# Advisory Translation Register (2026-03-04 Batch)

This register maps advisories received between 2026-02-28 and 2026-03-04 to code-backed gaps, active implementation sprints, and module documentation commitments.

Batch scope:
- 2026-02-28 advisories: 3
- 2026-03-01 advisories: 2
- 2026-03-04 advisories: 6
- Total advisories translated: 11

## Topic Clusters

| Cluster ID | Topic | Included Advisories |
| --- | --- | --- |
| CL-01 | Trace lineage and smart-diff evidence chain | `2026-02-28 - Auditor-first differentiator mocks`, `2026-03-04 - Smart-diff and binary provenance chain`, `2026-03-04 - Smart-diff algorithm knobs and delta_manifest recipe`, `2026-03-04 - Trace-to-source lineage and reproducible replay harness`, `2026-03-04 - Unified call-stack analyzer and micro-witness schema` |
| CL-02 | Deterministic signed scoring and explainability UX | `2026-03-04 - Deterministic scoring formula and DSSE vectors`, `2026-03-04 - Signed-score explainability UI pattern`, `2026-02-28 - Auditor-first differentiator mocks` |
| CL-03 | Auditable unknown and VEX lifecycle | `2026-03-01 - Auditable unknown VEX lifecycle design`, `2026-02-28 - Closing Stella's top product and roadmap gaps` |
| CL-04 | Federation and remediation marketplace moat execution | `2026-02-28 - Five concrete moats with measurable milestones`, `2026-03-01 - Three dominant vendor architecture patterns`, `2026-02-28 - Closing Stella's top product and roadmap gaps` |

## Confirmed Code-Backed Gaps

| Gap ID | Module | Evidence | Gap Summary |
| --- | --- | --- | --- |
| SCN-001 | Scanner | `src/Scanner/StellaOps.Scanner.WebService/Endpoints/DeltaCompareEndpoints.cs` | `DeltaCompareService` still uses placeholder compare logic and `GetComparisonAsync` returns `null`. |
| SCN-002 | Scanner | `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ActionablesEndpoints.cs` | Actionables output is demo/sample data rather than findings-derived recommendations. |
| SCN-003 | Scanner | `src/Scanner/__Libraries/StellaOps.Scanner.ChangeTrace/Builder/ChangeTraceBuilder.cs` | `BuildPlaceholderTrace` path is still active with TODO integration notes. |
| SCN-004 | Scanner | `src/Scanner/__Libraries/StellaOps.Scanner.Runtime/Ingestion/TraceIngestionService.cs` | `GetTracesForScanAsync` is TODO and always returns an empty list. |
| SCN-005 | Scanner | `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Stack/ReachabilityResultFactory.cs` | Exploitable verdicts return placeholder `Unknown()` instead of affected `PathWitness` results. |
| SCN-006 | Scanner/Web | `src/Scanner/StellaOps.Scanner.WebService/Endpoints/ScoreReplayEndpoints.cs`, `src/Web/StellaOps.Web/src/app/core/api/proof.client.ts` | Replay route contract mismatch (`/score/{scanId}/...` vs `/scans/{scanId}/score/...`) and missing aligned score-history path contract. |
| SCN-007 | Scanner | `src/Scanner/StellaOps.Scanner.WebService/Services/DeterministicScoringService.cs` | Deterministic score is hash projection only, without factorized explainability contract. |
| VEX-001 | VexLens | `src/VexLens/StellaOps.VexLens/Models/NormalizedVexModels.cs`, `src/VexLens/StellaOps.VexLens.Core/Normalization/VexLensNormalizer.cs` | Unknown status is not first-class in normalized enum path and defaults collapse to `under_investigation`. |
| UNK-001 | Unknowns | `src/Unknowns/__Libraries/StellaOps.Unknowns.Persistence/Postgres/Repositories/PostgresUnknownRepository.cs`, `src/Unknowns/__Libraries/StellaOps.Unknowns.Persistence/EfCore/Repositories/UnknownEfRepository.cs` | Provenance-hints persistence/query methods are unimplemented (`NotImplementedException`). |
| POL-001 | Policy | `src/Policy/__Libraries/StellaOps.Policy/Scoring/ScorePolicyModels.cs`, `src/Policy/__Libraries/StellaOps.Policy/Scoring/ScorePolicyValidator.cs` | Score policy schema requires `policyId` but runtime model omits it. |
| TEL-001 | Telemetry | `src/Telemetry/StellaOps.Telemetry.Federation/Consent/ConsentManager.cs`, `src/Telemetry/StellaOps.Telemetry.Federation/Bundles/FederatedTelemetryBundleBuilder.cs` | Federation DSSE envelope generation is placeholder in consent and bundle paths. |
| REM-001 | Remediation | `src/Remediation/StellaOps.Remediation.WebService/Endpoints/RemediationSourceEndpoints.cs` | Marketplace source endpoints are stubs; create/update returns `501 NotImplemented`. |
| FE-001 | Web | `src/Web/StellaOps.Web/src/app/features/security/vulnerability-detail-page.component.ts` | Security detail page uses hardcoded vulnerability data payload. |
| FE-002 | Web | `src/Web/StellaOps.Web/src/app/features/security-risk/vulnerability-detail-page.component.ts` | Security-risk detail page remains placeholder-only (`CVE-UNKNOWN` route fallback). |
| FE-003 | Web | `src/Web/StellaOps.Web/src/app/core/api/proof.client.ts` and test tree inspection | No dedicated FE test coverage exists for score replay client and vulnerability detail page contracts. |

