
+    }
+
     /* Card Grids */
     .cards-grid {
       display: grid;
@@ -163,6 +211,63 @@ interface RiskSummaryCard {
       grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
     }
 
+    .critical-by-env,
+    .posture-card {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      background: var(--color-surface-primary);
+    }
+
+    .critical-by-env {
+      padding: 1rem;
+      display: grid;
+      gap: 0.7rem;
+    }
+
+    .critical-grid {
+      display: grid;
+      gap: 0.6rem;
+      grid-template-columns: repeat(auto-fit, minmax(180px, 1fr));
+    }
+
+    .critical-grid article {
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-md);
+      padding: 0.6rem 0.7rem;
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      font-size: 0.82rem;
+    }
+
+    .critical-grid strong {
+      font-size: 1.15rem;
+    }
+
+    .posture-grid {
+      display: grid;
+      gap: 0.8rem;
+      grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
+    }
+
+    .posture-card {
+      padding: 0.8rem 0.9rem;
+    }
+
+    .posture-card h2 {
+      margin: 0 0 0.35rem;
+      font-size: 0.86rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+    }
+
+    .posture-card p {
+      margin: 0;
+      font-size: 0.84rem;
+      color: var(--color-text-secondary);
+    }
+
     /* Cards */
     .card {
       display: flex;
@@ -359,4 +464,21 @@ export class SecurityRiskOverviewComponent {
     link: '/security-risk/reachability',
     linkLabel: 'Reachability center',
   });
+
+  readonly criticalReachableByEnvironment = signal([
+    { name: 'prod-eu', count: 4 },
+    { name: 'prod-us', count: 3 },
+    { name: 'stage-eu', count: 1 },
+  ]);
+
+  readonly sbomPosture = signal({
+    coverage: 94,
+    freshness: 'WARN',
+    pending: 2,
+  });
+
+  readonly vexPosture = signal({
+    statements: 476,
+    expiringExceptions: 3,
+  });
 }
diff --git a/src/Web/StellaOps.Web/src/app/features/security-risk/vulnerability-detail-page.component.ts b/src/Web/StellaOps.Web/src/app/features/security-risk/vulnerability-detail-page.component.ts
new file mode 100644
index 000000000..876d27f91
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/app/features/security-risk/vulnerability-detail-page.component.ts
@@ -0,0 +1,112 @@
+import { ChangeDetectionStrategy, Component, inject, signal } from '@angular/core';
+import { ActivatedRoute, RouterLink } from '@angular/router';
+
+@Component({
+  selector: 'app-vulnerability-detail-page',
+  standalone: true,
+  imports: [RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
+    <section class="vuln-detail">
+      <header class="header">
+        <h1>{{ cveId() }}</h1>
+        <p>Package: openssl | Severity: Critical | EPSS: 0.87 | KEV: YES</p>
+      </header>
+
+      @if (showDataConfidenceBanner()) {
+        <section class="banner">
+          Data Confidence: WARN (NVD stale 3h)
+        </section>
+      }
+
+      <section class="panel">
+        <h2>Impact Summary</h2>
+        <p>Impacted environments: 3</p>
+        <p>Reachability classes: reachable 4 | not reachable 9 | unknown 3</p>
+        <p>Affected bundle versions: 2</p>
+      </section>
+
+      <section class="panel">
+        <h2>Disposition</h2>
+        <p>VEX: 1 linked statement</p>
+        <p>Exceptions: none active</p>
+      </section>
+
+      <section class="actions">
+        <a routerLink="/security-risk/findings">Open Findings</a>
+        <a routerLink="/security-risk/sbom">Open SBOM Graph</a>
+        <a routerLink="/security-risk/exceptions">Create Exception</a>
+        <button type="button">Export Report</button>
+      </section>
+    </section>
+  `,
+  styles: [
+    `
+      .vuln-detail {
+        display: grid;
+        gap: 0.85rem;
+      }
+
+      .header h1 {
+        margin: 0 0 0.2rem;
+        font-size: 1.35rem;
+      }
+
+      .header p {
+        margin: 0;
+        color: var(--color-text-secondary);
+        font-size: 0.84rem;
+      }
+
+      .banner {
+        border: 1px solid #f59e0b;
+        background: #fffbeb;
+        color: #92400e;
+        border-radius: var(--radius-md);
+        padding: 0.55rem 0.7rem;
+        font-size: 0.82rem;
+      }
+
+      .panel {
+        border: 1px solid var(--color-border-primary);
+        border-radius: var(--radius-md);
+        background: var(--color-surface-primary);
+        padding: 0.7rem 0.8rem;
+      }
+
+      .panel h2 {
+        margin: 0 0 0.35rem;
+        font-size: 0.9rem;
+      }
+
+      .panel p {
+        margin: 0.2rem 0;
+        font-size: 0.82rem;
+      }
+
+      .actions {
+        display: flex;
+        flex-wrap: wrap;
+        gap: 0.55rem;
+      }
+
+      .actions a,
+      .actions button {
+        border: 1px solid var(--color-border-primary);
+        background: var(--color-surface-primary);
+        border-radius: var(--radius-md);
+        padding: 0.42rem 0.68rem;
+        font-size: 0.8rem;
+        text-decoration: none;
+        color: inherit;
+        cursor: pointer;
+      }
+    `,
+  ],
+})
+export class VulnerabilityDetailPageComponent {
+  private readonly route = inject(ActivatedRoute);
+
+  readonly cveId = signal(this.route.snapshot.paramMap.get('cveId') ?? 'CVE-UNKNOWN');
+  readonly showDataConfidenceBanner = signal(true);
+}
diff --git a/src/Web/StellaOps.Web/src/app/features/security/sbom-graph-page.component.ts b/src/Web/StellaOps.Web/src/app/features/security/sbom-graph-page.component.ts
index 72915ba42..3751bf56e 100644
--- a/src/Web/StellaOps.Web/src/app/features/security/sbom-graph-page.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/security/sbom-graph-page.component.ts
@@ -4,11 +4,12 @@
  */
 
 import { ChangeDetectionStrategy, Component } from '@angular/core';
+import { RouterLink } from '@angular/router';
 
 
 @Component({
     selector: 'app-sbom-graph-page',
-    imports: [],
+    imports: [RouterLink],
     changeDetection: ChangeDetectionStrategy.OnPush,
     template: `
     <section class="page">
@@ -16,10 +17,114 @@ import { ChangeDetectionStrategy, Component } from '@angular/core';
         <h1 class="page-title">SBOM Graph</h1>
         <p class="page-subtitle">Visualize dependency relationships and component impact.</p>
       </header>
-      <div class="panel">
-        <p>SBOM graph visualization is not yet available in this build.</p>
+
+      <div class="coming-soon" role="status" aria-live="polite">
+        <div class="coming-soon__icon" aria-hidden="true">
+          <svg viewBox="0 0 24 24" width="24" height="24" fill="none" stroke="currentColor" stroke-width="1.6">
+            <circle cx="6" cy="12" r="2.5"></circle>
+            <circle cx="18" cy="6" r="2.5"></circle>
+            <circle cx="18" cy="18" r="2.5"></circle>
+            <path d="M8.3 10.9 15.7 7.1"></path>
+            <path d="M8.3 13.1 15.7 16.9"></path>
+          </svg>
+        </div>
+        <h2 class="coming-soon__title">Graph visualization is coming soon</h2>
+        <p class="coming-soon__text">
+          Core lineage data is available, but the interactive dependency explorer is still being wired.
+        </p>
+        <div class="coming-soon__actions">
+          <a routerLink="/security-risk/findings" class="btn btn--primary">Open Findings</a>
+          <a routerLink="/security-risk/reachability" class="btn btn--secondary">Open Reachability</a>
+        </div>
       </div>
     </section>
-  `
+  `,
+    styles: [`
+    .page {
+      display: flex;
+      flex-direction: column;
+      gap: 1rem;
+    }
+
+    .page-header {
+      display: flex;
+      flex-direction: column;
+      gap: 0.25rem;
+    }
+
+    .page-title {
+      margin: 0;
+      font-size: 1.5rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .page-subtitle {
+      margin: 0;
+      color: var(--color-text-secondary);
+    }
+
+    .coming-soon {
+      display: flex;
+      flex-direction: column;
+      gap: 0.75rem;
+      padding: 1.25rem;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-lg);
+      background: linear-gradient(180deg, var(--color-surface-secondary), var(--color-surface-primary));
+    }
+
+    .coming-soon__icon {
+      width: 2.25rem;
+      height: 2.25rem;
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      border-radius: var(--radius-full);
+      color: var(--color-brand-primary);
+      background: var(--color-brand-soft);
+    }
+
+    .coming-soon__title {
+      margin: 0;
+      font-size: 1.0625rem;
+      font-weight: var(--font-weight-semibold);
+    }
+
+    .coming-soon__text {
+      margin: 0;
+      color: var(--color-text-secondary);
+      max-width: 64ch;
+    }
+
+    .coming-soon__actions {
+      display: flex;
+      gap: 0.5rem;
+      flex-wrap: wrap;
+    }
+
+    .btn {
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      padding: 0.5rem 0.875rem;
+      border-radius: var(--radius-md);
+      font-size: 0.875rem;
+      font-weight: var(--font-weight-medium);
+      text-decoration: none;
+      border: 1px solid transparent;
+    }
+
+    .btn--primary {
+      color: #fff;
+      background: var(--color-brand-primary);
+      border-color: var(--color-brand-primary);
+    }
+
+    .btn--secondary {
+      color: var(--color-text-primary);
+      background: var(--color-surface-primary);
+      border-color: var(--color-border-primary);
+    }
+  `]
 })
 export class SbomGraphPageComponent {}
diff --git a/src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail-page.component.ts b/src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail-page.component.ts
index 9dae47d36..69871f7f8 100644
--- a/src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail-page.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail-page.component.ts
@@ -619,7 +619,7 @@ export class VulnerabilityDetailPageComponent implements OnInit {
   }
 
   createRemediationTask(): void {
-    void this.router.navigate(['/operations/orchestrator/jobs'], {
+    void this.router.navigate(['/platform-ops/orchestrator/jobs'], {
       queryParams: {
         action: 'remediate',
         cveId: this.vuln().id,
diff --git a/src/Web/StellaOps.Web/src/app/features/settings/branding/branding-settings-page.component.ts b/src/Web/StellaOps.Web/src/app/features/settings/branding/branding-settings-page.component.ts
index c99a5ec04..c88350495 100644
--- a/src/Web/StellaOps.Web/src/app/features/settings/branding/branding-settings-page.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/settings/branding/branding-settings-page.component.ts
@@ -12,7 +12,7 @@ import { Component, ChangeDetectionStrategy } from '@angular/core';
     changeDetection: ChangeDetectionStrategy.OnPush,
     template: `
     <div class="branding-settings">
-      <h1 class="page-title">Tenant / Branding</h1>
+      <h1 class="page-title">Tenant & Branding</h1>
       <p class="page-subtitle">Customize appearance and branding for your tenant</p>
 
       <div class="settings-grid">
diff --git a/src/Web/StellaOps.Web/src/app/features/settings/integrations/integration-detail-page.component.ts b/src/Web/StellaOps.Web/src/app/features/settings/integrations/integration-detail-page.component.ts
index 8129f6add..79d0f0f9b 100644
--- a/src/Web/StellaOps.Web/src/app/features/settings/integrations/integration-detail-page.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/settings/integrations/integration-detail-page.component.ts
@@ -3,40 +3,110 @@
  * Sprint: SPRINT_20260118_002_FE_settings_consolidation (SETTINGS-002)
  */
 
-import { Component, ChangeDetectionStrategy, signal, inject } from '@angular/core';
-
+import {
+  ChangeDetectionStrategy,
+  Component,
+  DestroyRef,
+  inject,
+  signal,
+} from '@angular/core';
+import { CommonModule } from '@angular/common';
 import { ActivatedRoute, RouterLink } from '@angular/router';
+import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
+
+import { IntegrationService } from '../../integration-hub/integration.service';
+import {
+  Integration,
+  getIntegrationStatusLabel,
+  getIntegrationTypeLabel,
+} from '../../integration-hub/integration.models';
 
 @Component({
-    selector: 'app-integration-detail-page',
-    imports: [RouterLink],
-    changeDetection: ChangeDetectionStrategy.OnPush,
-    template: `
+  selector: 'app-integration-detail-page',
+  imports: [CommonModule, RouterLink],
+  changeDetection: ChangeDetectionStrategy.OnPush,
+  template: `
     <div class="integration-detail">
       <header class="page-header">
-        <a routerLink="../" class="back-link">← Back to Integrations</a>
-        <h1 class="page-title">Integration Detail</h1>
-        <p class="page-subtitle">Integration ID: {{ integrationId() }}</p>
+        <a routerLink="/settings/integrations" class="back-link">Back to Integrations</a>
+        <h1 class="page-title">{{ pageTitle() }}</h1>
+        <p class="page-subtitle">{{ pageSubtitle() }}</p>
       </header>
 
-      <div class="tabs">
-        <button type="button" class="tab tab--active">Overview</button>
-        <button type="button" class="tab">Health</button>
-        <button type="button" class="tab">Activity</button>
-        <button type="button" class="tab">Permissions</button>
-        <button type="button" class="tab">Secrets</button>
-        <button type="button" class="tab">Webhooks</button>
-      </div>
+      @if (loading()) {
+        <section class="state-card" role="status">Loading integration details...</section>
+      } @else if (error(); as errorMessage) {
+        <section class="state-card state-card--error" role="alert">
+          <p>{{ errorMessage }}</p>
+          <button type="button" class="btn btn--secondary" (click)="reload()">Retry</button>
+        </section>
+      } @else if (integration(); as current) {
+        <section class="summary-grid" aria-label="Integration overview">
+          <article>
+            <h2>Name</h2>
+            <p>{{ current.name }}</p>
+          </article>
+          <article>
+            <h2>Type</h2>
+            <p>{{ getTypeLabel(current.type) }}</p>
+          </article>
+          <article>
+            <h2>Status</h2>
+            <p>{{ getStatusLabel(current.status) }}</p>
+          </article>
+          <article>
+            <h2>Last Sync</h2>
+            <p>{{ current.lastSyncAt ? (current.lastSyncAt | date : 'medium') : 'Not yet available' }}</p>
+          </article>
+        </section>
 
-      <div class="content">
-        <div class="card">
-          <h3>Integration Overview</h3>
-          <p>Configure and monitor this integration's connection status, permissions, and activity.</p>
-        </div>
-      </div>
+        <nav class="tabs" aria-label="Integration detail tabs">
+          @for (tab of tabs; track tab) {
+            <button
+              type="button"
+              class="tab"
+              [class.tab--active]="activeTab() === tab"
+              (click)="activeTab.set(tab)">
+              {{ tab }}
+            </button>
+          }
+        </nav>
+
+        <section class="content" aria-live="polite">
+          @if (activeTab() === 'Overview') {
+            <div class="card">
+              <h3>Integration Overview</h3>
+              <p>{{ current.description || 'No description provided.' }}</p>
+              <dl>
+                <div>
+                  <dt>Integration ID</dt>
+                  <dd>{{ current.integrationId }}</dd>
+                </div>
+                <div>
+                  <dt>Tenant</dt>
+                  <dd>{{ current.tenantId }}</dd>
+                </div>
+                <div>
+                  <dt>Endpoint</dt>
+                  <dd>{{ current.baseUrl || 'Not configured' }}</dd>
+                </div>
+              </dl>
+            </div>
+          } @else {
+            <div class="card card--placeholder">
+              <h3>{{ activeTab() }}</h3>
+              <p>Not yet available for this integration. Implementation is tracked in the related sprint tasks.</p>
+            </div>
+          }
+        </section>
+      } @else {
+        <section class="state-card">
+          No integration found for this ID.
+        </section>
+      }
     </div>
   `,
-    styles: [`
+  styles: [`
     .integration-detail {
       max-width: 1000px;
     }
@@ -64,11 +134,38 @@ import { ActivatedRoute, RouterLink } from '@angular/router';
       color: var(--color-text-secondary);
     }
 
+    .summary-grid {
+      display: grid;
+      gap: 0.75rem;
+      grid-template-columns: repeat(auto-fill, minmax(180px, 1fr));
+      margin-bottom: 1rem;
+    }
+
+    .summary-grid article {
+      padding: 0.75rem;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-md);
+      background: var(--color-surface-primary);
+    }
+
+    .summary-grid h2 {
+      margin: 0 0 0.25rem;
+      font-size: 0.75rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+    }
+
+    .summary-grid p {
+      margin: 0;
+      font-size: 0.9rem;
+    }
+
     .tabs {
       display: flex;
       gap: 0.25rem;
       border-bottom: 1px solid var(--color-border-primary);
-      margin-bottom: 1.5rem;
+      margin-bottom: 1rem;
     }
 
     .tab {
@@ -92,33 +189,151 @@ import { ActivatedRoute, RouterLink } from '@angular/router';
       border-bottom-color: var(--color-brand-primary);
     }
 
+    .state-card {
+      padding: 1rem;
+      border: 1px solid var(--color-border-primary);
+      border-radius: var(--radius-md);
+      background: var(--color-surface-primary);
+      color: var(--color-text-secondary);
+      display: flex;
+      gap: 0.75rem;
+      align-items: center;
+      justify-content: space-between;
+    }
+
+    .state-card--error {
+      border-color: rgba(248, 113, 113, 0.4);
+      background: var(--color-status-error-bg);
+      color: var(--color-status-error);
+    }
+
     .card {
-      padding: 1.5rem;
+      padding: 1rem;
       background: var(--color-surface-primary);
       border: 1px solid var(--color-border-primary);
-      border-radius: var(--radius-lg);
+      border-radius: var(--radius-md);
+      display: grid;
+      gap: 0.75rem;
     }
 
     .card h3 {
-      margin: 0 0 0.5rem;
+      margin: 0;
       font-size: 1rem;
-      font-weight: var(--font-weight-semibold);
     }
 
     .card p {
       margin: 0;
       color: var(--color-text-secondary);
     }
-  `]
+
+    .card dl {
+      margin: 0;
+      display: grid;
+      gap: 0.5rem;
+    }
+
+    .card dt {
+      font-size: 0.75rem;
+      text-transform: uppercase;
+      letter-spacing: 0.04em;
+      color: var(--color-text-secondary);
+    }
+
+    .card dd {
+      margin: 0;
+      word-break: break-word;
+    }
+
+    .card--placeholder {
+      background: var(--color-surface-secondary);
+    }
+
+    .btn {
+      padding: 0.375rem 0.75rem;
+      border-radius: var(--radius-md);
+      font-size: 0.875rem;
+      cursor: pointer;
+      border: 1px solid var(--color-border-primary);
+      background: var(--color-surface-primary);
+      color: var(--color-text-primary);
+    }
+  `],
 })
 export class IntegrationDetailPageComponent {
-  private route = inject(ActivatedRoute);
+  private readonly route = inject(ActivatedRoute);
+  private readonly integrationService = inject(IntegrationService);
+  private readonly destroyRef = inject(DestroyRef);
 
-  integrationId = signal('');
+  readonly integrationId = signal('');
+  readonly integration = signal<Integration | null>(null);
+  readonly loading = signal(true);
+  readonly error = signal<string | null>(null);
+  readonly activeTab = signal('Overview');
+  readonly tabs = ['Overview', 'Health', 'Activity', 'Permissions', 'Secrets', 'Webhooks'] as const;
 
   constructor() {
-    this.route.params.subscribe(params => {
-      this.integrationId.set(params['id'] || '');
-    });
+    this.route.paramMap
+      .pipe(takeUntilDestroyed(this.destroyRef))
+      .subscribe((params) => {
+        const id = params.get('id') ?? '';
+        this.integrationId.set(id);
+        this.loadIntegration(id);
+      });
+  }
+
+  readonly pageTitle = () => {
+    const current = this.integration();
+    if (current) {
+      return current.name;
+    }
+    const id = this.integrationId();
+    return id ? `Integration ${id}` : 'Integration Detail';
+  };
+
+  readonly pageSubtitle = () => {
+    const current = this.integration();
+    if (current) {
+      return `Settings / Integrations / ${current.name}`;
+    }
+    const id = this.integrationId();
+    return id ? `Loading integration ${id}` : 'Integration details';
+  };
+
+  reload(): void {
+    this.loadIntegration(this.integrationId());
+  }
+
+  getTypeLabel(type: number): string {
+    return getIntegrationTypeLabel(type);
+  }
+
+  getStatusLabel(status: number): string {
+    return getIntegrationStatusLabel(status);
+  }
+
+  private loadIntegration(id: string): void {
+    if (!id) {
+      this.integration.set(null);
+      this.loading.set(false);
+      this.error.set('Integration ID is required.');
+      return;
+    }
+
+    this.loading.set(true);
+    this.error.set(null);
+    this.integrationService
+      .get(id)
+      .pipe(takeUntilDestroyed(this.destroyRef))
+      .subscribe({
+        next: (response) => {
+          this.integration.set(response);
+          this.loading.set(false);
+        },
+        error: () => {
+          this.integration.set(null);
+          this.loading.set(false);
+          this.error.set('Failed to load integration details.');
+        },
+      });
   }
 }
diff --git a/src/Web/StellaOps.Web/src/app/features/settings/release-control/release-control-settings-page.component.ts b/src/Web/StellaOps.Web/src/app/features/settings/release-control/release-control-settings-page.component.ts
index 522191782..b36f2c920 100644
--- a/src/Web/StellaOps.Web/src/app/features/settings/release-control/release-control-settings-page.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/settings/release-control/release-control-settings-page.component.ts
@@ -4,40 +4,41 @@
  */
 
 import { Component, ChangeDetectionStrategy } from '@angular/core';
+import { RouterLink } from '@angular/router';
 
 
 @Component({
     selector: 'app-release-control-settings-page',
-    imports: [],
+    imports: [RouterLink],
     changeDetection: ChangeDetectionStrategy.OnPush,
     template: `
     <div class="release-control-settings">
-      <h1 class="page-title">Release Control</h1>
-      <p class="page-subtitle">Configure environments, targets, agents, and workflows</p>
+      <h1 class="page-title">Release Control Settings</h1>
+      <p class="page-subtitle">Configure environments, targets, agents, and workflows.</p>
 
       <div class="settings-grid">
         <section class="settings-section">
           <h2>Environments</h2>
           <p>Configure release environments and promotion paths.</p>
-          <button type="button" class="btn btn--secondary">Manage Environments</button>
+          <a class="btn btn--secondary" routerLink="/release-control/setup/environments-paths">Manage Environments</a>
         </section>
 
         <section class="settings-section">
           <h2>Targets</h2>
           <p>Configure deployment targets for each environment.</p>
-          <button type="button" class="btn btn--secondary">Manage Targets</button>
+          <a class="btn btn--secondary" routerLink="/release-control/setup/targets-agents">Manage Targets</a>
         </section>
 
         <section class="settings-section">
           <h2>Agents</h2>
           <p>Manage deployment agents and their configurations.</p>
-          <button type="button" class="btn btn--secondary">Manage Agents</button>
+          <a class="btn btn--secondary" routerLink="/release-control/setup/targets-agents">Manage Agents</a>
         </section>
 
