consolidate the tests locations

2025-12-26 01:48:24 +02:00
parent 17613acf57
commit 39359da171
2031 changed files with 2607 additions and 476 deletions
--- a/bench/golden-corpus/README.md
+++ b/bench/golden-corpus/README.md
@@ -1,72 +0,0 @@
-# Golden Test Corpus
-
-This directory contains the golden test corpus for StellaOps validation.
-Each test case is a complete, reproducible scenario with known-good inputs and expected outputs.
-
-## Schema Version
-
-**Corpus Version**: `1.0.0`
-**Run Manifest Schema**: `1.0.0`
-**Evidence Index Schema**: `1.0.0`
-**OpenVEX Schema**: `0.2.0`
-**SPDX Version**: `3.0.1`
-**CycloneDX Version**: `1.6`
-
-## Directory Structure
-
-```
-bench/golden-corpus/
-├── README.md
-├── corpus-manifest.json
-├── corpus-version.json
-├── categories/
-│   ├── severity/
-│   ├── vex/
-│   ├── reachability/
-│   ├── unknowns/
-│   ├── scale/
-│   ├── distro/
-│   ├── interop/
-│   ├── negative/
-│   └── composite/
-└── shared/
-    ├── policies/
-    ├── feeds/
-    └── keys/
-```
-
-## Test Case Format
-
-Each test case directory contains:
-
-| Path | Description |
-|------|-------------|
-| `case-manifest.json` | Case metadata |
-| `run-manifest.json` | Run manifest for replay |
-| `input/sbom-cyclonedx.json` | CycloneDX SBOM input |
-| `input/sbom-spdx.json` | SPDX SBOM input |
-| `input/image.tar.gz` | Image tarball (fixture) |
-| `expected/verdict.json` | Expected verdict output |
-| `expected/evidence-index.json` | Expected evidence index |
-| `expected/unknowns.json` | Expected unknowns output |
-| `expected/delta-verdict.json` | Expected delta verdict |
-
-## Running Corpus Scripts
-
-```bash
-python3 scripts/corpus/validate-corpus.py
-python3 scripts/corpus/generate-manifest.py
-python3 scripts/corpus/check-determinism.py
-python3 scripts/corpus/add-case.py --category severity --name SEV-009
-```
-
-## Versioning Policy
-
- **Patch** (1.0.x): Add new cases, fix existing case data
- **Minor** (1.x.0): Algorithm tuning that preserves relative ordering
- **Major** (x.0.0): Algorithm changes that alter expected outputs
-
-When algorithms change:
-1. Increment corpus version
-2. Regenerate case outputs
-3. Update `corpus-manifest.json`
--- a/bench/golden-corpus/categories/composite/extra-001/case-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-001/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "EXTRA-001",
-    "description":  "Placeholder corpus case EXTRA-001",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "composite"
-}
--- a/bench/golden-corpus/categories/composite/extra-001/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-001/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "EXTRA-001-delta"
-}
--- a/bench/golden-corpus/categories/composite/extra-001/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/composite/extra-001/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "EXTRA-001-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.8027150Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-001/expected/unknowns.json
+++ b/bench/golden-corpus/categories/composite/extra-001/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/composite/extra-001/expected/verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-001/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:extra-001",
-    "verdictId":  "EXTRA-001"
-}
--- a/bench/golden-corpus/categories/composite/extra-001/input/image.tar.gz
+++ b/bench/golden-corpus/categories/composite/extra-001/input/image.tar.gz
--- a/bench/golden-corpus/categories/composite/extra-001/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/composite/extra-001/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.8027150Z"
-                 }
-}
--- a/bench/golden-corpus/categories/composite/extra-001/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/composite/extra-001/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.8027150Z",
-    "name":  "EXTRA-001",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/composite/extra-001/run-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-001/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "EXTRA-001-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.8037246Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.8037246Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-002/case-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-002/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "EXTRA-002",
-    "description":  "Placeholder corpus case EXTRA-002",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "composite"
-}
--- a/bench/golden-corpus/categories/composite/extra-002/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-002/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "EXTRA-002-delta"
-}
--- a/bench/golden-corpus/categories/composite/extra-002/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/composite/extra-002/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "EXTRA-002-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.8181543Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-002/expected/unknowns.json
+++ b/bench/golden-corpus/categories/composite/extra-002/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/composite/extra-002/expected/verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-002/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:extra-002",
-    "verdictId":  "EXTRA-002"
-}
--- a/bench/golden-corpus/categories/composite/extra-002/input/image.tar.gz