## Advisory to Sprint Mapping

| Advisory | Primary Sprint(s) |
| --- | --- |
| `2026-02-28 - Auditor-first differentiator mocks` | `SPRINT_20260304_302_Scanner_trace_delta_and_actionables_completion`, `SPRINT_20260304_303_Scanner_score_replay_contract_and_formula_alignment`, `SPRINT_20260304_309_FE_signed_score_and_vulnerability_detail_wiring` |
| `2026-02-28 - Five concrete moats with measurable milestones` | `SPRINT_20260304_302_Scanner_trace_delta_and_actionables_completion`, `SPRINT_20260304_307_Telemetry_federation_dsse_bundle_hardening`, `SPRINT_20260304_308_Remediation_marketplace_sources_api_completion` |
| `2026-02-28 - Closing Stella's top product and roadmap gaps` | `SPRINT_20260304_304_Unknowns_provenance_hints_persistence_completion`, `SPRINT_20260304_305_VexLens_unknown_lifecycle_and_merge_determinism`, `SPRINT_20260304_307_Telemetry_federation_dsse_bundle_hardening` |
| `2026-03-01 - Auditable unknown VEX lifecycle design` | `SPRINT_20260304_304_Unknowns_provenance_hints_persistence_completion`, `SPRINT_20260304_305_VexLens_unknown_lifecycle_and_merge_determinism`, `SPRINT_20260304_306_Policy_score_policy_contract_consistency` |
| `2026-03-01 - Three dominant vendor architecture patterns` | `SPRINT_20260304_307_Telemetry_federation_dsse_bundle_hardening`, `SPRINT_20260304_308_Remediation_marketplace_sources_api_completion` |
| `2026-03-04 - Deterministic scoring formula and DSSE vectors` | `SPRINT_20260304_303_Scanner_score_replay_contract_and_formula_alignment`, `SPRINT_20260304_306_Policy_score_policy_contract_consistency`, `SPRINT_20260304_309_FE_signed_score_and_vulnerability_detail_wiring` |
| `2026-03-04 - Smart-diff algorithm knobs and delta_manifest recipe` | `SPRINT_20260304_302_Scanner_trace_delta_and_actionables_completion` |
| `2026-03-04 - Smart-diff and binary provenance chain` | `SPRINT_20260304_302_Scanner_trace_delta_and_actionables_completion` |
| `2026-03-04 - Trace-to-source lineage and reproducible replay harness` | `SPRINT_20260304_302_Scanner_trace_delta_and_actionables_completion`, `SPRINT_20260304_303_Scanner_score_replay_contract_and_formula_alignment` |
| `2026-03-04 - Unified call-stack analyzer and micro-witness schema` | `SPRINT_20260304_302_Scanner_trace_delta_and_actionables_completion`, `SPRINT_20260304_309_FE_signed_score_and_vulnerability_detail_wiring` |
| `2026-03-04 - Signed-score explainability UI pattern` | `SPRINT_20260304_303_Scanner_score_replay_contract_and_formula_alignment`, `SPRINT_20260304_309_FE_signed_score_and_vulnerability_detail_wiring` |

## Module Documentation Commitments

- `docs/modules/scanner/architecture.md`
- `docs/modules/scanner/design/change-trace-architecture.md`
- `docs/modules/vex-lens/architecture.md`
- `docs/modules/unknowns/architecture.md`
- `docs/modules/policy/architecture.md`
- `docs/modules/telemetry/architecture.md`
- `docs/modules/web/architecture.md`
- `docs/modules/remediation/architecture.md`

## Translation Status

- All advisories from the 2026-02-28 through 2026-03-04 batch are translated into active sprint scope.
- Advisory files are archived under `docs-archived/product/advisories/` with archive log `ARCHIVE_LOG_20260304.md`.
- Open advisories directory status is reset to "no open advisories for this batch".