         <section class="settings-section">
           <h2>Workflows</h2>
           <p>Configure deployment workflow templates.</p>
-          <button type="button" class="btn btn--secondary">Edit Workflows</button>
+          <a class="btn btn--secondary" routerLink="/release-control/setup/workflows">Edit Workflows</a>
         </section>
       </div>
     </div>
@@ -60,6 +61,7 @@ import { Component, ChangeDetectionStrategy } from '@angular/core';
     .settings-section h2 { margin: 0 0 0.5rem; font-size: 1rem; font-weight: var(--font-weight-semibold); }
     .settings-section p { margin: 0 0 1rem; font-size: 0.875rem; color: var(--color-text-secondary); }
     .btn { padding: 0.375rem 0.75rem; border-radius: var(--radius-md); font-size: 0.875rem; cursor: pointer; }
+    .btn { display: inline-flex; text-decoration: none; color: var(--color-text-primary); }
     .btn--secondary { background: var(--color-surface-secondary); border: 1px solid var(--color-border-primary); }
   `]
 })
diff --git a/src/Web/StellaOps.Web/src/app/features/settings/settings.routes.ts b/src/Web/StellaOps.Web/src/app/features/settings/settings.routes.ts
index ee579334c..71e046c2f 100644
--- a/src/Web/StellaOps.Web/src/app/features/settings/settings.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/features/settings/settings.routes.ts
@@ -8,6 +8,7 @@ import { Routes } from '@angular/router';
 export const SETTINGS_ROUTES: Routes = [
   {
     path: '',
+    title: 'Settings',
     loadComponent: () =>
       import('./settings-page.component').then(m => m.SettingsPageComponent),
     data: { breadcrumb: 'Settings' },
@@ -19,96 +20,112 @@ export const SETTINGS_ROUTES: Routes = [
       },
       {
         path: 'integrations',
+        title: 'Integrations',
         loadComponent: () =>
           import('./integrations/integrations-settings-page.component').then(m => m.IntegrationsSettingsPageComponent),
         data: { breadcrumb: 'Integrations' },
       },
       {
         path: 'integrations/:id',
+        title: 'Integration Detail',
         loadComponent: () =>
           import('./integrations/integration-detail-page.component').then(m => m.IntegrationDetailPageComponent),
         data: { breadcrumb: 'Integration Detail' },
       },
       {
         path: 'configuration-pane',
+        title: 'Configuration Pane',
         loadComponent: () =>
           import('../configuration-pane/components/configuration-pane.component').then(m => m.ConfigurationPaneComponent),
         data: { breadcrumb: 'Configuration Pane' },
       },
       {
         path: 'release-control',
+        title: 'Release Control',
         loadComponent: () =>
           import('./release-control/release-control-settings-page.component').then(m => m.ReleaseControlSettingsPageComponent),
         data: { breadcrumb: 'Release Control' },
       },
       {
         path: 'trust',
+        title: 'Trust & Signing',
         loadComponent: () =>
           import('./trust/trust-settings-page.component').then(m => m.TrustSettingsPageComponent),
         data: { breadcrumb: 'Trust & Signing' },
       },
       {
         path: 'trust/:page',
+        title: 'Trust & Signing',
         loadComponent: () =>
           import('./trust/trust-settings-page.component').then(m => m.TrustSettingsPageComponent),
         data: { breadcrumb: 'Trust & Signing' },
       },
       {
         path: 'security-data',
+        title: 'Security Data',
         loadComponent: () =>
           import('./security-data/security-data-settings-page.component').then(m => m.SecurityDataSettingsPageComponent),
         data: { breadcrumb: 'Security Data' },
       },
       {
         path: 'admin',
+        title: 'Identity & Access',
         loadComponent: () =>
           import('./admin/admin-settings-page.component').then(m => m.AdminSettingsPageComponent),
         data: { breadcrumb: 'Identity & Access' },
       },
       {
         path: 'admin/:page',
+        title: 'Identity & Access',
         loadComponent: () =>
           import('./admin/admin-settings-page.component').then(m => m.AdminSettingsPageComponent),
         data: { breadcrumb: 'Identity & Access' },
       },
       {
         path: 'branding',
+        title: 'Tenant & Branding',
         loadComponent: () =>
           import('./branding/branding-settings-page.component').then(m => m.BrandingSettingsPageComponent),
-        data: { breadcrumb: 'Branding' },
+        data: { breadcrumb: 'Tenant & Branding' },
       },
       {
         path: 'usage',
+        title: 'Usage & Limits',
         loadComponent: () =>
           import('./usage/usage-settings-page.component').then(m => m.UsageSettingsPageComponent),
         data: { breadcrumb: 'Usage & Limits' },
       },
       {
         path: 'notifications',
+        title: 'Notifications',
         loadComponent: () =>
           import('./notifications/notifications-settings-page.component').then(m => m.NotificationsSettingsPageComponent),
         data: { breadcrumb: 'Notifications' },
       },
       {
         path: 'ai-preferences',
+        title: 'AI Preferences',
         loadComponent: () =>
           import('./ai-preferences-workbench.component').then(m => m.AiPreferencesWorkbenchComponent),
         data: { breadcrumb: 'AI Preferences' },
       },
       {
         path: 'policy',
+        title: 'Policy Governance',
         loadComponent: () =>
           import('./policy/policy-governance-settings-page.component').then(m => m.PolicyGovernanceSettingsPageComponent),
         data: { breadcrumb: 'Policy Governance' },
       },
       {
         path: 'offline',
+        title: 'Offline Settings',
         loadComponent: () =>
           import('../offline-kit/components/offline-dashboard.component').then(m => m.OfflineDashboardComponent),
         data: { breadcrumb: 'Offline Settings' },
       },
       {
         path: 'system',
+        title: 'System',
         loadComponent: () =>
           import('./system/system-settings-page.component').then(m => m.SystemSettingsPageComponent),
         data: { breadcrumb: 'System' },
diff --git a/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.spec.ts b/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.spec.ts
index cbb0ddaa1..3f6ec7f82 100644
--- a/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.spec.ts
@@ -29,11 +29,14 @@ describe('AppSidebarComponent', () => {
     expect(fixture.nativeElement.textContent).not.toContain('Analytics');
   });
 
-  it('shows analytics navigation when analytics scope is present', () => {
+  it('keeps canonical v2 root nav even when analytics scope is present', () => {
     setScopes([StellaOpsScopes.UI_READ, StellaOpsScopes.ANALYTICS_READ]);
     const fixture = createComponent();
 
-    expect(fixture.nativeElement.textContent).toContain('Analytics');
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Dashboard');
+    expect(text).toContain('Security & Risk');
+    expect(text).not.toContain('Analytics');
   });
 
   function setScopes(scopes: readonly StellaOpsScope[]): void {
diff --git a/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts b/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts
index 8d18dc7f3..ca95a2abd 100644
--- a/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts
+++ b/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts
@@ -9,11 +9,15 @@ import {
   computed,
   NgZone,
   OnDestroy,
+  DestroyRef,
 } from '@angular/core';
 
-import { Router, RouterLink } from '@angular/router';
-import { AUTH_SERVICE, AuthService, StellaOpsScopes } from '../../core/auth';
+import { Router, RouterLink, NavigationEnd } from '@angular/router';
+import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
+import { AUTH_SERVICE, AuthService } from '../../core/auth';
 import type { StellaOpsScope } from '../../core/auth';
+import { APPROVAL_API } from '../../core/api/approval.client';
+import type { ApprovalApi } from '../../core/api/approval.client';
 
 import { SidebarNavGroupComponent } from './sidebar-nav-group.component';
 import { SidebarNavItemComponent, NavItem } from './sidebar-nav-item.component';
@@ -316,6 +320,8 @@ export class AppSidebarComponent implements OnDestroy {
   private readonly router = inject(Router);
   private readonly authService = inject(AUTH_SERVICE) as AuthService;
   private readonly ngZone = inject(NgZone);
+  private readonly destroyRef = inject(DestroyRef);
+  private readonly approvalApi = inject(APPROVAL_API, { optional: true }) as ApprovalApi | null;
 
   @Input() collapsed = false;
   @Output() toggleCollapse = new EventEmitter<void>();
@@ -324,8 +330,9 @@ export class AppSidebarComponent implements OnDestroy {
   /** Whether sidebar is temporarily expanded due to hover */
   readonly hoverExpanded = signal(false);
   private hoverTimer: ReturnType<typeof setTimeout> | null = null;
+  private readonly pendingApprovalsCount = signal(0);
 
-  /** Track which groups are expanded — default open: Release Control, Security and Risk */
+  /** Track which groups are expanded — default open: Release Control, Security & Risk */
   readonly expandedGroups = signal<Set<string>>(new Set(['release-control', 'security-risk']));
 
   /**
@@ -392,9 +399,21 @@ export class AppSidebarComponent implements OnDestroy {
         {
           id: 'rc-environments',
           label: 'Regions & Environments',
-          route: '/release-control/environments',
+          route: '/release-control/regions',
           icon: 'server',
         },
+        {
+          id: 'rc-governance',
+          label: 'Governance',
+          route: '/release-control/governance',
+          icon: 'shield',
+        },
+        {
+          id: 'rc-hotfixes',
+          label: 'Hotfixes',
+          route: '/release-control/hotfixes',
+          icon: 'zap',
+        },
         {
           id: 'rc-setup',
           label: 'Setup',
@@ -404,20 +423,22 @@ export class AppSidebarComponent implements OnDestroy {
       ],
     },
 
-    // 3. Security and Risk
+    // 3. Security & Risk
     {
       id: 'security-risk',
-      label: 'Security and Risk',
+      label: 'Security & Risk',
       icon: 'shield',
       route: '/security-risk',
       children: [
-        { id: 'sr-overview', label: 'Overview', route: '/security-risk', icon: 'chart' },
-        { id: 'sr-findings', label: 'Findings', route: '/security-risk/findings', icon: 'list' },
-        { id: 'sr-vulnerabilities', label: 'Vulnerabilities', route: '/security-risk/vulnerabilities', icon: 'alert' },
-        { id: 'sr-reachability', label: 'Reachability', route: '/security-risk/reachability', icon: 'git-branch' },
-        { id: 'sr-sbom', label: 'SBOM Graph', route: '/security-risk/sbom', icon: 'graph' },
-        { id: 'sr-vex', label: 'VEX Hub', route: '/security-risk/vex', icon: 'file-check' },
+        { id: 'sr-overview', label: 'Risk Overview', route: '/security-risk', icon: 'chart' },
         { id: 'sr-advisory-sources', label: 'Advisory Sources', route: '/security-risk/advisory-sources', icon: 'radio' },
+        { id: 'sr-findings', label: 'Findings Explorer', route: '/security-risk/findings', icon: 'list' },
+        { id: 'sr-vulnerabilities', label: 'Vulnerabilities Explorer', route: '/security-risk/vulnerabilities', icon: 'alert' },
+        { id: 'sr-reachability', label: 'Reachability', route: '/security-risk/reachability', icon: 'git-branch' },
+        { id: 'sr-sbom', label: 'SBOM Data: Graph', route: '/security-risk/sbom', icon: 'graph' },
+        { id: 'sr-sbom-lake', label: 'SBOM Data: Lake', route: '/security-risk/sbom-lake', icon: 'database' },
+        { id: 'sr-vex', label: 'VEX & Exceptions: VEX Hub', route: '/security-risk/vex', icon: 'file-check' },
+        { id: 'sr-exceptions', label: 'VEX & Exceptions: Exceptions', route: '/security-risk/exceptions', icon: 'shield-off' },
         { id: 'sr-symbol-sources', label: 'Symbol Sources', route: '/security-risk/symbol-sources', icon: 'package' },
         { id: 'sr-symbol-marketplace', label: 'Symbol Marketplace', route: '/security-risk/symbol-marketplace', icon: 'shopping-bag' },
         { id: 'sr-remediation', label: 'Remediation', route: '/security-risk/remediation', icon: 'tool' },
@@ -427,16 +448,20 @@ export class AppSidebarComponent implements OnDestroy {
     // 4. Evidence and Audit
     {
       id: 'evidence-audit',
-      label: 'Evidence and Audit',
+      label: 'Evidence & Audit',
       icon: 'file-text',
       route: '/evidence-audit',
       children: [
-        { id: 'ea-packets', label: 'Evidence Packets', route: '/evidence-audit', icon: 'archive' },
+        { id: 'ea-home', label: 'Home', route: '/evidence-audit', icon: 'home' },
+        { id: 'ea-packs', label: 'Evidence Packs', route: '/evidence-audit/packs', icon: 'archive' },
+        { id: 'ea-bundles', label: 'Evidence Bundles', route: '/evidence-audit/bundles', icon: 'package' },
+        { id: 'ea-export', label: 'Export Center', route: '/evidence-audit/evidence', icon: 'download' },
         { id: 'ea-proof-chains', label: 'Proof Chains', route: '/evidence-audit/proofs', icon: 'link' },
-        { id: 'ea-audit', label: 'Audit Log', route: '/evidence-audit/audit', icon: 'book-open' },
+        { id: 'ea-audit', label: 'Audit Log', route: '/evidence-audit/audit-log', icon: 'book-open' },
         { id: 'ea-change-trace', label: 'Change Trace', route: '/evidence-audit/change-trace', icon: 'git-commit' },
         { id: 'ea-timeline', label: 'Timeline', route: '/evidence-audit/timeline', icon: 'clock' },
-        { id: 'ea-replay', label: 'Replay / Verify', route: '/evidence-audit/replay', icon: 'refresh' },
+        { id: 'ea-replay', label: 'Replay & Verify', route: '/evidence-audit/replay', icon: 'refresh' },
+        { id: 'ea-trust-signing', label: 'Trust & Signing', route: '/evidence-audit/trust-signing', icon: 'key' },
       ],
     },
 
@@ -449,10 +474,10 @@ export class AppSidebarComponent implements OnDestroy {
       children: [
         { id: 'int-hub', label: 'Hub', route: '/integrations', icon: 'grid' },
         { id: 'int-scm', label: 'SCM', route: '/integrations/scm', icon: 'git-branch' },
-        { id: 'int-ci', label: 'CI/CD', route: '/integrations/ci', icon: 'play' },
+        { id: 'int-ci', label: 'CI/CD', route: '/integrations/ci-cd', icon: 'play' },
         { id: 'int-registries', label: 'Registries', route: '/integrations/registries', icon: 'box' },
         { id: 'int-secrets', label: 'Secrets', route: '/integrations/secrets', icon: 'key' },
-        { id: 'int-targets', label: 'Targets / Runtimes', route: '/integrations/hosts', icon: 'package' },
+        { id: 'int-targets', label: 'Targets / Runtimes', route: '/integrations/targets', icon: 'package' },
         { id: 'int-feeds', label: 'Feeds', route: '/integrations/feeds', icon: 'rss' },
       ],
     },
@@ -488,7 +513,7 @@ export class AppSidebarComponent implements OnDestroy {
         { id: 'adm-notifications', label: 'Notifications', route: '/administration/notifications', icon: 'bell' },
         { id: 'adm-usage', label: 'Usage & Limits', route: '/administration/usage', icon: 'bar-chart' },
         { id: 'adm-policy', label: 'Policy Governance', route: '/administration/policy-governance', icon: 'book' },
-        { id: 'adm-trust', label: 'Trust & Signing', route: '/administration/trust-signing', icon: 'key' },
+        { id: 'adm-offline', label: 'Offline Settings', route: '/administration/offline', icon: 'download-cloud' },
         { id: 'adm-system', label: 'System', route: '/administration/system', icon: 'terminal' },
       ],
     },
@@ -501,6 +526,17 @@ export class AppSidebarComponent implements OnDestroy {
       .filter((section): section is NavSection => section !== null);
   });
 
+  constructor() {
+    this.loadPendingApprovalsBadge();
+    this.router.events
+      .pipe(takeUntilDestroyed(this.destroyRef))
+      .subscribe((event) => {
+        if (event instanceof NavigationEnd) {
+          this.loadPendingApprovalsBadge();
+        }
+      });
+  }
+
   private filterSection(section: NavSection): NavSection | null {
     if (section.requiredScopes && !this.hasAllScopes(section.requiredScopes)) {
       return null;
@@ -522,9 +558,22 @@ export class AppSidebarComponent implements OnDestroy {
       return null;
     }
 
+    const children = visibleChildren.map((child) => this.withDynamicChildState(child));
+
     return {
       ...section,
-      children: visibleChildren,
+      children,
+    };
+  }
+
+  private withDynamicChildState(item: NavItem): NavItem {
+    if (item.id !== 'rc-approvals') {
+      return item;
+    }
+
+    return {
+      ...item,
+      badge: this.pendingApprovalsCount(),
     };
   }
 
@@ -548,6 +597,19 @@ export class AppSidebarComponent implements OnDestroy {
     return this.authService.hasAnyScope(scopes);
   }
 
+  private loadPendingApprovalsBadge(): void {
+    if (!this.approvalApi) {
+      return;
+    }
+
+    this.approvalApi.listApprovals({ statuses: ['pending'] }).pipe(
+      takeUntilDestroyed(this.destroyRef)
+    ).subscribe({
+      next: (approvals) => this.pendingApprovalsCount.set(approvals.length),
+      error: () => this.pendingApprovalsCount.set(0),
+    });
+  }
+
   onSidebarMouseEnter(): void {
     if (!this.collapsed || this.hoverExpanded()) return;
     this.ngZone.runOutsideAngular(() => {
diff --git a/src/Web/StellaOps.Web/src/app/layout/app-sidebar/sidebar-nav-item.component.ts b/src/Web/StellaOps.Web/src/app/layout/app-sidebar/sidebar-nav-item.component.ts
index a4686bf14..21a005a48 100644
--- a/src/Web/StellaOps.Web/src/app/layout/app-sidebar/sidebar-nav-item.component.ts
+++ b/src/Web/StellaOps.Web/src/app/layout/app-sidebar/sidebar-nav-item.component.ts
@@ -31,7 +31,7 @@ export interface NavItem {
       [class.nav-item--child]="isChild"
       [routerLink]="route"
       routerLinkActive="nav-item--active"
-      [routerLinkActiveOptions]="{ exact: true }"
+      [routerLinkActiveOptions]="{ exact: !isChild }"
       [attr.title]="collapsed ? label : null"
       >
       <span class="nav-item__icon" [attr.aria-hidden]="true">
diff --git a/src/Web/StellaOps.Web/src/app/layout/context-chips/feed-snapshot-chip.component.ts b/src/Web/StellaOps.Web/src/app/layout/context-chips/feed-snapshot-chip.component.ts
index 80670944b..ec081a2b7 100644
--- a/src/Web/StellaOps.Web/src/app/layout/context-chips/feed-snapshot-chip.component.ts
+++ b/src/Web/StellaOps.Web/src/app/layout/context-chips/feed-snapshot-chip.component.ts
@@ -22,7 +22,7 @@ import { OfflineModeService } from '../../core/services/offline-mode.service';
       class="chip"
       [class.chip--fresh]="!isStale()"
       [class.chip--stale]="isStale()"
-      routerLink="/operations/feeds"
+      routerLink="/platform-ops/feeds"
       [attr.title]="tooltip()"
     >
       <svg class="chip__icon" viewBox="0 0 24 24" width="14" height="14" aria-hidden="true">
diff --git a/src/Web/StellaOps.Web/src/app/layout/context-chips/offline-status-chip.component.ts b/src/Web/StellaOps.Web/src/app/layout/context-chips/offline-status-chip.component.ts
index 2383ba1eb..ab0228d92 100644
--- a/src/Web/StellaOps.Web/src/app/layout/context-chips/offline-status-chip.component.ts
+++ b/src/Web/StellaOps.Web/src/app/layout/context-chips/offline-status-chip.component.ts
@@ -19,7 +19,7 @@ import { OfflineModeService } from '../../core/services/offline-mode.service';
       class="chip"
       [class.chip--ok]="status() === 'ok'"
       [class.chip--degraded]="status() === 'degraded'"
-      routerLink="/settings/offline"
+      routerLink="/administration/offline"
       [attr.title]="tooltip()"
       aria-live="polite"
     >
diff --git a/src/Web/StellaOps.Web/src/app/routes/administration.routes.ts b/src/Web/StellaOps.Web/src/app/routes/administration.routes.ts
index 355a3fd14..393a201bd 100644
--- a/src/Web/StellaOps.Web/src/app/routes/administration.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/routes/administration.routes.ts
@@ -235,6 +235,15 @@ export const ADMINISTRATION_ROUTES: Routes = [
         (m) => m.SystemSettingsPageComponent
       ),
   },
+  {
+    path: 'offline',
+    title: 'Offline Settings',
+    data: { breadcrumb: 'Offline Settings' },
+    loadComponent: () =>
+      import('../features/offline-kit/components/offline-dashboard.component').then(
+        (m) => m.OfflineDashboardComponent
+      ),
+  },
   // Configuration pane (formerly /console/configuration)
   {
     path: 'configuration-pane',
diff --git a/src/Web/StellaOps.Web/src/app/routes/evidence-audit.routes.ts b/src/Web/StellaOps.Web/src/app/routes/evidence-audit.routes.ts
index 8308f9fe0..65cc0cce6 100644
--- a/src/Web/StellaOps.Web/src/app/routes/evidence-audit.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/routes/evidence-audit.routes.ts
@@ -5,26 +5,132 @@
 import { Routes } from '@angular/router';
 
 export const EVIDENCE_AUDIT_ROUTES: Routes = [
-  { path: '', title: 'Evidence and Audit', data: { breadcrumb: 'Evidence and Audit' },
-    loadComponent: () => import('../features/evidence-audit/evidence-audit-overview.component').then(m => m.EvidenceAuditOverviewComponent) },
-  { path: 'packs', title: 'Evidence Packs', data: { breadcrumb: 'Evidence Packs' },
-    loadComponent: () => import('../features/evidence-pack/evidence-pack-list.component').then(m => m.EvidencePackListComponent) },
-  { path: 'packs/:packId', title: 'Evidence Pack', data: { breadcrumb: 'Evidence Pack' },
-    loadComponent: () => import('../features/evidence-pack/evidence-pack-viewer.component').then(m => m.EvidencePackViewerComponent) },
-  { path: 'proofs', title: 'Proof Chains', data: { breadcrumb: 'Proof Chains' },
-    loadComponent: () => import('../features/proof-chain/proof-chain.component').then(m => m.ProofChainComponent) },
-  { path: 'proofs/:subjectDigest', title: 'Proof Chain', data: { breadcrumb: 'Proof Chain' },
-    loadComponent: () => import('../features/proof-chain/proof-chain.component').then(m => m.ProofChainComponent) },
-  { path: 'timeline', title: 'Timeline', data: { breadcrumb: 'Timeline' },
-    loadChildren: () => import('../features/timeline/timeline.routes').then(m => m.TIMELINE_ROUTES) },
-  { path: 'replay', title: 'Replay / Verify', data: { breadcrumb: 'Replay / Verify' },
-    loadComponent: () => import('../features/evidence-export/replay-controls.component').then(m => m.ReplayControlsComponent) },
-  { path: 'receipts/cvss/:receiptId', title: 'CVSS Receipt', data: { breadcrumb: 'CVSS Receipt' },
-    loadComponent: () => import('../features/cvss/cvss-receipt.component').then(m => m.CvssReceiptComponent) },
-  { path: 'audit', title: 'Audit Log', data: { breadcrumb: 'Audit Log' },
-    loadChildren: () => import('../features/audit-log/audit-log.routes').then(m => m.auditLogRoutes) },
-  { path: 'change-trace', title: 'Change Trace', data: { breadcrumb: 'Change Trace' },
-    loadChildren: () => import('../features/change-trace/change-trace.routes').then(m => m.changeTraceRoutes) },
-  { path: 'evidence', title: 'Evidence', data: { breadcrumb: 'Evidence' },
-    loadChildren: () => import('../features/evidence-export/evidence-export.routes').then(m => m.evidenceExportRoutes) },
+  {
+    path: '',
+    title: 'Evidence & Audit',
+    data: { breadcrumb: 'Evidence & Audit' },
+    loadComponent: () =>
+      import('../features/evidence-audit/evidence-audit-overview.component').then(
+        (m) => m.EvidenceAuditOverviewComponent
+      ),
+  },
+  {
+    path: 'home',
+    pathMatch: 'full',
+    redirectTo: '',
+  },
+  {
+    path: 'packs',
+    title: 'Evidence Packs',
+    data: { breadcrumb: 'Evidence Packs' },
+    loadComponent: () =>
+      import('../features/evidence-pack/evidence-pack-list.component').then(
+        (m) => m.EvidencePackListComponent
+      ),
+  },
+  {
+    path: 'packs/:packId',
+    title: 'Evidence Pack',
+    data: { breadcrumb: 'Evidence Pack' },
+    loadComponent: () =>
+      import('../features/evidence-pack/evidence-pack-viewer.component').then(
+        (m) => m.EvidencePackViewerComponent
+      ),
+  },
+  {
+    path: 'bundles',
+    title: 'Evidence Bundles',
+    data: { breadcrumb: 'Evidence Bundles' },
+    loadComponent: () =>
+      import('../features/evidence-export/evidence-bundles.component').then(
+        (m) => m.EvidenceBundlesComponent
+      ),
+  },
+  {
+    path: 'proofs',
+    title: 'Proof Chains',
+    data: { breadcrumb: 'Proof Chains' },
+    loadComponent: () =>
+      import('../features/proof-chain/proof-chain.component').then(
+        (m) => m.ProofChainComponent
+      ),
+  },
+  {
+    path: 'proofs/:subjectDigest',
+    title: 'Proof Chain',
+    data: { breadcrumb: 'Proof Chain' },
+    loadComponent: () =>
+      import('../features/proof-chain/proof-chain.component').then(
+        (m) => m.ProofChainComponent
+      ),
+  },
+  {
+    path: 'timeline',
+    title: 'Timeline',
+    data: { breadcrumb: 'Timeline' },
+    loadChildren: () =>
+      import('../features/timeline/timeline.routes').then((m) => m.TIMELINE_ROUTES),
+  },
+  {
+    path: 'replay',
+    title: 'Replay & Verify',
+    data: { breadcrumb: 'Replay & Verify' },
+    loadComponent: () =>
+      import('../features/evidence-export/replay-controls.component').then(
+        (m) => m.ReplayControlsComponent
+      ),
+  },
+  {
+    path: 'receipts/cvss/:receiptId',
+    title: 'CVSS Receipt',
+    data: { breadcrumb: 'CVSS Receipt' },
+    loadComponent: () =>
+      import('../features/cvss/cvss-receipt.component').then((m) => m.CvssReceiptComponent),
+  },
+  {
+    path: 'audit-log',
+    title: 'Audit Log',
+    data: { breadcrumb: 'Audit Log' },
+    loadChildren: () =>
+      import('../features/audit-log/audit-log.routes').then((m) => m.auditLogRoutes),
+  },
+  {
+    path: 'audit',
+    pathMatch: 'full',
+    redirectTo: 'audit-log',
+  },
+  {
+    path: 'change-trace',
+    title: 'Change Trace',
+    data: { breadcrumb: 'Change Trace' },
+    loadChildren: () =>
+      import('../features/change-trace/change-trace.routes').then((m) => m.changeTraceRoutes),
+  },
+  {
+    path: 'trust-signing',
+    title: 'Trust & Signing',
+    data: { breadcrumb: 'Trust & Signing' },
+    loadComponent: () =>
+      import('../features/settings/trust/trust-settings-page.component').then(
+        (m) => m.TrustSettingsPageComponent
+      ),
+  },
+  {
+    path: 'trust-signing/:page',
+    title: 'Trust & Signing',
+    data: { breadcrumb: 'Trust & Signing' },
+    loadComponent: () =>
+      import('../features/settings/trust/trust-settings-page.component').then(
+        (m) => m.TrustSettingsPageComponent
+      ),
+  },
+  {
+    path: 'evidence',
+    title: 'Export Center',
+    data: { breadcrumb: 'Export Center' },
+    loadChildren: () =>
+      import('../features/evidence-export/evidence-export.routes').then(
+        (m) => m.evidenceExportRoutes
+      ),
+  },
 ];
diff --git a/src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts b/src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts
index df2951330..3e57a004a 100644
--- a/src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts
@@ -60,6 +60,14 @@ export const LEGACY_REDIRECT_ROUTE_TEMPLATES: readonly LegacyRedirectTemplate[]
   // ===========================================
   { path: 'findings', redirectTo: '/security-risk/findings', pathMatch: 'full' },
   { path: 'findings/:scanId', redirectTo: '/security-risk/scans/:scanId', pathMatch: 'full' },
+  { path: 'security/findings', redirectTo: '/security-risk/findings', pathMatch: 'full' },
+  { path: 'security/findings/:findingId', redirectTo: '/security-risk/findings/:findingId', pathMatch: 'full' },
+  { path: 'security/vulnerabilities', redirectTo: '/security-risk/vulnerabilities', pathMatch: 'full' },
+  { path: 'security/vulnerabilities/:vulnId', redirectTo: '/security-risk/vulnerabilities/:vulnId', pathMatch: 'full' },
+  { path: 'security/sbom', redirectTo: '/security-risk/sbom', pathMatch: 'full' },
+  { path: 'security/vex', redirectTo: '/security-risk/vex', pathMatch: 'full' },
+  { path: 'security/exceptions', redirectTo: '/security-risk/exceptions', pathMatch: 'full' },
+  { path: 'security/advisory-sources', redirectTo: '/security-risk/advisory-sources', pathMatch: 'full' },
   { path: 'scans/:scanId', redirectTo: '/security-risk/scans/:scanId', pathMatch: 'full' },
   { path: 'vulnerabilities', redirectTo: '/security-risk/vulnerabilities', pathMatch: 'full' },
   { path: 'vulnerabilities/:vulnId', redirectTo: '/security-risk/vulnerabilities/:vulnId', pathMatch: 'full' },
@@ -71,6 +79,8 @@ export const LEGACY_REDIRECT_ROUTE_TEMPLATES: readonly LegacyRedirectTemplate[]
   { path: 'reachability', redirectTo: '/security-risk/reachability', pathMatch: 'full' },
   { path: 'analyze/unknowns', redirectTo: '/security-risk/unknowns', pathMatch: 'full' },
   { path: 'analyze/patch-map', redirectTo: '/security-risk/patch-map', pathMatch: 'full' },
+  { path: 'analytics', redirectTo: '/security-risk/sbom-lake', pathMatch: 'full' },
+  { path: 'analytics/sbom-lake', redirectTo: '/security-risk/sbom-lake', pathMatch: 'full' },
   { path: 'cvss/receipts/:receiptId', redirectTo: '/evidence-audit/receipts/cvss/:receiptId', pathMatch: 'full' },
 
