diff --git a/docs/audit/000_INDEX.MD b/docs/audit/000_INDEX.MD
index 2494d73..cbe4309 100644
--- a/docs/audit/000_INDEX.MD
+++ b/docs/audit/000_INDEX.MD
@@ -4,9 +4,9 @@
 
 # Audit-Index
 
-## Zweck und Scope
-Zentraler Index fuer Evidence-/Hardening-Dokumente, die Claims aus `SECURITY.md` nachweisbar machen, ohne `SECURITY.md` selbst zu aendern.
-Root-Landing-Page fuer Dritte: `SECURITY_ASSURANCE_INDEX.md`.
+## Zweck und Geltungsbereich
+Zentraler Index fuer Nachweis-/Hardeningsdokumente, die Aussagen aus `SECURITY.md` belegbar machen, ohne `SECURITY.md` selbst zu aendern.
+Zentrale Einstiegsseite fuer Dritte: `SECURITY_ASSURANCE_INDEX.md`.
 
 ## Dokumente
 - `docs/audit/000_HASHING_BASELINE.MD`
@@ -25,7 +25,7 @@ Root-Landing-Page fuer Dritte: `SECURITY_ASSURANCE_INDEX.md`.
 - `docs/audit/013_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD`
 - `docs/audit/014_EVIDENCE_REPORT_ISSUE_67.MD`
 
-## Maschinelle Evidence
+## Maschinelle Nachweise
 - `artifacts/ci/security-claims-evidence/`
 - `artifacts/ci/code-analysis-evidence/`
 - `artifacts/audit/code_inventory.json`
@@ -44,7 +44,7 @@ python3 tools/check-docs.py
 bash tools/versioning/verify-version-convergence.sh
 ```
 
-## Externe Assurance
+## Externe Nachweise
 - OpenSSF Scorecard Workflow: `.github/workflows/scorecard.yml`
 - Artifact Attestations im Release-Workflow: `.github/workflows/release.yml`
 - Deep Analysis Evidence Workflow: `.github/workflows/code-analysis-evidence.yml`
diff --git a/docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD b/docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD
index ddfff74..fcd3c24 100644
--- a/docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD
+++ b/docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD
@@ -2,12 +2,12 @@
 [DE](003_SECURITY_ASSERTION_TRACEABILITY.MD) | [EN](103_SECURITY_ASSERTION_TRACEABILITY.MD)
 <!-- LANG_SWITCH:END -->
 
-# Traceability: Security-Claims (SECURITY.md)
+# Rueckverfolgbarkeit: Sicherheitsaussagen (SECURITY.md)
 
-## Zweck und Scope
-Mapping von Claims in `SECURITY.md` auf Evidence-Quellen und Verifikationskommandos.
+## Zweck und Geltungsbereich
+Abbildung von Aussagen in `SECURITY.md` auf Nachweisquellen und Verifikationskommandos.
 
-| Claim ID | SECURITY-Anker | Claim-Zusammenfassung | Evidence-Quelle | Verifikationskommando | Pass-Kriterium | Blocker |
+| Claim ID | SECURITY-Anker | Claim-Zusammenfassung | Nachweisquelle | Verifikationskommando | Pass-Kriterium | Blocker |
 |---|---|---|---|---|---|---|
 | SEC-CLAIM-001 | 2. Unterstuetzte Versionen | Security-Support ist an Major 5 gebunden | `src/FileTypeDetection/FileTypeDetectionLib.vbproj` | `sed -n 's:.*<Version>\([^<]*\)</Version>.*:\1:p' src/FileTypeDetection/FileTypeDetectionLib.vbproj` | Version-Major ist `5` | yes |
 | SEC-CLAIM-002 | 3. Meldung | Private Vulnerability Reporting ist aktiv | GitHub API `private-vulnerability-reporting` | `gh api "repos/$REPO/private-vulnerability-reporting"` | `.enabled == true` | yes |
@@ -26,10 +26,10 @@ Mapping von Claims in `SECURITY.md` auf Evidence-Quellen und Verifikationskomman
 | SEC-CLAIM-015 | 1. Zweck/Geltungsbereich | ISO/IEC 29147 und 30111 Orientierung ist dokumentiert | Policy + Roadmap-Dokus | `rg -n "29147|30111" SECURITY.md docs/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | Referenzen vorhanden (ohne Zertifizierungsclaim) | report-only |
 | SEC-CLAIM-016 | 9. Zertifizierungsgrenze | Es wird keine formale Produkt-Zertifizierung behauptet | `SECURITY.md` Section 9 | `rg -n "keine.*Zertifizierung|kein.*Rechtsgutachten" SECURITY.md` | expliziter Non-Claim vorhanden | yes |
 
-## Full-Coverage-Hinweis
-Claims, die normative Prozess-Statements sind (Policy-Intent), werden als `report-only` klassifiziert, solange sie nicht in deterministische Machine-Checks ueberfuehrt werden koennen.
+## Vollstaendigkeits-Hinweis
+Claims, die normative Prozessaussagen sind (Policy-Intent), werden als `report-only` klassifiziert, solange sie nicht in deterministische maschinelle Checks ueberfuehrt werden koennen.
 
-## CI-Claim-Mapping
+## CI-Claim-Abbildung
 Das Verifikationsscript verwendet `CI-SEC-CLAIM-*` Rule-IDs. Mapping auf normative Claims:
 - `CI-SEC-CLAIM-001` -> `SEC-CLAIM-002` (Repository/Reporting-Context ist aufloesbar)
 - `CI-SEC-CLAIM-002` -> `SEC-CLAIM-001` (Supported-Major-Version-Claim)
diff --git a/docs/audit/009_SUPPLY_CHAIN_BASELINE.MD b/docs/audit/009_SUPPLY_CHAIN_BASELINE.MD
index 86bfa56..d163475 100644
--- a/docs/audit/009_SUPPLY_CHAIN_BASELINE.MD
+++ b/docs/audit/009_SUPPLY_CHAIN_BASELINE.MD
@@ -2,12 +2,12 @@
 [DE](009_SUPPLY_CHAIN_BASELINE.MD) | [EN](109_SUPPLY_CHAIN_BASELINE.MD)
 <!-- LANG_SWITCH:END -->
 
-# Supply-Chain-Baseline
+# Supply-Chain-Basislinie
 
 ## 1. Ziel
 Minimum an reproduzierbaren Kontrollen fuer Source-to-Package-Integritaet in diesem Repository definieren.
 
-## 2. Control-Baseline
+## 2. Kontroll-Basislinie
 - S1 Source-Integritaet:
   - Branch-Protections und Required Status Checks auf dem Default-Branch
   - deterministische CI-Gates (`preflight`, `build`, `security-nuget`, `summary`)
@@ -21,17 +21,17 @@ Minimum an reproduzierbaren Kontrollen fuer Source-to-Package-Integritaet in die
   - NuGet Vulnerability Gate (`security-nuget`)
   - Security-Claims-Verifikation (`security-claims-evidence`)
 
-## 3. Evidence-Mapping
-- E1 CI-Workflow Evidence:
+## 3. Nachweis-Abbildung
+- E1 CI-Workflow-Nachweise:
   - `.github/workflows/ci.yml`
   - `artifacts/ci/*`
-- E2 Security-Claim Evidence:
+- E2 Security-Claim-Nachweise:
   - `.github/workflows/security-claims-evidence.yml`
   - `artifacts/ci/security-claims-evidence/result.json`
-- E3 Code-Analysis Evidence:
+- E3 Code-Analysis-Nachweise:
   - `.github/workflows/code-analysis-evidence.yml`
   - `artifacts/ci/code-analysis-evidence/result.json`
-- E4 Release/Provenance Evidence:
+- E4 Release/Provenance-Nachweise:
   - `.github/workflows/release.yml`
   - `artifacts/nuget/attestation-verify.txt` (wenn der Release-Workflow laeuft)
 
@@ -53,5 +53,5 @@ gh attestation verify "$NUPKG" --repo tomtastisch/FileClassifier
 - Regelmaessiger Review: Baseline-Dokus aktualisieren, wenn sich Controls oder Workflows aendern
 
 ## 6. Grenzen und Limits
-- Diese Baseline liefert Assurance-Evidence, keine formale Third-Party-Zertifizierung.
+- Diese Basislinie liefert Assurance-Nachweise, keine formale Third-Party-Zertifizierung.
 - Downstream Runtime-Hardening bleibt Verantwortung von Deployern/Operatoren.
diff --git a/docs/audit/011_SECURITY_BENCHMARK.MD b/docs/audit/011_SECURITY_BENCHMARK.MD
index 2cf3273..22620b0 100644
--- a/docs/audit/011_SECURITY_BENCHMARK.MD
+++ b/docs/audit/011_SECURITY_BENCHMARK.MD
@@ -2,11 +2,11 @@
 [DE](011_SECURITY_BENCHMARK.MD) | [EN](111_SECURITY_BENCHMARK.MD)
 <!-- LANG_SWITCH:END -->
 
-# Security-Policy Benchmark (Stand: 2026-02-13)
+# Security-Policy-Benchmark (Stand: 2026-02-13)
 
-## 1. Ziel und Scope
+## 1. Ziel und Geltungsbereich
 Vergleich der Security-Policy-Reife von `tomtastisch/FileClassifier` (PR-Branch `tomtastisch-patch-1`) mit verbreiteten .NET-Open-Source-Repositories anhand nachweisbarer GitHub- und Repository-Fakten.
-Dieser Benchmark ist ein Snapshot vor Merge in `main` (Stand 2026-02-13).
+Dieser Benchmark ist ein Snapshot vor dem Merge in `main` (Stand 2026-02-13).
 
 Verglichene Repositories:
 - `tomtastisch/FileClassifier`
@@ -22,7 +22,7 @@ Verglichene Repositories:
 - `NLog/NLog`
 
 ## 2. Methodik (nur faktenbasiert)
-Erhoben via GitHub API und lokale Dateiinspektion:
+Erhoben ueber GitHub API und lokale Dateiinspektion:
 - Vorhandensein `SECURITY.md` (FileClassifier: repo-root `SECURITY.md`; andere Repos ggf. alternativ `.github/SECURITY.md`)
 - Status `private-vulnerability-reporting`
 - Sichtbare `security_and_analysis`-Felder (`dependabot_security_updates`, `secret_scanning`)
@@ -30,7 +30,7 @@ Erhoben via GitHub API und lokale Dateiinspektion:
 - Vorhandensein von Workflow-Dateien mit `codeql` im Dateinamen
 - Inhaltsmerkmale der `SECURITY.md`: Support-Tabelle, Reporting, SLA-Zeitangaben, Safe Harbor, ISO/IEC 29147/30111, koordinierte Offenlegung
 
-## 3. Ergebnis A - Plattform-/Repo-Merkmale
+## 3. Ergebnis A - Plattform-/Repository-Merkmale
 | Repository | SECURITY.md | Private Vulnerability Reporting | Dependabot Security Updates | Secret Scanning | CodeQL Workflow-Datei | dependabot.yml |
 |---|---|---|---|---|---|---|
 | tomtastisch/FileClassifier | nein (Snapshot vor Merge in `main`) | true | enabled | enabled | nein | nein |
@@ -78,7 +78,7 @@ Diese Punkte sind ausserhalb einer einzelnen `SECURITY.md`, aber notwendig fuer
 
 ## 7. Reproduzierbarkeit
 Verwendete Kommandos (Auszug):
-All commands are intended to run from the repository root.
+Alle Kommandos sind fuer die Ausfuehrung im Repository-Root gedacht.
 ```bash
 REPO="<owner>/<repo>"
 gh api "repos/$REPO"
diff --git a/docs/audit/015_DOC_BILINGUAL_MAPPING.MD b/docs/audit/015_DOC_BILINGUAL_MAPPING.MD
index 5e6b3d7..5b0b81f 100644
--- a/docs/audit/015_DOC_BILINGUAL_MAPPING.MD
+++ b/docs/audit/015_DOC_BILINGUAL_MAPPING.MD
@@ -4,10 +4,10 @@
 
