Add call graph fixtures for various languages and scenarios

- Introduced `all-edge-reasons.json` to test edge resolution reasons in .NET.
- Added `all-visibility-levels.json` to validate method visibility levels in .NET.
- Created `dotnet-aspnetcore-minimal.json` for a minimal ASP.NET Core application.
- Included `go-gin-api.json` for a Go Gin API application structure.
- Added `java-spring-boot.json` for the Spring PetClinic application in Java.
- Introduced `legacy-no-schema.json` for legacy application structure without schema.
- Created `node-express-api.json` for an Express.js API application structure.

src/__Libraries/StellaOps.Infrastructure.Postgres/Connections/DataSourceBase.cs

@@ -147,7 +147,7 @@ public abstract class DataSourceBase : IAsyncDisposable
         if (!string.IsNullOrWhiteSpace(tenantId))
         {
             await using var tenantCommand = new NpgsqlCommand(
-                "SELECT set_config('app.current_tenant', @tenant, false);", connection);
+                "SELECT set_config('app.current_tenant', @tenant, false), set_config('app.tenant_id', @tenant, false);", connection);
             tenantCommand.CommandTimeout = Options.CommandTimeoutSeconds;
             tenantCommand.Parameters.AddWithValue("tenant", tenantId);
             await tenantCommand.ExecuteNonQueryAsync(cancellationToken).ConfigureAwait(false);

src/__Libraries/StellaOps.Replay.Core/ReplayManifest.cs

@@ -14,6 +14,13 @@ public sealed class ReplayManifest
 
     [JsonPropertyName("reachability")]
     public ReplayReachabilitySection Reachability { get; set; } = new();
+
+    /// <summary>
+    /// References to proof spines created during VEX decision flow.
+    /// </summary>
+    [JsonPropertyName("proofSpines")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public List<ReplayProofSpineReference>? ProofSpines { get; set; }
 }
 
 public sealed class ReplayScanMetadata
@@ -137,6 +144,60 @@ public sealed class ReplayReachabilityTraceReference
     public DateTimeOffset RecordedAt { get; set; } = DateTimeOffset.UnixEpoch;
 }
 
+/// <summary>
+/// Reference to a proof spine for replay reproducibility.
+/// </summary>
+public sealed class ReplayProofSpineReference
+{
+    /// <summary>
+    /// Unique spine identifier (content-addressed).
+    /// </summary>
+    [JsonPropertyName("spineId")]
+    public string SpineId { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Artifact (component) this spine relates to.
+    /// </summary>
+    [JsonPropertyName("artifactId")]
+    public string ArtifactId { get; set; } = string.Empty;
+
+    /// <summary>
+    /// CVE or vulnerability identifier.
+    /// </summary>
+    [JsonPropertyName("vulnerabilityId")]
+    public string VulnerabilityId { get; set; } = string.Empty;
+
+    /// <summary>
+    /// VEX verdict (e.g., "affected", "not_affected", "under_investigation").
+    /// </summary>
+    [JsonPropertyName("verdict")]
+    public string Verdict { get; set; } = string.Empty;
+
+    /// <summary>
+    /// Number of segments in the proof chain.
+    /// </summary>
+    [JsonPropertyName("segmentCount")]
+    public int SegmentCount { get; set; }
+
+    /// <summary>
+    /// Root hash of the spine for integrity verification.
+    /// </summary>
+    [JsonPropertyName("rootHash")]
+    public string? RootHash { get; set; }
+
+    /// <summary>
+    /// CAS URI for retrieving the full spine.
+    /// </summary>
+    [JsonPropertyName("casUri")]
+    public string? CasUri { get; set; }
+
+    /// <summary>
+    /// When the spine was created.
+    /// </summary>
+    [JsonPropertyName("createdAt")]
+    public DateTimeOffset CreatedAt { get; set; } = DateTimeOffset.UnixEpoch;
+}
+
 public static class ReplayManifestVersions
 {
     public const string V1 = "1.0";