+++ b/bench/golden-corpus/categories/composite/extra-002/input/image.tar.gz
--- a/bench/golden-corpus/categories/composite/extra-002/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/composite/extra-002/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.8181543Z"
-                 }
-}
--- a/bench/golden-corpus/categories/composite/extra-002/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/composite/extra-002/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.8181543Z",
-    "name":  "EXTRA-002",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/composite/extra-002/run-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-002/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "EXTRA-002-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.8191542Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.8191542Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-003/case-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-003/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "EXTRA-003",
-    "description":  "Placeholder corpus case EXTRA-003",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "composite"
-}
--- a/bench/golden-corpus/categories/composite/extra-003/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-003/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "EXTRA-003-delta"
-}
--- a/bench/golden-corpus/categories/composite/extra-003/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/composite/extra-003/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "EXTRA-003-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.8360597Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-003/expected/unknowns.json
+++ b/bench/golden-corpus/categories/composite/extra-003/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/composite/extra-003/expected/verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-003/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:extra-003",
-    "verdictId":  "EXTRA-003"
-}
--- a/bench/golden-corpus/categories/composite/extra-003/input/image.tar.gz
+++ b/bench/golden-corpus/categories/composite/extra-003/input/image.tar.gz
--- a/bench/golden-corpus/categories/composite/extra-003/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/composite/extra-003/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.8360597Z"
-                 }
-}
--- a/bench/golden-corpus/categories/composite/extra-003/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/composite/extra-003/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.8360597Z",
-    "name":  "EXTRA-003",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/composite/extra-003/run-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-003/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "EXTRA-003-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.8370133Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.8370133Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-004/case-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-004/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "EXTRA-004",
-    "description":  "Placeholder corpus case EXTRA-004",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "composite"
-}
--- a/bench/golden-corpus/categories/composite/extra-004/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-004/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "EXTRA-004-delta"
-}
--- a/bench/golden-corpus/categories/composite/extra-004/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/composite/extra-004/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "EXTRA-004-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.8588914Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-004/expected/unknowns.json
+++ b/bench/golden-corpus/categories/composite/extra-004/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/composite/extra-004/expected/verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-004/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:extra-004",
-    "verdictId":  "EXTRA-004"
-}
--- a/bench/golden-corpus/categories/composite/extra-004/input/image.tar.gz
+++ b/bench/golden-corpus/categories/composite/extra-004/input/image.tar.gz
--- a/bench/golden-corpus/categories/composite/extra-004/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/composite/extra-004/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.8588914Z"
-                 }
-}
--- a/bench/golden-corpus/categories/composite/extra-004/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/composite/extra-004/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.8588914Z",
-    "name":  "EXTRA-004",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/composite/extra-004/run-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-004/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "EXTRA-004-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.8598906Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.8598906Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-005/case-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-005/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "EXTRA-005",
-    "description":  "Placeholder corpus case EXTRA-005",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "composite"
-}
--- a/bench/golden-corpus/categories/composite/extra-005/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-005/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "EXTRA-005-delta"
-}
