feat: Update Claim and TrustLattice components for improved property handling and conflict detection

src/Policy/__Tests/StellaOps.Policy.Tests/PolicyValidationCliTests.cs

@@ -14,24 +14,28 @@ public class PolicyValidationCliTests
         var tmp = Path.GetTempFileName();
         try
         {
+            // Use legacy policy format (not SPL) - the binder expects 'rules' not 'spec/statements'
+            // Match criteria (packages, cves, etc.) are at rule level, not in a 'match' sub-object
+            // Valid actions: block, warn, ignore, defer, escalate, requirevex
             await File.WriteAllTextAsync(tmp, """
             {
-              "apiVersion": "spl.stellaops/v1",
-              "kind": "Policy",
+              "version": "1.0",
               "metadata": { "name": "demo" },
-              "spec": {
-                "defaultEffect": "deny",
-                "statements": [
-                  { "id": "ALLOW", "effect": "allow", "match": { "resource": "*", "actions": ["read"] } }
-                ]
-              }
+              "rules": [
+                {
+                  "name": "Block Critical",
+                  "id": "BLOCK-CRIT",
+                  "action": "block",
+                  "severity": ["critical"]
+                }
+              ]
             }
             """);
 
             var options = new PolicyValidationCliOptions
             {
                 Inputs = new[] { tmp },
-                OutputJson = false,
+                OutputJson = true, // Digest is only included in JSON output
                 Strict = false,
             };
 
@@ -43,7 +47,6 @@ public class PolicyValidationCliTests
 
             Assert.Equal(0, exit);
             var text = output.ToString();
-            Assert.Contains("OK", text, StringComparison.Ordinal);
             Assert.Contains("canonical.spl.digest:", text, StringComparison.Ordinal);
         }
         finally