 # Bilinguale Dokumentation: DE<->EN Mapping (0NN_ -> 1NN_)
 
-## 1. Ziel & Scope
-Dieser Report dokumentiert deterministisch das Mapping aller Dokumente nach dem Schema `NNN_*` (DE ist Primary) auf ihre englischen Spiegeldateien `1NN_*`.
+## 1. Ziel und Geltungsbereich
+Dieser Report dokumentiert deterministisch das Mapping aller Dokumente nach dem Schema `NNN_*` (DE ist primaer) auf ihre englischen Spiegeldateien `1NN_*`.
 
-Scope:
+Geltungsbereich:
 - Betrifft alle Dokumente mit Dateinamen `NNN_<slug>.md` oder `NNN_<slug>.MD` (unabhaengig vom Ordner).
 - EN ist semantisch aequivalent zur DE-Version (gleiche Struktur/Abschnitte; Codebloecke/Commands identisch).
 
@@ -23,60 +23,60 @@ Nicht-Ziele:
 Mapping-Funktion:
 - `0NN_*` -> `1NN_*` (gleicher Ordner, gleicher `slug`, gleiche Extension).
 
-## 3. Inventory + Mapping-Tabelle
-| DE_PATH | EN_PATH | STATUS | NOTES |
+## 3. Bestand + Mapping-Tabelle
+| DE_PFAD | EN_PFAD | STATUS | HINWEISE |
 |---|---|---|---|
-| `docs/001_INDEX_CORE.MD` | `docs/101_INDEX_CORE.MD` | exists |  |
-| `docs/010_API_CORE.MD` | `docs/110_API_CORE.MD` | exists |  |
-| `docs/020_ARCH_CORE.MD` | `docs/120_ARCH_CORE.MD` | exists |  |
-| `docs/021_USAGE_NUGET.MD` | `docs/121_USAGE_NUGET.MD` | exists |  |
-| `docs/audit/000_HASHING_BASELINE.MD` | `docs/audit/100_HASHING_BASELINE.MD` | exists |  |
-| `docs/audit/000_INDEX.MD` | `docs/audit/100_INDEX.MD` | exists |  |
-| `docs/audit/002_AUDIT_CONTRACT_AND_GUARDRAILS.MD` | `docs/audit/102_AUDIT_CONTRACT_AND_GUARDRAILS.MD` | exists |  |
-| `docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD` | `docs/audit/103_SECURITY_ASSERTION_TRACEABILITY.MD` | exists |  |
-| `docs/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | `docs/audit/104_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | exists |  |
-| `docs/audit/005_CODE_ANALYSIS_METHOD.MD` | `docs/audit/105_CODE_ANALYSIS_METHOD.MD` | exists |  |
-| `docs/audit/006_CODE_REVIEW_FINDINGS.MD` | `docs/audit/106_CODE_REVIEW_FINDINGS.MD` | exists |  |
-| `docs/audit/007_THREAT_MODEL.MD` | `docs/audit/107_THREAT_MODEL.MD` | exists |  |
-| `docs/audit/008_INCIDENT_RESPONSE_RUNBOOK.MD` | `docs/audit/108_INCIDENT_RESPONSE_RUNBOOK.MD` | exists |  |
-| `docs/audit/009_SUPPLY_CHAIN_BASELINE.MD` | `docs/audit/109_SUPPLY_CHAIN_BASELINE.MD` | exists |  |
-| `docs/audit/010_REFACTOR_BACKLOG.MD` | `docs/audit/110_REFACTOR_BACKLOG.MD` | exists |  |
-| `docs/audit/011_SECURITY_BENCHMARK.MD` | `docs/audit/111_SECURITY_BENCHMARK.MD` | exists |  |
-| `docs/audit/012_WAVE_EXECUTION_DOD.MD` | `docs/audit/112_WAVE_EXECUTION_DOD.MD` | exists |  |
-| `docs/audit/013_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` | `docs/audit/113_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` | exists |  |
-| `docs/audit/014_EVIDENCE_REPORT_ISSUE_67.MD` | `docs/audit/114_EVIDENCE_REPORT_ISSUE_67.MD` | exists |  |
-| `docs/audit/015_DOC_BILINGUAL_MAPPING.MD` | `docs/audit/115_DOC_BILINGUAL_MAPPING.MD` | exists | Mapping-Report-Dateipaar (DE->EN). |
-| `docs/ci/001_PIPELINE_CI.MD` | `docs/ci/101_PIPELINE_CI.MD` | exists |  |
-| `docs/ci/002_NUGET_TRUSTED_PUBLISHING.MD` | `docs/ci/102_NUGET_TRUSTED_PUBLISHING.MD` | exists |  |
-| `docs/contracts/001_CONTRACT_HASHING.MD` | `docs/contracts/101_CONTRACT_HASHING.MD` | exists |  |
-| `docs/governance/001_POLICY_CI.MD` | `docs/governance/101_POLICY_CI.MD` | exists |  |
-| `docs/governance/002_POLICY_LABELING.MD` | `docs/governance/102_POLICY_LABELING.MD` | exists |  |
-| `docs/governance/002_POLICY_NAMING_UNIFIED.MD` | `docs/governance/102_POLICY_NAMING_UNIFIED.MD` | exists |  |
-| `docs/governance/003_INDEX_GOVERNANCE.MD` | `docs/governance/103_INDEX_GOVERNANCE.MD` | exists |  |
-| `docs/governance/003_POLICY_VERSIONING_SVT.MD` | `docs/governance/103_POLICY_VERSIONING_SVT.MD` | exists |  |
-| `docs/governance/004_POLICY_DOCUMENTATION.MD` | `docs/governance/104_POLICY_DOCUMENTATION.MD` | exists |  |
-| `docs/governance/005_POLICY_NAMING.MD` | `docs/governance/105_POLICY_NAMING.MD` | exists |  |
-| `docs/governance/006_INDEX_CI_RULES.MD` | `docs/governance/106_INDEX_CI_RULES.MD` | exists |  |
-| `docs/governance/007_POLICY_BRANCH_PR_NAMING_DE.MD` | `docs/governance/107_POLICY_BRANCH_PR_NAMING_DE.MD` | exists |  |
-| `docs/guides/000_INDEX_GUIDES.MD` | `docs/guides/100_INDEX_GUIDES.MD` | exists |  |
-| `docs/guides/001_GUIDE_OPTIONS.MD` | `docs/guides/101_GUIDE_OPTIONS.MD` | exists |  |
-| `docs/guides/002_GUIDE_DATATYPE.MD` | `docs/guides/102_GUIDE_DATATYPE.MD` | exists |  |
-| `docs/guides/003_GUIDE_PORTABLE.MD` | `docs/guides/103_GUIDE_PORTABLE.MD` | exists |  |
-| `docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD` | `docs/guides/104_GUIDE_MIGRATE_LEGACY_NUGET.MD` | exists |  |
-| `docs/migrations/001_HASHING_RENAME.MD` | `docs/migrations/101_HASHING_RENAME.MD` | exists |  |
-| `docs/quality/001_CHECKLIST_PRODUCTION.MD` | `docs/quality/101_CHECKLIST_PRODUCTION.MD` | exists |  |
-| `docs/references/001_REFERENCES_CORE.MD` | `docs/references/101_REFERENCES_CORE.MD` | exists |  |
-| `docs/secure/001_HMAC_KEY_SETUP.MD` | `docs/secure/101_HMAC_KEY_SETUP.MD` | exists |  |
-| `docs/security/010_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD` | `docs/security/110_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD` | exists |  |
-| `docs/specs/001_SPEC_DIN.MD` | `docs/specs/101_SPEC_DIN.MD` | exists |  |
-| `docs/verification/001_INDEX_TESTS.MD` | `docs/verification/101_INDEX_TESTS.MD` | exists |  |
-| `docs/verification/002_FLOW_BDD.MD` | `docs/verification/102_FLOW_BDD.MD` | exists |  |
-| `docs/verification/003_CATALOG_BDD.MD` | `docs/verification/103_CATALOG_BDD.MD` | exists |  |
-| `docs/verification/004_MATRIX_HASHING.MD` | `docs/verification/104_MATRIX_HASHING.MD` | exists |  |
