docs consolidation work

docs/modules/concelier/implementation_plan.md

@@ -1,8 +1,8 @@
 # Implementation plan — Concelier
 
 ## Delivery timeline
-- **Phase 1 — Guardrails & schema**  
-  Stand up Mongo JSON validators for `advisory_raw` and `vex_raw`, wire the `AOCWriteGuard` repository interceptor, and seed deterministic linkset builders. Freeze legacy normalisation paths and migrate callers to the new raw schema.
+- **Phase 1 — Guardrails & schema**
+  Stand up PostgreSQL JSON schema validators for `advisory_raw` and `vex_raw`, wire the `AOCWriteGuard` repository interceptor, and seed deterministic linkset builders. Freeze legacy normalisation paths and migrate callers to the new raw schema.
 - **Phase 2 — API & observability**  
   Publish ingestion and verification endpoints (`POST /ingest/*`, `GET /advisories.raw`, `POST /aoc/verify`) with Authority scopes, expose telemetry (`aoc_violation_total`, guard spans, structured logs), and ensure Offline Kit packaging captures validator deployment steps.
 - **Phase 3 — Experience polish**  
@@ -10,7 +10,7 @@
 
 ## Work breakdown by component
 - **Concelier WebService & worker**
-  - Add Mongo validators and unique indexes over `(tenant, source.vendor, upstream.upstream_id, upstream.content_hash)`.
+  - Add PostgreSQL validators and unique indexes over `(tenant, source.vendor, upstream.upstream_id, upstream.content_hash)`.
   - Implement write interceptors rejecting forbidden fields, missing provenance, or merge attempts.
   - Deterministically compute linksets and persist canonical JSON payloads.
   - Introduce `/ingest/advisory`, `/advisories/raw*`, and `/aoc/verify` surfaces guarded by `advisory:*` and `aoc:verify` scopes.
@@ -34,13 +34,13 @@
   - Seed fixtures and run `stella aoc verify` against snapshots in pipeline gating.
 
 ## Documentation deliverables
-- Update `docs/ingestion/aggregation-only-contract.md` with guard invariants, schemas, error codes, and migration guidance.
+- Update `docs/aoc/aggregation-only-contract.md` with guard invariants, schemas, error codes, and migration guidance.
 - Refresh `docs/modules/concelier/operations/*.md` (mirror, conflict-resolution, authority audit) with validator rollouts and observability dashboards.
 - Cross-link Authority scope definitions, CLI reference, Console sources guide, and observability runbooks to the AOC guard changes.
 - Ensure Offline Kit documentation captures validator bootstrap and verify workflows.
 
 ## Acceptance criteria
-- Mongo validators and runtime guards reject forbidden fields and missing provenance with the documented `ERR_AOC_00x` codes.
+- PostgreSQL validators and runtime guards reject forbidden fields and missing provenance with the documented `ERR_AOC_00x` codes.
 - Linksets and supersedes chains are deterministic; rerunning ingestion over identical payloads yields byte-identical documents.
 - CLI `stella aoc verify` exits non-zero on seeded violations and zero on clean datasets; Console dashboards show real-time guard status.
 - Export Center consumes advisory datasets without relying on legacy normalised fields.
@@ -56,18 +56,18 @@
 - **Unit**: guard rejection paths, provenance enforcement, idempotent insertions, linkset determinism.
 - **Property**: fuzz upstream payloads to guarantee no forbidden fields emerge.
 - **Integration**: batch ingest (50k advisories, mixed VEX fixtures), verifying zero guard violations and consistent supersedes.
-- **Contract**: Policy Engine consumers verify raw-only reads; Export Center consumes canonical datasets.
-- **End-to-end**: ingest/verify flow with CLI + Console actions to confirm observability and guard reporting.
-
-## Definition of done
-- Validators deployed and verified in staging/offline environments.
-- Runtime guards, CLI/Console workflows, and CI linting all active.
-- Observability dashboards and runbooks updated; metrics visible.
-- Documentation updates merged; Offline Kit instructions published.
-- ./TASKS.md reflects status transitions; cross-module dependencies acknowledged in ../../TASKS.md.
-
-## Readiness checkpoints (2025-11-25)
-- Sprint 110 attestation chain validated: `/internal/attestations/verify` endpoint and evidence bundle tests green (`TestResults/concelier-attestation/web.trx`, `core.trx`).
-- Link-Not-Merge cache + console consumption docs frozen (see `operations/lnm-cache-plan.md`, `operations/console-lnm-consumption.md`); cache headers remain deterministic.
-- Observation events transport reviewed; backlog guardrails and NATS/air-gap guidance updated in `operations/observation-events.md`.
-- Next gating dependency: TaskRunner contract drop (sprint 0157 blockers) before wiring approvals/pack ingest flows into Concelier.
+- **Contract**: Policy Engine consumers verify raw-only reads; Export Center consumes canonical datasets.
+- **End-to-end**: ingest/verify flow with CLI + Console actions to confirm observability and guard reporting.
+
+## Definition of done
+- Validators deployed and verified in staging/offline environments.
+- Runtime guards, CLI/Console workflows, and CI linting all active.
+- Observability dashboards and runbooks updated; metrics visible.
+- Documentation updates merged; Offline Kit instructions published.
+- ./TASKS.md reflects status transitions; cross-module dependencies acknowledged in ../../TASKS.md.
+
+## Readiness checkpoints (2025-11-25)
+- Sprint 110 attestation chain validated: `/internal/attestations/verify` endpoint and evidence bundle tests green (`TestResults/concelier-attestation/web.trx`, `core.trx`).
+- Link-Not-Merge cache + console consumption docs frozen (see `operations/lnm-cache-plan.md`, `operations/console-lnm-consumption.md`); cache headers remain deterministic.
+- Observation events transport reviewed; backlog guardrails and NATS/air-gap guidance updated in `operations/observation-events.md`.
+- Next gating dependency: TaskRunner contract drop (sprint 0157 blockers) before wiring approvals/pack ingest flows into Concelier.