Vuln Explorer API – draft v1 (2025-11-25)

OpenAPI: docs/modules/vuln-explorer/openapi/vuln-explorer.v1.yaml
Scope: read-only vulnerability listing/detail for Console/CLI; deterministic ordering (score desc, id asc) with opaque page tokens.
Required headers: x-stella-tenant; optional policyVersion.
Filters: CVE, PURL, severity band, exploitability flag, fixAvailable.
Responses include policyVersion + rationaleId for explainability; provenance anchors back to Findings Ledger/evidence bundles.