-| `docs/versioning/001_POLICY_VERSIONING.MD` | `docs/versioning/101_POLICY_VERSIONING.MD` | exists |  |
-| `docs/versioning/002_HISTORY_VERSIONS.MD` | `docs/versioning/102_HISTORY_VERSIONS.MD` | exists |  |
-| `docs/versioning/003_CHANGELOG_RELEASES.MD` | `docs/versioning/103_CHANGELOG_RELEASES.MD` | exists |  |
-| `docs/versioning/004_POLICY_LABELING.MD` | `docs/versioning/104_POLICY_LABELING.MD` | exists |  |
+| `docs/001_INDEX_CORE.MD` | `docs/101_INDEX_CORE.MD` | vorhanden |  |
+| `docs/010_API_CORE.MD` | `docs/110_API_CORE.MD` | vorhanden |  |
+| `docs/020_ARCH_CORE.MD` | `docs/120_ARCH_CORE.MD` | vorhanden |  |
+| `docs/021_USAGE_NUGET.MD` | `docs/121_USAGE_NUGET.MD` | vorhanden |  |
+| `docs/audit/000_HASHING_BASELINE.MD` | `docs/audit/100_HASHING_BASELINE.MD` | vorhanden |  |
+| `docs/audit/000_INDEX.MD` | `docs/audit/100_INDEX.MD` | vorhanden |  |
+| `docs/audit/002_AUDIT_CONTRACT_AND_GUARDRAILS.MD` | `docs/audit/102_AUDIT_CONTRACT_AND_GUARDRAILS.MD` | vorhanden |  |
+| `docs/audit/003_SECURITY_ASSERTION_TRACEABILITY.MD` | `docs/audit/103_SECURITY_ASSERTION_TRACEABILITY.MD` | vorhanden |  |
+| `docs/audit/004_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | `docs/audit/104_CERTIFICATION_AND_ATTESTATION_ROADMAP.MD` | vorhanden |  |
+| `docs/audit/005_CODE_ANALYSIS_METHOD.MD` | `docs/audit/105_CODE_ANALYSIS_METHOD.MD` | vorhanden |  |
+| `docs/audit/006_CODE_REVIEW_FINDINGS.MD` | `docs/audit/106_CODE_REVIEW_FINDINGS.MD` | vorhanden |  |
+| `docs/audit/007_THREAT_MODEL.MD` | `docs/audit/107_THREAT_MODEL.MD` | vorhanden |  |
+| `docs/audit/008_INCIDENT_RESPONSE_RUNBOOK.MD` | `docs/audit/108_INCIDENT_RESPONSE_RUNBOOK.MD` | vorhanden |  |
+| `docs/audit/009_SUPPLY_CHAIN_BASELINE.MD` | `docs/audit/109_SUPPLY_CHAIN_BASELINE.MD` | vorhanden |  |
+| `docs/audit/010_REFACTOR_BACKLOG.MD` | `docs/audit/110_REFACTOR_BACKLOG.MD` | vorhanden |  |
+| `docs/audit/011_SECURITY_BENCHMARK.MD` | `docs/audit/111_SECURITY_BENCHMARK.MD` | vorhanden |  |
+| `docs/audit/012_WAVE_EXECUTION_DOD.MD` | `docs/audit/112_WAVE_EXECUTION_DOD.MD` | vorhanden |  |
+| `docs/audit/013_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` | `docs/audit/113_SCORECARD_GOVERNANCE_ALERT_MAPPING.MD` | vorhanden |  |
+| `docs/audit/014_EVIDENCE_REPORT_ISSUE_67.MD` | `docs/audit/114_EVIDENCE_REPORT_ISSUE_67.MD` | vorhanden |  |
+| `docs/audit/015_DOC_BILINGUAL_MAPPING.MD` | `docs/audit/115_DOC_BILINGUAL_MAPPING.MD` | vorhanden | Mapping-Report-Dateipaar (DE->EN). |
+| `docs/ci/001_PIPELINE_CI.MD` | `docs/ci/101_PIPELINE_CI.MD` | vorhanden |  |
+| `docs/ci/002_NUGET_TRUSTED_PUBLISHING.MD` | `docs/ci/102_NUGET_TRUSTED_PUBLISHING.MD` | vorhanden |  |
+| `docs/contracts/001_CONTRACT_HASHING.MD` | `docs/contracts/101_CONTRACT_HASHING.MD` | vorhanden |  |
+| `docs/governance/001_POLICY_CI.MD` | `docs/governance/101_POLICY_CI.MD` | vorhanden |  |
+| `docs/governance/002_POLICY_LABELING.MD` | `docs/governance/102_POLICY_LABELING.MD` | vorhanden |  |
+| `docs/governance/002_POLICY_NAMING_UNIFIED.MD` | `docs/governance/102_POLICY_NAMING_UNIFIED.MD` | vorhanden |  |
+| `docs/governance/003_INDEX_GOVERNANCE.MD` | `docs/governance/103_INDEX_GOVERNANCE.MD` | vorhanden |  |
+| `docs/governance/003_POLICY_VERSIONING_SVT.MD` | `docs/governance/103_POLICY_VERSIONING_SVT.MD` | vorhanden |  |
+| `docs/governance/004_POLICY_DOCUMENTATION.MD` | `docs/governance/104_POLICY_DOCUMENTATION.MD` | vorhanden |  |
+| `docs/governance/005_POLICY_NAMING.MD` | `docs/governance/105_POLICY_NAMING.MD` | vorhanden |  |
+| `docs/governance/006_INDEX_CI_RULES.MD` | `docs/governance/106_INDEX_CI_RULES.MD` | vorhanden |  |
+| `docs/governance/007_POLICY_BRANCH_PR_NAMING_DE.MD` | `docs/governance/107_POLICY_BRANCH_PR_NAMING_DE.MD` | vorhanden |  |
+| `docs/guides/000_INDEX_GUIDES.MD` | `docs/guides/100_INDEX_GUIDES.MD` | vorhanden |  |
+| `docs/guides/001_GUIDE_OPTIONS.MD` | `docs/guides/101_GUIDE_OPTIONS.MD` | vorhanden |  |
+| `docs/guides/002_GUIDE_DATATYPE.MD` | `docs/guides/102_GUIDE_DATATYPE.MD` | vorhanden |  |
+| `docs/guides/003_GUIDE_PORTABLE.MD` | `docs/guides/103_GUIDE_PORTABLE.MD` | vorhanden |  |
+| `docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD` | `docs/guides/104_GUIDE_MIGRATE_LEGACY_NUGET.MD` | vorhanden |  |
+| `docs/migrations/001_HASHING_RENAME.MD` | `docs/migrations/101_HASHING_RENAME.MD` | vorhanden |  |
+| `docs/quality/001_CHECKLIST_PRODUCTION.MD` | `docs/quality/101_CHECKLIST_PRODUCTION.MD` | vorhanden |  |
+| `docs/references/001_REFERENCES_CORE.MD` | `docs/references/101_REFERENCES_CORE.MD` | vorhanden |  |
+| `docs/secure/001_HMAC_KEY_SETUP.MD` | `docs/secure/101_HMAC_KEY_SETUP.MD` | vorhanden |  |
+| `docs/security/010_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD` | `docs/security/110_CODEQL_DEFAULT_SETUP_GUARDRAIL.MD` | vorhanden |  |
+| `docs/specs/001_SPEC_DIN.MD` | `docs/specs/101_SPEC_DIN.MD` | vorhanden |  |
+| `docs/verification/001_INDEX_TESTS.MD` | `docs/verification/101_INDEX_TESTS.MD` | vorhanden |  |
+| `docs/verification/002_FLOW_BDD.MD` | `docs/verification/102_FLOW_BDD.MD` | vorhanden |  |
+| `docs/verification/003_CATALOG_BDD.MD` | `docs/verification/103_CATALOG_BDD.MD` | vorhanden |  |
+| `docs/verification/004_MATRIX_HASHING.MD` | `docs/verification/104_MATRIX_HASHING.MD` | vorhanden |  |
+| `docs/versioning/001_POLICY_VERSIONING.MD` | `docs/versioning/101_POLICY_VERSIONING.MD` | vorhanden |  |
+| `docs/versioning/002_HISTORY_VERSIONS.MD` | `docs/versioning/102_HISTORY_VERSIONS.MD` | vorhanden |  |
+| `docs/versioning/003_CHANGELOG_RELEASES.MD` | `docs/versioning/103_CHANGELOG_RELEASES.MD` | vorhanden |  |
+| `docs/versioning/004_POLICY_LABELING.MD` | `docs/versioning/104_POLICY_LABELING.MD` | vorhanden |  |
 
