feat: add PolicyPackSelectorComponent with tests and integration

- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.

docs/product-advisories/29-Nov-2025 - CVSS v4.0 Momentum in Vulnerability Management.md

@@ -0,0 +1,19 @@
+# 29-Nov-2025 · CVSS v4.0 Momentum in Vulnerability Management
+
+**Why now:** Vendors (NVD, GitHub, Microsoft, Snyk) are shipping CVSS v4 signals; StellaOps needs awareness to align receipts, reporting, and UI before defaulting to v4 everywhere.
+
+## Scope
+- Brief on adoption signals and compatibility risks when mixing v3.1/v4.
+- Map impacts to receipt schemas (`SPRINT_0190_0001_0001_cvss_v4_receipts.md`).
+- Identify quick UI/reporting deltas required for transparency.
+
+## Required artefacts (MVP for DONE)
+- This briefing plus linkage in `docs/product-advisories/ADVISORY_INDEX.md` (already indexed).
+- Note in sprint Decisions & Risks for CVSS receipts sprints; ensure SPRINT_0300 tracker row 15 records completion.
+
+## Determinism & Offline
+- Keep CVSS vector parsing deterministic; pin scoring library versions in receipts.
+- Avoid live API dependency; rely on mirrored NVD feeds or frozen samples.
+
+## Next actions
+- Cross-link to receipts schema draft; add Execution Log entry when briefing is published.