feat: Implement Filesystem and MongoDB provenance writers for PackRun execution context

- Added `FilesystemPackRunProvenanceWriter` to write provenance manifests to the filesystem.
- Introduced `MongoPackRunArtifactReader` to read artifacts from MongoDB.
- Created `MongoPackRunProvenanceWriter` to store provenance manifests in MongoDB.
- Developed unit tests for filesystem and MongoDB provenance writers.
- Established `ITimelineEventStore` and `ITimelineIngestionService` interfaces for timeline event handling.
- Implemented `TimelineIngestionService` to validate and persist timeline events with hashing.
- Created PostgreSQL schema and migration scripts for timeline indexing.
- Added dependency injection support for timeline indexer services.
- Developed tests for timeline ingestion and schema validation.

docs/modules/attestor/README.md

@@ -2,8 +2,10 @@
 
 Attestor converts signed DSSE evidence from the Signer into transparency-log proofs and verifiable reports for every downstream surface (Policy Engine, Export Center, CLI, Console, Scheduler). It is the trust backbone that proves SBOM, scan, VEX, and policy artefacts were signed, witnessed, and preserved without tampering.
 
-## Latest updates (2025-10-19)
-- Platform Events refresh published canonical `attestor.logged@1` samples under `docs/events/samples/` and validated schemas (`docs/updates/2025-10-18-docs-guild.md`, `docs/updates/2025-10-19-docs-guild.md`). Consumers should align verification workflows and tests with those sample envelopes.
+## Latest updates (2025-11-30)
+- Sprint tracker `docs/implplan/SPRINT_0313_0001_0001_docs_modules_attestor.md` and module `TASKS.md` added to mirror status.
+- Observability runbook stub + dashboard placeholder added under `operations/` (offline import) pending next demo outputs.
+- Platform Events samples (2025-10-18/19) remain the current canonical `attestor.logged@1`; keep verification workflows aligned.
 
 ## Why it exists
 - **Evidence first:** organisations need portable, verifiable attestations that prove build provenance, SBOM availability, policy verdicts, and VEX statements.
@@ -44,10 +46,11 @@ All predicates capture subjects, issuer metadata, policy context, materials, opt
 - Export Center packages attestation bundles (`stella export attestation-bundle`) for Offline Kit delivery.
 - Transparency logs can be mirrored; offline mode records gaps and provides compensating controls.
 
-## Observability & performance
-- Metrics: `attestor_submission_total`, `attestor_verify_seconds`, `attestor_cache_hit_ratio`, `attestor_rekor_latency_seconds`.
-- Logs capture tenant, issuer, subject digests, Rekor UUID, proof status, and policy verdict.
-- Performance target: ≥1 000 envelopes/minute per worker with cached verification, batched operations, and concurrency controls.
+## Observability & performance
+- Metrics: `attestor_submission_total`, `attestor_verify_seconds`, `attestor_cache_hit_ratio`, `attestor_rekor_latency_seconds`.
+- Logs capture tenant, issuer, subject digests, Rekor UUID, proof status, and policy verdict.
+- Performance target: ≥1 000 envelopes/minute per worker with cached verification, batched operations, and concurrency controls.
+- Observability assets: `operations/observability.md` and `operations/dashboards/attestor-observability.json` (offline import).
 
 ## Key integrations
 - Signer (DSSE source), Authority (scopes & tenancy), Export Center (attestation bundles), Policy Engine (verification policies), Scanner/Excititor (subject evidence), Notify (key rotation & verification alerts), Observability stack (dashboards/alerts).