 ## 4. Checks (fail-closed)
 Alle Checks sind vom Repo-Root ausfuehrbar.
@@ -88,7 +88,7 @@ find . -type f \( -name '0??_*.md' -o -name '0??_*.MD' \) -print | sed 's|^\./||
 find . -type f \( -name '1??_*.md' -o -name '1??_*.MD' \) -print | sed 's|^\./||' | sort > /tmp/docs_1nn.txt
 ```
 
-Output (0NN):
+Ausgabe (0NN):
 ```text
 docs/001_INDEX_CORE.MD
 docs/010_API_CORE.MD
@@ -143,7 +143,7 @@ docs/versioning/003_CHANGELOG_RELEASES.MD
 docs/versioning/004_POLICY_LABELING.MD
 ```
 
-Output (1NN):
+Ausgabe (1NN):
 ```text
 docs/101_INDEX_CORE.MD
 docs/110_API_CORE.MD
@@ -205,19 +205,19 @@ sed 's|/0\\([0-9][0-9]\\)_|/1\\1_|' /tmp/docs_0nn.txt | sort > /tmp/docs_expecte
 echo "count_0 $(wc -l < /tmp/docs_0nn.txt)"
 echo "count_1 $(wc -l < /tmp/docs_1nn.txt)"
 echo "count_expected_1 $(wc -l < /tmp/docs_expected_1nn.txt)"
-echo 'missing_en:'; comm -23 /tmp/docs_expected_1nn.txt /tmp/docs_1nn.txt
-echo 'orphan_en:'; comm -13 /tmp/docs_expected_1nn.txt /tmp/docs_1nn.txt
-echo 'mapping_collisions:'; sort /tmp/docs_expected_1nn.txt | uniq -d
+echo 'fehlende_en:'; comm -23 /tmp/docs_expected_1nn.txt /tmp/docs_1nn.txt
+echo 'verwaiste_en:'; comm -13 /tmp/docs_expected_1nn.txt /tmp/docs_1nn.txt
+echo 'mapping_kollisionen:'; sort /tmp/docs_expected_1nn.txt | uniq -d
 ```
 
-Output:
+Ausgabe:
 ```text
 count_0 51
 count_1 51
 count_expected_1 51
-missing_en:
-orphan_en:
-mapping_collisions:
+fehlende_en:
+verwaiste_en:
+mapping_kollisionen:
 ```
 
 ### 4.3 Keine NNN_* ausserhalb 0NN/1NN
@@ -228,7 +228,7 @@ find . -type f \( -name '*.md' -o -name '*.MD' \) -name '[0-9][0-9][0-9]_*' -pri
   | rg -v '(^|/)0[0-9]{2}_.+\\.(md|MD)$|(^|/)1[0-9]{2}_.+\\.(md|MD)$'
 ```
 
-Output:
+Ausgabe:
 ```text
 ```
 
@@ -238,7 +238,7 @@ Kommandos:
 rg -n --glob 'docs/**/1??_*.M{D,d}' -S 'docs/0[0-9]{2}_' docs
 ```
 
-Output:
+Ausgabe:
 ```text
 ```
 
@@ -250,7 +250,7 @@ python3 tools/check-doc-consistency.py
 python3 tools/check-doc-shell-compat.py
 ```
 
-Output:
+Ausgabe:
 ```text
 Doc check OK
 Doc consistency check OK
@@ -263,7 +263,7 @@ Kommandos:
 git diff --name-only main...HEAD | rg -v '\\.(md|MD)$'
 ```
 
-Output:
+Ausgabe:
 ```text
 ```
 
diff --git a/docs/ci/001_PIPELINE_CI.MD b/docs/ci/001_PIPELINE_CI.MD
index eb20282..5f4e6e5 100644
--- a/docs/ci/001_PIPELINE_CI.MD
+++ b/docs/ci/001_PIPELINE_CI.MD
@@ -4,13 +4,13 @@
 
 # CI-Pipeline (SSOT)
 
-## Zweck und Scope
+## Zweck und Geltungsbereich
 Dieses Dokument beschreibt die ausfuehrbare CI-Topologie und den Artefaktvertrag.
 Normative Policy-Schwellenwerte und Regelparameter liegen in `tools/ci/policies/rules/` und `docs/governance/001_POLICY_CI.MD`.
 
 ## Erforderliche Status-Contexts
 Die Branch-Protection auf `main` verlangt exakt diese Contexts (`strict: true`): `preflight`, `version-policy`, `build`, `api-contract`, `pack`, `consumer-smoke`, `package-backed-tests`, `security-nuget`, `tests-bdd-coverage`.
-Evidence: Branch-Protection API Output (`required_status_checks.contexts`), `.github/workflows/ci.yml:59-347` und `.github/workflows/ruleset-placeholders.yml` (Context `version-policy`).
+Nachweis: Branch-Protection-API-Ausgabe (`required_status_checks.contexts`), `.github/workflows/ci.yml:59-347` und `.github/workflows/ruleset-placeholders.yml` (Context `version-policy`).
 Hinweis: Die normative Versionierungsentscheidung (RaC) wird zusaetzlich durch `.github/workflows/version-policy.yml` als Check `versioning-policy` ausgewertet (nicht Teil der Branch-Protection-Contexts).
 
 ## Workflow-Topologie
@@ -69,11 +69,11 @@ Jeder Aufruf `tools/ci/bin/run.sh <check_id>` initialisiert und finalisiert ein
 - `result.json`
 - `diag.json`
 
-Evidence:
+Nachweis:
 - Artefaktpfad-Initialisierung: `tools/ci/lib/result.sh:12-20`.
 - File-Materialisierung: `tools/ci/lib/result.sh:28-34`.
 - Finale `result.json` Komposition: `tools/ci/lib/result.sh:78-112`.
-- Universal Runner Wiring: `tools/ci/bin/run.sh:16-28`.
+- Universelles Runner-Wiring: `tools/ci/bin/run.sh:16-28`.
 