   // ===========================================
@@ -154,11 +164,28 @@ export const LEGACY_REDIRECT_ROUTE_TEMPLATES: readonly LegacyRedirectTemplate[]
   // ===========================================
   { path: 'sbom-sources', redirectTo: '/integrations/sbom-sources', pathMatch: 'full' },
 
+  // ===========================================
+  // Settings -> canonical v2 domains
+  // ===========================================
+  { path: 'settings/integrations', redirectTo: '/integrations', pathMatch: 'full' },
+  { path: 'settings/integrations/:id', redirectTo: '/integrations/:id', pathMatch: 'full' },
+  { path: 'settings/release-control', redirectTo: '/release-control/setup', pathMatch: 'full' },
+  { path: 'settings/trust', redirectTo: '/evidence-audit/trust-signing', pathMatch: 'full' },
+  { path: 'settings/trust/:page', redirectTo: '/evidence-audit/trust-signing/:page', pathMatch: 'full' },
+  { path: 'settings/policy', redirectTo: '/release-control/governance', pathMatch: 'full' },
+  { path: 'settings/admin', redirectTo: '/administration/identity-access', pathMatch: 'full' },
+  { path: 'settings/branding', redirectTo: '/administration/tenant-branding', pathMatch: 'full' },
+  { path: 'settings/notifications', redirectTo: '/administration/notifications', pathMatch: 'full' },
+  { path: 'settings/usage', redirectTo: '/administration/usage', pathMatch: 'full' },
+  { path: 'settings/system', redirectTo: '/administration/system', pathMatch: 'full' },
+  { path: 'settings/offline', redirectTo: '/administration/offline', pathMatch: 'full' },
+  { path: 'settings/security-data', redirectTo: '/integrations/feeds', pathMatch: 'full' },
+
   // ===========================================
   // Release Orchestrator -> Release Control
   // ===========================================
   { path: 'release-orchestrator', redirectTo: '/', pathMatch: 'full' },
-  { path: 'release-orchestrator/environments', redirectTo: '/release-control/environments', pathMatch: 'full' },
+  { path: 'release-orchestrator/environments', redirectTo: '/release-control/regions', pathMatch: 'full' },
   { path: 'release-orchestrator/releases', redirectTo: '/release-control/releases', pathMatch: 'full' },
   { path: 'release-orchestrator/approvals', redirectTo: '/release-control/approvals', pathMatch: 'full' },
   { path: 'release-orchestrator/deployments', redirectTo: '/release-control/deployments', pathMatch: 'full' },
@@ -168,6 +195,12 @@ export const LEGACY_REDIRECT_ROUTE_TEMPLATES: readonly LegacyRedirectTemplate[]
   // ===========================================
   // Evidence -> Evidence & Audit
   // ===========================================
+  { path: 'evidence/packs', redirectTo: '/evidence-audit/packs', pathMatch: 'full' },
+  { path: 'evidence/bundles', redirectTo: '/evidence-audit/bundles', pathMatch: 'full' },
+  { path: 'evidence/export', redirectTo: '/evidence-audit/evidence/export', pathMatch: 'full' },
+  { path: 'evidence/replay', redirectTo: '/evidence-audit/replay', pathMatch: 'full' },
+  { path: 'evidence/proof-chains', redirectTo: '/evidence-audit/proofs', pathMatch: 'full' },
+  { path: 'evidence/audit-log', redirectTo: '/evidence-audit/audit-log', pathMatch: 'full' },
   { path: 'evidence-packs', redirectTo: '/evidence-audit/packs', pathMatch: 'full' },
   { path: 'evidence-packs/:packId', redirectTo: '/evidence-audit/packs/:packId', pathMatch: 'full' },
   // Keep /proofs/* as permanent short alias for convenience
diff --git a/src/Web/StellaOps.Web/src/app/routes/platform-ops.routes.ts b/src/Web/StellaOps.Web/src/app/routes/platform-ops.routes.ts
index 0ab242c93..2e8cecb4d 100644
--- a/src/Web/StellaOps.Web/src/app/routes/platform-ops.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/routes/platform-ops.routes.ts
@@ -145,9 +145,9 @@ export const PLATFORM_OPS_ROUTES: Routes = [
     path: 'data-integrity',
     title: 'Data Integrity',
     data: { breadcrumb: 'Data Integrity' },
-    loadComponent: () =>
-      import('../features/platform-ops/data-integrity-overview.component').then(
-        (m) => m.DataIntegrityOverviewComponent
+    loadChildren: () =>
+      import('../features/platform-ops/data-integrity/data-integrity.routes').then(
+        (m) => m.dataIntegrityRoutes
       ),
   },
   {
diff --git a/src/Web/StellaOps.Web/src/app/routes/release-control.routes.ts b/src/Web/StellaOps.Web/src/app/routes/release-control.routes.ts
index a1ae3708f..4d6607821 100644
--- a/src/Web/StellaOps.Web/src/app/routes/release-control.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/routes/release-control.routes.ts
@@ -11,10 +11,21 @@ import { Routes } from '@angular/router';
 export const RELEASE_CONTROL_ROUTES: Routes = [
   {
     path: '',
-    redirectTo: 'releases',
+    redirectTo: 'control-plane',
     pathMatch: 'full',
   },
 
+  // Control plane entry under Release Control
+  {
+    path: 'control-plane',
+    title: 'Control Plane',
+    data: { breadcrumb: 'Control Plane' },
+    loadComponent: () =>
+      import('../features/control-plane/control-plane-dashboard.component').then(
+        (m) => m.ControlPlaneDashboardComponent
+      ),
+  },
+
   // Setup hub and setup child pages (Pack 21 migration from Settings -> Release Control)
   {
     path: 'setup',
@@ -104,16 +115,68 @@ export const RELEASE_CONTROL_ROUTES: Routes = [
       ),
   },
 
-  // Environments
+  // Regions & Environments (region-first canonical structure)
   {
-    path: 'environments',
+    path: 'regions',
     title: 'Regions & Environments',
     data: { breadcrumb: 'Regions & Environments' },
-    loadChildren: () =>
-      import('../features/release-orchestrator/environments/environments.routes').then(
-        (m) => m.ENVIRONMENT_ROUTES
+    loadComponent: () =>
+      import('../features/release-control/regions/regions-overview.component').then(
+        (m) => m.RegionsOverviewComponent
       ),
   },
+  {
+    path: 'regions/:region',
+    title: 'Region Detail',
+    data: { breadcrumb: 'Region Detail' },
+    loadComponent: () =>
+      import('../features/release-control/regions/region-detail.component').then(
+        (m) => m.RegionDetailComponent
+      ),
+  },
+  {
+    path: 'regions/:region/environments/:env',
+    title: 'Environment Detail',
+    data: { breadcrumb: 'Environment Detail' },
+    loadComponent: () =>
+      import('../features/release-orchestrator/environments/environment-detail/environment-detail.component').then(
+        (m) => m.EnvironmentDetailComponent
+      ),
+  },
+  {
+    path: 'regions/:region/environments/:env/settings',
+    title: 'Environment Detail',
+    data: { breadcrumb: 'Environment Detail', initialTab: 'inputs' },
+    loadComponent: () =>
+      import('../features/release-orchestrator/environments/environment-detail/environment-detail.component').then(
+        (m) => m.EnvironmentDetailComponent
+      ),
+  },
+  {
+    path: 'environments',
+    pathMatch: 'full',
+    redirectTo: 'regions',
+  },
+  {
+    path: 'environments/:region/:env',
+    pathMatch: 'full',
+    redirectTo: 'regions/:region/environments/:env',
+  },
+  {
+    path: 'environments/:region/:env/settings',
+    pathMatch: 'full',
+    redirectTo: 'regions/:region/environments/:env/settings',
+  },
+  {
+    path: 'environments/:id',
+    pathMatch: 'full',
+    redirectTo: 'regions/global/environments/:id',
+  },
+  {
+    path: 'environments/:id/settings',
+    pathMatch: 'full',
+    redirectTo: 'regions/global/environments/:id/settings',
+  },
 
   // Deployments
   {
@@ -158,4 +221,26 @@ export const RELEASE_CONTROL_ROUTES: Routes = [
         (m) => m.PIPELINE_RUN_ROUTES
       ),
   },
+
+  // Governance & Policy hub
+  {
+    path: 'governance',
+    title: 'Governance',
+    data: { breadcrumb: 'Governance' },
+    loadChildren: () =>
+      import('../features/release-control/governance/release-control-governance.routes').then(
+        (m) => m.RELEASE_CONTROL_GOVERNANCE_ROUTES
+      ),
+  },
+
+  // Dedicated hotfix queue
+  {
+    path: 'hotfixes',
+    title: 'Hotfixes',
+    data: { breadcrumb: 'Hotfixes' },
+    loadComponent: () =>
+      import('../features/release-control/hotfixes/hotfixes-queue.component').then(
+        (m) => m.HotfixesQueueComponent
+      ),
+  },
 ];
diff --git a/src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts b/src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts
index 18bdad1dc..ad3dc1cdb 100644
--- a/src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts
+++ b/src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts
@@ -5,58 +5,246 @@
 import { Routes } from '@angular/router';
 
 export const SECURITY_RISK_ROUTES: Routes = [
-  { path: '', title: 'Security and Risk', data: { breadcrumb: 'Security and Risk' },
-    loadComponent: () => import('../features/security-risk/security-risk-overview.component').then(m => m.SecurityRiskOverviewComponent) },
-  { path: 'findings', title: 'Findings', data: { breadcrumb: 'Findings' },
-    loadComponent: () => import('../features/findings/container/findings-container.component').then(m => m.FindingsContainerComponent) },
-  { path: 'advisory-sources', title: 'Advisory Sources', data: { breadcrumb: 'Advisory Sources' },
-    loadComponent: () => import('../features/security-risk/advisory-sources.component').then(m => m.AdvisorySourcesComponent) },
-  { path: 'vulnerabilities', title: 'Vulnerabilities', data: { breadcrumb: 'Vulnerabilities' },
-    loadComponent: () => import('../features/vulnerabilities/vulnerability-explorer.component').then(m => m.VulnerabilityExplorerComponent) },
-  { path: 'vulnerabilities/:vulnId', title: 'Vulnerability Detail', data: { breadcrumb: 'Vulnerability Detail' },
-    loadComponent: () => import('../features/vulnerabilities/vulnerability-detail.component').then(m => m.VulnerabilityDetailComponent) },
-  { path: 'scans/:scanId', title: 'Scan Detail', data: { breadcrumb: 'Scan Detail' },
-    loadComponent: () => import('../features/scans/scan-detail-page.component').then(m => m.ScanDetailPageComponent) },
-  { path: 'sbom', title: 'SBOM', data: { breadcrumb: 'SBOM' },
-    loadComponent: () => import('../features/security/sbom-graph-page.component').then(m => m.SbomGraphPageComponent) },
-  { path: 'sbom/graph', title: 'SBOM Graph', data: { breadcrumb: 'SBOM Graph' },
-    loadComponent: () => import('../features/graph/graph-explorer.component').then(m => m.GraphExplorerComponent) },
-  { path: 'vex', title: 'VEX', data: { breadcrumb: 'VEX' },
-    loadChildren: () => import('../features/vex-hub/vex-hub.routes').then(m => m.vexHubRoutes) },
-  { path: 'vex/:page', title: 'VEX', data: { breadcrumb: 'VEX' },
-    loadChildren: () => import('../features/vex-hub/vex-hub.routes').then(m => m.vexHubRoutes) },
-  { path: 'lineage', title: 'Lineage', data: { breadcrumb: 'Lineage' },
-    loadChildren: () => import('../features/lineage/lineage.routes').then(m => m.lineageRoutes) },
-  { path: 'lineage/:artifact/compare', title: 'Lineage Compare', data: { breadcrumb: 'Lineage Compare' },
-    loadChildren: () => import('../features/lineage/lineage.routes').then(m => m.lineageRoutes) },
-  { path: 'lineage/compare', title: 'Lineage Compare', data: { breadcrumb: 'Lineage Compare' },
-    loadChildren: () => import('../features/lineage/lineage.routes').then(m => m.lineageRoutes) },
-  { path: 'lineage/compare/:currentId', title: 'Compare', data: { breadcrumb: 'Compare' },
-    loadComponent: () => import('../features/compare/components/compare-view/compare-view.component').then(m => m.CompareViewComponent) },
-  { path: 'reachability', title: 'Reachability', data: { breadcrumb: 'Reachability' },
-    loadComponent: () => import('../features/reachability/reachability-center.component').then(m => m.ReachabilityCenterComponent) },
-  { path: 'risk', title: 'Risk', data: { breadcrumb: 'Risk Overview' },
-    loadComponent: () => import('../features/risk/risk-dashboard.component').then(m => m.RiskDashboardComponent) },
-  { path: 'unknowns', title: 'Unknowns', data: { breadcrumb: 'Unknowns' },
-    loadChildren: () => import('../features/unknowns-tracking/unknowns.routes').then(m => m.unknownsRoutes) },
-  { path: 'patch-map', title: 'Patch Map', data: { breadcrumb: 'Patch Map' },
-    loadComponent: () => import('../features/binary-index/patch-map.component').then(m => m.PatchMapComponent) },
-  { path: 'artifacts', title: 'Artifacts', data: { breadcrumb: 'Artifacts' },
-    loadComponent: () => import('../features/triage/triage-artifacts.component').then(m => m.TriageArtifactsComponent) },
-  { path: 'artifacts/:artifactId', title: 'Artifact Detail', data: { breadcrumb: 'Artifact Detail' },
-    loadComponent: () => import('../features/triage/triage-workspace.component').then(m => m.TriageWorkspaceComponent) },
-  { path: 'symbol-sources', title: 'Symbol Sources', data: { breadcrumb: 'Symbol Sources' },
-    loadComponent: () => import('../features/security-risk/symbol-sources/symbol-sources-list.component').then(m => m.SymbolSourcesListComponent) },
-  { path: 'symbol-sources/:sourceId', title: 'Symbol Source Detail', data: { breadcrumb: 'Symbol Source' },
-    loadComponent: () => import('../features/security-risk/symbol-sources/symbol-source-detail.component').then(m => m.SymbolSourceDetailComponent) },
-  { path: 'symbol-marketplace', title: 'Symbol Marketplace', data: { breadcrumb: 'Symbol Marketplace' },
-    loadComponent: () => import('../features/security-risk/symbol-sources/symbol-marketplace-catalog.component').then(m => m.SymbolMarketplaceCatalogComponent) },
-  { path: 'remediation', title: 'Remediation', data: { breadcrumb: 'Remediation' },
-    loadComponent: () => import('../features/security-risk/remediation/remediation-browse.component').then(m => m.RemediationBrowseComponent) },
-  { path: 'remediation/submit', title: 'Submit Fix', data: { breadcrumb: 'Submit' },
-    loadComponent: () => import('../features/security-risk/remediation/remediation-submit.component').then(m => m.RemediationSubmitComponent) },
-  { path: 'remediation/status/:submissionId', title: 'Verification Status', data: { breadcrumb: 'Status' },
-    loadComponent: () => import('../features/security-risk/remediation/remediation-submit.component').then(m => m.RemediationSubmitComponent) },
-  { path: 'remediation/:fixId', title: 'Fix Detail', data: { breadcrumb: 'Fix Detail' },
-    loadComponent: () => import('../features/security-risk/remediation/remediation-fix-detail.component').then(m => m.RemediationFixDetailComponent) },
+  {
+    path: '',
+    title: 'Risk Overview',
+    data: { breadcrumb: 'Risk Overview' },
+    loadComponent: () =>
+      import('../features/security-risk/security-risk-overview.component').then(
+        (m) => m.SecurityRiskOverviewComponent
+      ),
+  },
+  {
+    path: 'findings',
+    title: 'Findings Explorer',
+    data: { breadcrumb: 'Findings Explorer' },
+    loadComponent: () =>
+      import('../features/findings/container/findings-container.component').then(
+        (m) => m.FindingsContainerComponent
+      ),
+  },
+  {
+    path: 'findings/:findingId',
+    title: 'Finding Detail',
+    data: { breadcrumb: 'Finding Detail' },
+    loadComponent: () =>
+      import('../features/security-risk/finding-detail-page.component').then(
+        (m) => m.FindingDetailPageComponent
+      ),
+  },
+  {
+    path: 'advisory-sources',
+    title: 'Advisory Sources',
+    data: { breadcrumb: 'Advisory Sources' },
+    loadComponent: () =>
+      import('../features/security-risk/advisory-sources.component').then(
+        (m) => m.AdvisorySourcesComponent
+      ),
+  },
+  {
+    path: 'vulnerabilities',
+    title: 'Vulnerabilities Explorer',
+    data: { breadcrumb: 'Vulnerabilities Explorer' },
+    loadComponent: () =>
+      import('../features/vulnerabilities/vulnerability-explorer.component').then(
+        (m) => m.VulnerabilityExplorerComponent
+      ),
+  },
+  {
+    path: 'vulnerabilities/:cveId',
+    title: 'Vulnerability Detail',
+    data: { breadcrumb: 'Vulnerability Detail' },
+    loadComponent: () =>
+      import('../features/security-risk/vulnerability-detail-page.component').then(
+        (m) => m.VulnerabilityDetailPageComponent
+      ),
+  },
+  {
+    path: 'scans/:scanId',
+    title: 'Scan Detail',
+    data: { breadcrumb: 'Scan Detail' },
+    loadComponent: () =>
+      import('../features/scans/scan-detail-page.component').then((m) => m.ScanDetailPageComponent),
+  },
+  {
+    path: 'sbom',
+    title: 'SBOM Graph',
+    data: { breadcrumb: 'SBOM Graph' },
+    loadComponent: () =>
+      import('../features/security/sbom-graph-page.component').then((m) => m.SbomGraphPageComponent),
+  },
+  {
+    path: 'sbom/graph',
+    title: 'SBOM Graph',
+    data: { breadcrumb: 'SBOM Graph' },
+    loadComponent: () =>
+      import('../features/graph/graph-explorer.component').then((m) => m.GraphExplorerComponent),
+  },
+  {
+    path: 'sbom-lake',
+    title: 'SBOM Lake',
+    data: { breadcrumb: 'SBOM Lake' },
+    loadComponent: () =>
+      import('../features/analytics/sbom-lake-page.component').then((m) => m.SbomLakePageComponent),
+  },
+  {
+    path: 'vex',
+    title: 'VEX Hub',
+    data: { breadcrumb: 'VEX Hub' },
+    loadChildren: () => import('../features/vex-hub/vex-hub.routes').then((m) => m.vexHubRoutes),
+  },
+  {
+    path: 'vex/:page',
+    title: 'VEX Hub',
+    data: { breadcrumb: 'VEX Hub' },
+    loadChildren: () => import('../features/vex-hub/vex-hub.routes').then((m) => m.vexHubRoutes),
+  },
+  {
+    path: 'exceptions',
+    title: 'Exceptions',
+    data: { breadcrumb: 'Exceptions' },
+    loadComponent: () =>
+      import('../features/triage/triage-artifacts.component').then((m) => m.TriageArtifactsComponent),
+  },
+  {
+    path: 'exceptions/:id',
+    title: 'Exception Detail',
+    data: { breadcrumb: 'Exception Detail' },
+    loadComponent: () =>
+      import('../features/triage/triage-workspace.component').then((m) => m.TriageWorkspaceComponent),
+  },
+  {
+    path: 'lineage',
+    title: 'Lineage',
+    data: { breadcrumb: 'Lineage' },
+    loadChildren: () => import('../features/lineage/lineage.routes').then((m) => m.lineageRoutes),
+  },
+  {
+    path: 'lineage/:artifact/compare',
+    title: 'Lineage Compare',
+    data: { breadcrumb: 'Lineage Compare' },
+    loadChildren: () => import('../features/lineage/lineage.routes').then((m) => m.lineageRoutes),
+  },
+  {
+    path: 'lineage/compare',
+    title: 'Lineage Compare',
+    data: { breadcrumb: 'Lineage Compare' },
+    loadChildren: () => import('../features/lineage/lineage.routes').then((m) => m.lineageRoutes),
+  },
+  {
+    path: 'lineage/compare/:currentId',
+    title: 'Compare',
+    data: { breadcrumb: 'Compare' },
+    loadComponent: () =>
+      import('../features/compare/components/compare-view/compare-view.component').then(
+        (m) => m.CompareViewComponent
+      ),
+  },
+  {
+    path: 'reachability',
+    title: 'Reachability',
+    data: { breadcrumb: 'Reachability' },
+    loadComponent: () =>
+      import('../features/reachability/reachability-center.component').then(
+        (m) => m.ReachabilityCenterComponent
+      ),
+  },
+  {
+    path: 'risk',
+    title: 'Risk Overview',
+    data: { breadcrumb: 'Risk Overview' },
+    loadComponent: () =>
+      import('../features/risk/risk-dashboard.component').then((m) => m.RiskDashboardComponent),
+  },
+  {
+    path: 'unknowns',
+    title: 'Unknowns',
+    data: { breadcrumb: 'Unknowns' },
+    loadChildren: () =>
+      import('../features/unknowns-tracking/unknowns.routes').then((m) => m.unknownsRoutes),
+  },
+  {
+    path: 'patch-map',
+    title: 'Patch Map',
+    data: { breadcrumb: 'Patch Map' },
+    loadComponent: () =>
+      import('../features/binary-index/patch-map.component').then((m) => m.PatchMapComponent),
+  },
+  {
+    path: 'artifacts',
+    title: 'Artifacts',
+    data: { breadcrumb: 'Artifacts' },
+    loadComponent: () =>
+      import('../features/triage/triage-artifacts.component').then((m) => m.TriageArtifactsComponent),
+  },
+  {
+    path: 'artifacts/:artifactId',
+    title: 'Artifact Detail',
+    data: { breadcrumb: 'Artifact Detail' },
+    loadComponent: () =>
+      import('../features/triage/triage-workspace.component').then((m) => m.TriageWorkspaceComponent),
+  },
+  {
+    path: 'symbol-sources',
+    title: 'Symbol Sources',
+    data: { breadcrumb: 'Symbol Sources' },
+    loadComponent: () =>
+      import('../features/security-risk/symbol-sources/symbol-sources-list.component').then(
+        (m) => m.SymbolSourcesListComponent
+      ),
+  },
+  {
+    path: 'symbol-sources/:sourceId',
+    title: 'Symbol Source Detail',
+    data: { breadcrumb: 'Symbol Source' },
+    loadComponent: () =>
+      import('../features/security-risk/symbol-sources/symbol-source-detail.component').then(
+        (m) => m.SymbolSourceDetailComponent
+      ),
+  },
+  {
+    path: 'symbol-marketplace',
+    title: 'Symbol Marketplace',
+    data: { breadcrumb: 'Symbol Marketplace' },
+    loadComponent: () =>
+      import('../features/security-risk/symbol-sources/symbol-marketplace-catalog.component').then(
+        (m) => m.SymbolMarketplaceCatalogComponent
+      ),
+  },
+  {
+    path: 'remediation',
+    title: 'Remediation',
+    data: { breadcrumb: 'Remediation' },
+    loadComponent: () =>
+      import('../features/security-risk/remediation/remediation-browse.component').then(
+        (m) => m.RemediationBrowseComponent
+      ),
+  },
+  {
+    path: 'remediation/submit',
+    title: 'Submit Fix',
+    data: { breadcrumb: 'Submit' },
+    loadComponent: () =>
+      import('../features/security-risk/remediation/remediation-submit.component').then(
+        (m) => m.RemediationSubmitComponent
+      ),
+  },
+  {
+    path: 'remediation/status/:submissionId',
+    title: 'Verification Status',
+    data: { breadcrumb: 'Status' },
+    loadComponent: () =>
+      import('../features/security-risk/remediation/remediation-submit.component').then(
+        (m) => m.RemediationSubmitComponent
+      ),
+  },
+  {
+    path: 'remediation/:fixId',
+    title: 'Fix Detail',
+    data: { breadcrumb: 'Fix Detail' },
+    loadComponent: () =>
+      import('../features/security-risk/remediation/remediation-fix-detail.component').then(
+        (m) => m.RemediationFixDetailComponent
+      ),
+  },
 ];
diff --git a/src/Web/StellaOps.Web/src/app/shared/components/bundle-freshness-widget.component.ts b/src/Web/StellaOps.Web/src/app/shared/components/bundle-freshness-widget.component.ts
index 981159188..ebce85c49 100644
--- a/src/Web/StellaOps.Web/src/app/shared/components/bundle-freshness-widget.component.ts
+++ b/src/Web/StellaOps.Web/src/app/shared/components/bundle-freshness-widget.component.ts
@@ -52,22 +52,22 @@ import { BundleFreshness, BundleFreshnessInfo } from '../../core/api/offline-kit
   `,
     styles: [`
     .freshness-widget {
-      background: rgba(30, 41, 59, 0.6);
-      border: 1px solid var(--color-text-primary);
+      background: var(--color-surface-primary);
+      border: 1px solid var(--color-border-primary);
       border-radius: var(--radius-lg);
       padding: 1rem;
     }
 