--- a/bench/golden-corpus/categories/composite/extra-005/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/composite/extra-005/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "EXTRA-005-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.8751465Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-005/expected/unknowns.json
+++ b/bench/golden-corpus/categories/composite/extra-005/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/composite/extra-005/expected/verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-005/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:extra-005",
-    "verdictId":  "EXTRA-005"
-}
--- a/bench/golden-corpus/categories/composite/extra-005/input/image.tar.gz
+++ b/bench/golden-corpus/categories/composite/extra-005/input/image.tar.gz
--- a/bench/golden-corpus/categories/composite/extra-005/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/composite/extra-005/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.8751465Z"
-                 }
-}
--- a/bench/golden-corpus/categories/composite/extra-005/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/composite/extra-005/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.8751465Z",
-    "name":  "EXTRA-005",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/composite/extra-005/run-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-005/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "EXTRA-005-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.8761542Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.8761542Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-006/case-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-006/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "EXTRA-006",
-    "description":  "Placeholder corpus case EXTRA-006",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "composite"
-}
--- a/bench/golden-corpus/categories/composite/extra-006/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-006/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "EXTRA-006-delta"
-}
--- a/bench/golden-corpus/categories/composite/extra-006/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/composite/extra-006/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "EXTRA-006-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.8951568Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-006/expected/unknowns.json
+++ b/bench/golden-corpus/categories/composite/extra-006/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/composite/extra-006/expected/verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-006/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:extra-006",
-    "verdictId":  "EXTRA-006"
-}
--- a/bench/golden-corpus/categories/composite/extra-006/input/image.tar.gz
+++ b/bench/golden-corpus/categories/composite/extra-006/input/image.tar.gz
--- a/bench/golden-corpus/categories/composite/extra-006/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/composite/extra-006/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.8941475Z"
-                 }
-}
--- a/bench/golden-corpus/categories/composite/extra-006/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/composite/extra-006/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.8941475Z",
-    "name":  "EXTRA-006",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/composite/extra-006/run-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-006/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "EXTRA-006-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.8951568Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.8951568Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-007/case-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-007/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "EXTRA-007",
-    "description":  "Placeholder corpus case EXTRA-007",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "composite"
-}
--- a/bench/golden-corpus/categories/composite/extra-007/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-007/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "EXTRA-007-delta"
-}
--- a/bench/golden-corpus/categories/composite/extra-007/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/composite/extra-007/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "EXTRA-007-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.9253920Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-007/expected/unknowns.json
+++ b/bench/golden-corpus/categories/composite/extra-007/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/composite/extra-007/expected/verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-007/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:extra-007",
-    "verdictId":  "EXTRA-007"
-}
--- a/bench/golden-corpus/categories/composite/extra-007/input/image.tar.gz
+++ b/bench/golden-corpus/categories/composite/extra-007/input/image.tar.gz
--- a/bench/golden-corpus/categories/composite/extra-007/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/composite/extra-007/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.9243922Z"
-                 }
-}
--- a/bench/golden-corpus/categories/composite/extra-007/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/composite/extra-007/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.9243922Z",