 ## Vertragsmatrix
 | Job | Entrypoint | Artefaktpfad | Vertragsvalidierung | Evidence |
@@ -92,14 +92,14 @@ Evidence:
 | `summary` | `bash tools/ci/bin/run.sh summary` | `artifacts/ci/summary/` | Policy contract aggregation | `.github/workflows/ci.yml:417-427`, `tools/ci/bin/run.sh:424-430` |
 | `pr-labeling` | `bash tools/ci/bin/run.sh pr-labeling` | `artifacts/ci/pr-labeling/` | Label decision schema + apply+verify | `.github/workflows/ci.yml:45-57`, `tools/ci/bin/run.sh:350-400` |
 
-## Labeling- und Versionierungs-Entscheidungspfad
-- Decision-Generierung: `compute-pr-labels.js` schreibt `decision.json` (`tools/ci/bin/run.sh:371-372`).
+## Labeling- und Versionierungsentscheidungs-Pfad
+- Entscheidungs-Generierung: `compute-pr-labels.js` schreibt `decision.json` (`tools/ci/bin/run.sh:371-372`).
 - Schema-Validierung: `validate-label-decision.js` (`tools/ci/bin/run.sh:374`).
-- Label-Anwendung und Post-Apply-Verifikation: deterministischer GitHub API PUT (curl-backed) und anschliessender Re-Read (`tools/ci/bin/run.sh:375-399`, `tools/ci/bin/github_api.py`).
+- Label-Anwendung und Post-Apply-Verifikation: deterministischer GitHub-API-PUT (curl-backed) und anschliessender Re-Read (`tools/ci/bin/run.sh:375-399`, `tools/ci/bin/github_api.py`).
 - Workflow-Token-Quelle: `GH_TOKEN: ${{ github.token }}` (`.github/workflows/ci.yml:46-50`).
 
 ## Qodana: Vertragsposition
 Qodana laeuft in einem separaten Workflow und wird durch `run.sh qodana` validiert:
-- Qodana action execution and SARIF output path (`.github/workflows/qodana.yml:34-40`, `.github/workflows/qodana.yml:59`).
-- Contract check invocation (`.github/workflows/qodana.yml:47-48`, `tools/ci/bin/run.sh:402-422`).
-- Qodana artifact upload (`.github/workflows/qodana.yml:54-60`).
+- Qodana-Action-Ausfuehrung und SARIF-Ausgabepfad (`.github/workflows/qodana.yml:34-40`, `.github/workflows/qodana.yml:59`).
+- Vertragscheck-Aufruf (`.github/workflows/qodana.yml:47-48`, `tools/ci/bin/run.sh:402-422`).
+- Qodana-Artefakt-Upload (`.github/workflows/qodana.yml:54-60`).
diff --git a/docs/governance/001_POLICY_CI.MD b/docs/governance/001_POLICY_CI.MD
index caab5bb..046d164 100644
--- a/docs/governance/001_POLICY_CI.MD
+++ b/docs/governance/001_POLICY_CI.MD
@@ -2,56 +2,56 @@
 [DE](001_POLICY_CI.MD) | [EN](101_POLICY_CI.MD)
 <!-- LANG_SWITCH:END -->
 
-# CI Policy (SSOT)
+# CI-Richtlinie (SSOT)
 
-## Scope
-This document defines policy principles, severity handling, and exit code policy.
-Normative policy definitions live in:
+## Geltungsbereich
+Dieses Dokument definiert Richtlinienprinzipien, Severity-Behandlung und Exit-Code-Politik fuer die CI.
+Normative Richtliniendefinitionen liegen in:
 - `tools/ci/policies/schema/rules.schema.json`
 - `tools/ci/policies/rules/`
-Entry index:
+Einstiegsindex:
 - `docs/governance/006_INDEX_CI_RULES.MD`
 
-## Global Rules
-- Fail-closed: no silent bypass paths.
-- Workflow YAML only calls entry scripts under `tools/ci/bin/`.
-- Required branch-protection contexts remain fixed: `preflight`, `version-policy`, `build`, `api-contract`, `pack`, `consumer-smoke`, `package-backed-tests`, `security-nuget`, `tests-bdd-coverage`.
-  Evidence: branch protection API (`required_status_checks.contexts`) and `.github/workflows/ci.yml:59-347`.
+## Globale Regeln
+- Fail-closed: keine stillen Bypass-Pfade.
+- Workflow-YAML ruft nur Entry-Skripte unter `tools/ci/bin/` auf.
+- Erforderliche Branch-Protection-Contexts bleiben fix: `preflight`, `version-policy`, `build`, `api-contract`, `pack`, `consumer-smoke`, `package-backed-tests`, `security-nuget`, `tests-bdd-coverage`.
+  Nachweis: Branch-Protection-API (`required_status_checks.contexts`) und `.github/workflows/ci.yml:59-347`.
 
-## Result Contract
-All required checks MUST write:
+## Ergebnisvertrag
+Alle erforderlichen Checks MUESSEN schreiben:
 - `artifacts/ci/<check_id>/raw.log`
 - `artifacts/ci/<check_id>/summary.md`
 - `artifacts/ci/<check_id>/result.json`
 
-`result.json` must comply with `tools/ci/schema/result.schema.json`.
-Implementation evidence: `tools/ci/lib/result.sh:12-20`, `tools/ci/lib/result.sh:28-34`, `tools/ci/lib/result.sh:78-112`.
+`result.json` muss `tools/ci/schema/result.schema.json` entsprechen.
+Implementierungsnachweis: `tools/ci/lib/result.sh:12-20`, `tools/ci/lib/result.sh:28-34`, `tools/ci/lib/result.sh:78-112`.
 
-## Governance View (Execution Boundary)
+## Governance-Sicht (Ausfuehrungsgrenze)
 ```mermaid
 flowchart LR
-  yml["Workflow declarations\n.github/workflows/*.yml"] --> run["Single entrypoint\n tools/ci/bin/run.sh <check_id>"]
-  run --> result["Result contract artifacts\nraw.log / summary.md / result.json / diag.json"]
-  result --> policy["Policy validators / schema\nPolicyRunner + result schema"]
+  yml["Workflow-Deklarationen\n.github/workflows/*.yml"] --> run["Einziger Einstiegspunkt\n tools/ci/bin/run.sh <check_id>"]
+  run --> result["Ergebnisvertrag-Artefakte\nraw.log / summary.md / result.json / diag.json"]
+  result --> policy["Policy-Validatoren / Schema\nPolicyRunner + Result-Schema"]
 ```
 
-The detailed job DAG and contract matrix are maintained in `docs/ci/001_PIPELINE_CI.MD` to avoid duplication.
+Der detaillierte Job-DAG und die Vertragsmatrix liegen in `docs/ci/001_PIPELINE_CI.MD`, um Duplikate zu vermeiden.
 
-## Rule Catalog
-- Rule IDs and file ownership are indexed in `docs/governance/006_INDEX_CI_RULES.MD`.
-- Evaluation details and thresholds are defined only in `tools/ci/policies/rules/`.
+## Regelkatalog
+- Rule-IDs und Datei-Zuordnung sind in `docs/governance/006_INDEX_CI_RULES.MD` indexiert.
+- Auswertungsdetails und Schwellwerte sind ausschliesslich in `tools/ci/policies/rules/` definiert.
 
-## Severity Rules
-- `warn`: visible, non-blocking.
-- `fail`: blocking, exit code non-zero.
+## Severity-Regeln
+- `warn`: sichtbar, nicht blockierend.
+- `fail`: blockierend, Exit-Code ungleich Null.
 
-## Exit Code Matrix
-- `0`: success (`pass` or `warn`)
-- `1`: policy/contract/check failure (`fail`)
-- `2`: invalid invocation or missing prerequisites
+## Exit-Code-Matrix
+- `0`: Erfolg (`pass` oder `warn`)
+- `1`: Richtlinien-/Vertrags-/Check-Fehler (`fail`)
+- `2`: ungueltiger Aufruf oder fehlende Voraussetzungen
 
-## Allow-lists
-Allow-list definitions are managed in rule parameters under `tools/ci/policies/rules/`.
+## Allow-Lists
+Allow-List-Definitionen werden in Regelparametern unter `tools/ci/policies/rules/` gepflegt.
 
 ## RoC-Bezug
 - [Artifact-Contract-Regel](https://github.com/tomtastisch/FileClassifier/blob/main/tools/ci/policies/rules/artifact_contract.yaml)
diff --git a/docs/governance/002_POLICY_LABELING.MD b/docs/governance/002_POLICY_LABELING.MD
index 925fa12..58f606c 100644
--- a/docs/governance/002_POLICY_LABELING.MD
+++ b/docs/governance/002_POLICY_LABELING.MD
@@ -2,28 +2,28 @@
 [DE](002_POLICY_LABELING.MD) | [EN](102_POLICY_LABELING.MD)
 <!-- LANG_SWITCH:END -->
 
-# Labeling Ownership
+# Labeling-Verantwortung
 
-## 1. Scope
-This governance policy applies to deterministic PR auto-labeling and auto-versioning behavior.
+## 1. Geltungsbereich
+Diese Governance-Richtlinie gilt fuer deterministisches PR-Auto-Labeling und Auto-Versionierungsverhalten.
 
