Add unit and integration tests for VexCandidateEmitter and SmartDiff repositories

- Implemented comprehensive unit tests for VexCandidateEmitter to validate candidate emission logic based on various scenarios including absent and present APIs, confidence thresholds, and rate limiting.
- Added integration tests for SmartDiff PostgreSQL repositories, covering snapshot storage and retrieval, candidate storage, and material risk change handling.
- Ensured tests validate correct behavior for storing, retrieving, and querying snapshots and candidates, including edge cases and expected outcomes.

docs/05_SYSTEM_REQUIREMENTS_SPEC.md

@@ -11,18 +11,18 @@ Stella Ops · self‑hosted supply‑chain‑security platform
 
 ## 1 · Purpose & Scope
 
-This SRS defines everything the **v0.1.0‑alpha** release of _Stella Ops_ must do, **including the Free‑tier daily quota of {{ quota_token }} SBOM scans per token**.  
+This SRS defines everything the **v0.1.0‑alpha** release of _Stella Ops_ must do, **including the Free‑tier daily quota of {{ quota_token }} SBOM scans per token**.  
 Scope includes core platform, CLI, UI, quota layer, and plug‑in host; commercial or closed‑source extensions are explicitly out‑of‑scope.
 
 ---
 
 ## 2 · References
 
-* [overview.md](overview.md) – market gap & problem statement  
+* [overview.md](overview.md) – market gap & problem statement  
 * [03_VISION.md](03_VISION.md) – north‑star, KPIs, quarterly themes  
 * [07_HIGH_LEVEL_ARCHITECTURE.md](07_HIGH_LEVEL_ARCHITECTURE.md) – context & data flow diagrams  
-* [modules/platform/architecture-overview.md](modules/platform/architecture-overview.md) – component APIs & plug‑in contracts  
-* [09_API_CLI_REFERENCE.md](09_API_CLI_REFERENCE.md) – REST & CLI surface
+* [modules/platform/architecture-overview.md](modules/platform/architecture-overview.md) – component APIs & plug‑in contracts  
+* [09_API_CLI_REFERENCE.md](09_API_CLI_REFERENCE.md) – REST & CLI surface
 
 ---
 
@@ -136,7 +136,7 @@ access.
 | **NFR‑PERF‑1** | Performance | P95 cold scan ≤ 5 s; warm ≤ 1 s (see **FR‑DELTA‑3**). |
 | **NFR‑PERF‑2** | Throughput | System shall sustain 60 concurrent scans on 8‑core node without queue depth >10. |
 | **NFR‑AVAIL‑1** | Availability | All services shall start offline; any Internet call must be optional. |
-| **NFR‑SCAL‑1** | Scalability | Horizontal scaling via Kubernetes replicas for backend, Redis Sentinel, Mongo replica set. |
+| **NFR-SCAL-1** | Scalability | Horizontal scaling via Kubernetes replicas for backend, Redis Sentinel, PostgreSQL cluster. |
 | **NFR‑SEC‑1** | Security | All inter‑service traffic shall use TLS or localhost sockets. |
 | **NFR‑COMP‑1** | Compatibility | Platform shall run on x86‑64 Linux kernel ≥ 5.10; Windows agents (TODO > 6 mo) must support Server 2019+. |
 | **NFR‑I18N‑1** | Internationalisation | UI must support EN and at least one additional locale (Cyrillic). |
@@ -179,7 +179,7 @@ Authorization: Bearer <token>
 ## 9 · Assumptions & Constraints
 
 * Hardware reference: 8 vCPU, 8 GB RAM, NVMe SSD.  
-* Mongo DB and Redis run co‑located unless horizontal scaling enabled.  
+* PostgreSQL and Redis run co-located unless horizontal scaling enabled.
 * All docker images tagged `latest` are immutable (CI process locks digests).  
 * Rego evaluation runs in embedded OPA Go‑library (no external binary).