-    "name":  "EXTRA-007",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/composite/extra-007/run-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-007/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "EXTRA-007-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.9269031Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.9269031Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-008/case-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-008/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "EXTRA-008",
-    "description":  "Placeholder corpus case EXTRA-008",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "composite"
-}
--- a/bench/golden-corpus/categories/composite/extra-008/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-008/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "EXTRA-008-delta"
-}
--- a/bench/golden-corpus/categories/composite/extra-008/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/composite/extra-008/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "EXTRA-008-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.9436128Z"
-}
--- a/bench/golden-corpus/categories/composite/extra-008/expected/unknowns.json
+++ b/bench/golden-corpus/categories/composite/extra-008/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/composite/extra-008/expected/verdict.json
+++ b/bench/golden-corpus/categories/composite/extra-008/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:extra-008",
-    "verdictId":  "EXTRA-008"
-}
--- a/bench/golden-corpus/categories/composite/extra-008/input/image.tar.gz
+++ b/bench/golden-corpus/categories/composite/extra-008/input/image.tar.gz
--- a/bench/golden-corpus/categories/composite/extra-008/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/composite/extra-008/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.9436128Z"
-                 }
-}
--- a/bench/golden-corpus/categories/composite/extra-008/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/composite/extra-008/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.9436128Z",
-    "name":  "EXTRA-008",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/composite/extra-008/run-manifest.json
+++ b/bench/golden-corpus/categories/composite/extra-008/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "EXTRA-008-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.9446123Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.9446123Z"
-}
--- a/bench/golden-corpus/categories/distro/distro-001/case-manifest.json
+++ b/bench/golden-corpus/categories/distro/distro-001/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "DISTRO-001",
-    "description":  "Placeholder corpus case DISTRO-001",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "distro"
-}
--- a/bench/golden-corpus/categories/distro/distro-001/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/distro/distro-001/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "DISTRO-001-delta"
-}
--- a/bench/golden-corpus/categories/distro/distro-001/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/distro/distro-001/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "DISTRO-001-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.5401402Z"
-}
--- a/bench/golden-corpus/categories/distro/distro-001/expected/unknowns.json
+++ b/bench/golden-corpus/categories/distro/distro-001/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/distro/distro-001/expected/verdict.json
+++ b/bench/golden-corpus/categories/distro/distro-001/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:distro-001",
-    "verdictId":  "DISTRO-001"
-}
--- a/bench/golden-corpus/categories/distro/distro-001/input/image.tar.gz
+++ b/bench/golden-corpus/categories/distro/distro-001/input/image.tar.gz
--- a/bench/golden-corpus/categories/distro/distro-001/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/distro/distro-001/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.5401402Z"
-                 }
-}
--- a/bench/golden-corpus/categories/distro/distro-001/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/distro/distro-001/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.5401402Z",
-    "name":  "DISTRO-001",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/distro/distro-001/run-manifest.json
+++ b/bench/golden-corpus/categories/distro/distro-001/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "DISTRO-001-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.5411477Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.5411477Z"
-}
--- a/bench/golden-corpus/categories/distro/distro-002/case-manifest.json
+++ b/bench/golden-corpus/categories/distro/distro-002/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "DISTRO-002",
-    "description":  "Placeholder corpus case DISTRO-002",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "distro"
-}
--- a/bench/golden-corpus/categories/distro/distro-002/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/distro/distro-002/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "DISTRO-002-delta"
-}
--- a/bench/golden-corpus/categories/distro/distro-002/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/distro/distro-002/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "DISTRO-002-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.5532520Z"
-}
--- a/bench/golden-corpus/categories/distro/distro-002/expected/unknowns.json
+++ b/bench/golden-corpus/categories/distro/distro-002/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/distro/distro-002/expected/verdict.json
+++ b/bench/golden-corpus/categories/distro/distro-002/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:distro-002",