-## 2. Owned Files
+## 2. Verantwortete Dateien
 - `.github/workflows/ci.yml`
 - `tools/versioning/*`
 - `docs/versioning/001_POLICY_VERSIONING.MD`
 - `docs/versioning/004_POLICY_LABELING.MD`
 
-## 3. Change Requirements
-Any change to taxonomy, priority, caps, or versioning decision logic must include:
-- Updated docs
-- Updated/added golden testcases
-- Passing label engine validation
+## 3. Aenderungsanforderungen
+Jede Aenderung an Taxonomie, Prioritaet, Caps oder Versionierungsentscheidungslogik muss enthalten:
+- aktualisierte Dokumentation
+- aktualisierte/neu hinzugefuegte Golden-Testfaelle
+- erfolgreiche Label-Engine-Validierung
 
-## 4. Review Policy
-At least one maintainer owner review is required for the owned files.
+## 4. Review-Policy
+Mindestens ein Maintainer-Owner-Review ist fuer die verantworteten Dateien erforderlich.
 
-## 5. Non-Goals
-This policy does not change product runtime behavior; it governs repository automation only.
+## 5. Nicht-Ziele
+Diese Richtlinie aendert nicht das Laufzeitverhalten des Produkts; sie regelt ausschliesslich Repository-Automation.
 
 ## RoC-Bezug
 - [Artifact-Contract-Regel](https://github.com/tomtastisch/FileClassifier/blob/main/tools/ci/policies/rules/artifact_contract.yaml)
diff --git a/docs/governance/002_POLICY_NAMING_UNIFIED.MD b/docs/governance/002_POLICY_NAMING_UNIFIED.MD
index b0e9b12..97768be 100644
--- a/docs/governance/002_POLICY_NAMING_UNIFIED.MD
+++ b/docs/governance/002_POLICY_NAMING_UNIFIED.MD
@@ -2,38 +2,38 @@
 [DE](002_POLICY_NAMING_UNIFIED.MD) | [EN](102_POLICY_NAMING_UNIFIED.MD)
 <!-- LANG_SWITCH:END -->
 
-# Unified Naming Policy (SSOT)
+# Einheitliche Naming-Richtlinie (SSOT)
 
-## 1. Purpose
-This policy defines one canonical public identity for package naming, assembly naming, namespace root, docs install snippets, and CI checks.
+## 1. Zweck
+Diese Richtlinie definiert eine kanonische oeffentliche Identitaet fuer Paketname, Assembly-Name, Namespace-Root, Doku-Install-Snippets und CI-Checks.
 
 ## 2. SSOT
-Normative source: `tools/ci/policies/data/naming.json`.
+Normative Quelle: `tools/ci/policies/data/naming.json`.
 
-## 3. SHALL Statements (Canonical Equality)
-- `canonical_name` SHALL equal `package_id`.
-- `canonical_name` SHALL equal `assembly_name`.
-- `canonical_name` SHALL equal `root_namespace`.
-- `canonical_name` SHALL be the public root namespace in source declarations.
-- Canonical value is `Tomtastisch.FileClassifier`.
+## 3. SHALL-Statements (kanonische Gleichheit)
+- `canonical_name` SHALL gleich `package_id` sein.
+- `canonical_name` SHALL gleich `assembly_name` sein.
+- `canonical_name` SHALL gleich `root_namespace` sein.
+- `canonical_name` SHALL als oeffentlicher Namespace-Root in Source-Definitionen verwendet werden.
+- Kanonischer Wert ist `Tomtastisch.FileClassifier`.
 
-## 4. Deprecated Package Rule
-- `deprecated_package_ids` SHALL list legacy package IDs.
-- Deprecated package IDs (from SSOT `deprecated_package_ids`) SHALL NOT appear in install snippets or PackageReference examples.
-- Deprecated IDs MAY appear only in migration documentation.
+## 4. Regel fuer veraltete Pakete
+- `deprecated_package_ids` SHALL veraltete Paket-IDs listen.
+- Veraltete Paket-IDs (aus SSOT `deprecated_package_ids`) SHALL NICHT in Install-Snippets oder PackageReference-Beispielen erscheinen.
+- Veraltete IDs MAY nur in Migrationsdokumentation erscheinen.
 
-## 5. GitHub Slug Limitation
-- GitHub repository slug is operational identity (`repo_identity`) and MAY differ from package ID.
-- Current slug is `FileClassifier`; canonical package remains `Tomtastisch.FileClassifier`.
-- If literal slug equality is required, manual rename steps are required:
-  1. GitHub repository Settings -> Rename repository.
-  2. Update `repository_url` in `tools/ci/policies/data/naming.json`.
-  3. Update `RepositoryUrl`/`PackageProjectUrl` in `src/FileTypeDetection/FileTypeDetectionLib.vbproj`.
-  4. Update local remotes (`git remote set-url origin ...`) and CI references.
+## 5. GitHub-Slug-Einschraenkung
+- GitHub-Repository-Slug ist operative Identitaet (`repo_identity`) und MAY von der Paket-ID abweichen.
+- Aktueller Slug ist `FileClassifier`; kanonisches Paket bleibt `Tomtastisch.FileClassifier`.
+- Falls literal gleiche Slugs erforderlich sind, sind manuelle Rename-Schritte notwendig:
+  1. GitHub Repository Settings -> Rename repository.
+  2. `repository_url` in `tools/ci/policies/data/naming.json` aktualisieren.
+  3. `RepositoryUrl`/`PackageProjectUrl` in `src/FileTypeDetection/FileTypeDetectionLib.vbproj` aktualisieren.
+  4. Lokale Remotes (`git remote set-url origin ...`) und CI-Referenzen aktualisieren.
 
-## 6. CI Enforcement Mapping
-- Rule ID is fixed: `CI-NAMING-001`.
-- Rule file: `tools/ci/policies/rules/naming_snt.yaml`.
+## 6. CI-Enforcement-Mapping
+- Rule-ID ist fix: `CI-NAMING-001`.
+- Regeldatei: `tools/ci/policies/rules/naming_snt.yaml`.
 - Checker: `tools/ci/check-naming-snt.sh`.
 - Reports:
   - `artifacts/naming_snt_report.json`
diff --git a/docs/governance/003_INDEX_GOVERNANCE.MD b/docs/governance/003_INDEX_GOVERNANCE.MD
index 1f05d86..551b063 100644
--- a/docs/governance/003_INDEX_GOVERNANCE.MD
+++ b/docs/governance/003_INDEX_GOVERNANCE.MD
@@ -2,11 +2,11 @@
 [DE](003_INDEX_GOVERNANCE.MD) | [EN](103_INDEX_GOVERNANCE.MD)
 <!-- LANG_SWITCH:END -->
 
-# Policy Index (SSOT Navigation)
+# Richtlinienindex (SSOT-Navigation)
 
-This index is non-normative. Normative policy definitions are the rule files under `tools/ci/policies/rules/`.
+Dieser Index ist nicht normativ. Normative Richtliniendefinitionen sind die Regeldateien unter `tools/ci/policies/rules/`.
 
-| Rule ID | Rule File |
+| Rule ID | Regeldatei |
 | --- | --- |
 | `CI-ARTIFACT-001` | `tools/ci/policies/rules/artifact_contract.yaml` |
 | `CI-SHELL-001` | `tools/ci/policies/rules/shell_safety.yaml` |
diff --git a/docs/governance/003_POLICY_VERSIONING_SVT.MD b/docs/governance/003_POLICY_VERSIONING_SVT.MD
index 45bed8a..3a71123 100644
--- a/docs/governance/003_POLICY_VERSIONING_SVT.MD
+++ b/docs/governance/003_POLICY_VERSIONING_SVT.MD
@@ -2,31 +2,31 @@
 [DE](003_POLICY_VERSIONING_SVT.MD) | [EN](103_POLICY_VERSIONING_SVT.MD)
 <!-- LANG_SWITCH:END -->
 
-# Versioning Policy (SVT)
+# Versionierungsrichtlinie (SVT)
 
-## 1. Purpose
-This policy enforces Single Version Truth (SVT) for the canonical package release pipeline.
+## 1. Zweck
+Diese Richtlinie erzwingt Single Version Truth (SVT) fuer die kanonische Paket-Release-Pipeline.
 
 ## 2. SSOT
-Normative source: `tools/ci/policies/data/versioning.json`.
+Normative Quelle: `tools/ci/policies/data/versioning.json`.
 
