docs: module dossier + install/quickstart sync for truthful cutover sprints

- API_CLI_REFERENCE.md, INSTALL_GUIDE.md, quickstart.md, architecture/integrations.md, dev/DEV_ENVIRONMENT_SETUP.md, integrations/LOCAL_SERVICES.md: reflect real-service wiring.
- docs/modules/**: module dossier updates across the modules touched by SPRINT_20260415_001..007 + SPRINT_20260416_003..017 + SPRINT_20260417_018..024 + SPRINT_20260418_025 + SPRINT_20260419_026.
- docs/features/checked/web/**: update feature notes where UI changed.
- docs/qa/feature-checks/runs/web/evidence-presentation-ux/: QA evidence artifacts.
- docs/setup/**, docs/technical/**: align with setup wizard contracts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docs/modules/export-center/architecture.md

@@ -4,13 +4,19 @@
 
 The Export Center is the dedicated service layer that packages StellaOps evidence and policy overlays into reproducible bundles. It runs as a multi-surface API backed by asynchronous workers and format adapters, enforcing Aggregation-Only Contract (AOC) guardrails while providing deterministic manifests, signing, and distribution paths.
 
-## Runtime topology
-- **Export Center API (`StellaOps.ExportCenter.WebService`).** Receives profile CRUD, export run requests, status queries, and download streams through the unified Web API gateway. Enforces tenant scopes, RBAC, quotas, and concurrency guards.
-- **Export Center Worker (`StellaOps.ExportCenter.Worker`).** Dequeues export jobs from the Orchestrator, resolves selectors, invokes adapters, and writes manifests and bundle artefacts. Stateless; scales horizontally.
-- **Backing stores.**
-  - PostgreSQL tables: `export_profiles`, `export_runs`, `export_inputs`, `export_distributions`, `export_events`.
-  - Object storage bucket or filesystem for staging bundle payloads.
-  - Optional registry/object storage credentials injected via Authority-scoped secrets.
+## Runtime topology
+- **Export Center API (`StellaOps.ExportCenter.WebService`).** Receives profile CRUD, export run requests, status queries, and download streams through the unified Web API gateway. Enforces tenant scopes, RBAC, quotas, and concurrency guards.
+- **Export Center Worker (`StellaOps.ExportCenter.Worker`).** Dequeues export jobs from the Orchestrator, resolves selectors, invokes adapters, and writes manifests and bundle artefacts. Stateless; scales horizontally.
+- **Backing stores.**
+  - PostgreSQL tables: `export_profiles`, `export_runs`, `export_inputs`, `export_distributions`, `export_events`.
+  - Object storage bucket or filesystem for staging bundle payloads.
+  - Optional registry/object storage credentials injected via Authority-scoped secrets.
+- **Current truthful runtime boundary.**
+  - Non-testing `StellaOps.ExportCenter.WebService` now requires PostgreSQL-backed canonical export repositories and a real `EvidenceLocker:BaseUrl`; it no longer falls back to `Development` in-memory repositories or an in-memory evidence locker client.
+  - Non-testing export verification artifact readback plus export and promotion attestation readback/verification are currently explicit `501 problem+json` gaps until a durable backend exists.
+  - Non-testing incident management, risk bundle job orchestration, simulation export, audit bundle generation, and exception report generation also now fail with explicit `501 problem+json` responses instead of keeping canonical state in-process.
+  - Non-testing timeline publication no longer defaults to `InMemoryExportNotificationSink`; without a durable sink backend it now reports truthful delivery failure, while `Testing` can opt into the in-memory sink explicitly.
+  - `Testing` can still opt into the in-memory host implementations, but only through explicit `Export:UseInMemory*` switches.
 - **Integration peers.**
   - **Findings Ledger** for advisory, VEX, SBOM payload streaming.
   - **Policy Engine** for deterministic policy snapshots and evaluated findings.
@@ -65,8 +71,9 @@ All endpoints require Authority-issued JWT + DPoP tokens with scopes `export:run
   - Trivy adapters materialise SQLite databases or tar archives matching Trivy DB expectations; schema version gates prevent unsupported outputs.
   - Mirror adapters assemble deterministic filesystem trees (manifests, indexes, payload subtrees) and, when configured, OCI artefact layers.
 - **Manifest generator.** Aggregates counts, bytes, hash digests (SHA-256), profile metadata, and input references. Writes `export.json` and `provenance.json` using canonical JSON (sorted keys, RFC3339 UTC timestamps).
-- **Signing service.** Integrates with platform KMS via Authority (default cosign signer). Produces in-toto SLSA attestations when configured. Supports detached signatures and optional in-bundle signatures.
-- **Distribution drivers.** `dist-http` exposes staged files via download endpoint; `dist-oci` pushes artefacts to registries using ORAS with digest pinning; `dist-objstore` uploads to tenant-specific prefixes with immutability flags.
+- **Signing service.** Integrates with platform KMS via Authority (default cosign signer). Produces in-toto SLSA attestations when configured. Supports detached signatures and optional in-bundle signatures.
+- **Distribution drivers.** `dist-http` exposes staged files via download endpoint; `dist-oci` pushes artefacts to registries using ORAS with digest pinning; `dist-objstore` uploads to tenant-specific prefixes with immutability flags.
+- **Truthful unsupported paths.** The current web host no longer pretends attestation/verification readback or the incident/risk/simulation/audit/exception job surfaces are durable. Until durable backends land, those endpoints fail with `501 problem+json` outside `Testing`. Timeline publication also no longer silently buffers to an in-process sink outside `Testing`.
 
 ## Data model snapshots