feat: add PolicyPackSelectorComponent with tests and integration

- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.

docs/modules/cli/guides/reachability.md

@@ -0,0 +1,15 @@
+# CLI Reachability Guide (outline)
+
+## Pending Inputs
+- See sprint SPRINT_0309_0001_0009_docs_tasks_md_ix action tracker; inputs due 2025-12-09..12 from owning guilds.
+
+## Determinism Checklist
+- [ ] Hash any inbound assets/payloads; place sums alongside artifacts (e.g., SHA256SUMS in this folder).
+- [ ] Keep examples offline-friendly and deterministic (fixed seeds, pinned versions, stable ordering).
+- [ ] Note source/approver for any provided captures or schemas.
+
+## Sections to fill (once inputs arrive)
+- Command reference (new reachability commands).
+- Automation recipes/CI snippets.
+- Exit codes and error handling.
+- Sample outputs with hashes for fixtures.

docs/modules/cli/guides/risk.md

@@ -0,0 +1,17 @@
+# CLI Risk Workflows (outline)
+
+- TBD pending risk API + UI flows; include commands, exit codes, automation recipes.
+
+## Pending Inputs
+- See sprint SPRINT_0309_0001_0009_docs_tasks_md_ix action tracker; inputs due 2025-12-09..12 from owning guilds.
+
+## Determinism Checklist
+- [ ] Hash any inbound assets/payloads; place sums alongside artifacts (e.g., SHA256SUMS in this folder).
+- [ ] Keep examples offline-friendly and deterministic (fixed seeds, pinned versions, stable ordering).
+- [ ] Note source/approver for any provided captures or schemas.
+
+## Sections to fill (once inputs arrive)
+- Command reference (risk create/simulate/export/verify).
+- Exit codes and error semantics.
+- Automation/CI recipes.
+- Sample inputs/outputs (hashes alongside artifacts).

docs/modules/signals/evidence/README.md

@@ -1,6 +1,6 @@
 # Signals DSSE Evidence Staging (runtime/signals gaps)
 
-Artifacts prepared 2025-12-01 (UTC) for DSSE signing and Evidence Locker ingest:
+Artifacts prepared 2025-12-05 (UTC) for DSSE signing and Evidence Locker ingest:
 
 | Artifact | Path | Predicate |
 |----------|------|-----------|
@@ -53,21 +53,49 @@ For production signing without CI:
 ```bash
 # Option 1: Place key file
 cp /path/to/production.key tools/cosign/cosign.key
-OUT_DIR=evidence-locker/signals/2025-12-01 tools/cosign/sign-signals.sh
+OUT_DIR=evidence-locker/signals/2025-12-05 tools/cosign/sign-signals.sh
 
 # Option 2: Use base64 env var
 export COSIGN_PRIVATE_KEY_B64=$(cat production.key | base64 -w0)
 export COSIGN_PASSWORD=your-password
-OUT_DIR=evidence-locker/signals/2025-12-01 tools/cosign/sign-signals.sh
+OUT_DIR=evidence-locker/signals/2025-12-05 tools/cosign/sign-signals.sh
 ```
 
 ## Evidence Locker Paths
 
 Post-signing, artifacts go to:
-- `evidence-locker/signals/2025-12-01/confidence_decay_config.sigstore.json`
-- `evidence-locker/signals/2025-12-01/unknowns_scoring_manifest.sigstore.json`
-- `evidence-locker/signals/2025-12-01/heuristics_catalog.sigstore.json`
-- `evidence-locker/signals/2025-12-01/SHA256SUMS`
+- `evidence-locker/signals/2025-12-05/confidence_decay_config.sigstore.json`
+- `evidence-locker/signals/2025-12-05/unknowns_scoring_manifest.sigstore.json`
+- `evidence-locker/signals/2025-12-05/heuristics_catalog.sigstore.json`
+- `evidence-locker/signals/2025-12-05/SHA256SUMS`
+
+Deterministic tarball (dev-key signing 2025-12-05) for locker push/testing:
+
+```
+evidence-locker/signals/2025-12-05/signals-evidence.tar  sha256=a17910b8e90aaf44d4546057db22cdc791105dd41feb14f0c9b7c8bac5392e0d
+```
+
+Verification helper:
+
+```
+./tools/signals-verify-evidence-tar.sh [path/to/signals-evidence.tar]
+```
+
+Local locker upload (once creds are available):
+
+```bash
+export EVIDENCE_LOCKER_URL="<locker-base-url>"
+export CI_EVIDENCE_LOCKER_TOKEN="<token>"
+./tools/signals-upload-evidence.sh
+# or to push both Signals and Zastava in one go
+./tools/upload-all-evidence.sh
+```
+
+CI upload path:
+- Workflow: `.gitea/workflows/signals-evidence-locker.yml`
+- Secrets required: `CI_EVIDENCE_LOCKER_TOKEN`, `EVIDENCE_LOCKER_URL`
+- Artifact name: `signals-evidence-2025-12-05`
+- Retention input (optional): `retention_target` (default 180 days)
 