-## 3. SVT Definition
-For canonical package `Tomtastisch.FileClassifier`, the following SHALL match exactly:
+## 3. SVT-Definition
+Fuer das kanonische Paket `Tomtastisch.FileClassifier` MUESSEN die folgenden Werte exakt uebereinstimmen:
 - `git tag vX.Y.Z`
 - vbproj `<Version>X.Y.Z</Version>`
 - vbproj `<PackageVersion>X.Y.Z</PackageVersion>`
-- produced `.nupkg` version `X.Y.Z`
-- published NuGet version `X.Y.Z` (release job)
+- erzeugte `.nupkg`-Version `X.Y.Z`
+- veroeffentlichte NuGet-Version `X.Y.Z` (Release-Job)
 
-## 4. SHALL Statements
-- Release tags SHALL use prefix `v` and semantic version core (`vMAJOR.MINOR.PATCH`).
-- Release pack step SHALL derive `VERSION=${GITHUB_REF_NAME#v}`.
-- `dotnet pack` SHALL pass `-p:Version=$VERSION -p:PackageVersion=$VERSION`.
-- CI SHALL fail-closed on ambiguity (for example multiple matching tags on HEAD).
-- Legacy package versions are out of canonical SVT scope and SHALL be deprecated/unlisted.
+## 4. SHALL-Statements
+- Release-Tags SHALL den Prefix `v` sowie einen semantischen Versionskern verwenden (`vMAJOR.MINOR.PATCH`).
+- Der Release-Pack-Schritt SHALL `VERSION=${GITHUB_REF_NAME#v}` ableiten.
+- `dotnet pack` SHALL `-p:Version=$VERSION -p:PackageVersion=$VERSION` setzen.
+- CI SHALL bei Mehrdeutigkeit fail-closed abbrechen (z. B. mehrere passende Tags auf HEAD).
+- Legacy-Paketversionen liegen ausserhalb des kanonischen SVT-Scopes und SHALL als veraltet/deprecated behandelt werden.
 
-## 5. CI Enforcement Mapping
-- Rule ID: `CI-VERSION-001`.
-- Rule file: `tools/ci/policies/rules/versioning_svt.yaml`.
+## 5. CI-Enforcement-Mapping
+- Rule-ID: `CI-VERSION-001`.
+- Regeldatei: `tools/ci/policies/rules/versioning_svt.yaml`.
 - Checker: `tools/ci/check-versioning-svt.sh`.
 - Report: `artifacts/versioning_report.json`.
diff --git a/docs/governance/006_INDEX_CI_RULES.MD b/docs/governance/006_INDEX_CI_RULES.MD
index fbb5e85..4bfa6ad 100644
--- a/docs/governance/006_INDEX_CI_RULES.MD
+++ b/docs/governance/006_INDEX_CI_RULES.MD
@@ -2,9 +2,9 @@
 [DE](006_INDEX_CI_RULES.MD) | [EN](106_INDEX_CI_RULES.MD)
 <!-- LANG_SWITCH:END -->
 
-# CI Policy Rules
+# CI-Richtlinienregeln
 
-| rule_id | file |
+| rule_id | Datei |
 | --- | --- |
 | `CI-ARTIFACT-000` | `tools/ci/policies/rules/artifact_contract.yaml` |
 | `CI-DOCS-000` | `tools/ci/policies/rules/docs_drift.yaml` |
diff --git a/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD b/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD
index a0bbf42..b36468c 100644
--- a/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD
+++ b/docs/guides/004_GUIDE_MIGRATE_LEGACY_NUGET.MD
@@ -2,35 +2,35 @@
 [DE](004_GUIDE_MIGRATE_LEGACY_NUGET.MD) | [EN](104_GUIDE_MIGRATE_LEGACY_NUGET.MD)
 <!-- LANG_SWITCH:END -->
 
-# Migration Guide: Legacy NuGet ID to Canonical Package
+# Migrationsleitfaden: Legacy-NuGet-ID zum kanonischen Paket
 
-## Scope
-This guide covers migration from deprecated package `Tomtastisch.FileTypeDetection` to canonical package `Tomtastisch.FileClassifier`.
+## Geltungsbereich
+Dieser Leitfaden beschreibt die Migration vom veralteten Paket `Tomtastisch.FileTypeDetection` auf das kanonische Paket `Tomtastisch.FileClassifier`.
 
-## Why
-- Legacy package is deprecated and unlisted on NuGet.org.
-- Canonical package receives ongoing updates and policy-backed CI validation.
-- Public root namespace is unified to `Tomtastisch.FileClassifier` (Level 3 public surface rename).
+## Warum
+- Das Legacy-Paket ist veraltet und auf NuGet.org unlisted.
+- Das kanonische Paket erhaelt laufende Updates und Policy-gestuetzte CI-Validierung.
+- Der oeffentliche Root-Namespace ist auf `Tomtastisch.FileClassifier` vereinheitlicht (Level-3 Public-Surface-Rename).
 
-## PackageReference Migration
-Replace:
+## PackageReference-Migration
+Ersetze:
 ```xml
 <PackageReference Include="Tomtastisch.FileTypeDetection" Version="X.Y.Z" />
 ```
-with:
+durch:
 ```xml
 <PackageReference Include="Tomtastisch.FileClassifier" Version="X.Y.Z" />
 ```
 
-CLI install command:
+CLI-Installationskommando:
 ```bash
 dotnet add package Tomtastisch.FileClassifier --version X.Y.Z
 ```
 
-## Namespace Migration
-Update source imports/usings from legacy root namespace to `Tomtastisch.FileClassifier`.
+## Namespace-Migration
+Passe Source-Imports/Usings vom Legacy-Root-Namespace auf `Tomtastisch.FileClassifier` an.
 
-## Unlist + Deprecate Policy
-- Legacy versions are unlisted using `dotnet nuget delete` (NuGet.org unlist semantics).
-- Deprecation should point users to `Tomtastisch.FileClassifier`.
-- If CLI deprecation is unavailable, apply deprecation in NuGet.org UI for all legacy versions.
+## Unlist- und Deprecation-Policy
+- Legacy-Versionen werden mit `dotnet nuget delete` unlisted (NuGet.org-Unlist-Semantik).
+- Deprecation soll auf `Tomtastisch.FileClassifier` verweisen.
+- Falls CLI-Deprecation nicht verfuegbar ist, Deprecation fuer alle Legacy-Versionen in der NuGet.org-UI setzen.
diff --git a/docs/versioning/002_HISTORY_VERSIONS.MD b/docs/versioning/002_HISTORY_VERSIONS.MD
index 09a6e53..5bfd233 100644
--- a/docs/versioning/002_HISTORY_VERSIONS.MD
+++ b/docs/versioning/002_HISTORY_VERSIONS.MD
@@ -14,34 +14,38 @@ Heuristik fuer die Rueckwirkungs-Zuordnung:
 Aktueller Entwicklungsstand:
 - Aktuelle Entwicklungslinie enthaelt `5.x` (aktuell veroeffentlichtes Tag: `v5.1.4`; Details in `docs/versioning/003_CHANGELOG_RELEASES.MD`).
 