     .freshness-widget.fresh {
-      border-color: rgba(74, 222, 128, 0.3);
+      border-color: var(--color-status-success-border);
     }
 
     .freshness-widget.stale {
-      border-color: rgba(251, 191, 36, 0.3);
+      border-color: var(--color-status-warning-border);
     }
 
     .freshness-widget.expired {
-      border-color: rgba(239, 68, 68, 0.3);
+      border-color: var(--color-status-error-border);
     }
 
     .status-indicator {
@@ -85,17 +85,17 @@ import { BundleFreshness, BundleFreshnessInfo } from '../../core/api/offline-kit
 
     .fresh .status-dot {
       background: var(--color-status-success-border);
-      box-shadow: 0 0 8px rgba(74, 222, 128, 0.4);
+      box-shadow: 0 0 0 2px var(--color-status-success-bg);
     }
 
     .stale .status-dot {
       background: var(--color-status-warning-border);
-      box-shadow: 0 0 8px rgba(251, 191, 36, 0.4);
+      box-shadow: 0 0 0 2px var(--color-status-warning-bg);
     }
 
     .expired .status-dot {
       background: var(--color-status-error-border);
-      box-shadow: 0 0 8px rgba(239, 68, 68, 0.4);
+      box-shadow: 0 0 0 2px var(--color-status-error-bg);
       animation: pulse 2s infinite;
     }
 
@@ -139,7 +139,7 @@ import { BundleFreshness, BundleFreshnessInfo } from '../../core/api/offline-kit
     .age-value {
       font-size: 2rem;
       font-weight: var(--font-weight-bold);
-      color: var(--color-border-primary);
+      color: var(--color-text-heading);
     }
 
     .age-unit {
@@ -165,20 +165,21 @@ import { BundleFreshness, BundleFreshnessInfo } from '../../core/api/offline-kit
 
     .freshness-message {
       font-size: 0.75rem;
-      color: var(--color-text-muted);
+      color: var(--color-text-secondary);
       padding: 0.5rem;
-      background: rgba(15, 23, 42, 0.5);
+      background: var(--color-surface-secondary);
+      border: 1px solid var(--color-border-primary);
       border-radius: var(--radius-sm);
       margin-bottom: 0.75rem;
     }
 
     .stale .freshness-message {
-      background: rgba(251, 191, 36, 0.1);
+      background: var(--color-status-warning-bg);
       color: var(--color-status-warning-border);
     }
 
     .expired .freshness-message {
-      background: rgba(239, 68, 68, 0.1);
+      background: var(--color-status-error-bg);
       color: var(--color-status-error-border);
     }
 
@@ -199,7 +200,7 @@ import { BundleFreshness, BundleFreshnessInfo } from '../../core/api/offline-kit
       top: 0;
       left: 0;
       height: 100%;
-      background: var(--color-border-primary);
+      background: var(--color-brand-primary);
       border-radius: var(--radius-sm);
       transition: width 0.3s ease;
     }
@@ -209,7 +210,7 @@ import { BundleFreshness, BundleFreshnessInfo } from '../../core/api/offline-kit
       top: -4px;
       width: 2px;
       height: 14px;
-      background: var(--color-text-secondary);
+      background: var(--color-text-muted);
     }
 
     .marker-7 {
diff --git a/src/Web/StellaOps.Web/src/app/shared/components/command-palette/command-palette.component.ts b/src/Web/StellaOps.Web/src/app/shared/components/command-palette/command-palette.component.ts
index 9c2897448..004926afd 100644
--- a/src/Web/StellaOps.Web/src/app/shared/components/command-palette/command-palette.component.ts
+++ b/src/Web/StellaOps.Web/src/app/shared/components/command-palette/command-palette.component.ts
@@ -345,7 +345,7 @@ export class CommandPaletteComponent implements OnInit, OnDestroy {
 
   viewAllResults(type: string): void {
     this.close();
-    const routes: Record<string, string> = { cve: '/vulnerabilities', artifact: '/triage/artifacts', policy: '/policy-studio/packs', job: '/orchestrator/jobs', finding: '/findings', vex: '/admin/vex-hub', integration: '/integrations' };
+    const routes: Record<string, string> = { cve: '/vulnerabilities', artifact: '/triage/artifacts', policy: '/policy-studio/packs', job: '/platform-ops/orchestrator/jobs', finding: '/findings', vex: '/admin/vex-hub', integration: '/integrations' };
     if (routes[type]) this.router.navigate([routes[type]], { queryParams: { q: this.query } });
   }
 }
diff --git a/src/Web/StellaOps.Web/src/app/shared/components/user-menu/user-menu.component.ts b/src/Web/StellaOps.Web/src/app/shared/components/user-menu/user-menu.component.ts
index 5729ade1e..0ea01228f 100644
--- a/src/Web/StellaOps.Web/src/app/shared/components/user-menu/user-menu.component.ts
+++ b/src/Web/StellaOps.Web/src/app/shared/components/user-menu/user-menu.component.ts
@@ -47,7 +47,7 @@ import { NavigationService } from '../../../core/navigation';
           <!-- User Info -->
           <div class="user-menu__info">
             <div class="user-menu__info-name">{{ authService.user()?.name || 'User' }}</div>
-            <div class="user-menu__info-email" [title]="authService.user()?.email || ''">{{ authService.user()?.email || '' }}</div>
+            <div class="user-menu__info-email" [title]="displayEmail()">{{ displayEmail() }}</div>
           </div>
 
           <div class="user-menu__divider"></div>
@@ -178,6 +178,32 @@ export class UserMenuComponent {
     return 'User';
   };
 
+  protected readonly displayEmail = () => {
+    const email = this.authService.user()?.email?.trim() ?? '';
+    if (!email) {
+      return 'No email configured';
+    }
+
+    const lower = email.toLowerCase();
+    const splitAt = lower.indexOf('@');
+    if (splitAt <= 0) {
+      return this.isUuidLike(lower) ? 'No email configured' : email;
+    }
+
+    const local = lower.slice(0, splitAt);
+    const domain = lower.slice(splitAt + 1);
+    if (domain === 'unknown.local' && this.isUuidLike(local)) {
+      return 'No email configured';
+    }
+
+    return email;
+  };
+
+  private isUuidLike(value: string): boolean {
+    return /^[0-9a-f]{32}$/i.test(value)
+      || /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(value);
+  }
+
   toggleMenu(): void {
     this.menuOpen.update(open => !open);
   }
diff --git a/src/Web/StellaOps.Web/src/tests/administration/administration-routes.spec.ts b/src/Web/StellaOps.Web/src/tests/administration/administration-routes.spec.ts
index bd91d3f6b..50b6169ca 100644
--- a/src/Web/StellaOps.Web/src/tests/administration/administration-routes.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/administration/administration-routes.spec.ts
@@ -22,6 +22,7 @@ const CANONICAL_PATHS = [
   'usage',               // A4
   'policy-governance',   // A5
   'trust-signing',       // A6
+  'offline',             // A6.5
   'system',              // A7
 ];
 
@@ -76,6 +77,11 @@ describe('ADMINISTRATION_ROUTES (administration)', () => {
     expect(route?.data?.['breadcrumb']).toBe('System');
   });
 
+  it('offline route is present and uses Offline Settings breadcrumb', () => {
+    const route = ADMINISTRATION_ROUTES.find((r) => r.path === 'offline');
+    expect(route?.data?.['breadcrumb']).toBe('Offline Settings');
+  });
+
   it('no canonical A0-A7 route uses a deprecated v1 root-level path as its path value', () => {
     const legacyRoots = ['settings', 'operations', 'security', 'evidence', 'policy'];
     const canonicalPaths = new Set(CANONICAL_PATHS.filter((path) => path.length > 0));
diff --git a/src/Web/StellaOps.Web/src/tests/approvals/approval-detail-page.component.spec.ts b/src/Web/StellaOps.Web/src/tests/approvals/approval-detail-page.component.spec.ts
index a46fee486..84b7772d8 100644
--- a/src/Web/StellaOps.Web/src/tests/approvals/approval-detail-page.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/approvals/approval-detail-page.component.spec.ts
@@ -10,7 +10,7 @@ describe('ApprovalDetailPageComponent (approvals)', () => {
   let params$: BehaviorSubject<Record<string, string>>;
 
   beforeEach(async () => {
-    params$ = new BehaviorSubject<Record<string, string>>({ id: 'APPR-2026-045' });
+    params$ = new BehaviorSubject<Record<string, string>>({ id: 'apr-2026-045' });
 
     await TestBed.configureTestingModule({
       imports: [ApprovalDetailPageComponent],
@@ -28,38 +28,91 @@ describe('ApprovalDetailPageComponent (approvals)', () => {
     fixture.detectChanges();
   });
 
-  it('binds route id and opens witness details from security diff rows', () => {
-    expect(component.approvalId()).toBe('APPR-2026-045');
+  it('binds route id and renders all eight approval-detail tabs', () => {
+    expect(component.approval().id).toBe('apr-2026-045');
 
-    component.openWitness('CVE-2026-1234');
-    const witness = component.selectedWitness();
-
-    expect(witness).toBeTruthy();
-    expect(witness!.findingId).toBe('CVE-2026-1234');
-    expect(witness!.state).toBe('reachable');
+    const labels = component.tabs.map((tab) => tab.label);
+    expect(labels).toEqual([
+      'Overview',
+      'Gates',
+      'Security',
+      'Reachability',
+      'Ops/Data',
+      'Evidence',
+      'Replay/Verify',
+      'History',
+    ]);
+    expect(component.activeTab()).toBe('overview');
   });
 
-  it('supports witness close and approval decision lifecycle actions', () => {
-    component.openWitness('CVE-2026-5678');
-    expect(component.selectedWitness()).toBeTruthy();
+  it('shows standardized readiness header fields and digest metadata', () => {
+    const text = fixture.nativeElement.textContent as string;
 
-    component.closeWitness();
-    expect(component.selectedWitness()).toBeNull();
+    expect(text).toContain('Manifest Digest');
+    expect(text).toContain('Gates PASS/BLOCK');
+    expect(text).toContain('Hybrid B/I/R');
+    expect(text).toContain('Data Integrity WARN');
+  });
+
+  it('blocks approve action when blocking gates are present', () => {
+    component.decisionReason = 'sufficient reason for approval';
+    expect(component.hasBlockingGates()).toBeTrue();
+    expect(component.canApprove()).toBeFalse();
 
     component.approve();
-    expect(component.approval().status).toBe('approved');
-    expect(component.approval().decidedBy).toBe('Current User');
+    expect(component.approval().status).toBe('pending');
+  });
+
+  it('preserves reject workflow with decision reason validation', () => {
+    component.decisionReason = 'short';
+    expect(component.canReject()).toBeFalse();
 
+    component.reject();
+    expect(component.approval().status).toBe('pending');
+
+    component.decisionReason = 'reject because readiness checks are incomplete';
+    expect(component.canReject()).toBeTrue();
     component.reject();
     expect(component.approval().status).toBe('rejected');
+    expect(component.approval().decidedBy).toBe('Current User');
   });
 
-  it('adds comments and clears input', () => {
-    component.newComment = 'Reviewed witness details and accepted risk.';
-    component.addComment();
+  it('renders gates tab with decision digest and expandable gate trace', () => {
+    component.setActiveTab('gates');
+    fixture.detectChanges();
 
-    expect(component.comments.length).toBe(1);
-    expect(component.comments[0].body).toContain('Reviewed witness details');
-    expect(component.newComment).toBe('');
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Decision digest');
+    expect(text).toContain('Gate detail trace');
+
+    component.toggleGateTrace('reachability');
+    fixture.detectChanges();
+    expect(text).toContain('Trigger SBOM Scan');
+  });
+
+  it('renders ops/data tab with all data sections and data-integrity link', () => {
+    component.setActiveTab('ops-data');
+    fixture.detectChanges();
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Feeds');
+    expect(text).toContain('Nightly Jobs');
+    expect(text).toContain('Integrations');
+    expect(text).toContain('DLQ');
+
+    const link = fixture.nativeElement.querySelector('a[href*="/platform-ops/data-integrity"]');
+    expect(link).toBeTruthy();
+  });
+
+  it('renders evidence tab with artifacts and export center action', () => {
+    component.setActiveTab('evidence');
+    fixture.detectChanges();
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('policy-decision.dsse');
+    expect(text).toContain('Signature status');
+
+    const link = fixture.nativeElement.querySelector('a[href*="/evidence-audit/evidence/export"]');
+    expect(link).toBeTruthy();
   });
 });
diff --git a/src/Web/StellaOps.Web/src/tests/approvals/approvals-inbox.component.spec.ts b/src/Web/StellaOps.Web/src/tests/approvals/approvals-inbox.component.spec.ts
index ad5ee36ec..8c44b164c 100644
--- a/src/Web/StellaOps.Web/src/tests/approvals/approvals-inbox.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/approvals/approvals-inbox.component.spec.ts
@@ -100,6 +100,10 @@ describe('ApprovalsInboxComponent (approvals)', () => {
   let fixture: ComponentFixture<ApprovalsInboxComponent>;
   let component: ApprovalsInboxComponent;
 
+  afterEach(() => {
+    sessionStorage.removeItem('approvals.data-integrity-banner-dismissed');
+  });
+
   beforeEach(async () => {
     await TestBed.configureTestingModule({
       imports: [ApprovalsInboxComponent],
@@ -140,4 +144,46 @@ describe('ApprovalsInboxComponent (approvals)', () => {
     expect(text).toContain('API Gateway v1.2.5');
     expect(text).toContain('Scanner v3.0.0');
   });
+
+  it('does not render a dead Docs link in the page header', () => {
+    const links = Array.from(
+      fixture.nativeElement.querySelectorAll('a') as NodeListOf<HTMLAnchorElement>
+    );
+
+    const docsLink = links.find((link) =>
+      (link.textContent ?? '').replace(/\s+/g, ' ').trim().startsWith('Docs')
+    );
+
+    expect(docsLink).toBeUndefined();
+  });
+
+  it('renders data integrity warning banner with deep link when status is WARN', () => {
+    const banner = fixture.nativeElement.querySelector('.data-integrity-banner') as HTMLElement | null;
+    expect(banner).toBeTruthy();
+
+    const text = banner?.textContent ?? '';
+    expect(text).toContain('Data Integrity WARN');
+    expect(text).toContain('Open Data Integrity');
+  });
+
+  it('hides data integrity banner when status is OK', () => {
+    component.dataIntegrityStatus.set('OK');
+    fixture.detectChanges();
+
+    const banner = fixture.nativeElement.querySelector('.data-integrity-banner');
+    expect(banner).toBeFalsy();
+  });
+
+  it('dismisses data integrity banner for current session', () => {
+    const dismiss = fixture.nativeElement.querySelector(
+      '.data-integrity-banner__actions button'
+    ) as HTMLButtonElement | null;
+
+    expect(dismiss).toBeTruthy();
+    dismiss?.click();
+    fixture.detectChanges();
+
+    expect(fixture.nativeElement.querySelector('.data-integrity-banner')).toBeFalsy();
+    expect(sessionStorage.getItem('approvals.data-integrity-banner-dismissed')).toBe('1');
+  });
 });
diff --git a/src/Web/StellaOps.Web/src/tests/audit_log/unified-audit-log-viewer.behavior.spec.ts b/src/Web/StellaOps.Web/src/tests/audit_log/unified-audit-log-viewer.behavior.spec.ts
index 6197a012e..277b16fd7 100644
--- a/src/Web/StellaOps.Web/src/tests/audit_log/unified-audit-log-viewer.behavior.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/audit_log/unified-audit-log-viewer.behavior.spec.ts
@@ -99,10 +99,20 @@ const anomaliesFixture: AuditAnomalyAlert[] = [
 ];
 
 describe('unified-audit-log-viewer behavior', () => {
-  it('declares admin/audit app route and expected unified-audit child routes', () => {
-    const appRoute = routes.find((route) => route.path === 'admin/audit');
-    expect(appRoute).toBeDefined();
-    expect(typeof appRoute?.loadChildren).toBe('function');
+  it('declares canonical evidence-audit route and keeps admin/audit redirect alias', () => {
+    const legacyAlias = routes.find((route) => route.path === 'admin/audit');
+    expect(legacyAlias).toBeDefined();
+    expect(typeof legacyAlias?.redirectTo).toBe('function');
+    const redirectTarget = (legacyAlias?.redirectTo as any)({
+      params: {},
+      queryParams: {},
+      fragment: null,
+    });
+    expect(redirectTarget).toBe('/evidence-audit/audit');
+
+    const canonicalRoute = routes.find((route) => route.path === 'evidence-audit');
+    expect(canonicalRoute).toBeDefined();
+    expect(typeof canonicalRoute?.loadChildren).toBe('function');
 
     const childPaths = auditLogRoutes.map((route) => route.path);
     expect(childPaths).toEqual([
diff --git a/src/Web/StellaOps.Web/src/tests/console/console-profile-page.component.spec.ts b/src/Web/StellaOps.Web/src/tests/console/console-profile-page.component.spec.ts
new file mode 100644
index 000000000..e1709d1ae
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/console/console-profile-page.component.spec.ts
@@ -0,0 +1,77 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { ConsoleProfileComponent } from '../../app/features/console/console-profile.component';
+import { ConsoleSessionService } from '../../app/core/console/console-session.service';
+import { ConsoleSessionStore } from '../../app/core/console/console-session.store';
+
+describe('ConsoleProfileComponent (console profile page)', () => {
+  let fixture: ComponentFixture<ConsoleProfileComponent>;
+  let store: ConsoleSessionStore;
+  let serviceSpy: jasmine.SpyObj<ConsoleSessionService>;
+
+  beforeEach(async () => {
+    serviceSpy = jasmine.createSpyObj(
+      'ConsoleSessionService',
+      ['loadConsoleContext', 'refresh', 'switchTenant']
+    ) as jasmine.SpyObj<ConsoleSessionService>;
+
+    serviceSpy.loadConsoleContext.and.returnValue(Promise.resolve());
+    serviceSpy.refresh.and.returnValue(Promise.resolve());
+    serviceSpy.switchTenant.and.returnValue(Promise.resolve());
+
+    await TestBed.configureTestingModule({
+      imports: [ConsoleProfileComponent],
+      providers: [
+        ConsoleSessionStore,
+        { provide: ConsoleSessionService, useValue: serviceSpy },
+      ],
+    }).compileComponents();
+
+    store = TestBed.inject(ConsoleSessionStore);
+    store.setContext({
+      tenants: [
+        {
+          id: 'tenant-default',
+          displayName: 'Default Tenant',
+          status: 'active',
+          isolationMode: 'strict',
+          defaultRoles: ['admin'],
+        },
+      ],
+      profile: {
+        subjectId: 'subject-1',
+        username: 'admin',
+        displayName: 'Platform Admin',
+        tenant: 'Default Tenant',
+        sessionId: 'session-1',
+        roles: ['admin'],
+        scopes: ['ui.read'],
+        audiences: ['stellaops-web'],
+        authenticationMethods: ['pwd'],
+        issuedAt: new Date('2026-02-19T10:00:00Z'),
+        authenticationTime: new Date('2026-02-19T10:00:00Z'),
+        expiresAt: new Date('2026-02-19T11:00:00Z'),
+        freshAuth: true,
+      },
+      token: null,
+      selectedTenantId: 'tenant-default',
+    });
+
+    fixture = TestBed.createComponent(ConsoleProfileComponent);
+    fixture.detectChanges();
+  });
+
+  it('renders profile heading and identity fields from session context', () => {
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Profile');
+    expect(text).toContain('Platform Admin');
+    expect(text).toContain('admin');
+    expect(text).toContain('Default Tenant');
+  });
+
+  it('does not render developer fixture references', () => {
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).not.toContain('testing/auth-fixtures.ts');
+    expect(text).not.toContain('Policy Studio roles');
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/control_plane/control-plane-dashboard.component.spec.ts b/src/Web/StellaOps.Web/src/tests/control_plane/control-plane-dashboard.component.spec.ts
index e7c25ea24..03d555b59 100644
--- a/src/Web/StellaOps.Web/src/tests/control_plane/control-plane-dashboard.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/control_plane/control-plane-dashboard.component.spec.ts
@@ -129,7 +129,7 @@ describe('ControlPlaneDashboardComponent (control_plane)', () => {
     fixture.detectChanges();
 
     const errorMessage = fixture.nativeElement.querySelector(
-      '.dashboard__error-message'
+      '.dashboard__error-banner-detail'
     ) as HTMLElement;
     expect(errorMessage.textContent).toContain('dashboard unavailable');
   });
diff --git a/src/Web/StellaOps.Web/src/tests/dashboard/dashboard-route-aliases.spec.ts b/src/Web/StellaOps.Web/src/tests/dashboard/dashboard-route-aliases.spec.ts
new file mode 100644
index 000000000..c553a9f81
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/dashboard/dashboard-route-aliases.spec.ts
@@ -0,0 +1,9 @@
+import { routes } from '../../app/app.routes';
+
+describe('Dashboard route aliases', () => {
+  it('keeps /control-plane as a legacy alias redirecting to root dashboard', () => {
+    const alias = routes.find((route) => route.path === 'control-plane');
+    expect(alias).toBeDefined();
+    expect(alias?.redirectTo).toBe('/');
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/dashboard/dashboard-v3.component.spec.ts b/src/Web/StellaOps.Web/src/tests/dashboard/dashboard-v3.component.spec.ts
new file mode 100644
index 000000000..e4a1a9976
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/dashboard/dashboard-v3.component.spec.ts
@@ -0,0 +1,77 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { provideRouter } from '@angular/router';
+
+import { DashboardV3Component } from '../../app/features/dashboard-v3/dashboard-v3.component';
+
+describe('DashboardV3Component', () => {
+  let fixture: ComponentFixture<DashboardV3Component>;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [DashboardV3Component],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(DashboardV3Component);
+    fixture.detectChanges();
+  });
+
+  it('renders Dashboard heading and mission-board subtitle', () => {
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Dashboard');
+    expect(text).toContain('Mission board');
+  });
+
+  it('shows SBOM, CritR, and B/I/R metrics in environment cards', () => {
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('SBOM');
+    expect(text).toContain('CritR');
+    expect(text).toContain('B/I/R');
+    expect(text).toContain('3/3');
+  });
+
+  it('renders environments-at-risk table with canonical columns and Open actions', () => {
+    const headers = Array.from(
+      fixture.nativeElement.querySelectorAll('.risk-table__table th') as NodeListOf<HTMLElement>
+    ).map((node) => (node.textContent ?? '').trim());
+
+    expect(headers).toEqual([
+      'Region/Env',
+      'Deploy Health',
+      'SBOM Status',
+      'Crit Reach',
+      'Hybrid B/I/R',
+      'Last SBOM',
+      'Action',
+    ]);
+
+    const openLinks = fixture.nativeElement.querySelectorAll('.risk-table__table td a');
+    expect(openLinks.length).toBeGreaterThan(0);
+  });
+
+  it('renders SBOM findings snapshot with critical findings filter link', () => {
+    const links = Array.from(
+      fixture.nativeElement.querySelectorAll('a.card-action')
+    ) as HTMLAnchorElement[];
+    const openFindingsLink = links.find((link) =>
+      (link.textContent ?? '').includes('Open Findings')
+    );
+
+    expect(openFindingsLink).toBeTruthy();
+    expect(openFindingsLink?.getAttribute('href')).toContain('/security-risk/findings');
+    expect(openFindingsLink?.getAttribute('href')).toContain('reachability=critical');
+  });
+
+  it('renders nightly ops signals card with four status rows and data integrity link', () => {
+    const cardHeaders = Array.from(
+      fixture.nativeElement.querySelectorAll('.card-title') as NodeListOf<HTMLElement>
+    ).map((node) => (node.textContent ?? '').trim());
+    expect(cardHeaders).toContain('Nightly Ops Signals');
+
+    const signalRows = fixture.nativeElement.querySelectorAll('.integrity-stat');
+    expect(signalRows.length).toBe(4);
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Open Data Integrity');
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/deadletter/deadletter-dashboard.component.spec.ts b/src/Web/StellaOps.Web/src/tests/deadletter/deadletter-dashboard.component.spec.ts
index 632ec9542..48433edda 100644
--- a/src/Web/StellaOps.Web/src/tests/deadletter/deadletter-dashboard.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/deadletter/deadletter-dashboard.component.spec.ts
@@ -93,4 +93,15 @@ describe('DeadLetterDashboardComponent (deadletter)', () => {
     expect(component.canResolve({ ...entry, state: 'failed' })).toBeTrue();
     expect(component.canReplay({ ...entry, state: 'resolved' })).toBeFalse();
   });
+
+  it('renders header action labels without literal icon name leakage', () => {
+    const labels = Array.from(
+      fixture.nativeElement.querySelectorAll('.header-actions .btn') as NodeListOf<HTMLButtonElement>
+    ).map((button) => button.textContent?.replace(/\s+/g, ' ').trim());
+
+    expect(labels[0]).toBe('Export CSV');
+    expect(labels[1]).toContain('Replay All Retryable (1)');
+    expect(labels[0]).not.toContain('download');
+    expect(labels[1]).not.toContain('refresh');
+  });
 });
diff --git a/src/Web/StellaOps.Web/src/tests/evidence-audit/evidence-audit-routes.spec.ts b/src/Web/StellaOps.Web/src/tests/evidence-audit/evidence-audit-routes.spec.ts
index 093187365..992e28373 100644
--- a/src/Web/StellaOps.Web/src/tests/evidence-audit/evidence-audit-routes.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/evidence-audit/evidence-audit-routes.spec.ts
@@ -24,12 +24,16 @@ describe('EVIDENCE_AUDIT_ROUTES', () => {
     expect(allPaths).toContain('packs');
   });
 
