Add unit tests and logging infrastructure for InMemory and RabbitMQ transports

- Implemented RecordingLogger and RecordingLoggerFactory for capturing log entries in tests.
- Added unit tests for InMemoryChannel, covering constructor behavior, property assignments, channel communication, and disposal.
- Created InMemoryTransportOptionsTests to validate default values and customizable options for InMemory transport.
- Developed RabbitMqFrameProtocolTests to ensure correct parsing and property creation for RabbitMQ frames.
- Added RabbitMqTransportOptionsTests to verify default settings and customization options for RabbitMQ transport.
- Updated project files for testing libraries and dependencies.

docs/product-advisories/31-Nov-2025 FINDINGS.md

@@ -92,10 +92,22 @@ This advisory consolidates late-November gap findings across Scanner, SBOM/VEX s
 9. **NR9 — Offline notify-kit with DSSE**: Produce offline kit containing schemas, rules/templates, connector configs, verify script, and DSSE-signed manifest; include hash list and time-anchor hook; support deterministic packaging flags and tenant/env scoping. Evidence: kit manifest + DSSE + `verify_notify_kit.sh` script.
 10. **NR10 — Mandatory simulations & evidence**: Rules/templates must pass simulation/dry-run against frozen fixtures before activation; store DSSE-signed simulation results and attach evidence to change approvals; require regression tests for each high-impact rule change. Evidence: simulation report + DSSE + golden fixtures and TRX/NDJSON outputs.
 