 ## Post-Signing Checklist
 

docs/modules/taskrunner/architecture.md

@@ -83,7 +83,7 @@
 ```
 
 ## 12. Gap Remediation (TP1–TP10, 2025-12)
-- **Canonical plan hash (TP1):** Plan hash is `sha256` over `plan.canonicalPlanPath` (normalized JSON, stable key ordering, UTF-8). Hash and canonical plan file are shipped in offline bundles and verified by `scripts/packs/verify_offline_bundle.py`.
+- **Canonical plan hash (TP1):** Plan hash is `sha256:<64-hex>` over `plan.canonicalPlanPath` (normalized JSON, stable key ordering, UTF-8). Hash and canonical plan file are shipped in offline bundles and verified by `scripts/packs/verify_offline_bundle.py`.
 - **Inputs lock (TP2):** Task Runner emits `inputs.lock` capturing resolved inputs + redacted secret placeholders; stored in evidence bundles and listed under `hashes[]` in offline manifests.
 - **Approval ledger (TP3):** Approval decisions are DSSE-signed, embedding `runId`, `gateId`, `planHash`, and `tenantId`. Approval endpoints reject mismatched plan hashes or missing DSSE envelopes.
 - **Secret redaction (TP4):** Evidence/transcripts apply the redaction policy referenced in `security.secretsRedactionPolicy`; secrets are hashed or blanked, never logged in clear text.

docs/modules/zastava/SHA256SUMS

@@ -14,4 +14,4 @@ de9b24675a0a758e40647844a31a13a1be1667750a39fe59465b0353fd0dddd9  exports/observ
 f69f953c78134ef504b870cea47ba62d5e37a7a86ec0043d824dcb6073cd43fb  kit/verify.sh
 1cf8f0448881d067e5e001a1dfe9734b4cdfcaaf16c3e9a7321ceae56e4af8f2  kit/README.md
 eaba054428fa72cd9476cffe7a94450e4345ffe2e294e9079eb7c3703bcf7df0  kit/ed25519.pub
-40a40b31480d876cf4487d07ca8d8b5166c7df455bef234e2c1861b7b3dc7e3b  evidence/README.md
+ffe919a8b96619c1c5cf5bb8f7a7a61b61984d0f97802c131cf66e182f2d705f  evidence/README.md

docs/modules/zastava/evidence/README.md

@@ -23,11 +23,33 @@ Public key copy: `docs/modules/zastava/kit/ed25519.pub`.
 
 Local staging: all files above are present under `evidence-locker/zastava/2025-12-02/` in the repo root, ready for locker upload/mirroring.
 
+Deterministic tarball (built with `tar --sort=name --mtime='UTC 1970-01-01' --owner=0 --group=0 --numeric-owner` over payloads + DSSE):
+
+```
+evidence-locker/zastava/2025-12-02/zastava-evidence.tar  sha256=e1d67424273828c48e9bf5b495a96c2ebcaf1ef2c308f60d8b9c62b8a1b735ae
+```
+
+Verification helper (uses the hash above and inner SHA256SUMS):
+
+```
+./tools/zastava-verify-evidence-tar.sh [path/to/zastava-evidence.tar]
+```
+
+Upload (once locker creds exist):
+
+```bash
+export EVIDENCE_LOCKER_URL="<locker-base-url>"
+export CI_EVIDENCE_LOCKER_TOKEN="<token>"
+./tools/upload-all-evidence.sh   # pushes both Zastava and Signals bundles
+```
+
 Helper script for manual push (expects `EVIDENCE_LOCKER_URL` and `CI_EVIDENCE_LOCKER_TOKEN`):
 ```bash
 tools/zastava-upload-evidence.sh
 ```
 
+Packaging is deterministic (`tar --sort=name --mtime='UTC 1970-01-01' --owner=0 --group=0 --numeric-owner`) and prints the tarball SHA256 before upload. Ensure `kit/verify.sh` passes before pushing.
+
 ## CI delivery note
 - Locker upload in CI requires a write credential (e.g., `CI_EVIDENCE_LOCKER_TOKEN`) with access to the `evidence-locker/zastava/` namespace.
 - If the secret is absent, perform a manual upload from the staged folder and record the locker URI in the sprint log.