+  it('contains the bundles list route', () => {
+    expect(allPaths).toContain('bundles');
+  });
+
   it('contains the pack detail route', () => {
     expect(allPaths).toContain('packs/:packId');
   });
 
-  it('contains the audit log route', () => {
-    expect(allPaths).toContain('audit');
+  it('contains the audit-log route', () => {
+    expect(allPaths).toContain('audit-log');
   });
 
   it('contains the change-trace route', () => {
@@ -64,15 +68,15 @@ describe('EVIDENCE_AUDIT_ROUTES', () => {
   // Overview route breadcrumb
   // ──────────────────────────────────────────
 
-  it('overview route has "Evidence and Audit" breadcrumb', () => {
+  it('overview route has "Evidence & Audit" breadcrumb', () => {
     const overviewRoute = getRouteByPath('');
     expect(overviewRoute).toBeDefined();
-    expect(overviewRoute?.data?.['breadcrumb']).toBe('Evidence and Audit');
+    expect(overviewRoute?.data?.['breadcrumb']).toBe('Evidence & Audit');
   });
 
-  it('overview route has title "Evidence and Audit"', () => {
+  it('overview route has title "Evidence & Audit"', () => {
     const overviewRoute = getRouteByPath('');
-    expect(overviewRoute?.title).toBe('Evidence and Audit');
+    expect(overviewRoute?.title).toBe('Evidence & Audit');
   });
 
   // ──────────────────────────────────────────
@@ -80,7 +84,7 @@ describe('EVIDENCE_AUDIT_ROUTES', () => {
   // ──────────────────────────────────────────
 
   it('every route has a breadcrumb in data', () => {
-    for (const route of EVIDENCE_AUDIT_ROUTES) {
+    for (const route of EVIDENCE_AUDIT_ROUTES.filter((r) => r.redirectTo === undefined)) {
       expect(route.data?.['breadcrumb']).toBeTruthy();
     }
   });
@@ -98,7 +102,7 @@ describe('EVIDENCE_AUDIT_ROUTES', () => {
   });
 
   it('audit route has "Audit Log" breadcrumb', () => {
-    expect(getRouteByPath('audit')?.data?.['breadcrumb']).toBe('Audit Log');
+    expect(getRouteByPath('audit-log')?.data?.['breadcrumb']).toBe('Audit Log');
   });
 
   it('change-trace route has "Change Trace" breadcrumb', () => {
@@ -118,7 +122,7 @@ describe('EVIDENCE_AUDIT_ROUTES', () => {
   });
 
   it('replay route has "Replay / Verify" breadcrumb', () => {
-    expect(getRouteByPath('replay')?.data?.['breadcrumb']).toBe('Replay / Verify');
+    expect(getRouteByPath('replay')?.data?.['breadcrumb']).toBe('Replay & Verify');
   });
 
   // ──────────────────────────────────────────
diff --git a/src/Web/StellaOps.Web/src/tests/integration_hub/integration-hub-ui.component.spec.ts b/src/Web/StellaOps.Web/src/tests/integration_hub/integration-hub-ui.component.spec.ts
index 3d599b159..44a5eea4c 100644
--- a/src/Web/StellaOps.Web/src/tests/integration_hub/integration-hub-ui.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/integration_hub/integration-hub-ui.component.spec.ts
@@ -47,9 +47,9 @@ describe('Integration Hub UI (integration_hub)', () => {
         const totals = new Map<IntegrationType, number>([
           [IntegrationType.Registry, 5],
           [IntegrationType.Scm, 3],
-          [IntegrationType.Ci, 2],
-          [IntegrationType.Host, 4],
-          [IntegrationType.Feed, 1],
+          [IntegrationType.CiCd, 2],
+          [IntegrationType.RuntimeHost, 4],
+          [IntegrationType.FeedMirror, 1],
         ]);
 
         return of({
@@ -91,6 +91,12 @@ describe('Integration Hub UI (integration_hub)', () => {
 
       expect(navigateSpy).toHaveBeenCalledWith(['/integrations/onboarding/registry']);
     });
+
+    it('renders a defined coming-soon state for recent activity', () => {
+      const text = fixture.nativeElement.textContent as string;
+      expect(text).toContain('Activity stream is coming soon');
+      expect(text).toContain('Connector timeline events will appear here');
+    });
   });
 
   describe('IntegrationListComponent', () => {
diff --git a/src/Web/StellaOps.Web/src/tests/navigation/nav-model.spec.ts b/src/Web/StellaOps.Web/src/tests/navigation/nav-model.spec.ts
index fe8ed4757..1fcb950cc 100644
--- a/src/Web/StellaOps.Web/src/tests/navigation/nav-model.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/navigation/nav-model.spec.ts
@@ -13,9 +13,11 @@
 
 import { TestBed } from '@angular/core/testing';
 import { provideRouter } from '@angular/router';
+import { of } from 'rxjs';
 
 import { AppSidebarComponent } from '../../app/layout/app-sidebar/app-sidebar.component';
 import { AUTH_SERVICE } from '../../app/core/auth';
+import { APPROVAL_API } from '../../app/core/api/approval.client';
 
 const CANONICAL_DOMAIN_IDS = [
   'dashboard',
@@ -40,8 +42,8 @@ const CANONICAL_DOMAIN_ROUTES = [
 const EXPECTED_SECTION_LABELS: Record<string, string> = {
   'dashboard': 'Dashboard',
   'release-control': 'Release Control',
-  'security-risk': 'Security and Risk',
-  'evidence-audit': 'Evidence and Audit',
+  'security-risk': 'Security & Risk',
+  'evidence-audit': 'Evidence & Audit',
   'integrations': 'Integrations',
   'platform-ops': 'Platform Ops',
   'administration': 'Administration',
@@ -54,12 +56,52 @@ describe('AppSidebarComponent nav model (navigation)', () => {
     const authSpy = jasmine.createSpyObj('AuthService', ['hasAllScopes', 'hasAnyScope']);
     authSpy.hasAllScopes.and.returnValue(true);
     authSpy.hasAnyScope.and.returnValue(true);
+    const approvalApiSpy = jasmine.createSpyObj('ApprovalApi', ['listApprovals']);
+    approvalApiSpy.listApprovals.and.returnValue(of([
+      {
+        id: 'apr-001',
+        releaseId: 'rel-001',
+        releaseName: 'API Gateway',
+        releaseVersion: '2.1.0',
+        sourceEnvironment: 'staging',
+        targetEnvironment: 'production',
+        requestedBy: 'alice',
+        requestedAt: '2026-02-19T10:00:00Z',
+        urgency: 'normal',
+        justification: 'normal release',
+        status: 'pending',
+        currentApprovals: 0,
+        requiredApprovals: 2,
+        gatesPassed: true,
+        scheduledTime: null,
+        expiresAt: '2026-02-20T10:00:00Z',
+      },
+      {
+        id: 'apr-002',
+        releaseId: 'rel-002',
+        releaseName: 'User Service',
+        releaseVersion: '3.0.0',
+        sourceEnvironment: 'qa',
+        targetEnvironment: 'staging',
+        requestedBy: 'bob',
+        requestedAt: '2026-02-19T09:00:00Z',
+        urgency: 'high',
+        justification: 'urgent patch',
+        status: 'pending',
+        currentApprovals: 1,
+        requiredApprovals: 2,
+        gatesPassed: true,
+        scheduledTime: null,
+        expiresAt: '2026-02-20T09:00:00Z',
+      },
+    ]));
 
     await TestBed.configureTestingModule({
       imports: [AppSidebarComponent],
       providers: [
         provideRouter([]),
         { provide: AUTH_SERVICE, useValue: authSpy },
+        { provide: APPROVAL_API, useValue: approvalApiSpy },
       ],
     }).compileComponents();
 
@@ -107,6 +149,12 @@ describe('AppSidebarComponent nav model (navigation)', () => {
     expect(approvals.route).toBe('/release-control/approvals');
   });
 
+  it('derives the Approvals badge from pending approvals count', () => {
+    const rc = component.visibleSections().find((s) => s.id === 'release-control')!;
+    const approvals = rc.children!.find((c) => c.id === 'rc-approvals')!;
+    expect(approvals.badge).toBe(2);
+  });
+
   it('Release Control includes Setup route under canonical /release-control/setup', () => {
     const rc = component.navSections.find((s) => s.id === 'release-control')!;
     const setup = rc.children!.find((c) => c.id === 'rc-setup')!;
@@ -126,22 +174,44 @@ describe('AppSidebarComponent nav model (navigation)', () => {
     expect(policyItem.label).toBe('Policy Governance');
   });
 
+  it('Administration includes Offline Settings shortcut', () => {
+    const admin = component.navSections.find((s) => s.id === 'administration')!;
+    const offlineItem = admin.children!.find((c) => c.id === 'adm-offline')!;
+    expect(offlineItem.label).toBe('Offline Settings');
+    expect(offlineItem.route).toBe('/administration/offline');
+  });
+
+  it('Platform Ops includes Data Integrity as the first submenu shortcut', () => {
+    const platformOps = component.navSections.find((s) => s.id === 'platform-ops')!;
+    expect(platformOps.children?.[0].id).toBe('ops-data-integrity');
+    expect(platformOps.children?.[0].route).toBe('/platform-ops/data-integrity');
+  });
+
+  it('Evidence & Audit keeps Evidence Packs and Evidence Bundles as distinct nav entries', () => {
+    const evidence = component.navSections.find((s) => s.id === 'evidence-audit')!;
+    const packs = evidence.children?.find((child) => child.id === 'ea-packs');
+    const bundles = evidence.children?.find((child) => child.id === 'ea-bundles');
+
+    expect(packs?.label).toBe('Evidence Packs');
+    expect(packs?.route).toBe('/evidence-audit/packs');
+    expect(bundles?.label).toBe('Evidence Bundles');
+    expect(bundles?.route).toBe('/evidence-audit/bundles');
+  });
+
   it('no section root route uses a deprecated v1 prefix', () => {
-    const legacyPrefixes = ['/security/', '/operations/', '/settings/', '/evidence/', '/policy/'];
+    const legacyRootSegments = ['security', 'operations', 'settings', 'evidence', 'policy'];
     for (const section of component.navSections) {
-      for (const prefix of legacyPrefixes) {
-        expect(section.route + '/').not.toContain(prefix);
-      }
+      const rootSegment = section.route.replace(/^\/+/, '').split('/')[0] ?? '';
+      expect(legacyRootSegments).not.toContain(rootSegment);
     }
   });
 
   it('no child route uses a deprecated v1 prefix', () => {
-    const legacyPrefixes = ['/security/', '/operations/', '/settings/', '/evidence/', '/policy/'];
+    const legacyRootSegments = ['security', 'operations', 'settings', 'evidence', 'policy'];
     for (const section of component.navSections) {
       for (const child of section.children ?? []) {
-        for (const prefix of legacyPrefixes) {
-          expect(child.route + '/').not.toContain(prefix);
-        }
+        const rootSegment = child.route.replace(/^\/+/, '').split('/')[0] ?? '';
+        expect(legacyRootSegments).not.toContain(rootSegment);
       }
     }
   });
diff --git a/src/Web/StellaOps.Web/src/tests/navigation/nav-route-integrity.spec.ts b/src/Web/StellaOps.Web/src/tests/navigation/nav-route-integrity.spec.ts
index c729ed4f7..d2b67790d 100644
--- a/src/Web/StellaOps.Web/src/tests/navigation/nav-route-integrity.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/navigation/nav-route-integrity.spec.ts
@@ -99,7 +99,7 @@ describe('AppSidebarComponent route integrity (navigation)', () => {
       '/evidence-audit/replay',
       '/evidence-audit/timeline',
       '/platform-ops/feeds',
-      '/integrations/hosts',
+      '/integrations/targets',
     ];
 
     for (const path of required) {
diff --git a/src/Web/StellaOps.Web/src/tests/navigation/sidebar-nav-item.component.spec.ts b/src/Web/StellaOps.Web/src/tests/navigation/sidebar-nav-item.component.spec.ts
new file mode 100644
index 000000000..50d19fe89
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/navigation/sidebar-nav-item.component.spec.ts
@@ -0,0 +1,43 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { provideRouter, RouterLinkActive } from '@angular/router';
+import { By } from '@angular/platform-browser';
+
+import { SidebarNavItemComponent } from '../../app/layout/app-sidebar/sidebar-nav-item.component';
+
+describe('SidebarNavItemComponent (navigation)', () => {
+  let fixture: ComponentFixture<SidebarNavItemComponent>;
+  let component: SidebarNavItemComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [SidebarNavItemComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(SidebarNavItemComponent);
+    component = fixture.componentInstance;
+    component.label = 'Data Integrity';
+    component.icon = 'activity';
+    component.route = '/platform-ops/data-integrity';
+  });
+
+  it('uses exact matching for root items', () => {
+    component.isChild = false;
+    fixture.detectChanges();
+
+    const routerLinkActive = fixture.debugElement.query(By.directive(RouterLinkActive))
+      .injector.get(RouterLinkActive);
+
+    expect(routerLinkActive.routerLinkActiveOptions).toEqual({ exact: true });
+  });
+
+  it('uses prefix matching for child items so nested pages remain highlighted', () => {
+    component.isChild = true;
+    fixture.detectChanges();
+
+    const routerLinkActive = fixture.debugElement.query(By.directive(RouterLinkActive))
+      .injector.get(RouterLinkActive);
+
+    expect(routerLinkActive.routerLinkActiveOptions).toEqual({ exact: false });
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/navigation/user-menu.component.spec.ts b/src/Web/StellaOps.Web/src/tests/navigation/user-menu.component.spec.ts
new file mode 100644
index 000000000..4902fe35a
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/navigation/user-menu.component.spec.ts
@@ -0,0 +1,101 @@
+import { computed, signal } from '@angular/core';
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { provideRouter } from '@angular/router';
+
+import { AUTH_SERVICE, AuthService, AuthUser } from '../../app/core/auth';
+import { NavigationService } from '../../app/core/navigation';
+import { ThemeService } from '../../app/core/services/theme.service';
+import { UserMenuComponent } from '../../app/shared/components/user-menu/user-menu.component';
+
+class ThemeServiceStub {
+  readonly mode = signal<'light' | 'dark' | 'system'>('light');
+
+  setMode(mode: 'light' | 'dark' | 'system'): void {
+    this.mode.set(mode);
+  }
+}
+
+class NavigationServiceStub {
+  readonly userMenuItems = signal<any[]>([]);
+}
+
+function createAuthServiceStub(user: AuthUser): AuthService {
+  const userSignal = signal<AuthUser | null>(user);
+
+  return {
+    isAuthenticated: signal(true),
+    user: userSignal,
+    scopes: computed(() => userSignal()?.scopes ?? []),
+    hasScope: () => false,
+    hasAllScopes: () => false,
+    hasAnyScope: () => false,
+    canViewGraph: () => false,
+    canEditGraph: () => false,
+    canExportGraph: () => false,
+    canSimulate: () => false,
+    canViewOrchestrator: () => false,
+    canOperateOrchestrator: () => false,
+    canManageOrchestratorQuotas: () => false,
+    canInitiateBackfill: () => false,
+    canViewPolicies: () => false,
+    canAuthorPolicies: () => false,
+    canEditPolicies: () => false,
+    canReviewPolicies: () => false,
+    canApprovePolicies: () => false,
+    canOperatePolicies: () => false,
+    canActivatePolicies: () => false,
+    canSimulatePolicies: () => false,
+    canPublishPolicies: () => false,
+    canAuditPolicies: () => false,
+  };
+}
+
+describe('UserMenuComponent', () => {
+  let fixture: ComponentFixture<UserMenuComponent>;
+
+  const baseUser: AuthUser = {
+    id: 'user-1',
+    name: 'Casey Operator',
+    email: 'casey@example.com',
+    tenantId: 'tenant-default',
+    tenantName: 'Default Tenant',
+    roles: ['operator'],
+    scopes: [],
+  };
+
+  async function configureWithUser(user: AuthUser): Promise<void> {
+    await TestBed.configureTestingModule({
+      imports: [UserMenuComponent],
+      providers: [
+        provideRouter([]),
+        { provide: AUTH_SERVICE, useValue: createAuthServiceStub(user) },
+        { provide: ThemeService, useClass: ThemeServiceStub },
+        { provide: NavigationService, useClass: NavigationServiceStub },
+      ],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(UserMenuComponent);
+    fixture.detectChanges();
+
+    const trigger = fixture.nativeElement.querySelector('.user-menu__trigger') as HTMLButtonElement;
+    trigger.click();
+    fixture.detectChanges();
+  }
+
+  it('shows placeholder email when identity email is UUID-based fallback', async () => {
+    await configureWithUser({
+      ...baseUser,
+      email: '8f29238e-2956-49e6-a1f2-4b58af324d63@unknown.local',
+    });
+
+    const email = fixture.nativeElement.querySelector('.user-menu__info-email') as HTMLElement;
+    expect(email.textContent?.trim()).toBe('No email configured');
+  });
+
+  it('shows real email when a normal address exists', async () => {
+    await configureWithUser(baseUser);
+
+    const email = fixture.nativeElement.querySelector('.user-menu__info-email') as HTMLElement;
+    expect(email.textContent?.trim()).toBe('casey@example.com');
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/platform-ops/data-integrity-pages.spec.ts b/src/Web/StellaOps.Web/src/tests/platform-ops/data-integrity-pages.spec.ts
new file mode 100644
index 000000000..859155ae2
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/platform-ops/data-integrity-pages.spec.ts
@@ -0,0 +1,305 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { ActivatedRoute, convertToParamMap, provideRouter } from '@angular/router';
+
+import { DataIntegrityOverviewComponent } from '../../app/features/platform-ops/data-integrity-overview.component';
+import { NightlyOpsReportPageComponent } from '../../app/features/platform-ops/data-integrity/nightly-ops-report-page.component';
+import { FeedsFreshnessPageComponent } from '../../app/features/platform-ops/data-integrity/feeds-freshness-page.component';
+import { ScanPipelineHealthPageComponent } from '../../app/features/platform-ops/data-integrity/scan-pipeline-health-page.component';
+import { ReachabilityIngestHealthPageComponent } from '../../app/features/platform-ops/data-integrity/reachability-ingest-health-page.component';
+import { IntegrationConnectivityPageComponent } from '../../app/features/platform-ops/data-integrity/integration-connectivity-page.component';
+import { DlqReplaysPageComponent } from '../../app/features/platform-ops/data-integrity/dlq-replays-page.component';
+import { DataQualitySlosPageComponent } from '../../app/features/platform-ops/data-integrity/data-quality-slos-page.component';
+import { DataIntegrityJobRunDetailPageComponent } from '../../app/features/platform-ops/data-integrity/job-run-detail-page.component';
+import { BreadcrumbService } from '../../app/layout/breadcrumb';
+
+describe('DataIntegrityOverviewComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<DataIntegrityOverviewComponent>;
+  let component: DataIntegrityOverviewComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [DataIntegrityOverviewComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(DataIntegrityOverviewComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('renders trust-score, filters, impacted decisions, and top failures sections', () => {
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Data Trust Score');
+    expect(text).toContain('Impacted Decisions');
+    expect(text).toContain('Top Failures');
+
+    const filterSelects = fixture.nativeElement.querySelectorAll('section.filters select');
+    expect(filterSelects.length).toBe(2);
+    expect(component.trustSignals.length).toBe(5);
+  });
+
+  it('provides deep-link routes for all trust signals and drilldowns', () => {
+    expect(component.trustSignals.map((signal) => signal.route)).toEqual([
+      '/platform-ops/data-integrity/feeds-freshness',
+      '/platform-ops/data-integrity/scan-pipeline',
+      '/platform-ops/data-integrity/reachability-ingest',
+      '/platform-ops/data-integrity/integration-connectivity',
+      '/platform-ops/data-integrity/dlq',
+    ]);
+
+    const drilldownLinks = fixture.nativeElement.querySelectorAll('.drilldowns a');
+    expect(drilldownLinks.length).toBe(7);
+  });
+});
+
+describe('NightlyOpsReportPageComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<NightlyOpsReportPageComponent>;
+  let component: NightlyOpsReportPageComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [NightlyOpsReportPageComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(NightlyOpsReportPageComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('renders nightly jobs table with required columns and seven stub rows', () => {
+    const headers = Array.from(
+      fixture.nativeElement.querySelectorAll('table thead th') as NodeListOf<HTMLElement>
+    ).map((node) => (node.textContent ?? '').trim());
+
+    expect(headers).toEqual([
+      'Job',
+      'Schedule',
+      'Last Run',
+      'Status',
+      'Why it matters',
+      'Actions',
+    ]);
+    expect(component.rows.length).toBeGreaterThanOrEqual(7);
+  });
+
+  it('uses mixed OK/WARN/FAIL statuses and exposes row actions', () => {
+    const statuses = new Set(component.rows.map((row) => row.status));
+    expect(statuses.has('OK')).toBeTrue();
+    expect(statuses.has('WARN')).toBeTrue();
+    expect(statuses.has('FAIL')).toBeTrue();
+
+    const firstRowActions = fixture.nativeElement.querySelectorAll('tbody tr:first-child .actions a');
+    expect(firstRowActions.length).toBe(5);
+  });
+});
+
+describe('FeedsFreshnessPageComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<FeedsFreshnessPageComponent>;
+  let component: FeedsFreshnessPageComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [FeedsFreshnessPageComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(FeedsFreshnessPageComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('renders at least three advisory source rows with non-empty gate impact', () => {
+    expect(component.rows.length).toBeGreaterThanOrEqual(3);
+    expect(component.rows.map((row) => row.source)).toEqual(['OSV', 'NVD', 'CISA KEV']);
+    expect(component.rows.every((row) => row.gateImpact.trim().length > 0)).toBeTrue();
+  });
+
+  it('links to canonical feeds operations page and stays read-only', () => {
+    const links = fixture.nativeElement.querySelectorAll('footer.links a');
+    expect(links.length).toBe(3);
+    expect((links[0] as HTMLAnchorElement).getAttribute('href')).toContain('/platform-ops/feeds');
+    expect(fixture.nativeElement.querySelectorAll('input, textarea').length).toBe(0);
+  });
+});
+
+describe('ScanPipelineHealthPageComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<ScanPipelineHealthPageComponent>;
+  let component: ScanPipelineHealthPageComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [ScanPipelineHealthPageComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(ScanPipelineHealthPageComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('renders all five pipeline stages and impact counts', () => {
+    expect(component.stages.length).toBe(5);
+    expect(component.affectedEnvironments).toBeGreaterThan(0);
+    expect(component.blockedApprovals).toBeGreaterThan(0);
+  });
+
+  it('shows four footer links for cross-module drilldowns', () => {
+    const links = fixture.nativeElement.querySelectorAll('footer.links a');
+    expect(links.length).toBe(4);
+  });
+});
+
+describe('ReachabilityIngestHealthPageComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<ReachabilityIngestHealthPageComponent>;
+  let component: ReachabilityIngestHealthPageComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [ReachabilityIngestHealthPageComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(ReachabilityIngestHealthPageComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('shows B/I/R coverage values and three ingest rows', () => {
+    expect(component.buildCoverage).toBeGreaterThan(0);
+    expect(component.imageCoverage).toBeGreaterThan(0);
+    expect(component.runtimeCoverage).toBeGreaterThan(0);
+    expect(component.rows.length).toBe(3);
+    expect(component.rows.every((row) => typeof row.backlog === 'number')).toBeTrue();
+  });
+});
+
+describe('IntegrationConnectivityPageComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<IntegrationConnectivityPageComponent>;
+  let component: IntegrationConnectivityPageComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [IntegrationConnectivityPageComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(IntegrationConnectivityPageComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('renders five connector rows and row actions', () => {
+    expect(component.rows.length).toBeGreaterThanOrEqual(5);
+    const actionLinks = fixture.nativeElement.querySelectorAll('tbody tr:first-child .actions a');
+    expect(actionLinks.length).toBe(4);
+  });
+
+  it('has footer link to Integrations Hub', () => {
+    const link = fixture.nativeElement.querySelector('footer.links a') as HTMLAnchorElement | null;
+    expect(link).toBeTruthy();
+    expect(link?.getAttribute('href')).toContain('/integrations');
+  });
+});
+
+describe('DlqReplaysPageComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<DlqReplaysPageComponent>;
+  let component: DlqReplaysPageComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [DlqReplaysPageComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(DlqReplaysPageComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('renders buckets with counts and item rows for selected bucket', () => {
+    expect(component.buckets.length).toBe(3);
+    expect(component.selectedItems().length).toBeGreaterThan(0);
+
+    component.selectedBucketId.set('sbom-rescan');
+    expect(component.selectedItems().length).toBe(1);
+  });
+
+  it('links to canonical dead-letter page', () => {
+    const link = fixture.nativeElement.querySelector('footer.links a') as HTMLAnchorElement | null;
+    expect(link).toBeTruthy();
+    expect(link?.getAttribute('href')).toContain('/platform-ops/dead-letter');
+  });
+});
+
+describe('DataQualitySlosPageComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<DataQualitySlosPageComponent>;
+  let component: DataQualitySlosPageComponent;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [DataQualitySlosPageComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(DataQualitySlosPageComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('renders SLO table rows with non-empty approval impact values', () => {
+    expect(component.rows.length).toBeGreaterThanOrEqual(3);
+    expect(component.rows.every((row) => row.approvalImpact.trim().length > 0)).toBeTrue();
+  });
+
+  it('links to Administration System SLO monitoring', () => {
+    const link = fixture.nativeElement.querySelector('footer.links a') as HTMLAnchorElement | null;
+    expect(link).toBeTruthy();
+    expect(link?.getAttribute('href')).toContain('/administration/system');
+  });
+});
+
+describe('DataIntegrityJobRunDetailPageComponent (platform-ops)', () => {
+  let fixture: ComponentFixture<DataIntegrityJobRunDetailPageComponent>;
+  let component: DataIntegrityJobRunDetailPageComponent;
+  let breadcrumbService: BreadcrumbService;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [DataIntegrityJobRunDetailPageComponent],
+      providers: [
+        provideRouter([]),
+        {
+          provide: ActivatedRoute,
+          useValue: {
+            snapshot: {
+              paramMap: convertToParamMap({ runId: 'run-24026' }),
+            },
+          },
+        },
+      ],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(DataIntegrityJobRunDetailPageComponent);
+    component = fixture.componentInstance;
+    breadcrumbService = TestBed.inject(BreadcrumbService);
+    fixture.detectChanges();
+  });
+
+  it('renders status header, integration reference, affected items, and action links', () => {
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Run run-24026');
+    expect(text).toContain('Integration Reference');
+    expect(component.affectedItems.length).toBeGreaterThan(0);
+
+    const actions = fixture.nativeElement.querySelectorAll('footer.links a');
+    expect(actions.length).toBe(4);
+  });
+
+  it('injects run id into breadcrumb context and clears on destroy', () => {
+    expect(breadcrumbService.contextCrumbs().map((crumb) => crumb.label)).toEqual(['Run #run-24026']);
+
+    fixture.destroy();
+    expect(breadcrumbService.contextCrumbs()).toEqual([]);
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/platform-ops/platform-ops-routes.spec.ts b/src/Web/StellaOps.Web/src/tests/platform-ops/platform-ops-routes.spec.ts
index c3bf1af2b..ab4d7f926 100644
--- a/src/Web/StellaOps.Web/src/tests/platform-ops/platform-ops-routes.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/platform-ops/platform-ops-routes.spec.ts
@@ -4,7 +4,7 @@
  *
  * Verifies:
  * - PLATFORM_OPS_ROUTES covers all canonical P0-P9 paths.
- * - data-integrity route is present and loads DataIntegrityOverviewComponent.
+ * - data-integrity route is present and loads the Data Integrity child route tree.
  * - All category routes are under /integrations (Integrations ownership).
  * - integrationHubRoutes covers canonical taxonomy categories.
  * - No cross-ownership contamination (connectivity is Integrations/Platform Ops, not Security & Risk).
@@ -13,6 +13,7 @@
 
 import { PLATFORM_OPS_ROUTES } from '../../app/routes/platform-ops.routes';
 import { integrationHubRoutes } from '../../app/features/integration-hub/integration-hub.routes';
+import { dataIntegrityRoutes } from '../../app/features/platform-ops/data-integrity/data-integrity.routes';
 
