# GRAP0101 Integration Checklist for Vuln Explorer Md.XI

Use this checklist when the GRAP0101 domain model contract arrives.

## Fill across docs
- `docs/vuln/explorer-overview.md`: replace `[[pending:...]]` placeholders (entities, relationships, identifiers); confirm triage state names; add hashes for examples once captured.
- `docs/vuln/explorer-using-console.md`: apply final field labels, keyboard shortcuts, saved view params; drop hashed assets per checklist.
- `docs/vuln/explorer-api.md`: finalize filter/sort/ETag params, limits, error codes; attach hashed request/response fixtures.
- `docs/vuln/explorer-cli.md`: align flag names with API; add hashed CLI outputs.
- `docs/vuln/findings-ledger.md`: align schema names/ids; confirm hash fields and Merkle notes match GRAP0101.
- `docs/policy/vuln-determinations.md`: sync identifiers and signal fields referenced in policy outputs.
- `docs/vex/explorer-integration.md`: confirm CSAF→VEX mapping fields and precedence references.
- `docs/advisories/explorer-integration.md`: update advisory identifiers/keys to GRAP0101 naming.
- `docs/sbom/vuln-resolution.md`: align component identifier fields (purl/NEVRA) with GRAP0101.
- `docs/observability/vuln-telemetry.md`: verify metric/log labels (findingId, advisoryId, policyVersion, artifactId) match contract.
- `docs/security/vuln-rbac.md`: confirm scope/claim names and attachment token fields.
- `docs/runbooks/vuln-ops.md`: ensure IDs/fields in remediation steps match contract.

## Hash capture locations
- Record all assets in `docs/assets/vuln-explorer/SHA256SUMS` using the per-subdir checklists.

## Order of operations
1. Update overview entities/ids first (DOCS-VULN-29-001).
2. Propagate identifiers to console/API/CLI stubs (#2–#4).
3. Align ledger/policy/VEX/advisory/SBOM docs (#5–#9).
4. Finish telemetry/RBAC/runbook (#10–#12).
5. Update install doc (#13) once images/manifests arrive.

_Last updated: 2025-12-05 (UTC)_