semi implemented and features implemented save checkpoint

docs/features/unchecked/scanner/oci-artifact-storage-for-reachability-slices.md

@@ -0,0 +1,26 @@
+# OCI Artifact Storage for Reachability Slices
+
+## Module
+Scanner
+
+## Status
+IMPLEMENTED
+
+## Description
+OCI artifact storage with custom media types (application/vnd.stellaops.slice.v1+json) for reachability slices, supporting push/pull with DSSE signature verification, referrer-based linking, and caching.
+
+## Implementation Details
+- **OCI Slice Storage**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePushService.cs` - `SlicePushService` pushes reachability slices as OCI artifacts with custom media types
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SlicePullService.cs` - `SlicePullService` pulls reachability slices from OCI registries with DSSE signature verification
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/SliceOciManifestBuilder.cs` - `SliceOciManifestBuilder` constructs OCI manifests for reachability slice artifacts
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/OciMediaTypes.cs` - Defines custom media types (`application/vnd.stellaops.slice.v1+json`)
+- **Slice Schema**:
+  - `src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Slices/SliceSchema.cs` - `SliceSchema` defines the schema for reachability slice data
+
+## E2E Test Plan
+- [ ] Push a reachability slice to an OCI registry and verify the artifact is stored with the correct custom media type
+- [ ] Pull a previously pushed reachability slice and verify integrity and DSSE signature verification passes
+- [ ] Verify referrer-based linking connects the slice artifact to its parent image manifest
+- [ ] Verify pulling a tampered slice fails DSSE signature verification
+- [ ] Verify caching avoids redundant pushes for unchanged slices