 // ---------------------------------------------------------------------------
 // Platform Ops routes
@@ -34,6 +35,18 @@ const EXPECTED_PLATFORM_OPS_PATHS = [
   'agents',         // P9
 ];
 
+const EXPECTED_DATA_INTEGRITY_PATHS = [
+  '',
+  'nightly-ops',
+  'nightly-ops/:runId',
+  'feeds-freshness',
+  'scan-pipeline',
+  'reachability-ingest',
+  'integration-connectivity',
+  'dlq',
+  'slos',
+];
+
 describe('PLATFORM_OPS_ROUTES (platform-ops)', () => {
   it('contains at least 10 routes', () => {
     expect(PLATFORM_OPS_ROUTES.length).toBeGreaterThanOrEqual(10);
@@ -52,10 +65,10 @@ describe('PLATFORM_OPS_ROUTES (platform-ops)', () => {
     expect(overview?.loadComponent).toBeTruthy();
   });
 
-  it('data-integrity route loads DataIntegrityOverviewComponent', () => {
+  it('data-integrity route loads child routes', () => {
     const di = PLATFORM_OPS_ROUTES.find((r) => r.path === 'data-integrity');
     expect(di).toBeDefined();
-    expect(di?.loadComponent).toBeTruthy();
+    expect(di?.loadChildren).toBeTruthy();
   });
 
   it('data-integrity breadcrumb is "Data Integrity"', () => {
@@ -63,6 +76,39 @@ describe('PLATFORM_OPS_ROUTES (platform-ops)', () => {
     expect(di?.data?.['breadcrumb']).toBe('Data Integrity');
   });
 
+  it('data-integrity child route tree contains all required pages', () => {
+    const paths = dataIntegrityRoutes.map((route) => route.path);
+    expect(paths).toEqual(EXPECTED_DATA_INTEGRITY_PATHS);
+  });
+
+  it('data-integrity sub-pages have canonical page titles', () => {
+    const map = new Map(dataIntegrityRoutes.map((route) => [route.path, route.title]));
+
+    expect(map.get('')).toBe('Data Integrity - StellaOps');
+    expect(map.get('nightly-ops')).toBe('Nightly Ops Report - StellaOps');
+    expect(map.get('feeds-freshness')).toBe('Feeds Freshness - StellaOps');
+    expect(map.get('scan-pipeline')).toBe('Scan Pipeline Health - StellaOps');
+    expect(map.get('reachability-ingest')).toBe('Reachability Ingest Health - StellaOps');
+    expect(map.get('integration-connectivity')).toBe('Integration Connectivity - StellaOps');
+    expect(map.get('dlq')).toBe('DLQ and Replays - StellaOps');
+    expect(map.get('slos')).toBe('Data Quality SLOs - StellaOps');
+  });
+
+  it('data-integrity sub-pages expose breadcrumb labels for nested navigation', () => {
+    const breadcrumbMap = new Map(
+      dataIntegrityRoutes.map((route) => [route.path, route.data?.['breadcrumb'] ?? null])
+    );
+
+    expect(breadcrumbMap.get('')).toBe('Data Integrity');
+    expect(breadcrumbMap.get('nightly-ops')).toBe('Nightly Ops Report');
+    expect(breadcrumbMap.get('feeds-freshness')).toBe('Feeds Freshness');
+    expect(breadcrumbMap.get('scan-pipeline')).toBe('Scan Pipeline Health');
+    expect(breadcrumbMap.get('reachability-ingest')).toBe('Reachability Ingest Health');
+    expect(breadcrumbMap.get('integration-connectivity')).toBe('Integration Connectivity');
+    expect(breadcrumbMap.get('dlq')).toBe('DLQ and Replays');
+    expect(breadcrumbMap.get('slos')).toBe('Data Quality SLOs');
+  });
+
   it('dead-letter route is present for DLQ management', () => {
     const dlq = PLATFORM_OPS_ROUTES.find((r) => r.path === 'dead-letter');
     expect(dlq).toBeDefined();
diff --git a/src/Web/StellaOps.Web/src/tests/proof_chain/proof-chain.component.spec.ts b/src/Web/StellaOps.Web/src/tests/proof_chain/proof-chain.component.spec.ts
index 35504bca6..ad51cfdab 100644
--- a/src/Web/StellaOps.Web/src/tests/proof_chain/proof-chain.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/proof_chain/proof-chain.component.spec.ts
@@ -1,4 +1,5 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { ActivatedRoute, convertToParamMap } from '@angular/router';
 import { of } from 'rxjs';
 
 import { ProofChainComponent } from '../../app/features/proof-chain/proof-chain.component';
@@ -57,7 +58,15 @@ describe('Proof Chain Verification UI (B27-002)', () => {
 
     await TestBed.configureTestingModule({
       imports: [ProofChainComponent],
-      providers: [{ provide: ProofChainService, useValue: serviceStub }],
+      providers: [
+        { provide: ProofChainService, useValue: serviceStub },
+        {
+          provide: ActivatedRoute,
+          useValue: {
+            snapshot: { paramMap: convertToParamMap({}) },
+          },
+        },
+      ],
     }).compileComponents();
 
     fixture = TestBed.createComponent(ProofChainComponent);
@@ -69,8 +78,21 @@ describe('Proof Chain Verification UI (B27-002)', () => {
     const graphContainer = fixture.nativeElement.querySelector('.graph-container') as HTMLDivElement;
     const renderedNodes = graphContainer.querySelectorAll('.proof-node');
 
+    expect(fixture.nativeElement.textContent).toContain('Proof Chains');
     expect(renderedNodes.length).toBe(2);
     expect(graphContainer.textContent).toContain('Sbom');
     expect(graphContainer.textContent).toContain('Verdict');
   });
+
+  it('shows validation feedback when search is submitted without a digest', async () => {
+    const emptyFixture = TestBed.createComponent(ProofChainComponent);
+    emptyFixture.detectChanges();
+    await emptyFixture.whenStable();
+
+    const searchButton = emptyFixture.nativeElement.querySelector('.proof-chain-search button') as HTMLButtonElement;
+    searchButton.click();
+    emptyFixture.detectChanges();
+
+    expect(emptyFixture.nativeElement.textContent).toContain('A subject digest is required.');
+  });
 });
diff --git a/src/Web/StellaOps.Web/src/tests/quotas/operator-quota-dashboard.spec.ts b/src/Web/StellaOps.Web/src/tests/quotas/operator-quota-dashboard.spec.ts
index 9d52030f6..ee19f3561 100644
--- a/src/Web/StellaOps.Web/src/tests/quotas/operator-quota-dashboard.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/quotas/operator-quota-dashboard.spec.ts
@@ -153,4 +153,16 @@ describe('Operator Quota Dashboard (B24-003)', () => {
     component.toggleCategory('jobs');
     expect(component.selectedCategories()).toEqual(['license', 'api', 'storage', 'jobs']);
   });
+
+  it('renders action buttons without leaking icon name text labels', () => {
+    fixture.detectChanges();
+
+    const labels = Array.from(
+      fixture.nativeElement.querySelectorAll('.header-actions .btn.btn-secondary') as NodeListOf<HTMLButtonElement>
+    ).map((button) => button.textContent?.replace(/\s+/g, ' ').trim());
+
+    expect(labels).toEqual(['Configure Alerts', 'Export Report']);
+    expect(labels.join(' ')).not.toContain('bell');
+    expect(labels.join(' ')).not.toContain('download');
+  });
 });
diff --git a/src/Web/StellaOps.Web/src/tests/release-control/environment-detail-standardization.component.spec.ts b/src/Web/StellaOps.Web/src/tests/release-control/environment-detail-standardization.component.spec.ts
new file mode 100644
index 000000000..c3ec50410
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/release-control/environment-detail-standardization.component.spec.ts
@@ -0,0 +1,133 @@
+import { TestBed } from '@angular/core/testing';
+import { Title } from '@angular/platform-browser';
+import {
+  ActivatedRoute,
+  convertToParamMap,
+  provideRouter,
+} from '@angular/router';
+
+import { BreadcrumbService } from '../../app/layout/breadcrumb';
+import { EnvironmentDetailComponent } from '../../app/features/release-orchestrator/environments/environment-detail/environment-detail.component';
+import { ENVIRONMENT_ROUTES } from '../../app/features/release-orchestrator/environments/environments.routes';
+
+describe('Environment detail standardization (sprint 025)', () => {
+  const routeStub: {
+    snapshot: {
+      paramMap: ReturnType<typeof convertToParamMap>;
+      queryParamMap: ReturnType<typeof convertToParamMap>;
+      data: Record<string, unknown>;
+    };
+  } = {
+    snapshot: {
+      paramMap: convertToParamMap({ region: 'global', env: 'prod' }),
+      queryParamMap: convertToParamMap({}),
+      data: {},
+    },
+  };
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [EnvironmentDetailComponent],
+      providers: [
+        provideRouter([]),
+        {
+          provide: ActivatedRoute,
+          useValue: routeStub,
+        },
+      ],
+    }).compileComponents();
+  });
+
+  it('defines canonical region/env routes including settings initial tab', () => {
+    const detailRoute = ENVIRONMENT_ROUTES.find((route) => route.path === ':region/:env');
+    const settingsRoute = ENVIRONMENT_ROUTES.find(
+      (route) => route.path === ':region/:env/settings'
+    );
+
+    expect(detailRoute).toBeTruthy();
+    expect(settingsRoute).toBeTruthy();
+    expect(settingsRoute?.data?.['initialTab']).toBe('inputs');
+  });
+
+  it('renders standardized header with manifest digest and 8 tabs', () => {
+    routeStub.snapshot = {
+      paramMap: convertToParamMap({ region: 'eu-west', env: 'prod' }),
+      queryParamMap: convertToParamMap({}),
+      data: {},
+    };
+
+    const fixture = TestBed.createComponent(EnvironmentDetailComponent);
+    fixture.detectChanges();
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Deploy');
+    expect(text).toContain('SBOM');
+    expect(text).toContain('Findings (target env)');
+    expect(text).toContain('Hybrid Reach Coverage');
+    expect(text).toContain('Data Confidence');
+    expect(text).toContain('Policy Baseline / Version Lock');
+    expect(text).toContain('Deployed Bundle');
+    expect(text).toContain('sha256:env-manifest-7aa1b2c3d4e5f6a7b8');
+
+    const tabButtons = fixture.nativeElement.querySelectorAll('.tab-nav button');
+    expect(tabButtons.length).toBe(8);
+  });
+
+  it('sets dynamic title and breadcrumb context from route params', () => {
+    routeStub.snapshot = {
+      paramMap: convertToParamMap({ region: 'us-east', env: 'staging' }),
+      queryParamMap: convertToParamMap({}),
+      data: {},
+    };
+
+    const fixture = TestBed.createComponent(EnvironmentDetailComponent);
+    fixture.detectChanges();
+
+    const title = TestBed.inject(Title);
+    const breadcrumbs = TestBed.inject(BreadcrumbService).contextCrumbs();
+
+    expect(title.getTitle()).toBe('us-east/staging Environment - StellaOps');
+    expect(breadcrumbs.length).toBe(2);
+    expect(breadcrumbs[0].label).toBe('us-east');
+    expect(breadcrumbs[0].route).toBe('/release-control/regions/us-east');
+    expect(breadcrumbs[1].label).toBe('staging');
+  });
+
+  it('uses query tab over route data and falls back to route data when query is missing', () => {
+    routeStub.snapshot = {
+      paramMap: convertToParamMap({ region: 'global', env: 'prod' }),
+      queryParamMap: convertToParamMap({ tab: 'reachability' }),
+      data: { initialTab: 'inputs' },
+    };
+    const fixtureWithQuery = TestBed.createComponent(EnvironmentDetailComponent);
+    fixtureWithQuery.detectChanges();
+    expect(fixtureWithQuery.componentInstance.activeTab()).toBe('reachability');
+    fixtureWithQuery.destroy();
+
+    routeStub.snapshot = {
+      paramMap: convertToParamMap({ region: 'global', env: 'prod' }),
+      queryParamMap: convertToParamMap({}),
+      data: { initialTab: 'inputs' },
+    };
+    const fixtureWithData = TestBed.createComponent(EnvironmentDetailComponent);
+    fixtureWithData.detectChanges();
+    expect(fixtureWithData.componentInstance.activeTab()).toBe('inputs');
+  });
+
+  it('clears breadcrumb context on destroy', () => {
+    routeStub.snapshot = {
+      paramMap: convertToParamMap({ region: 'eu-central', env: 'prod' }),
+      queryParamMap: convertToParamMap({}),
+      data: {},
+    };
+
+    const fixture = TestBed.createComponent(EnvironmentDetailComponent);
+    fixture.detectChanges();
+
+    const breadcrumbService = TestBed.inject(BreadcrumbService);
+    expect(breadcrumbService.contextCrumbs().length).toBe(2);
+
+    fixture.destroy();
+    expect(breadcrumbService.contextCrumbs().length).toBe(0);
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/release-control/release-control-routes.spec.ts b/src/Web/StellaOps.Web/src/tests/release-control/release-control-routes.spec.ts
index 77990eb26..d0fbe3c0a 100644
--- a/src/Web/StellaOps.Web/src/tests/release-control/release-control-routes.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/release-control/release-control-routes.spec.ts
@@ -26,6 +26,7 @@ describe('RELEASE_CONTROL_ROUTES (release-control)', () => {
 
   it('contains all canonical domain paths', () => {
     const expected = [
+      'control-plane',
       'setup',
       'setup/environments-paths',
       'setup/targets-agents',
@@ -33,11 +34,15 @@ describe('RELEASE_CONTROL_ROUTES (release-control)', () => {
       'setup/bundle-templates',
       'releases',
       'approvals',
-      'environments',
+      'regions',
+      'regions/:region',
+      'regions/:region/environments/:env',
       'deployments',
       'bundles',
       'promotions',
       'runs',
+      'governance',
+      'hotfixes',
     ];
     for (const p of expected) {
       expect(paths).toContain(p);
@@ -94,8 +99,12 @@ describe('BUNDLE_ROUTES (release-control)', () => {
     expect(paths).toContain(':bundleId');
   });
 
-  it('has version detail route :bundleId/:version', () => {
-    expect(paths).toContain(':bundleId/:version');
+  it('has organizer route :bundleId/organizer', () => {
+    expect(paths).toContain(':bundleId/organizer');
+  });
+
+  it('has version detail route :bundleId/versions/:versionId', () => {
+    expect(paths).toContain(':bundleId/versions/:versionId');
   });
 
   it('catalog route has "Bundles" breadcrumb', () => {
@@ -114,12 +123,12 @@ describe('BUNDLE_ROUTES (release-control)', () => {
   });
 
   it('version detail route has "Bundle Version" breadcrumb', () => {
-    const vd = BUNDLE_ROUTES.find((r) => r.path === ':bundleId/:version');
+    const vd = BUNDLE_ROUTES.find((r) => r.path === ':bundleId/versions/:versionId');
     expect(vd?.data?.['breadcrumb']).toBe('Bundle Version');
   });
 
-  it('all routes use loadComponent (no module-based lazy loading)', () => {
-    for (const route of BUNDLE_ROUTES) {
+  it('all non-redirect routes use loadComponent (no module-based lazy loading)', () => {
+    for (const route of BUNDLE_ROUTES.filter((r) => !r.redirectTo)) {
       expect(route.loadComponent).toBeTruthy();
     }
   });
diff --git a/src/Web/StellaOps.Web/src/tests/releases/release-list-loading-state.spec.ts b/src/Web/StellaOps.Web/src/tests/releases/release-list-loading-state.spec.ts
new file mode 100644
index 000000000..9c33ecc70
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/releases/release-list-loading-state.spec.ts
@@ -0,0 +1,109 @@
+import { signal } from '@angular/core';
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { provideRouter } from '@angular/router';
+
+import type { ManagedRelease } from '../../app/core/api/release-management.models';
+import { ReleaseListComponent } from '../../app/features/release-orchestrator/releases/release-list/release-list.component';
+import { ReleaseManagementStore } from '../../app/features/release-orchestrator/releases/release.store';
+
+class ReleaseManagementStoreStub {
+  readonly releases = signal<ManagedRelease[]>([]);
+  readonly loading = signal(false);
+  readonly error = signal<string | null>(null);
+  readonly totalCount = signal(0);
+  readonly currentPage = signal(1);
+  readonly pageSize = signal(20);
+  readonly filter = signal({});
+  readonly statusCounts = signal({
+    draft: 0,
+    ready: 0,
+    deploying: 0,
+    deployed: 0,
+    failed: 0,
+    rolled_back: 0,
+  });
+
+  readonly loadReleases = jasmine.createSpy('loadReleases');
+  readonly setFilter = jasmine.createSpy('setFilter');
+  readonly setPage = jasmine.createSpy('setPage');
+  readonly cloneRelease = jasmine.createSpy('cloneRelease');
+  readonly deleteRelease = jasmine.createSpy('deleteRelease');
+}
+
+describe('ReleaseListComponent loading behavior', () => {
+  let fixture: ComponentFixture<ReleaseListComponent>;
+  let store: ReleaseManagementStoreStub;
+
+  beforeEach(async () => {
+    store = new ReleaseManagementStoreStub();
+    store.releases.set([
+      {
+        id: 'rel-hotfix-124',
+        name: 'Hotfix',
+        version: '1.2.4',
+        description: 'Critical reachable CVE hotfix',
+        status: 'ready',
+        currentEnvironment: 'staging',
+        targetEnvironment: 'production',
+        componentCount: 8,
+        createdAt: '2026-02-19T07:00:00Z',
+        createdBy: 'release-bot',
+        updatedAt: '2026-02-19T07:00:00Z',
+        deployedAt: null,
+        deploymentStrategy: 'rolling',
+      },
+      {
+        id: 'rel-platform-130-rc1',
+        name: 'Platform Release',
+        version: '1.3.0-rc1',
+        description: 'Quarterly platform baseline update',
+        status: 'ready',
+        currentEnvironment: 'dev',
+        targetEnvironment: 'staging',
+        componentCount: 24,
+        createdAt: '2026-02-18T14:30:00Z',
+        createdBy: 'release-bot',
+        updatedAt: '2026-02-18T14:30:00Z',
+        deployedAt: null,
+        deploymentStrategy: 'rolling',
+      },
+    ]);
+    store.totalCount.set(2);
+    store.statusCounts.set({
+      draft: 0,
+      ready: 2,
+      deploying: 0,
+      deployed: 0,
+      failed: 0,
+      rolled_back: 0,
+    });
+
+    await TestBed.configureTestingModule({
+      imports: [ReleaseListComponent],
+      providers: [
+        provideRouter([]),
+        { provide: ReleaseManagementStore, useValue: store },
+      ],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(ReleaseListComponent);
+    fixture.detectChanges();
+  });
+
+  it('renders releases when data is available and does not stay in loading state', () => {
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Hotfix');
+    expect(text).toContain('Platform Release');
+    expect(text).not.toContain('Loading releases...');
+    expect(store.loadReleases).toHaveBeenCalled();
+  });
+
+  it('shows explicit error banner when backend loading fails', () => {
+    store.error.set('Failed to load releases');
+    fixture.detectChanges();
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Failed to load releases');
+    expect(text).not.toContain('Loading releases...');
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/routes/legacy-route-migration-framework.component.spec.ts b/src/Web/StellaOps.Web/src/tests/routes/legacy-route-migration-framework.component.spec.ts
index 526702131..01793d79d 100644
--- a/src/Web/StellaOps.Web/src/tests/routes/legacy-route-migration-framework.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/routes/legacy-route-migration-framework.component.spec.ts
@@ -21,16 +21,12 @@ function paramTokens(path: string): string[] {
 describe('Legacy Route Migration Framework (routes)', () => {
   it('maps every legacy redirect target to a defined top-level route segment', () => {
     const topLevelSegments = new Set([
-      'approvals',
-      'security',
-      'analytics',
-      'policy',
-      'settings',
-      'operations',
-      'environments',
-      'releases',
-      'deployments',
-      'evidence',
+      'release-control',
+      'security-risk',
+      'evidence-audit',
+      'integrations',
+      'platform-ops',
+      'administration',
     ]);
 
     for (const route of LEGACY_REDIRECT_ROUTE_TEMPLATES) {
@@ -58,9 +54,9 @@ describe('Legacy Route Migration Framework (routes)', () => {
     beforeEach(async () => {
       const testRoutes: Routes = [
         ...LEGACY_REDIRECT_ROUTES,
-        { path: 'operations/health', component: DummyRouteTargetComponent },
-        { path: 'security/artifacts/:artifactId', component: DummyRouteTargetComponent },
-        { path: 'environments', component: DummyRouteTargetComponent },
+        { path: 'platform-ops/health', component: DummyRouteTargetComponent },
+        { path: 'security-risk/artifacts/:artifactId', component: DummyRouteTargetComponent },
+        { path: 'release-control/regions', component: DummyRouteTargetComponent },
         { path: '**', component: DummyRouteTargetComponent },
       ];
 
@@ -73,19 +69,19 @@ describe('Legacy Route Migration Framework (routes)', () => {
       router.initialNavigation();
     });
 
-    it('redirects legacy operations paths to consolidated operations paths', async () => {
+    it('redirects legacy operations paths to platform ops canonical paths', async () => {
       await router.navigateByUrl('/ops/health');
-      expect(router.url).toBe('/operations/health');
+      expect(router.url).toBe('/platform-ops/health');
     });
 
     it('preserves route params and query params when redirecting triage artifact detail', async () => {
       await router.navigateByUrl('/triage/artifacts/artifact-123?tab=evidence');
-      expect(router.url).toBe('/security/artifacts/artifact-123?tab=evidence');
+      expect(router.url).toBe('/security-risk/artifacts/artifact-123?tab=evidence');
     });
 
-    it('redirects release orchestrator environment path to top-level environments alias', async () => {
+    it('redirects release orchestrator environments to release control domain', async () => {
       await router.navigateByUrl('/release-orchestrator/environments');
-      expect(router.url).toBe('/environments');
+      expect(router.url).toBe('/release-control/regions');
     });
   });
 });
diff --git a/src/Web/StellaOps.Web/src/tests/scheduler_ops/scheduler-orchestrator-ops-ui.behavior.spec.ts b/src/Web/StellaOps.Web/src/tests/scheduler_ops/scheduler-orchestrator-ops-ui.behavior.spec.ts
index 5ca94996d..095ea2fee 100644
--- a/src/Web/StellaOps.Web/src/tests/scheduler_ops/scheduler-orchestrator-ops-ui.behavior.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/scheduler_ops/scheduler-orchestrator-ops-ui.behavior.spec.ts
@@ -1,10 +1,13 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { HttpClient } from '@angular/common/http';
 import { provideRouter } from '@angular/router';
+import { of } from 'rxjs';
 
 import { ScheduleManagementComponent } from '../../app/features/scheduler-ops/schedule-management.component';
 import { SchedulerRunsComponent } from '../../app/features/scheduler-ops/scheduler-runs.component';
-import { SchedulerRun, Worker } from '../../app/features/scheduler-ops/scheduler-ops.models';
+import { Schedule, SchedulerRun, Worker } from '../../app/features/scheduler-ops/scheduler-ops.models';
 import { WorkerFleetComponent } from '../../app/features/scheduler-ops/worker-fleet.component';
+import { SCHEDULER_API, type SchedulerApi, type CreateScheduleDto, type UpdateScheduleDto } from '../../app/core/api/scheduler.client';
 
 const createRun = (overrides: Partial<SchedulerRun> = {}): SchedulerRun => ({
   id: 'run-001',
@@ -40,6 +43,92 @@ const createWorker = (overrides: Partial<Worker> = {}): Worker => ({
   ...overrides,
 });
 