+## TP (Task Pack) Gaps — TP1–TP10
+1. **TP1 — Canonical schemas + plan-hash recipe**: Freeze pack manifest canonicalization (sorted JSON, UTF-8, no insignificant whitespace) and compute `plan.hash` as `sha256` over `plan.canonicalPlanPath`. Evidence: `docs/task-packs/packs-offline-bundle.schema.json`, fixtures hashed by `scripts/packs/verify_offline_bundle.py`.
+2. **TP2 — Inputs lock evidence**: Every pack run must emit `inputs.lock` containing resolved inputs, secret placeholders, and digests; stored and hashed in offline bundle `hashes[]`. Evidence: offline bundle manifest + deterministic hash list.
+3. **TP3 — Approval RBAC/DSSE records**: Approval decisions are recorded as DSSE ledgers (`evidence.approvalsLedger`) with Authority claims `pack_run_id`, `pack_gate_id`, `pack_plan_hash`, and tenant context; Task Runner rejects approvals lacking matching plan hash. Evidence: approvals DSSE + ledger hash.
+4. **TP4 — Secret redaction policy**: Bundle includes `security.secretsRedactionPolicy` describing hashing/redaction of secrets; transcripts and evidence bundles store only redacted forms. Evidence: policy doc referenced in bundle manifest + redaction fixtures.
+5. **TP5 — Deterministic ordering/RNG/time**: Execution order, RNG seed (`plan.rngSeed` derived from plan hash), and timestamps (UTC ISO-8601) are fixed; logs are strictly sequenced. Evidence: canonical plan + deterministic log fixtures.
+6. **TP6 — Sandbox/egress limits + quotas**: Offline bundle declares sandbox mode (`sealed`/`restricted`), explicit `egressAllowlist`, CPU/memory quotas, and optional `quotaSeconds`; Task Runner fails if absent. Evidence: sandbox block in manifest + enforcement tests.
+7. **TP7 — Pack registry signing + SBOM + revocation**: Registry entries ship DSSE envelopes for bundle + attestation, pack SBOM path (`pack.sbom`), and a revocation list path (`security.revocations`) enforced during import. Evidence: registry record with SBOM digest + revocation list referenced in manifest.
+8. **TP8 — Offline pack-bundle schema + verify script**: Offline bundles must conform to `packs-offline-bundle.schema.json` and pass `scripts/packs/verify_offline_bundle.py --bundle <tarball> --require-dsse`. Evidence: successful verify run + manifest hash list.
+9. **TP9 — Run/approval SLOs + alerting**: Bundle declares SLOs (`slo.runP95Seconds`, `slo.approvalP95Seconds`, `slo.maxQueueDepth`) with alert rules referenced in `slo.alertRules`; observability must surface breaches. Evidence: alert rule file + metrics fixtures.
+10. **TP10 — Gate fail-closed defaults**: Approval/policy/timeline gates default to fail-closed when evidence, DSSE, or quotas are missing/expired; Task Runner aborts with remediation hint. Evidence: negative-path fixtures showing fail-closed behavior.
+
 ## Pending Families (to be expanded)
 The following gap families were referenced in November indices and still need detailed findings written out:
-- CV1–CV10 (CVSS v4 receipts), CVM1–CVM10 (momentum), FC1–FC10 (SCA fixture gaps), OB1–OB10 (onboarding), IG1–IG10 (implementor guidance), RR1–RR10 (Rekor receipts), SK1–SK10 (standups), MI1–MI10 (UI micro-interactions), PVX1–PVX10 (Proof-linked VEX UI), TTE1–TTE10 (Time-to-Evidence), AR-EP1…AR-VB1 (archived advisories revival), BP1–BP10 (SBOM→VEX proof pipeline), UT1–UT10 (unknown heuristics), CE1–CE10 (evidence patterns), ET1–ET10 (ecosystem fixtures), RB1–RB10 (reachability fixtures), G1–G12 / RD1–RD10 (reachability benchmark/dataset), UN1–UN10 (unknowns registry), U1–U10 (decay), EX1–EX10 (explainability), VEX1–VEX10 (VEX claims), BR1–BR10 (binary reachability), VT1–VT10 (triage), PL1–PL10 (plugin arch), EB1–EB10 (evidence baseline), EC1–EC10 (export center), AT1–AT10 (automation), OK1–OK10 / RK1–RK10 / MS1–MS10 (offline/mirror/Rekor kits), TP1–TP10 (task packs), AU1–AU10 (auth), CL1–CL10 (CLI), OR1–OR10 (orchestrator), ZR1–ZR10 (Zastava), NR1–NR10 (Notify), GA1–GA10 (graph analytics), TO1–TO10 (telemetry), PS1–PS10 (policy), FL1–FL10 (ledger), CI1–CI10 (Concelier ingest).
