Add call graph fixtures for various languages and scenarios

- Introduced `all-edge-reasons.json` to test edge resolution reasons in .NET.
- Added `all-visibility-levels.json` to validate method visibility levels in .NET.
- Created `dotnet-aspnetcore-minimal.json` for a minimal ASP.NET Core application.
- Included `go-gin-api.json` for a Go Gin API application structure.
- Added `java-spring-boot.json` for the Spring PetClinic application in Java.
- Introduced `legacy-no-schema.json` for legacy application structure without schema.
- Created `node-express-api.json` for an Express.js API application structure.

tests/AirGap/StellaOps.AirGap.Importer.Tests/OfflineKitMetricsTests.cs

@@ -0,0 +1,113 @@
+using System.Diagnostics.Metrics;
+using StellaOps.AirGap.Importer.Telemetry;
+
+namespace StellaOps.AirGap.Importer.Tests;
+
+public sealed class OfflineKitMetricsTests : IDisposable
+{
+    private readonly MeterListener _listener;
+    private readonly List<RecordedMeasurement> _measurements = [];
+
+    public OfflineKitMetricsTests()
+    {
+        _listener = new MeterListener();
+        _listener.InstrumentPublished = (instrument, listener) =>
+        {
+            if (instrument.Meter.Name == OfflineKitMetrics.MeterName)
+            {
+                listener.EnableMeasurementEvents(instrument);
+            }
+        };
+
+        _listener.SetMeasurementEventCallback<double>((instrument, measurement, tags, state) =>
+        {
+            _measurements.Add(new RecordedMeasurement(instrument.Name, measurement, tags.ToArray()));
+        });
+        _listener.SetMeasurementEventCallback<long>((instrument, measurement, tags, state) =>
+        {
+            _measurements.Add(new RecordedMeasurement(instrument.Name, measurement, tags.ToArray()));
+        });
+        _listener.Start();
+    }
+
+    public void Dispose() => _listener.Dispose();
+
+    [Fact]
+    public void RecordImport_EmitsCounterWithLabels()
+    {
+        using var metrics = new OfflineKitMetrics();
+
+        metrics.RecordImport(status: "success", tenantId: "tenant-a");
+
+        Assert.Contains(_measurements, m =>
+            m.Name == "offlinekit_import_total" &&
+            m.Value is long v &&
+            v == 1 &&
+            m.HasTag(OfflineKitMetrics.TagNames.Status, "success") &&
+            m.HasTag(OfflineKitMetrics.TagNames.TenantId, "tenant-a"));
+    }
+
+    [Fact]
+    public void RecordAttestationVerifyLatency_EmitsHistogramWithLabels()
+    {
+        using var metrics = new OfflineKitMetrics();
+
+        metrics.RecordAttestationVerifyLatency(attestationType: "dsse", seconds: 1.234, success: true);
+
+        Assert.Contains(_measurements, m =>
+            m.Name == "offlinekit_attestation_verify_latency_seconds" &&
+            m.Value is double v &&
+            Math.Abs(v - 1.234) < 0.000_001 &&
+            m.HasTag(OfflineKitMetrics.TagNames.AttestationType, "dsse") &&
+            m.HasTag(OfflineKitMetrics.TagNames.Success, "true"));
+    }
+
+    [Fact]
+    public void RecordRekorSuccess_EmitsCounterWithLabels()
+    {
+        using var metrics = new OfflineKitMetrics();
+
+        metrics.RecordRekorSuccess(mode: "offline");
+
+        Assert.Contains(_measurements, m =>
+            m.Name == "attestor_rekor_success_total" &&
+            m.Value is long v &&
+            v == 1 &&
+            m.HasTag(OfflineKitMetrics.TagNames.Mode, "offline"));
+    }
+
+    [Fact]
+    public void RecordRekorRetry_EmitsCounterWithLabels()
+    {
+        using var metrics = new OfflineKitMetrics();
+
+        metrics.RecordRekorRetry(reason: "stale_snapshot");
+
+        Assert.Contains(_measurements, m =>
+            m.Name == "attestor_rekor_retry_total" &&
+            m.Value is long v &&
+            v == 1 &&
+            m.HasTag(OfflineKitMetrics.TagNames.Reason, "stale_snapshot"));
+    }
+
+    [Fact]
+    public void RecordRekorInclusionLatency_EmitsHistogramWithLabels()
+    {
+        using var metrics = new OfflineKitMetrics();
+
+        metrics.RecordRekorInclusionLatency(seconds: 0.5, success: false);
+
+        Assert.Contains(_measurements, m =>
+            m.Name == "rekor_inclusion_latency" &&
+            m.Value is double v &&
+            Math.Abs(v - 0.5) < 0.000_001 &&
+            m.HasTag(OfflineKitMetrics.TagNames.Success, "false"));
+    }
+
+    private sealed record RecordedMeasurement(string Name, object Value, IReadOnlyList<KeyValuePair<string, object?>> Tags)
+    {
+        public bool HasTag(string key, string expectedValue) =>
+            Tags.Any(t => t.Key == key && string.Equals(t.Value?.ToString(), expectedValue, StringComparison.Ordinal));
+    }
+}
+

tests/AirGap/StellaOps.AirGap.Importer.Tests/Reconciliation/ArtifactIndexTests.cs