+const createSchedulerApiMock = (): SchedulerApi => {
+  let schedules: Schedule[] = [
+    {
+      id: 'sch-seed',
+      name: 'Seed Schedule',
+      description: 'seed',
+      cronExpression: '0 6 * * *',
+      timezone: 'UTC',
+      enabled: true,
+      taskType: 'scan',
+      taskConfig: {},
+      lastRunAt: undefined,
+      nextRunAt: undefined,
+      createdAt: '2026-02-11T10:00:00Z',
+      updatedAt: '2026-02-11T10:00:00Z',
+      createdBy: 'test',
+      tags: [],
+      retryPolicy: {
+        maxRetries: 3,
+        backoffMultiplier: 2,
+        initialDelayMs: 1000,
+        maxDelayMs: 60000,
+      },
+      concurrencyLimit: 1,
+    },
+  ];
+  return {
+    listSchedules: () => of([...schedules]),
+    getSchedule: (id: string) => of(schedules.find((schedule) => schedule.id === id) ?? schedules[0]),
+    createSchedule: (dto: CreateScheduleDto) => {
+      const created: Schedule = {
+        id: `sch-${schedules.length + 1}`,
+        name: dto.name,
+        description: dto.description,
+        cronExpression: dto.cronExpression,
+        timezone: dto.timezone,
+        enabled: dto.enabled,
+        taskType: dto.taskType,
+        taskConfig: dto.taskConfig ?? {},
+        lastRunAt: undefined,
+        nextRunAt: undefined,
+        createdAt: '2026-02-11T10:00:00Z',
+        updatedAt: '2026-02-11T10:00:00Z',
+        createdBy: 'test',
+        tags: dto.tags ?? [],
+        retryPolicy: dto.retryPolicy ?? {
+          maxRetries: 3,
+          backoffMultiplier: 2,
+          initialDelayMs: 1000,
+          maxDelayMs: 60000,
+        },
+        concurrencyLimit: dto.concurrencyLimit ?? 1,
+      };
+      schedules = [...schedules, created];
+      return of(created);
+    },
+    updateSchedule: (id: string, dto: UpdateScheduleDto) => {
+      const index = schedules.findIndex((schedule) => schedule.id === id);
+      if (index >= 0) {
+        schedules[index] = {
+          ...schedules[index],
+          ...dto,
+          updatedAt: '2026-02-11T11:00:00Z',
+        };
+      }
+      return of(schedules[index] ?? schedules[0]);
+    },
+    deleteSchedule: (id: string) => {
+      schedules = schedules.filter((schedule) => schedule.id !== id);
+      return of(void 0);
+    },
+    pauseSchedule: (_id: string) => of(void 0),
+    resumeSchedule: (_id: string) => of(void 0),
+    triggerSchedule: (_id: string) => of(void 0),
+    previewImpact: () => of({
+      scheduleId: 'preview',
+      proposedChange: 'update',
+      affectedRuns: 0,
+      nextRunTime: '2026-02-11T11:00:00Z',
+      estimatedLoad: 10,
+      conflicts: [],
+      warnings: [],
+    }),
+  } satisfies SchedulerApi;
+};
+
 describe('scheduler-orchestrator-ops-ui behavior', () => {
   describe('SchedulerRunsComponent', () => {
     let fixture: ComponentFixture<SchedulerRunsComponent>;
@@ -48,7 +137,15 @@ describe('scheduler-orchestrator-ops-ui behavior', () => {
     beforeEach(async () => {
       await TestBed.configureTestingModule({
         imports: [SchedulerRunsComponent],
-        providers: [provideRouter([])],
+        providers: [
+          provideRouter([]),
+          {
+            provide: HttpClient,
+            useValue: {
+              get: () => of([]),
+            },
+          },
+        ],
       }).compileComponents();
 
       fixture = TestBed.createComponent(SchedulerRunsComponent);
@@ -96,6 +193,30 @@ describe('scheduler-orchestrator-ops-ui behavior', () => {
       expect(component.connectionError()).toBeNull();
       expect(component.actionNotice()).toContain('reconnected');
     });
+
+    it('keeps scheduler action links within /platform-ops/scheduler subtree', () => {
+      const buttons = Array.from(
+        fixture.nativeElement.querySelectorAll('.header-actions .btn.btn-secondary') as NodeListOf<HTMLButtonElement>
+      );
+      const manageButton = buttons.find((button) =>
+        (button.textContent ?? '').includes('Manage Schedules')
+      );
+      const workerButton = buttons.find((button) =>
+        (button.textContent ?? '').includes('Worker Fleet')
+      );
+
+      const manageLink =
+        manageButton?.getAttribute('ng-reflect-router-link') ??
+        manageButton?.getAttribute('routerLink') ??
+        '';
+      const workerLink =
+        workerButton?.getAttribute('ng-reflect-router-link') ??
+        workerButton?.getAttribute('routerLink') ??
+        '';
+
+      expect(manageLink).toContain('/platform-ops/scheduler/schedules');
+      expect(workerLink).toContain('/platform-ops/scheduler/workers');
+    });
   });
 
   describe('ScheduleManagementComponent', () => {
@@ -105,7 +226,10 @@ describe('scheduler-orchestrator-ops-ui behavior', () => {
     beforeEach(async () => {
       await TestBed.configureTestingModule({
         imports: [ScheduleManagementComponent],
-        providers: [provideRouter([])],
+        providers: [
+          provideRouter([]),
+          { provide: SCHEDULER_API, useValue: createSchedulerApiMock() },
+        ],
       }).compileComponents();
 
       fixture = TestBed.createComponent(ScheduleManagementComponent);
@@ -141,6 +265,14 @@ describe('scheduler-orchestrator-ops-ui behavior', () => {
       const created = component.schedules().find((schedule) => schedule.name === 'Tag Normalization Job');
       expect(created?.tags).toEqual(['alpha', 'beta', 'prod']);
     });
+
+    it('uses canonical back link to platform ops scheduler runs', () => {
+      const backLink = fixture.nativeElement.querySelector('.back-link') as HTMLAnchorElement | null;
+      expect(backLink).not.toBeNull();
+
+      const reflectedLink = backLink?.getAttribute('ng-reflect-router-link') ?? backLink?.getAttribute('href') ?? '';
+      expect(reflectedLink).toContain('/platform-ops/scheduler/runs');
+    });
   });
 
   describe('WorkerFleetComponent', () => {
@@ -167,5 +299,13 @@ describe('scheduler-orchestrator-ops-ui behavior', () => {
       const entries = component.getVersionEntries();
       expect(entries.map((entry) => entry.version)).toEqual(['2.0.0', '2.1.0']);
     });
+
+    it('uses canonical back link to platform ops scheduler runs', () => {
+      const backLink = fixture.nativeElement.querySelector('.back-link') as HTMLAnchorElement | null;
+      expect(backLink).not.toBeNull();
+
+      const reflectedLink = backLink?.getAttribute('ng-reflect-router-link') ?? backLink?.getAttribute('href') ?? '';
+      expect(reflectedLink).toContain('/platform-ops/scheduler/runs');
+    });
   });
 });
diff --git a/src/Web/StellaOps.Web/src/tests/security-risk/sbom-graph-page.component.spec.ts b/src/Web/StellaOps.Web/src/tests/security-risk/sbom-graph-page.component.spec.ts
new file mode 100644
index 000000000..a79d50560
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/security-risk/sbom-graph-page.component.spec.ts
@@ -0,0 +1,25 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { provideRouter } from '@angular/router';
+
+import { SbomGraphPageComponent } from '../../app/features/security/sbom-graph-page.component';
+
+describe('SbomGraphPageComponent (security-risk)', () => {
+  let fixture: ComponentFixture<SbomGraphPageComponent>;
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      imports: [SbomGraphPageComponent],
+      providers: [provideRouter([])],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(SbomGraphPageComponent);
+    fixture.detectChanges();
+  });
+
+  it('renders a non-error coming-soon state with guidance links', () => {
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Graph visualization is coming soon');
+    expect(text).toContain('Open Findings');
+    expect(text).toContain('Open Reachability');
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/security-risk/security-risk-detail-pages.spec.ts b/src/Web/StellaOps.Web/src/tests/security-risk/security-risk-detail-pages.spec.ts
new file mode 100644
index 000000000..c83961305
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/security-risk/security-risk-detail-pages.spec.ts
@@ -0,0 +1,66 @@
+import { TestBed } from '@angular/core/testing';
+import { ActivatedRoute, convertToParamMap, provideRouter } from '@angular/router';
+
+import { FindingDetailPageComponent } from '../../app/features/security-risk/finding-detail-page.component';
+import { VulnerabilityDetailPageComponent } from '../../app/features/security-risk/vulnerability-detail-page.component';
+
+describe('Security & Risk detail stubs', () => {
+  it('renders finding detail sections and actions', async () => {
+    await TestBed.configureTestingModule({
+      imports: [FindingDetailPageComponent],
+      providers: [
+        provideRouter([]),
+        {
+          provide: ActivatedRoute,
+          useValue: {
+            snapshot: {
+              paramMap: convertToParamMap({ findingId: 'FND-001' }),
+            },
+          },
+        },
+      ],
+    }).compileComponents();
+
+    const fixture = TestBed.createComponent(FindingDetailPageComponent);
+    fixture.detectChanges();
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Finding FND-001');
+    expect(text).toContain('Reachability');
+    expect(text).toContain('Impact');
+    expect(text).toContain('Disposition');
+    expect(text).toContain('Create Exception Request');
+    expect(text).toContain('Search/Import VEX');
+    expect(text).toContain('Export as Evidence');
+  });
+
+  it('renders vulnerability detail sections and actions', async () => {
+    await TestBed.configureTestingModule({
+      imports: [VulnerabilityDetailPageComponent],
+      providers: [
+        provideRouter([]),
+        {
+          provide: ActivatedRoute,
+          useValue: {
+            snapshot: {
+              paramMap: convertToParamMap({ cveId: 'CVE-2026-1234' }),
+            },
+          },
+        },
+      ],
+    }).compileComponents();
+
+    const fixture = TestBed.createComponent(VulnerabilityDetailPageComponent);
+    fixture.detectChanges();
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('CVE-2026-1234');
+    expect(text).toContain('Data Confidence: WARN');
+    expect(text).toContain('Impact Summary');
+    expect(text).toContain('Disposition');
+    expect(text).toContain('Open Findings');
+    expect(text).toContain('Open SBOM Graph');
+    expect(text).toContain('Create Exception');
+    expect(text).toContain('Export Report');
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/security-risk/security-risk-routes.spec.ts b/src/Web/StellaOps.Web/src/tests/security-risk/security-risk-routes.spec.ts
index 9f223d90d..9a7dd845e 100644
--- a/src/Web/StellaOps.Web/src/tests/security-risk/security-risk-routes.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/security-risk/security-risk-routes.spec.ts
@@ -24,6 +24,10 @@ describe('SECURITY_RISK_ROUTES', () => {
     expect(allPaths).toContain('findings');
   });
 
+  it('contains the finding detail route', () => {
+    expect(allPaths).toContain('findings/:findingId');
+  });
+
   it('contains the advisory-sources route', () => {
     expect(allPaths).toContain('advisory-sources');
   });
@@ -33,7 +37,7 @@ describe('SECURITY_RISK_ROUTES', () => {
   });
 
   it('contains the vulnerability detail route', () => {
-    expect(allPaths).toContain('vulnerabilities/:vulnId');
+    expect(allPaths).toContain('vulnerabilities/:cveId');
   });
 
   it('contains the reachability route', () => {
@@ -52,6 +56,14 @@ describe('SECURITY_RISK_ROUTES', () => {
     expect(allPaths).toContain('sbom');
   });
 
+  it('contains the sbom lake route', () => {
+    expect(allPaths).toContain('sbom-lake');
+  });
+
+  it('contains the exceptions route', () => {
+    expect(allPaths).toContain('exceptions');
+  });
+
   it('contains the lineage route', () => {
     expect(allPaths).toContain('lineage');
   });
@@ -80,15 +92,15 @@ describe('SECURITY_RISK_ROUTES', () => {
   // Overview route breadcrumb
   // ──────────────────────────────────────────
 
-  it('overview route has "Security and Risk" breadcrumb', () => {
+  it('overview route has "Risk Overview" breadcrumb', () => {
     const overviewRoute = getRouteByPath('');
     expect(overviewRoute).toBeDefined();
-    expect(overviewRoute?.data?.['breadcrumb']).toBe('Security and Risk');
+    expect(overviewRoute?.data?.['breadcrumb']).toBe('Risk Overview');
   });
 
-  it('overview route has title "Security and Risk"', () => {
+  it('overview route has title "Risk Overview"', () => {
     const overviewRoute = getRouteByPath('');
-    expect(overviewRoute?.title).toBe('Security and Risk');
+    expect(overviewRoute?.title).toBe('Risk Overview');
   });
 
   // ──────────────────────────────────────────
@@ -106,7 +118,7 @@ describe('SECURITY_RISK_ROUTES', () => {
   // ──────────────────────────────────────────
 
   it('findings route has "Findings" breadcrumb', () => {
-    expect(getRouteByPath('findings')?.data?.['breadcrumb']).toBe('Findings');
+    expect(getRouteByPath('findings')?.data?.['breadcrumb']).toBe('Findings Explorer');
   });
 
   it('advisory-sources route has "Advisory Sources" breadcrumb', () => {
@@ -114,19 +126,19 @@ describe('SECURITY_RISK_ROUTES', () => {
   });
 
   it('vulnerabilities route has "Vulnerabilities" breadcrumb', () => {
-    expect(getRouteByPath('vulnerabilities')?.data?.['breadcrumb']).toBe('Vulnerabilities');
+    expect(getRouteByPath('vulnerabilities')?.data?.['breadcrumb']).toBe('Vulnerabilities Explorer');
   });
 
   it('risk route has "Risk Overview" breadcrumb', () => {
     expect(getRouteByPath('risk')?.data?.['breadcrumb']).toBe('Risk Overview');
   });
 
-  it('vex route has "VEX" breadcrumb', () => {
-    expect(getRouteByPath('vex')?.data?.['breadcrumb']).toBe('VEX');
+  it('vex route has "VEX Hub" breadcrumb', () => {
+    expect(getRouteByPath('vex')?.data?.['breadcrumb']).toBe('VEX Hub');
   });
 
-  it('sbom route has "SBOM" breadcrumb', () => {
-    expect(getRouteByPath('sbom')?.data?.['breadcrumb']).toBe('SBOM');
+  it('sbom route has "SBOM Graph" breadcrumb', () => {
+    expect(getRouteByPath('sbom')?.data?.['breadcrumb']).toBe('SBOM Graph');
   });
 
   it('reachability route has "Reachability" breadcrumb', () => {
diff --git a/src/Web/StellaOps.Web/src/tests/security/release-aware-security-findings.behavior.spec.ts b/src/Web/StellaOps.Web/src/tests/security/release-aware-security-findings.behavior.spec.ts
index f4d014b96..52e5185b7 100644
--- a/src/Web/StellaOps.Web/src/tests/security/release-aware-security-findings.behavior.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/security/release-aware-security-findings.behavior.spec.ts
@@ -1,16 +1,77 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
 import { provideRouter } from '@angular/router';
+import { of } from 'rxjs';
 
 import { SecurityFindingsPageComponent } from '../../app/features/security/security-findings-page.component';
+import { SECURITY_FINDINGS_API, type SecurityFindingsApi } from '../../app/core/api/security-findings.client';
 
 describe('Release-Aware Security Findings (B29-002)', () => {
   let fixture: ComponentFixture<SecurityFindingsPageComponent>;
   let component: SecurityFindingsPageComponent;
 
   beforeEach(async () => {
+    const findingsApiMock: SecurityFindingsApi = {
+      listFindings: () =>
+        of([
+          {
+            id: 'CVE-2026-1234',
+            package: 'log4j-core',
+            version: '2.17.0',
+            severity: 'CRITICAL',
+            cvss: 9.8,
+            reachable: true,
+            reachabilityConfidence: 92,
+            vexStatus: 'affected',
+            releaseId: 'rel-1',
+            releaseVersion: 'prod@4.1.0',
+            delta: 'new',
+            environments: ['Prod'],
+            firstSeen: '1h ago',
+          },
+          {
+            id: 'CVE-2026-5678',
+            package: 'openssl',
+            version: '3.0.8',
+            severity: 'HIGH',
+            cvss: 8.1,
+            reachable: false,
+            reachabilityConfidence: 64,
+            vexStatus: 'under_investigation',
+            releaseId: 'rel-2',
+            releaseVersion: 'staging@4.1.1',
+            delta: 'carried',
+            environments: ['Staging'],
+            firstSeen: '3h ago',
+          },
+        ]),
+      getFinding: () =>
+        of({
+          id: 'CVE-2026-1234',
+          package: 'log4j-core',
+          version: '2.17.0',
+          severity: 'CRITICAL',
+          cvss: 9.8,
+          reachable: true,
+          reachabilityConfidence: 92,
+          vexStatus: 'affected',
+          releaseId: 'rel-1',
+          releaseVersion: 'prod@4.1.0',
+          delta: 'new',
+          environments: ['Prod'],
+          firstSeen: '1h ago',
+          description: 'placeholder',
+          references: [],
+          affectedVersions: [],
+          fixedVersions: [],
+        }),
+    };
+
     await TestBed.configureTestingModule({
       imports: [SecurityFindingsPageComponent],
-      providers: [provideRouter([])],
+      providers: [
+        provideRouter([]),
+        { provide: SECURITY_FINDINGS_API, useValue: findingsApiMock },
+      ],
     }).compileComponents();
 
     fixture = TestBed.createComponent(SecurityFindingsPageComponent);
diff --git a/src/Web/StellaOps.Web/src/tests/security/security-overview-dashboard.behavior.spec.ts b/src/Web/StellaOps.Web/src/tests/security/security-overview-dashboard.behavior.spec.ts
index bf17e44d3..23943a607 100644
--- a/src/Web/StellaOps.Web/src/tests/security/security-overview-dashboard.behavior.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/security/security-overview-dashboard.behavior.spec.ts
@@ -1,20 +1,45 @@
 import { ComponentFixture, TestBed } from '@angular/core/testing';
-import { provideRouter } from '@angular/router';
+import { provideRouter, Router } from '@angular/router';
+import { of } from 'rxjs';
 
 import { SecurityOverviewPageComponent } from '../../app/features/security/security-overview-page.component';
+import { SECURITY_OVERVIEW_API, type SecurityOverviewApi } from '../../app/core/api/security-overview.client';
 
 describe('security-overview-dashboard behavior', () => {
   let fixture: ComponentFixture<SecurityOverviewPageComponent>;
   let component: SecurityOverviewPageComponent;
+  let router: Router;
 
   beforeEach(async () => {
+    const overviewApiMock: SecurityOverviewApi = {
+      getOverviewStats: () =>
+        of({
+          stats: { critical: 2, high: 5, medium: 12, low: 8, reachable: 3 },
+          vexStats: { covered: 2, pending: 1 },
+          recentFindings: [],
+          topPackages: [],
+          activeExceptions: [
+            {
+              id: 'ex-1',
+              finding: 'CVE-2025-1111',
+              reason: 'Accepted for mitigated blast radius',
+              expiresIn: '3 days',
+            },
+          ],
+        }),
+    };
+
     await TestBed.configureTestingModule({
       imports: [SecurityOverviewPageComponent],
-      providers: [provideRouter([])],
+      providers: [
+        provideRouter([]),
+        { provide: SECURITY_OVERVIEW_API, useValue: overviewApiMock },
+      ],
     }).compileComponents();
 
     fixture = TestBed.createComponent(SecurityOverviewPageComponent);
     component = fixture.componentInstance;
+    router = TestBed.inject(Router);
     fixture.detectChanges();
   });
 
@@ -41,10 +66,10 @@ describe('security-overview-dashboard behavior', () => {
   });
 
   it('exposes run-scan action for operator workflows', () => {
-    const logSpy = spyOn(console, 'log');
+    const navigateSpy = spyOn(router, 'navigateByUrl').and.returnValue(Promise.resolve(true));
 
     component.runScan();
 
-    expect(logSpy).toHaveBeenCalledWith('Run security scan');
+    expect(navigateSpy).toHaveBeenCalledWith('/ops/scanner');
   });
 });
diff --git a/src/Web/StellaOps.Web/src/tests/settings/admin-settings-page.component.spec.ts b/src/Web/StellaOps.Web/src/tests/settings/admin-settings-page.component.spec.ts
new file mode 100644
index 000000000..3ce4433c8
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/settings/admin-settings-page.component.spec.ts
@@ -0,0 +1,68 @@
+import { TestBed } from '@angular/core/testing';
+import { of, throwError } from 'rxjs';
+
+import {
+  AUTHORITY_ADMIN_API,
+  type AuthorityAdminApi,
+  type AdminUser,
+} from '../../app/core/api/authority-admin.client';
+import { AdminSettingsPageComponent } from '../../app/features/settings/admin/admin-settings-page.component';
+
+function createAuthorityApiSpy(): jasmine.SpyObj<AuthorityAdminApi> {
+  return {
+    listUsers: jasmine.createSpy('listUsers'),
+    listRoles: jasmine.createSpy('listRoles'),
+    listClients: jasmine.createSpy('listClients'),
+    listTokens: jasmine.createSpy('listTokens'),
+    listTenants: jasmine.createSpy('listTenants'),
+    createUser: jasmine.createSpy('createUser'),
+  } as jasmine.SpyObj<AuthorityAdminApi>;
+}
+
+describe('AdminSettingsPageComponent (settings)', () => {
+  let api: jasmine.SpyObj<AuthorityAdminApi>;
+  let component: AdminSettingsPageComponent;
+
+  beforeEach(async () => {
+    api = createAuthorityApiSpy();
+    api.listUsers.and.returnValue(of([]));
+    api.listRoles.and.returnValue(of([]));
+    api.listClients.and.returnValue(of([]));
+    api.listTokens.and.returnValue(of([]));
+    api.listTenants.and.returnValue(of([]));
+    api.createUser.and.returnValue(of({
+      id: 'u-created',
+      username: 'created',
+      email: 'created@example.com',
+      displayName: 'Created User',
+      roles: ['viewer'],
+      status: 'active',
+      createdAt: '2026-02-19T00:00:00Z',
+    } as AdminUser));
+
+    await TestBed.configureTestingModule({
+      imports: [AdminSettingsPageComponent],
+      providers: [{ provide: AUTHORITY_ADMIN_API, useValue: api }],
+    }).compileComponents();
+
+    component = TestBed.createComponent(AdminSettingsPageComponent).componentInstance;
+  });
+
+  it('keeps empty state distinct from error state when users API returns empty list', () => {
+    component.ngOnInit();
+
+    expect(component.users()).toEqual([]);
+    expect(component.error()).toBeNull();
+    expect(component.loading()).toBeFalse();
+  });
+
+  it('sets explicit error state when users API call fails', () => {
+    api.listUsers.and.returnValue(throwError(() => new Error('authority unavailable')));
+
+    component.ngOnInit();
+
+    expect(component.users()).toEqual([]);
+    expect(component.error()).toContain('Failed to load users');
+    expect(component.loading()).toBeFalse();
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/settings/integration-detail-page.component.spec.ts b/src/Web/StellaOps.Web/src/tests/settings/integration-detail-page.component.spec.ts
new file mode 100644
index 000000000..6af12e6bd
--- /dev/null
+++ b/src/Web/StellaOps.Web/src/tests/settings/integration-detail-page.component.spec.ts
@@ -0,0 +1,89 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+import { ActivatedRoute, convertToParamMap, provideRouter } from '@angular/router';
+import { of, throwError } from 'rxjs';
+
+import { IntegrationDetailPageComponent } from '../../app/features/settings/integrations/integration-detail-page.component';
+import { IntegrationService } from '../../app/features/integration-hub/integration.service';
+import { Integration, IntegrationProvider, IntegrationStatus, IntegrationType } from '../../app/features/integration-hub/integration.models';
+
+const integrationFixture: Integration = {
+  integrationId: 'int-001',
+  tenantId: 'tenant-default',
+  name: 'Harbor Registry',
+  description: 'Primary production registry',
+  type: IntegrationType.Registry,
+  provider: IntegrationProvider.Harbor,
+  status: IntegrationStatus.Active,
+  baseUrl: 'https://harbor.example.com',
+  createdAt: '2026-02-20T08:00:00Z',
+  createdBy: 'admin',
+  paused: false,
+  consecutiveFailures: 0,
+  version: 1,
+};
+
+describe('IntegrationDetailPageComponent', () => {
+  let fixture: ComponentFixture<IntegrationDetailPageComponent>;
+  let integrationServiceSpy: jasmine.SpyObj<IntegrationService>;
+
+  beforeEach(async () => {
+    integrationServiceSpy = jasmine.createSpyObj(
+      'IntegrationService',
+      ['get']
+    ) as jasmine.SpyObj<IntegrationService>;
+    integrationServiceSpy.get.and.returnValue(of(integrationFixture));
+
+    await TestBed.configureTestingModule({
+      imports: [IntegrationDetailPageComponent],
+      providers: [
+        provideRouter([]),
+        {
+          provide: ActivatedRoute,
+          useValue: {
+            paramMap: of(convertToParamMap({ id: 'int-001' })),
+          },
+        },
+        { provide: IntegrationService, useValue: integrationServiceSpy },
+      ],
+    }).compileComponents();
+
+    fixture = TestBed.createComponent(IntegrationDetailPageComponent);
+    fixture.detectChanges();
+  });
+
+  it('loads integration and renders name/type/status summary', () => {
+    expect(integrationServiceSpy.get).toHaveBeenCalledWith('int-001');
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Harbor Registry');
+    expect(text).toContain('Registry');
+    expect(text).toContain('Active');
+  });
+
+  it('renders a non-empty placeholder for tabs without backend content', () => {
+    const buttons = Array.from(
+      fixture.nativeElement.querySelectorAll('button.tab')
+    ) as HTMLButtonElement[];
+    const healthTab = buttons.find((button) => button.textContent?.trim() === 'Health');
+    expect(healthTab).toBeTruthy();
+
+    healthTab!.click();
+    fixture.detectChanges();
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Not yet available for this integration');
+  });
+
+  it('renders error state when API fails', async () => {
+    integrationServiceSpy.get.and.returnValue(
+      throwError(() => new Error('service unavailable'))
+    );
+
+    const component = fixture.componentInstance;
+    component.reload();
+    fixture.detectChanges();
+
+    const text = fixture.nativeElement.textContent as string;
+    expect(text).toContain('Failed to load integration details.');
+  });
+});
diff --git a/src/Web/StellaOps.Web/src/tests/settings/unified-settings-page.behavior.spec.ts b/src/Web/StellaOps.Web/src/tests/settings/unified-settings-page.behavior.spec.ts
index 41ecb2c3f..474f114c0 100644
--- a/src/Web/StellaOps.Web/src/tests/settings/unified-settings-page.behavior.spec.ts
+++ b/src/Web/StellaOps.Web/src/tests/settings/unified-settings-page.behavior.spec.ts
@@ -23,10 +23,14 @@ describe('unified-settings-page behavior', () => {
     localStorage.removeItem('stellaops.remediation-pr.preferences');
   });
 
