docs consolidation, big sln build fixes, new advisories and sprints/tasks

CLAUDE.md

@@ -82,6 +82,8 @@ The codebase follows a monorepo pattern with modules under `src/`:
 | Authority | `src/Authority/` | Authentication, authorization, OAuth/OIDC, DPoP |
 | Gateway | `src/Gateway/` | API gateway with routing and transport abstraction |
 | Router | `src/Router/` | Transport-agnostic messaging (TCP/TLS/UDP/RabbitMQ/Valkey) |
+| Platform | `src/Platform/` | Console backend aggregation service (health, quotas, search) |
+| Registry | `src/Registry/` | Token service for container registry authentication |
 | **Data Ingestion** | | |
 | Concelier | `src/Concelier/` | Vulnerability advisory ingestion and merge engine |
 | Excititor | `src/Excititor/` | VEX document ingestion and export |
@@ -89,13 +91,14 @@ The codebase follows a monorepo pattern with modules under `src/`:
 | VexHub | `src/VexHub/` | VEX distribution and exchange hub |
 | IssuerDirectory | `src/IssuerDirectory/` | Issuer trust registry (CSAF publishers) |
 | Feedser | `src/Feedser/` | Evidence collection library for backport detection |
-| Mirror | `src/Mirror/` | Vulnerability feed mirror and distribution |
+| Mirror | `src/Concelier/__Libraries/` | Vulnerability feed mirror connector (Concelier plugin) |
 | **Scanning & Analysis** | | |
 | Scanner | `src/Scanner/` | Container scanning with SBOM generation (11 language analyzers) |
 | BinaryIndex | `src/BinaryIndex/` | Binary identity extraction and fingerprinting |
 | AdvisoryAI | `src/AdvisoryAI/` | AI-assisted advisory analysis |
 | ReachGraph | `src/ReachGraph/` | Reachability graph service |
 | Symbols | `src/Symbols/` | Symbol resolution and debug information |
+| Cartographer | `src/Cartographer/` | Dependency graph mapping and visualization |
 | **Artifacts & Evidence** | | |
 | Attestor | `src/Attestor/` | in-toto/DSSE attestation generation |
 | Signer | `src/Signer/` | Cryptographic signing operations |
@@ -108,6 +111,7 @@ The codebase follows a monorepo pattern with modules under `src/`:
 | RiskEngine | `src/RiskEngine/` | Risk scoring runtime with pluggable providers |
 | VulnExplorer | `src/VulnExplorer/` | Vulnerability exploration and triage UI backend |
 | Unknowns | `src/Unknowns/` | Unknown component and symbol tracking |
+| Findings | `src/Findings/` | Findings ledger service for vulnerability tracking |
 | **Operations** | | |
 | Scheduler | `src/Scheduler/` | Job scheduling and queue management |
 | Orchestrator | `src/Orchestrator/` | Workflow orchestration and task coordination |
@@ -121,7 +125,7 @@ The codebase follows a monorepo pattern with modules under `src/`:
 | CLI | `src/Cli/` | Command-line interface (Native AOT) |
 | Zastava | `src/Zastava/` | Container registry webhook observer |
 | Web | `src/Web/` | Angular 17 frontend SPA |
-| API | `src/Api/` | OpenAPI contracts and governance |
+| Integrations | `src/Integrations/` | External system integrations web service |
 | **Infrastructure** | | |
 | Cryptography | `src/Cryptography/` | Crypto plugins (FIPS, eIDAS, GOST, SM, PQ) |
 | Telemetry | `src/Telemetry/` | OpenTelemetry traces, metrics, logging |
@@ -129,8 +133,12 @@ The codebase follows a monorepo pattern with modules under `src/`:
 | Signals | `src/Signals/` | Runtime signal collection and correlation |
 | AirGap | `src/AirGap/` | Air-gapped deployment support |
 | AOC | `src/Aoc/` | Append-Only Contract enforcement (Roslyn analyzers) |
+| SmRemote | `src/SmRemote/` | SM2/SM3/SM4 cryptographic remote service |
+| **Development Tools** | | |
+| Tools | `src/Tools/` | Development utilities (fixture updater, smoke tests, validators) |
+| Bench | `src/Bench/` | Performance benchmark infrastructure |
 
-> **Note:** See `docs/modules/<module>/architecture.md` for detailed module dossiers.
+> **Note:** See `docs/modules/<module>/architecture.md` for detailed module dossiers. Some entries in `docs/modules/` are cross-cutting concepts (snapshot, triage) or shared libraries (provcache) rather than standalone modules.
 
 ### Code Organization Patterns