@@ -0,0 +1,65 @@
+using FluentAssertions;
+using StellaOps.AirGap.Importer.Reconciliation;
+
+namespace StellaOps.AirGap.Importer.Tests.Reconciliation;
+
+public sealed class ArtifactIndexTests
+{
+    [Fact]
+    public void NormalizeDigest_BareHex_AddsPrefixAndLowercases()
+    {
+        var hex = new string('A', 64);
+        ArtifactIndex.NormalizeDigest(hex).Should().Be("sha256:" + new string('a', 64));
+    }
+
+    [Fact]
+    public void NormalizeDigest_WithSha256Prefix_IsCanonical()
+    {
+        var hex = new string('B', 64);
+        ArtifactIndex.NormalizeDigest("sha256:" + hex).Should().Be("sha256:" + new string('b', 64));
+    }
+
+    [Fact]
+    public void NormalizeDigest_WithOtherAlgorithm_Throws()
+    {
+        var ex = Assert.Throws<FormatException>(() => ArtifactIndex.NormalizeDigest("sha512:" + new string('a', 64)));
+        ex.Message.Should().Contain("Only sha256");
+    }
+
+    [Fact]
+    public void AddOrUpdate_MergesEntries_DeduplicatesAndSorts()
+    {
+        var digest = new string('c', 64);
+
+        var entryA = ArtifactEntry.Empty(digest) with
+        {
+            Sboms = new[]
+            {
+                new SbomReference("b", "b.json", SbomFormat.CycloneDx, null),
+                new SbomReference("a", "a.json", SbomFormat.Spdx, null),
+            }
+        };
+
+        var entryB = ArtifactEntry.Empty("sha256:" + digest.ToUpperInvariant()) with
+        {
+            Sboms = new[]
+            {
+                new SbomReference("a", "a2.json", SbomFormat.CycloneDx, null),
+                new SbomReference("c", "c.json", SbomFormat.Spdx, null),
+            }
+        };
+
+        var index = new ArtifactIndex();
+        index.AddOrUpdate(entryA);
+        index.AddOrUpdate(entryB);
+
+        var stored = index.Get("sha256:" + digest);
+        stored.Should().NotBeNull();
+        stored!.Digest.Should().Be("sha256:" + digest);
+
+        stored.Sboms.Select(s => (s.ContentHash, s.FilePath)).Should().Equal(
+            ("a", "a.json"),
+            ("b", "b.json"),
+            ("c", "c.json"));
+    }
+}

tests/AirGap/StellaOps.AirGap.Importer.Tests/Reconciliation/EvidenceDirectoryDiscoveryTests.cs

@@ -0,0 +1,65 @@
+using System.Security.Cryptography;
+using System.Text;
+using FluentAssertions;
+using StellaOps.AirGap.Importer.Reconciliation;
+
+namespace StellaOps.AirGap.Importer.Tests.Reconciliation;
+
+public sealed class EvidenceDirectoryDiscoveryTests
+{
+    [Fact]
+    public void Discover_ReturnsDeterministicRelativePathsAndHashes()
+    {
+        var root = Path.Combine(Path.GetTempPath(), "stellaops-evidence-" + Guid.NewGuid().ToString("N"));
+        Directory.CreateDirectory(root);
+
+        try
+        {
+            WriteUtf8(Path.Combine(root, "sboms", "a.cdx.json"), "{\"bom\":1}");
+            WriteUtf8(Path.Combine(root, "attestations", "z.intoto.jsonl.dsig"), "dsse");
+            WriteUtf8(Path.Combine(root, "vex", "v.openvex.json"), "{\"vex\":true}");
+
+            var discovered = EvidenceDirectoryDiscovery.Discover(root);
+            discovered.Should().HaveCount(3);
+
+            discovered.Select(d => d.RelativePath).Should().Equal(
+                "attestations/z.intoto.jsonl.dsig",
+                "sboms/a.cdx.json",
+                "vex/v.openvex.json");
+
+            discovered[0].Kind.Should().Be(EvidenceFileKind.Attestation);
+            discovered[1].Kind.Should().Be(EvidenceFileKind.Sbom);
+            discovered[2].Kind.Should().Be(EvidenceFileKind.Vex);
+
+            discovered[0].ContentSha256.Should().Be(HashUtf8("dsse"));
+            discovered[1].ContentSha256.Should().Be(HashUtf8("{\"bom\":1}"));
+            discovered[2].ContentSha256.Should().Be(HashUtf8("{\"vex\":true}"));
+        }
+        finally
+        {
+            Directory.Delete(root, recursive: true);
+        }
+    }
+
+    [Fact]
+    public void Discover_WhenDirectoryMissing_Throws()
+    {
+        var missing = Path.Combine(Path.GetTempPath(), "stellaops-missing-" + Guid.NewGuid().ToString("N"));
+        Action act = () => EvidenceDirectoryDiscovery.Discover(missing);
+        act.Should().Throw<DirectoryNotFoundException>();
+    }
+
+    private static void WriteUtf8(string path, string content)
+    {
+        Directory.CreateDirectory(Path.GetDirectoryName(path)!);
+        File.WriteAllText(path, content, new UTF8Encoding(encoderShouldEmitUTF8Identifier: false));
+    }
+
+    private static string HashUtf8(string content)
+    {
+        using var sha256 = SHA256.Create();
+        var bytes = Encoding.UTF8.GetBytes(content);
+        var hash = sha256.ComputeHash(bytes);
+        return "sha256:" + Convert.ToHexString(hash).ToLowerInvariant();
+    }
+}