+Hinweis:
+- Die Spalte `Keyword` verwendet den technischen Klassifizierungswert aus der Historie.
+- Einzelne Committitel bleiben in der Originalsprache, wenn sie als exakter Quelltextnachweis uebernommen wurden.
+
 | Version | Kurzbeschreibung | Commit | Keyword |
 |---|---|---|---|
 | `5.1.4` | Refactor-Cluster 7C abgeschlossen + Qodana-Alerts auf 0 + Version-Bump fuer Release | [2adeb83](https://github.com/tomtastisch/FileClassifier/commit/2adeb83) | patch |
 | `5.1.3` | PR-Governance-Haertung (DE-Naming, PR-Template, fail-closed Gate fuer `security/code-scanning/tools = 0`) | [0b488ac](https://github.com/tomtastisch/FileClassifier/commit/0b488ac) | patch |
 | `5.1.2` | Gate4 Polling-Optimierung und Release-Haertung | [f12711d](https://github.com/tomtastisch/FileClassifier/commit/f12711d) | patch |
 | `5.1.1` | Dependabot security-only mode und fail-closed Guards fuer secret-pflichtige Workflows | [d0ad8ec](https://github.com/tomtastisch/FileClassifier/commit/d0ad8ec) | patch |
-| `5.1.0` | Security/Governance hardening wave: pinned actions, dependency review, labeler fixes, root assurance index | [e2a4a42](https://github.com/tomtastisch/FileClassifier/commit/e2a4a42) | minor |
-| `5.0.0` | Finalize hashing API rename to EvidenceHashing and add optional HMAC digests | [444d027](https://github.com/tomtastisch/FileClassifier/commit/444d027) | breaking |
-| `4.2.1` | Bump version to 4.2.1 for quality-gate hardening | [8ab274d](https://github.com/tomtastisch/FileClassifier/commit/8ab274d) | chore |
-| `4.2.0` | docs: fix root readme parity, link sha targets, and preflight version gate | [9691bec](https://github.com/tomtastisch/FileClassifier/commit/9691bec) | docs |
-| `4.1.3` | docs: deterministic restructure with SHA-locked links and policy-roc gate | [90a2825](https://github.com/tomtastisch/FileClassifier/commit/90a2825) | docs |
-| `4.1.2` | chore(version): bump version for xunit v3 migration release | [d1ed2a9](https://github.com/tomtastisch/FileClassifier/commit/d1ed2a9) | chore |
-| `4.1.1` | chore(version): bump patch version to satisfy CI guard | [d67050c](https://github.com/tomtastisch/FileClassifier/commit/d67050c) | chore |
-| `4.1.0` | chore: update version to 4.1.0 and improve versioning logic | [a3dfe23](https://github.com/tomtastisch/FileClassifier/commit/a3dfe23) | chore |
-| `4.0.0` | chore(versioning): bump baseline to 4.0.0 | [2a78f97](https://github.com/tomtastisch/FileClassifier/commit/2a78f97) | chore |
-| `3.0.24` | docs: fix umlaut spellings | [22d40b9](https://github.com/tomtastisch/FileClassifier/commit/22d40b9) | docs |
-| `3.0.23` | docs: normalize markdown language | [90310a0](https://github.com/tomtastisch/FileClassifier/commit/90310a0) | docs |
-| `3.0.22` | docs: unify markdown structure and add maintenance checklists | [cb3341d](https://github.com/tomtastisch/FileClassifier/commit/cb3341d) | docs |
-| `3.0.21` | docs(guides): unify structure and add step-by-step checklists with examples | [5f5c6ab](https://github.com/tomtastisch/FileClassifier/commit/5f5c6ab) | docs |
-| `3.0.20` | docs: add guides for options and datatype extensions (#5) | [392c628](https://github.com/tomtastisch/FileClassifier/commit/392c628) | docs |
-| `3.0.19` | docs(guides): add options and datatype extension playbooks | [1427e1e](https://github.com/tomtastisch/FileClassifier/commit/1427e1e) | docs |
-| `3.0.18` | Refactor: deterministic hashing, archive hardening, and test/CI stabilization (#4) | [374732a](https://github.com/tomtastisch/FileClassifier/commit/374732a) | refactor |
-| `3.0.17` | tooling(test): simplify readable output and strip technical test noise | [514922c](https://github.com/tomtastisch/FileClassifier/commit/514922c) | tooling |
-| `3.0.16` | ci(docs): validate markdown heading anchors in link checker | [02884ff](https://github.com/tomtastisch/FileClassifier/commit/02884ff) | ci |
-| `3.0.15` | ci(docs): add markdown link check gate | [cdbdfbd](https://github.com/tomtastisch/FileClassifier/commit/cdbdfbd) | ci |
-| `3.0.14` | docs(structure): enforce readme coverage and update all abstraction references | [0d4cc5e](https://github.com/tomtastisch/FileClassifier/commit/0d4cc5e) | docs |
-| `3.0.13` | docs(readme): add abstractions folder hierarchy graphic | [5853dd9](https://github.com/tomtastisch/FileClassifier/commit/5853dd9) | docs |
-| `3.0.12` | docs(abstractions): finalize references after model folder split | [afdc592](https://github.com/tomtastisch/FileClassifier/commit/afdc592) | docs |
+| `5.1.0` | Security-/Governance-Haertungswelle: gepinnte Actions, Dependency-Review, Labeler-Fixes, Root-Assurance-Index | [e2a4a42](https://github.com/tomtastisch/FileClassifier/commit/e2a4a42) | minor |
+| `5.0.0` | Hashing-API-Rename auf `EvidenceHashing` finalisiert und optionale HMAC-Digests hinzugefuegt | [444d027](https://github.com/tomtastisch/FileClassifier/commit/444d027) | breaking |
+| `4.2.1` | Version auf 4.2.1 fuer Quality-Gate-Haertung angehoben | [8ab274d](https://github.com/tomtastisch/FileClassifier/commit/8ab274d) | chore |
+| `4.2.0` | Dokumentation: Root-README-Paritaet korrigiert, SHA-Links angepasst und Preflight-Version-Gate haerter gemacht | [9691bec](https://github.com/tomtastisch/FileClassifier/commit/9691bec) | docs |
+| `4.1.3` | Dokumentation: deterministische Restrukturierung mit SHA-fixierten Links und Policy-RoC-Gate | [90a2825](https://github.com/tomtastisch/FileClassifier/commit/90a2825) | docs |
+| `4.1.2` | Versionierungs-Chore: Versionsbump fuer xUnit-v3-Migrationsrelease | [d1ed2a9](https://github.com/tomtastisch/FileClassifier/commit/d1ed2a9) | chore |
+| `4.1.1` | Versionierungs-Chore: Patch-Version erhoeht, um CI-Guard zu erfuellen | [d67050c](https://github.com/tomtastisch/FileClassifier/commit/d67050c) | chore |
+| `4.1.0` | Version auf 4.1.0 aktualisiert und Versionierungslogik verbessert | [a3dfe23](https://github.com/tomtastisch/FileClassifier/commit/a3dfe23) | chore |
+| `4.0.0` | Versionierungs-Basislinie auf 4.0.0 angehoben | [2a78f97](https://github.com/tomtastisch/FileClassifier/commit/2a78f97) | chore |
+| `3.0.24` | Dokumentation: Umlaut-Schreibweisen korrigiert | [22d40b9](https://github.com/tomtastisch/FileClassifier/commit/22d40b9) | docs |
+| `3.0.23` | Dokumentation: Markdown-Sprache normalisiert | [90310a0](https://github.com/tomtastisch/FileClassifier/commit/90310a0) | docs |
+| `3.0.22` | Dokumentation: Struktur vereinheitlicht und Wartungs-Checklisten ergaenzt | [cb3341d](https://github.com/tomtastisch/FileClassifier/commit/cb3341d) | docs |
+| `3.0.21` | Dokumentation (Guides): Struktur vereinheitlicht und Schritt-fuer-Schritt-Checklisten mit Beispielen ergaenzt | [5f5c6ab](https://github.com/tomtastisch/FileClassifier/commit/5f5c6ab) | docs |
+| `3.0.20` | Dokumentation: Leitfaeden fuer Optionen und Datentyp-Erweiterungen hinzugefuegt (#5) | [392c628](https://github.com/tomtastisch/FileClassifier/commit/392c628) | docs |
+| `3.0.19` | Dokumentation (Guides): Playbooks fuer Optionen und Datentyp-Erweiterungen hinzugefuegt | [1427e1e](https://github.com/tomtastisch/FileClassifier/commit/1427e1e) | docs |
+| `3.0.18` | Refactor: deterministisches Hashing, Archive-Haertung und Test/CI-Stabilisierung (#4) | [374732a](https://github.com/tomtastisch/FileClassifier/commit/374732a) | refactor |
+| `3.0.17` | Tooling (Test): lesbares Ausgabeformat vereinfacht und technisches Testrauschen reduziert | [514922c](https://github.com/tomtastisch/FileClassifier/commit/514922c) | tooling |
+| `3.0.16` | CI (Docs): Markdown-Heading-Anker im Link-Checker validiert | [02884ff](https://github.com/tomtastisch/FileClassifier/commit/02884ff) | ci |
+| `3.0.15` | CI (Docs): Markdown-Link-Check als Gate hinzugefuegt | [cdbdfbd](https://github.com/tomtastisch/FileClassifier/commit/cdbdfbd) | ci |
+| `3.0.14` | Dokumentation (Struktur): README-Abdeckung erzwungen und Abstraction-Referenzen aktualisiert | [0d4cc5e](https://github.com/tomtastisch/FileClassifier/commit/0d4cc5e) | docs |
+| `3.0.13` | Dokumentation (README): Grafik fuer Abstractions-Ordnerhierarchie hinzugefuegt | [5853dd9](https://github.com/tomtastisch/FileClassifier/commit/5853dd9) | docs |
+| `3.0.12` | Dokumentation (Abstractions): Referenzen nach Model-Ordnersplit finalisiert | [afdc592](https://github.com/tomtastisch/FileClassifier/commit/afdc592) | docs |
 | `3.0.11` | refactor(abstractions): split models into detection archive hashing folders | [f25256f](https://github.com/tomtastisch/FileClassifier/commit/f25256f) | refactor |
 | `3.0.10` | tooling(test): render bdd-readable output as clean per-test blocks | [268afe5](https://github.com/tomtastisch/FileClassifier/commit/268afe5) | tooling |
 | `3.0.9` | test(core): add fail-closed internals coverage and raise ci gates | [27659c8](https://github.com/tomtastisch/FileClassifier/commit/27659c8) | test |