save progress

CLAUDE.md

@@ -81,41 +81,54 @@ The codebase follows a monorepo pattern with modules under `src/`:
 | **Core Platform** | | |
 | Authority | `src/Authority/` | Authentication, authorization, OAuth/OIDC, DPoP |
 | Gateway | `src/Gateway/` | API gateway with routing and transport abstraction |
-| Router | `src/__Libraries/StellaOps.Router.*` | Transport-agnostic messaging (TCP/TLS/UDP/RabbitMQ/Valkey) |
+| Router | `src/Router/` | Transport-agnostic messaging (TCP/TLS/UDP/RabbitMQ/Valkey) |
 | **Data Ingestion** | | |
 | Concelier | `src/Concelier/` | Vulnerability advisory ingestion and merge engine |
 | Excititor | `src/Excititor/` | VEX document ingestion and export |
 | VexLens | `src/VexLens/` | VEX consensus computation across issuers |
+| VexHub | `src/VexHub/` | VEX distribution and exchange hub |
 | IssuerDirectory | `src/IssuerDirectory/` | Issuer trust registry (CSAF publishers) |
+| Feedser | `src/Feedser/` | Evidence collection library for backport detection |
+| Mirror | `src/Mirror/` | Vulnerability feed mirror and distribution |
 | **Scanning & Analysis** | | |
 | Scanner | `src/Scanner/` | Container scanning with SBOM generation (11 language analyzers) |
 | BinaryIndex | `src/BinaryIndex/` | Binary identity extraction and fingerprinting |
 | AdvisoryAI | `src/AdvisoryAI/` | AI-assisted advisory analysis |
+| ReachGraph | `src/ReachGraph/` | Reachability graph service |
+| Symbols | `src/Symbols/` | Symbol resolution and debug information |
 | **Artifacts & Evidence** | | |
 | Attestor | `src/Attestor/` | in-toto/DSSE attestation generation |
 | Signer | `src/Signer/` | Cryptographic signing operations |
 | SbomService | `src/SbomService/` | SBOM storage, versioning, and lineage ledger |
 | EvidenceLocker | `src/EvidenceLocker/` | Sealed evidence storage and export |
 | ExportCenter | `src/ExportCenter/` | Batch export and report generation |
-| VexHub | `src/VexHub/` | VEX distribution and exchange hub |
+| Provenance | `src/Provenance/` | SLSA/DSSE attestation tooling |
 | **Policy & Risk** | | |
 | Policy | `src/Policy/` | Policy engine with K4 lattice logic |
+| RiskEngine | `src/RiskEngine/` | Risk scoring runtime with pluggable providers |
 | VulnExplorer | `src/VulnExplorer/` | Vulnerability exploration and triage UI backend |
+| Unknowns | `src/Unknowns/` | Unknown component and symbol tracking |
 | **Operations** | | |
 | Scheduler | `src/Scheduler/` | Job scheduling and queue management |
 | Orchestrator | `src/Orchestrator/` | Workflow orchestration and task coordination |
 | TaskRunner | `src/TaskRunner/` | Task pack execution engine |
-| Notify | `src/Notify/` | Notification delivery (Email, Slack, Teams, Webhooks) |
+| Notify | `src/Notify/` | Notification toolkit (Email, Slack, Teams, Webhooks) |
+| Notifier | `src/Notifier/` | Notifications Studio host |
+| PacksRegistry | `src/PacksRegistry/` | Task packs registry and distribution |
+| TimelineIndexer | `src/TimelineIndexer/` | Timeline event indexing |
+| Replay | `src/Replay/` | Deterministic replay engine |
 | **Integration** | | |
 | CLI | `src/Cli/` | Command-line interface (Native AOT) |
 | Zastava | `src/Zastava/` | Container registry webhook observer |
 | Web | `src/Web/` | Angular 17 frontend SPA |
+| API | `src/Api/` | OpenAPI contracts and governance |
 | **Infrastructure** | | |
 | Cryptography | `src/Cryptography/` | Crypto plugins (FIPS, eIDAS, GOST, SM, PQ) |
 | Telemetry | `src/Telemetry/` | OpenTelemetry traces, metrics, logging |
 | Graph | `src/Graph/` | Call graph and reachability data structures |
 | Signals | `src/Signals/` | Runtime signal collection and correlation |
-| Replay | `src/Replay/` | Deterministic replay engine |
+| AirGap | `src/AirGap/` | Air-gapped deployment support |
+| AOC | `src/Aoc/` | Append-Only Contract enforcement (Roslyn analyzers) |
 
 > **Note:** See `docs/modules/<module>/architecture.md` for detailed module dossiers.