- - CV1–CV10 (CVSS v4 receipts), CVM1–CVM10 (momentum), FC1–FC10 (SCA fixture gaps), OB1–OB10 (onboarding), IG1–IG10 (implementor guidance), RR1–RR10 (Rekor receipts), SK1–SK10 (standups), MI1–MI10 (UI micro-interactions), PVX1–PVX10 (Proof-linked VEX UI), TTE1–TTE10 (Time-to-Evidence), AR-EP1…AR-VB1 (archived advisories revival), BP1–BP10 (SBOM→VEX proof pipeline), UT1–UT10 (unknown heuristics), CE1–CE10 (evidence patterns), ET1–ET10 (ecosystem fixtures), RB1–RB10 (reachability fixtures), G1–G12 / RD1–RD10 (reachability benchmark/dataset), UN1–UN10 (unknowns registry), U1–U10 (decay), EX1–EX10 (explainability), VEX1–VEX10 (VEX claims), BR1–BR10 (binary reachability), VT1–VT10 (triage), PL1–PL10 (plugin arch), EB1–EB10 (evidence baseline), EC1–EC10 (export center), AT1–AT10 (automation), OK1–OK10 / RK1–RK10 / MS1–MS10 (offline/mirror/Rekor kits), TP1–TP10 (task packs), AU1–AU10 (auth), CL1–CL10 (CLI), OR1–OR10 (orchestrator), ZR1–ZR10 (Zastava), GA1–GA10 (graph analytics), TO1–TO10 (telemetry), PS1–PS10 (policy), FL1–FL10 (ledger), CI1–CI10 (Concelier ingest).
+- CV1–CV10 (CVSS v4 receipts), CVM1–CVM10 (momentum), FC1–FC10 (SCA fixture gaps), OB1–OB10 (onboarding), IG1–IG10 (implementor guidance), RR1–RR10 (Rekor receipts), SK1–SK10 (standups), MI1–MI10 (UI micro-interactions), PVX1–PVX10 (Proof-linked VEX UI), TTE1–TTE10 (Time-to-Evidence), AR-EP1…AR-VB1 (archived advisories revival), BP1–BP10 (SBOM→VEX proof pipeline), UT1–UT10 (unknown heuristics), CE1–CE10 (evidence patterns), ET1–ET10 (ecosystem fixtures), RB1–RB10 (reachability fixtures), G1–G12 / RD1–RD10 (reachability benchmark/dataset), UN1–UN10 (unknowns registry), U1–U10 (decay), EX1–EX10 (explainability), VEX1–VEX10 (VEX claims), BR1–BR10 (binary reachability), VT1–VT10 (triage), PL1–PL10 (plugin arch), EB1–EB10 (evidence baseline), EC1–EC10 (export center), AT1–AT10 (automation), OK1–OK10 / RK1–RK10 / MS1–MS10 (offline/mirror/Rekor kits), AU1–AU10 (auth), CL1–CL10 (CLI), OR1–OR10 (orchestrator), ZR1–ZR10 (Zastava), NR1–NR10 (Notify), GA1–GA10 (graph analytics), TO1–TO10 (telemetry), PS1–PS10 (policy), FL1–FL10 (ledger), CI1–CI10 (Concelier ingest).
+ - CV1–CV10 (CVSS v4 receipts), CVM1–CVM10 (momentum), FC1–FC10 (SCA fixture gaps), OB1–OB10 (onboarding), IG1–IG10 (implementor guidance), RR1–RR10 (Rekor receipts), SK1–SK10 (standups), MI1–MI10 (UI micro-interactions), PVX1–PVX10 (Proof-linked VEX UI), TTE1–TTE10 (Time-to-Evidence), AR-EP1…AR-VB1 (archived advisories revival), BP1–BP10 (SBOM→VEX proof pipeline), UT1–UT10 (unknown heuristics), CE1–CE10 (evidence patterns), ET1–ET10 (ecosystem fixtures), RB1–RB10 (reachability fixtures), G1–G12 / RD1–RD10 (reachability benchmark/dataset), UN1–UN10 (unknowns registry), U1–U10 (decay), EX1–EX10 (explainability), VEX1–VEX10 (VEX claims), BR1–BR10 (binary reachability), VT1–VT10 (triage), PL1–PL10 (plugin arch), EB1–EB10 (evidence baseline), EC1–EC10 (export center), AT1–AT10 (automation), OK1–OK10 / RK1–RK10 / MS1–MS10 (offline/mirror/Rekor kits), AU1–AU10 (auth), CL1–CL10 (CLI), OR1–OR10 (orchestrator), ZR1–ZR10 (Zastava), GA1–GA10 (graph analytics), TO1–TO10 (telemetry), PS1–PS10 (policy), FL1–FL10 (ledger), CI1–CI10 (Concelier ingest).
 