-  it('declares /settings app route and expected consolidated settings child routes', () => {
-    const appRoute = routes.find((route) => route.path === 'settings');
-    expect(appRoute).toBeDefined();
-    expect(typeof appRoute?.loadChildren).toBe('function');
+  it('declares canonical /administration route and keeps /settings redirect alias', () => {
+    const settingsAlias = routes.find((route) => route.path === 'settings');
+    expect(settingsAlias).toBeDefined();
+    expect(settingsAlias?.redirectTo).toBe('/administration');
+
+    const administrationRoute = routes.find((route) => route.path === 'administration');
+    expect(administrationRoute).toBeDefined();
+    expect(typeof administrationRoute?.loadChildren).toBe('function');
 
     const root = SETTINGS_ROUTES.find((route) => route.path === '');
     expect(root).toBeDefined();
@@ -51,6 +55,14 @@ describe('unified-settings-page behavior', () => {
       'offline',
       'system',
     ]);
+
+    const brandingRoute = (root?.children ?? []).find((child) => child.path === 'branding');
+    expect(brandingRoute?.title).toBe('Tenant & Branding');
+    expect(brandingRoute?.data?.['breadcrumb']).toBe('Tenant & Branding');
+
+    const offlineRoute = (root?.children ?? []).find((child) => child.path === 'offline');
+    expect(offlineRoute?.title).toBe('Offline Settings');
+    expect(offlineRoute?.data?.['breadcrumb']).toBe('Offline Settings');
   });
 
   it('renders settings shell container', async () => {
diff --git a/src/Web/StellaOps.Web/tests/e2e/nav-shell.spec.ts b/src/Web/StellaOps.Web/tests/e2e/nav-shell.spec.ts
index 0044cd711..b14492c11 100644
--- a/src/Web/StellaOps.Web/tests/e2e/nav-shell.spec.ts
+++ b/src/Web/StellaOps.Web/tests/e2e/nav-shell.spec.ts
@@ -127,6 +127,15 @@ async function ensureShell(page: Page): Promise<void> {
   await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 15000 });
 }
 
+async function assertMainHasContent(page: Page): Promise<void> {
+  const main = page.locator('main');
+  await expect(main).toHaveCount(1);
+  await expect(main).toBeVisible();
+  const text = ((await main.textContent()) ?? '').replace(/\s+/g, '');
+  const childNodes = await main.locator('*').count();
+  expect(text.length > 12 || childNodes > 4).toBe(true);
+}
+
 async function openSidebarGroupRoute(
   page: Page,
   groupLabel: string,
@@ -168,8 +177,8 @@ test.describe('Nav shell canonical domains', () => {
     const labels = [
       'Dashboard',
       'Release Control',
-      'Security and Risk',
-      'Evidence and Audit',
+      'Security & Risk',
+      'Evidence & Audit',
       'Integrations',
       'Platform Ops',
       'Administration',
@@ -200,7 +209,7 @@ test.describe('Nav shell critical legacy redirects', () => {
     { from: '/admin/notifications', expectedPrefix: '/administration/notifications' },
     { from: '/release-orchestrator/releases', expectedPrefix: '/release-control/releases' },
     { from: '/release-orchestrator/approvals', expectedPrefix: '/release-control/approvals' },
-    { from: '/release-orchestrator/environments', expectedPrefix: '/release-control/environments' },
+    { from: '/release-orchestrator/environments', expectedPrefix: '/release-control/regions' },
     { from: '/settings/release-control', expectedPrefix: '/release-control/setup' },
   ];
 
@@ -239,7 +248,7 @@ test.describe('Nav shell breadcrumbs and stability', () => {
     { path: '/release-control/releases', expected: 'Release Control' },
     { path: '/release-control/setup', expected: 'Setup' },
     { path: '/security-risk/advisory-sources', expected: 'Advisory Sources' },
-    { path: '/evidence-audit/replay', expected: 'Replay / Verify' },
+    { path: '/evidence-audit/replay', expected: 'Replay & Verify' },
     { path: '/platform-ops/data-integrity', expected: 'Data Integrity' },
     { path: '/administration/trust-signing', expected: 'Trust & Signing' },
   ];
@@ -296,6 +305,80 @@ test.describe('Nav shell breadcrumbs and stability', () => {
   });
 });
 
+test.describe('Pack route render checks', () => {
+  test('release-control pack routes render non-blank content', async ({ page }) => {
+    test.setTimeout(60_000);
+
+    const routes = [
+      '/release-control/control-plane',
+      '/release-control/bundles',
+      '/release-control/regions',
+      '/release-control/governance',
+      '/release-control/hotfixes',
+    ];
+
+    for (const route of routes) {
+      await go(page, route);
+      await ensureShell(page);
+      const finalUrl = new URL(page.url());
+      expect(finalUrl.pathname.startsWith(route)).toBe(true);
+      await assertMainHasContent(page);
+    }
+  });
+
+  test('security and evidence pack routes render non-blank content', async ({ page }) => {
+    test.setTimeout(60_000);
+
+    const routes = [
+      '/security-risk/findings',
+      '/security-risk/vulnerabilities',
+      '/security-risk/vex',
+      '/security-risk/sbom-lake',
+      '/security-risk/exceptions',
+      '/evidence-audit/packs',
+      '/evidence-audit/bundles',
+      '/evidence-audit/evidence/export',
+      '/evidence-audit/audit-log',
+      '/evidence-audit/trust-signing',
+    ];
+
+    for (const route of routes) {
+      await go(page, route);
+      await ensureShell(page);
+      const finalUrl = new URL(page.url());
+      expect(finalUrl.pathname.startsWith(route)).toBe(true);
+      await assertMainHasContent(page);
+    }
+  });
+
+  test('platform-ops and integrations routes render via sidebar navigation', async ({ page }) => {
+    test.setTimeout(60_000);
+
+    const platformOpsRoutes = [
+      '/platform-ops/data-integrity',
+      '/platform-ops/orchestrator',
+      '/platform-ops/health',
+      '/platform-ops/quotas',
+      '/platform-ops/feeds',
+    ];
+
+    for (const route of platformOpsRoutes) {
+      await go(page, '/dashboard');
+      await openSidebarGroupRoute(page, 'Platform Ops', route);
+      await expect(page).toHaveURL(new RegExp(`${route.replace(/\//g, '\\/')}$`));
+      const currentPath = new URL(page.url()).pathname;
+      expect(currentPath).toBe(route);
+      await assertMainHasContent(page);
+    }
+
+    await go(page, '/dashboard');
+    await openSidebarGroupRoute(page, 'Integrations', '/integrations');
+    await expect(page).toHaveURL(/\/integrations$/);
+    expect(new URL(page.url()).pathname).toBe('/integrations');
+    await assertMainHasContent(page);
+  });
+});
+
 test.describe('Nav shell responsive layout', () => {
   test('desktop viewport shows sidebar', async ({ page }) => {
     await page.setViewportSize({ width: 1440, height: 900 });
diff --git a/src/Web/StellaOps.Web/tests/e2e/pack-conformance.scratch.spec.ts b/src/Web/StellaOps.Web/tests/e2e/pack-conformance.scratch.spec.ts
new file mode 100644
index 000000000..191212c09
--- /dev/null
+++ b/src/Web/StellaOps.Web/tests/e2e/pack-conformance.scratch.spec.ts
@@ -0,0 +1,327 @@
+import { expect, test, type Page } from '@playwright/test';
+
+import fs from 'node:fs';
+import path from 'node:path';
+import { policyAuthorSession } from '../../src/app/testing';
+
+const shellSession = {
+  ...policyAuthorSession,
+  scopes: [
+    ...new Set([
+      ...policyAuthorSession.scopes,
+      'ui.read',
+      'admin',
+      'orch:read',
+      'orch:operate',
+      'orch:quota',
+      'findings:read',
+      'vuln:view',
+      'vuln:investigate',
+      'vuln:operate',
+      'vuln:audit',
+      'authority:tenants.read',
+      'advisory:read',
+      'vex:read',
+      'exceptions:read',
+      'exceptions:approve',
+      'aoc:verify',
+    ]),
+  ],
+};
+
+const mockConfig = {
+  authority: {
+    issuer: 'http://127.0.0.1:4400/authority',
+    clientId: 'stella-ops-ui',
+    authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
+    tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
+    logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
+    redirectUri: 'http://127.0.0.1:4400/auth/callback',
+    postLogoutRedirectUri: 'http://127.0.0.1:4400/',
+    scope:
+      'openid profile email ui.read authority:tenants.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read orch:read vuln:view vuln:investigate vuln:operate vuln:audit',
+    audience: 'http://127.0.0.1:4400/gateway',
+    dpopAlgorithms: ['ES256'],
+    refreshLeewaySeconds: 60,
+  },
+  apiBaseUrls: {
+    authority: '/authority',
+    scanner: '/scanner',
+    policy: '/policy',
+    concelier: '/concelier',
+    attestor: '/attestor',
+    gateway: '/gateway',
+  },
+  quickstartMode: true,
+  setup: 'complete',
+};
+
+const oidcConfig = {
+  issuer: mockConfig.authority.issuer,
+  authorization_endpoint: mockConfig.authority.authorizeEndpoint,
+  token_endpoint: mockConfig.authority.tokenEndpoint,
+  jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
+  response_types_supported: ['code'],
+  subject_types_supported: ['public'],
+  id_token_signing_alg_values_supported: ['RS256'],
+};
+
+interface PackExpectation {
+  pack: string;
+  path: string;
+  text: RegExp;
+  canonical?: RegExp;
+}
+
+const conformanceFilter = process.env.PACK_CONFORMANCE_FILTER?.trim();
+const screenshotDir = process.env.PACK_SCREENSHOT_DIR?.trim();
+const screenshotAbsDir = screenshotDir ? path.resolve(process.cwd(), screenshotDir) : null;
+
+const EXPECTATIONS: PackExpectation[] = [
+  { pack: '16', path: '/dashboard', text: /Dashboard/i, canonical: /\/dashboard$/ },
+
+  { pack: '8', path: '/release-control/control-plane', text: /Control Plane|Release Control Home|Dashboard/i, canonical: /\/release-control\/control-plane$/ },
+  { pack: '12', path: '/release-control/bundles', text: /Bundle/i, canonical: /\/release-control\/bundles$/ },
+  { pack: '12', path: '/release-control/bundles/create', text: /Create Bundle|Bundle Builder|Bundle Organizer/i, canonical: /\/release-control\/bundles\/create$/ },
+  { pack: '12', path: '/release-control/bundles/platform-release/organizer', text: /Bundle Organizer|Create Bundle Version|Select Components/i, canonical: /\/release-control\/bundles\/platform-release\/organizer$/ },
+  { pack: '12', path: '/release-control/bundles/platform-release', text: /Bundle Detail|Latest manifest digest|Version timeline/i, canonical: /\/release-control\/bundles\/platform-release$/ },
+  { pack: '12', path: '/release-control/bundles/platform-release/versions/version-3', text: /Bundle manifest digest|Version|Materialization/i, canonical: /\/release-control\/bundles\/platform-release\/versions\/version-3$/ },
+  { pack: '13', path: '/release-control/releases', text: /Release/i, canonical: /\/release-control\/releases$/ },
+  { pack: '13', path: '/release-control/approvals', text: /Approval/i, canonical: /\/release-control\/approvals$/ },
+  { pack: '14', path: '/release-control/runs', text: /Run Timeline|Pipeline Runs|Runs/i, canonical: /\/release-control\/runs$/ },
+  { pack: '11', path: '/release-control/regions', text: /Region|Environment/i, canonical: /\/release-control\/regions$/ },
+  { pack: '11', path: '/release-control/regions/us-east', text: /Region|us-east|Environment/i, canonical: /\/release-control\/regions\/us-east$/ },
+  { pack: '18', path: '/release-control/regions/us-east/environments/staging', text: /Environment|staging|Deploy|SBOM/i, canonical: /\/release-control\/regions\/us-east\/environments\/staging$/ },
+  { pack: '11', path: '/release-control/governance', text: /Governance|Policy/i, canonical: /\/release-control\/governance/ },
+  { pack: '8', path: '/release-control/hotfixes', text: /Hotfix/i, canonical: /\/release-control\/hotfixes$/ },
+  { pack: '21', path: '/release-control/setup', text: /Setup/i, canonical: /\/release-control\/setup$/ },
+  { pack: '21', path: '/release-control/setup/environments-paths', text: /Environment|Promotion Path/i, canonical: /\/release-control\/setup\/environments-paths$/ },
+  { pack: '21', path: '/release-control/setup/targets-agents', text: /Targets|Agents/i, canonical: /\/release-control\/setup\/targets-agents$/ },
+  { pack: '21', path: '/release-control/setup/workflows', text: /Workflow/i, canonical: /\/release-control\/setup\/workflows$/ },
+
+  { pack: '19', path: '/security-risk', text: /Risk Overview|Security/i, canonical: /\/security-risk$/ },
+  { pack: '19', path: '/security-risk/findings', text: /Findings/i, canonical: /\/security-risk\/findings$/ },
+  { pack: '19', path: '/security-risk/findings/fnd-001', text: /Finding Detail|Finding/i, canonical: /\/security-risk\/findings\/fnd-001$/ },
+  { pack: '19', path: '/security-risk/vulnerabilities', text: /Vulnerab/i, canonical: /\/security-risk\/vulnerabilities$/ },
+  { pack: '19', path: '/security-risk/vulnerabilities/CVE-2024-1234', text: /Vulnerability|CVE/i, canonical: /\/security-risk\/vulnerabilities\/CVE-2024-1234$/ },
+  { pack: '19', path: '/security-risk/sbom-lake', text: /SBOM Lake|SBOM/i, canonical: /\/security-risk\/sbom-lake$/ },
+  { pack: '19', path: '/security-risk/sbom', text: /SBOM Graph|SBOM/i, canonical: /\/security-risk\/sbom$/ },
+  { pack: '19', path: '/security-risk/vex', text: /VEX/i, canonical: /\/security-risk\/vex/ },
+  { pack: '19', path: '/security-risk/exceptions', text: /Exceptions?/i, canonical: /\/security-risk\/exceptions$/ },
+  { pack: '19', path: '/security-risk/advisory-sources', text: /Advisory Sources/i, canonical: /\/security-risk\/advisory-sources$/ },
+
+  { pack: '20', path: '/evidence-audit', text: /Find Evidence|Evidence & Audit/i, canonical: /\/evidence-audit$/ },
+  { pack: '20', path: '/evidence-audit/packs', text: /Evidence Pack/i, canonical: /\/evidence-audit\/packs$/ },
+  { pack: '20', path: '/evidence-audit/bundles', text: /Evidence Bundle/i, canonical: /\/evidence-audit\/bundles$/ },
+  { pack: '20', path: '/evidence-audit/evidence/export', text: /Export Center|Profile|Export Runs/i, canonical: /\/evidence-audit\/evidence\/export$/ },
+  { pack: '20', path: '/evidence-audit/proofs', text: /Proof Chain/i, canonical: /\/evidence-audit\/proofs/ },
+  { pack: '20', path: '/evidence-audit/replay', text: /Replay|Verify/i, canonical: /\/evidence-audit\/replay$/ },
+  { pack: '20', path: '/evidence-audit/trust-signing', text: /Trust|Signing/i, canonical: /\/evidence-audit\/trust-signing/ },
+  { pack: '20', path: '/evidence-audit/audit-log', text: /Audit Log|Events?/i, canonical: /\/evidence-audit\/audit-log/ },
+
+  { pack: '21', path: '/integrations', text: /Integration Hub|Integrations/i, canonical: /\/integrations$/ },
+  { pack: '21', path: '/integrations/registries', text: /Registries|Registry/i, canonical: /\/integrations\/registries$/ },
+  { pack: '21', path: '/integrations/scm', text: /Source Control|SCM/i, canonical: /\/integrations\/scm$/ },
+  { pack: '21', path: '/integrations/ci-cd', text: /CI\/CD|CI/i, canonical: /\/integrations\/ci$/ },
+  { pack: '21', path: '/integrations/targets', text: /Target|Runtime|Host/i, canonical: /\/integrations\/hosts$/ },
+  { pack: '21', path: '/integrations/secrets', text: /Secrets/i, canonical: /\/integrations\/secrets$/ },
+  { pack: '21', path: '/integrations/feeds', text: /Feed|Advisory/i, canonical: /\/integrations\/feeds$/ },
+
+  { pack: '15', path: '/platform-ops', text: /Platform Ops|Operations/i, canonical: /\/platform-ops$/ },
+  { pack: '15', path: '/platform-ops/data-integrity', text: /Data Integrity|Nightly Ops/i, canonical: /\/platform-ops\/data-integrity$/ },
+  { pack: '6', path: '/platform-ops/scheduler', text: /Scheduler/i, canonical: /\/platform-ops\/scheduler/ },
+  { pack: '6', path: '/platform-ops/orchestrator', text: /Orchestrator/i, canonical: /\/platform-ops\/orchestrator$/ },
+  { pack: '6', path: '/platform-ops/orchestrator/jobs', text: /Jobs|Orchestrator/i, canonical: /\/platform-ops\/orchestrator\/jobs$/ },
+  { pack: '6', path: '/platform-ops/health', text: /Platform Health|Health/i, canonical: /\/platform-ops\/health$/ },
+  { pack: '6', path: '/platform-ops/quotas', text: /Quota|Limits/i, canonical: /\/platform-ops\/quotas/ },
+  { pack: '6', path: '/platform-ops/dead-letter', text: /Dead Letter|Queue/i, canonical: /\/platform-ops\/dead-letter/ },
+  { pack: '6', path: '/platform-ops/feeds', text: /Feeds|Mirror|AirGap/i, canonical: /\/platform-ops\/feeds/ },
+
+  { pack: '21', path: '/administration', text: /Administration/i, canonical: /\/administration$/ },
+  { pack: '21', path: '/administration/identity-access', text: /Identity|Access|Users|Roles/i, canonical: /\/administration\/identity-access/ },
+  { pack: '21', path: '/administration/tenant-branding', text: /Tenant|Branding/i, canonical: /\/administration\/tenant-branding/ },
+  { pack: '21', path: '/administration/notifications', text: /Notification/i, canonical: /\/administration\/notifications/ },
+  { pack: '21', path: '/administration/usage', text: /Usage|Limits/i, canonical: /\/administration\/usage/ },
+  { pack: '21', path: '/administration/policy-governance', text: /Policy|Governance/i, canonical: /\/administration\/policy-governance/ },
+  { pack: '21', path: '/administration/system', text: /System/i, canonical: /\/administration\/system/ },
+  { pack: '21', path: '/administration/offline', text: /Offline/i, canonical: /\/administration\/offline/ },
+];
+
+const RUN_EXPECTATIONS = (() => {
+  if (!conformanceFilter) {
+    return EXPECTATIONS;
+  }
+  const rx = new RegExp(conformanceFilter, 'i');
+  return EXPECTATIONS.filter((item) => rx.test(`pack-${item.pack} ${item.path}`));
+})();
+
+if (screenshotAbsDir) {
+  fs.mkdirSync(screenshotAbsDir, { recursive: true });
+}
+
+function slugifyRoute(routePath: string): string {
+  return routePath.replace(/^\/+/, '').replace(/[\/:]+/g, '-').replace(/[^a-zA-Z0-9._-]+/g, '-');
+}
+
+async function setupShell(page: Page): Promise<void> {
+  await page.addInitScript((session) => {
+    try {
+      window.sessionStorage.clear();
+    } catch {
+      // ignore storage access errors
+    }
+    (window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
+  }, shellSession);
+
+  await page.route('**/platform/envsettings.json', (route) =>
+    route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify(mockConfig),
+    })
+  );
+  await page.route('**/config.json', (route) =>
+    route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify(mockConfig),
+    })
+  );
+  await page.route('**/authority/.well-known/openid-configuration', (route) =>
+    route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify(oidcConfig),
+    })
+  );
+  await page.route('**/.well-known/openid-configuration', (route) =>
+    route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify(oidcConfig),
+    })
+  );
+  await page.route('**/authority/.well-known/jwks.json', (route) =>
+    route.fulfill({
+      status: 200,
+      contentType: 'application/json',
+      body: JSON.stringify({ keys: [] }),
+    })
+  );
+  await page.route('**/authority/connect/**', (route) =>
+    route.fulfill({
+      status: 400,
+      contentType: 'application/json',
+      body: JSON.stringify({ error: 'not-used-in-shell-e2e' }),
+    })
+  );
+}
+
+async function go(page: Page, path: string): Promise<void> {
+  await page.goto(path, { waitUntil: 'domcontentloaded' });
+  await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
+}
+
+async function ensureShell(page: Page): Promise<void> {
+  await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 15000 });
+}
+
+async function assertMainHasContent(page: Page): Promise<void> {
+  const main = page.locator('main');
+  await expect(main).toHaveCount(1);
+  await expect(main).toBeVisible();
+  const text = ((await main.textContent()) ?? '').replace(/\s+/g, '');
+  const childNodes = await main.locator('*').count();
+  expect(text.length > 12 || childNodes > 4).toBe(true);
+}
+
+test.describe('Pack conformance from docs/modules/ui/v2-rewire/pack-01..21', () => {
+  test.beforeEach(async ({ page }) => {
+    await setupShell(page);
+  });
+
+  test('canonical screens render and expose expected pack text markers', async ({ page }, testInfo) => {
+    test.setTimeout(6 * 60_000);
+    const failures: string[] = [];
+    const screenshotIndex: Array<{ pack: string; route: string; file: string }> = [];
+    const scoped = RUN_EXPECTATIONS;
+
+    for (const item of scoped) {
+      await test.step(`pack-${item.pack} ${item.path}`, async () => {
+        try {
+          await go(page, item.path);
+        } catch (error) {
+          failures.push(`[pack-${item.pack}] ${item.path} -> navigation failed: ${String(error)}`);
+          return;
+        }
+
+        const shellCount = await page.locator('aside.sidebar').count();
+        if (shellCount !== 1) {
+          failures.push(`[pack-${item.pack}] ${item.path} -> shell sidebar count=${shellCount}`);
+        }
+
+        const main = page.locator('main.shell__outlet').first();
+        const mainCount = await page.locator('main.shell__outlet').count();
+        if (mainCount !== 1) {
+          failures.push(`[pack-${item.pack}] ${item.path} -> shell main count=${mainCount}`);
+          return;
+        }
+
+        const isVisible = await main.isVisible().catch(() => false);
+        if (!isVisible) {
+          failures.push(`[pack-${item.pack}] ${item.path} -> main is not visible`);
+        }
+
+        const mainText = (await main.textContent().catch(() => '')) ?? '';
+        const compactText = mainText.replace(/\s+/g, '');
+        const childNodes = await main.locator('*').count().catch(() => 0);
+        if (!(compactText.length > 12 || childNodes > 4)) {
+          failures.push(
+            `[pack-${item.pack}] ${item.path} -> main appears empty (text=${compactText.length}, children=${childNodes})`
+          );
+        }
+
+        if (item.canonical) {
+          const currentUrl = page.url();
+          if (!item.canonical.test(currentUrl)) {
+            failures.push(
+              `[pack-${item.pack}] ${item.path} -> canonical mismatch, expected ${item.canonical}, got ${currentUrl}`
+            );
+          }
+        }
+
+        if (!item.text.test(mainText)) {
+          const preview = mainText.replace(/\s+/g, ' ').trim().slice(0, 220);
+          failures.push(
+            `[pack-${item.pack}] ${item.path} -> missing text ${item.text}, preview="${preview}"`
+          );
+        }
+
+        if (screenshotAbsDir) {
+          const fileName = `pack-${item.pack}_${slugifyRoute(item.path)}.png`;
+          const absFile = path.join(screenshotAbsDir, fileName);
+          await page.screenshot({ path: absFile, fullPage: true });
+          screenshotIndex.push({ pack: item.pack, route: item.path, file: fileName });
+        }
+      });
+    }
+
+    if (screenshotAbsDir) {
+      const rows = ['pack,route,file', ...screenshotIndex.map((row) => `${row.pack},${row.route},${row.file}`)];
+      fs.writeFileSync(path.join(screenshotAbsDir, 'index.csv'), `${rows.join('\n')}\n`, 'utf8');
+    }
+
+    const ledger = failures.length > 0 ? failures.join('\n') : 'All pack routes matched current expectations.';
+    await testInfo.attach('pack-conformance-ledger', {
+      body: ledger,
+      contentType: 'text/plain',
+    });
+
+    if (failures.length > 0) {
+      // Emit full list in test output for quick triage without opening traces.
+      console.error(`Pack conformance mismatches (${failures.length})\n${ledger}`);
+    }
+
+    expect(failures, `Pack conformance mismatches (${failures.length})`).toEqual([]);
+  });
+});