-    "verdictId":  "DISTRO-002"
-}
--- a/bench/golden-corpus/categories/distro/distro-002/input/image.tar.gz
+++ b/bench/golden-corpus/categories/distro/distro-002/input/image.tar.gz
--- a/bench/golden-corpus/categories/distro/distro-002/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/distro/distro-002/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.5522524Z"
-                 }
-}
--- a/bench/golden-corpus/categories/distro/distro-002/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/distro/distro-002/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.5522524Z",
-    "name":  "DISTRO-002",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/distro/distro-002/run-manifest.json
+++ b/bench/golden-corpus/categories/distro/distro-002/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "DISTRO-002-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.5532520Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.5532520Z"
-}
--- a/bench/golden-corpus/categories/distro/distro-003/case-manifest.json
+++ b/bench/golden-corpus/categories/distro/distro-003/case-manifest.json
@@ -1,17 +0,0 @@
-{
-    "id":  "DISTRO-003",
-    "description":  "Placeholder corpus case DISTRO-003",
-    "createdAt":  "2025-12-22T13:57:24Z",
-    "inputs":  [
-                   "sbom-cyclonedx.json",
-                   "sbom-spdx.json",
-                   "image.tar.gz"
-               ],
-    "expected":  [
-                     "verdict.json",
-                     "evidence-index.json",
-                     "unknowns.json",
-                     "delta-verdict.json"
-                 ],
-    "category":  "distro"
-}
--- a/bench/golden-corpus/categories/distro/distro-003/expected/delta-verdict.json
+++ b/bench/golden-corpus/categories/distro/distro-003/expected/delta-verdict.json
@@ -1,4 +0,0 @@
-{
-    "changes":  0,
-    "deltaId":  "DISTRO-003-delta"
-}
--- a/bench/golden-corpus/categories/distro/distro-003/expected/evidence-index.json
+++ b/bench/golden-corpus/categories/distro/distro-003/expected/evidence-index.json
@@ -1,10 +0,0 @@
-{
-    "sboms":  [
-
-              ],
-    "indexId":  "DISTRO-003-index",
-    "attestations":  [
-
-                     ],
-    "createdAt":  "2025-12-22T13:57:24.5673518Z"
-}
--- a/bench/golden-corpus/categories/distro/distro-003/expected/unknowns.json
+++ b/bench/golden-corpus/categories/distro/distro-003/expected/unknowns.json
@@ -1,5 +0,0 @@
-{
-    "unknowns":  [
-
-                 ]
-}
--- a/bench/golden-corpus/categories/distro/distro-003/expected/verdict.json
+++ b/bench/golden-corpus/categories/distro/distro-003/expected/verdict.json
@@ -1,5 +0,0 @@
-{
-    "status":  "pass",
-    "digest":  "sha256:distro-003",
-    "verdictId":  "DISTRO-003"
-}
--- a/bench/golden-corpus/categories/distro/distro-003/input/image.tar.gz
+++ b/bench/golden-corpus/categories/distro/distro-003/input/image.tar.gz
--- a/bench/golden-corpus/categories/distro/distro-003/input/sbom-cyclonedx.json
+++ b/bench/golden-corpus/categories/distro/distro-003/input/sbom-cyclonedx.json
@@ -1,11 +0,0 @@
-{
-    "bomFormat":  "CycloneDX",
-    "components":  [
-
-                   ],
-    "specVersion":  "1.6",
-    "version":  1,
-    "metadata":  {
-                     "timestamp":  "2025-12-22T13:57:24.5673518Z"
-                 }
-}
--- a/bench/golden-corpus/categories/distro/distro-003/input/sbom-spdx.json
+++ b/bench/golden-corpus/categories/distro/distro-003/input/sbom-spdx.json
@@ -1,8 +0,0 @@
-{
-    "created":  "2025-12-22T13:57:24.5673518Z",
-    "name":  "DISTRO-003",
-    "elements":  [
-
-                 ],
-    "spdxVersion":  "SPDX-3.0.1"
-}
--- a/bench/golden-corpus/categories/distro/distro-003/run-manifest.json
+++ b/bench/golden-corpus/categories/distro/distro-003/run-manifest.json
@@ -1,44 +0,0 @@
-{
-    "runId":  "DISTRO-003-run",
-    "environmentProfile":  {
-                               "valkeyEnabled":  false,
-                               "name":  "postgres-only"
-                           },
-    "feedSnapshot":  {
-                         "feedId":  "nvd",
-                         "snapshotAt":  "2025-12-22T13:57:24.5673518Z",
-                         "version":  "v1",
-                         "digest":  "sha256:stub"
-                     },
-    "cryptoProfile":  {
-                          "trustRootIds":  [
-
-                                           ],
-                          "allowedAlgorithms":  [
-
-                                                ],
-                          "profileName":  "default"
-                      },
-    "canonicalizationVersion":  "1.0.0",
-    "toolVersions":  {
-                         "reachabilityEngineVersion":  "0.0.0",
-                         "additionalTools":  {
-
-                                             },
-                         "sbomGeneratorVersion":  "0.0.0",
-                         "attestorVersion":  "0.0.0",
-                         "scannerVersion":  "0.0.0"
-                     },
-    "policySnapshot":  {
-                           "enabledRules":  [
-
-                                            ],
-                           "latticeRulesDigest":  "sha256:stub",
-                           "policyVersion":  "1.0.0"
-                       },
-    "artifactDigests":  [
-
-                        ],
-    "schemaVersion":  "1.0.0",
-    "initiatedAt":  "2025-12-22T13:57:24.5673518Z"
-}
--- a/Show More
+++ b/Show More