 Each pending family should be expanded in this document (or split into dedicated, linked supplements) with numbered findings, recommended evidence, and deterministic test/fixture expectations.
 

docs/product-advisories/ADVISORY_INDEX.md

@@ -24,16 +24,16 @@ These are the authoritative advisories to reference for implementation:
 
 ### SCA Failure Catalogue
 - **Canonical:** `29-Nov-2025 - SCA Failure Catalogue for StellaOps Tests.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `docs/product-advisories/29-Nov-2025 - SCA Failure Catalogue for StellaOps Tests.md` (this catalogue)
-  - `docs/implplan/SPRINT_300_documentation_process.md` (tracking sync)
+  - `docs/implplan/SPRINT_0300_0001_0001_documentation_process.md` (tracking sync)
 - **Gaps:** `31-Nov-2025 FINDINGS.md` (FC1–FC10 remediation task SCA-FIXTURE-GAPS-300-014)
 - **Status:** Captures five real-world regressions/ SBOM gaps for Trivy/Syft/Grype/Snyk and frames test vectors + alarm scenarios for StellaOps acceptance suites.
 
 ### Mid-Level .NET Onboarding (Quick Start)
 - **Canonical:** `29-Nov-2025 - StellaOps – Mid-Level .NET Onboarding (Quick Start).md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `docs/onboarding/dev-quickstart.md` (to be updated)
   - `docs/modules/platform/architecture-overview.md`
@@ -42,7 +42,7 @@ These are the authoritative advisories to reference for implementation:
 
 ### Implementor Guidelines
 - **Canonical:** `30-Nov-2025 - Implementor Guidelines for Stella Ops.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `docs/product-advisories/30-Nov-2025 - Implementor Guidelines for Stella Ops.md` (this briefing)
   - `docs/05_SYSTEM_REQUIREMENTS_SPEC.md` / `docs/13_RELEASE_ENGINEERING_PLAYBOOK.md` (reference requirements)
@@ -58,7 +58,7 @@ These are the authoritative advisories to reference for implementation:
 
 ### Standup Sprint Kickstarters
 - **Canonical:** `30-Nov-2025 - Standup Sprint Kickstarters.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:** `docs/implplan/README.md` (sprint template)
 - **Gaps:** `31-Nov-2025 FINDINGS.md` (SK1–SK10 remediation task STANDUP-GAPS-300-019)
 - **Status:** Introduces ceremony primer but lacks template alignment, readiness evidence, dependency ledger, offline/async guidance, metrics/SLOs, and role/decision capture rules.
@@ -86,14 +86,14 @@ These are the authoritative advisories to reference for implementation:
 
 ### Archived Advisories (15–23 Nov 2025)
 - **Canonical:** `docs/product-advisories/archived/*.md` (embedded provenance events, function-level VEX explainability, binary reachability branches, SBOM-provenance spine, etc.)
-- **Sprint:** SPRINT_300_documentation_process.md (triage/decision)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (triage/decision)
 - **Related Docs:** None current (need revival + canonicalization)
 - **Gaps:** `31-Nov-2025 FINDINGS.md` (AR-EP1 … AR-VB1 remediation task ARCHIVED-GAPS-300-020)
 - **Status:** Archived set lacks schemas, determinism rules, redaction/licensing, changelog/signing, and duplication resolution; needs triage on which to revive into active advisories.
 
 ### SBOM → VEX Proof Blueprint
 - **Canonical:** `29-Nov-2025 - SBOM to VEX Proof Pipeline Blueprint.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `docs/product-advisories/29-Nov-2025 - SBOM to VEX Proof Pipeline Blueprint.md` (itself)
   - `docs/modules/platform/architecture-overview.md` (platform dossier link)
@@ -102,7 +102,7 @@ These are the authoritative advisories to reference for implementation:
 
 ### UI Micro-Interactions
 - **Canonical:** `30-Nov-2025 - UI Micro-Interactions for StellaOps.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `apps/console/src/app/shared/micro/`
   - `docs/product-advisories/30-Nov-2025 - UI Micro-Interactions for StellaOps.md`
@@ -125,7 +125,7 @@ These are the authoritative advisories to reference for implementation:
 
 ### Ecosystem Reality Tests
 - **Canonical:** `30-Nov-2025 - Ecosystem Reality Test Cases for StellaOps.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `docs/product-advisories/30-Nov-2025 - Ecosystem Reality Test Cases for StellaOps.md`
 - **Status:** Evidence-backed acceptance tests covering credential leaks, offline DB quirks, SBOM parity, and scanner instability.
@@ -140,14 +140,14 @@ These are the authoritative advisories to reference for implementation:
 
 ### Standup Sprint Kickstarters
 - **Canonical:** `30-Nov-2025 - Standup Sprint Kickstarters.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `docs/product-advisories/30-Nov-2025 - Standup Sprint Kickstarters.md`
 - **Status:** Three day-0 tasks (scanner regressions, Postgres slice, DSSE/Rekor sweep) with ticket names and assignments.
 
 ### Evidence + Suppression Patterns
 - **Canonical:** `30-Nov-2025 - Comparative Evidence Patterns for Stella Ops.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `docs/product-advisories/30-Nov-2025 - Comparative Evidence Patterns for Stella Ops.md`
 - **Gaps:** `31-Nov-2025 FINDINGS.md` (CE1–CE10 remediation task EVIDENCE-PATTERNS-GAPS-300-016)
@@ -155,7 +155,7 @@ These are the authoritative advisories to reference for implementation:
 
 ### Ecosystem Reality Test Cases
 - **Canonical:** `30-Nov-2025 - Ecosystem Reality Test Cases.md`
-- **Sprint:** SPRINT_300_documentation_process.md (docs tracker)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (docs tracker)
 - **Related Docs:**
   - `docs/product-advisories/30-Nov-2025 - Ecosystem Reality Test Cases.md`
 - **Gaps:** `31-Nov-2025 FINDINGS.md` (ET1–ET10 remediation task ECOSYS-FIXTURES-GAPS-300-017)
@@ -309,10 +309,10 @@ These are the authoritative advisories to reference for implementation:
 - **Status:** Export profiles/adapters; determinism, provenance, and offline kit parity need gap remediation.
 ### Acceptance Tests Pack for Guardrails
 - **Canonical:** `29-Nov-2025 - Acceptance Tests Pack for StellaOps Guardrails.md`
-- **Sprint:** SPRINT_300_documentation_process.md (Docs Governance)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (Docs Governance)
 - **Related Docs:**
   - `docs/product-advisories/29-Nov-2025 - Acceptance Tests Pack for StellaOps Guardrails.md` (itself)
-  - `docs/implplan/SPRINT_300_documentation_process.md` (tracking the sync)
+  - `docs/implplan/SPRINT_0300_0001_0001_documentation_process.md` (tracking the sync)
 - **Gaps:** `31-Nov-2025 FINDINGS.md` (AT1–AT10 remediation task AT-GAPS-300-012)
 - **Status:** Captures feed resiliency, SBOM validation, snapshot/replay rehearsals, reachability fallbacks, and pipeline swap guardrails for acceptance tests.
 
@@ -456,7 +456,7 @@ These are the authoritative advisories to reference for implementation:
 - **Sprint:** SPRINT_0186_0001_0001_record_deterministic_execution.md (PRIMARY)
 - **Related Sprints:**
   - SPRINT_0120_0000_0001_policy_reasoning.md
-  - SPRINT_311_docs_tasks_md_xi.md
+  - SPRINT_0311_0001_0001_docs_tasks_md_xi.md
 - **Related Docs:**
   - `docs/modules/findings-ledger/openapi/findings-ledger.v1.yaml` - OpenAPI spec
 - **Gaps:** `31-Nov-2025 FINDINGS.md` (FL1–FL10 remediation task LEDGER-GAPS-121-009)
@@ -590,7 +590,7 @@ For each topic, the implementer should read:
 
 ### Developer Onboarding Quick Start
 - **Canonical:** `29-Nov-2025 - StellaOps – Mid-Level .NET Onboarding (Quick Start).md`
-- **Sprint:** SPRINT_300_documentation_process.md (Docs Governance)
+- **Sprint:** SPRINT_0300_0001_0001_documentation_process.md (Docs Governance)
 - **Related Docs:**
   - `docs/onboarding/dev-quickstart.md` (derived from this advisory)
   - `docs/README.md` (new quickstart reference)

docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Findings Ledger and Immutable Audit Trail.md

@@ -381,7 +381,7 @@ airgap:
 - **Primary Sprint:** SPRINT_0186_0001_0001_record_deterministic_execution.md
 - **Related Sprints:**
   - SPRINT_0120_0000_0001_policy_reasoning.md
-  - SPRINT_311_docs_tasks_md_xi.md
+  - SPRINT_0311_0001_0001_docs_tasks_md_xi.md
 
 **Key Task IDs:**
 - `LEDGER-CORE-40-001` - Event store (DONE)