Add channel test providers for Email, Slack, Teams, and Webhook

- Implemented EmailChannelTestProvider to generate email preview payloads.
- Implemented SlackChannelTestProvider to create Slack message previews.
- Implemented TeamsChannelTestProvider for generating Teams Adaptive Card previews.
- Implemented WebhookChannelTestProvider to create webhook payloads.
- Added INotifyChannelTestProvider interface for channel-specific preview generation.
- Created ChannelTestPreviewContracts for request and response models.
- Developed NotifyChannelTestService to handle test send requests and generate previews.
- Added rate limit policies for test sends and delivery history.
- Implemented unit tests for service registration and binding.
- Updated project files to include necessary dependencies and configurations.

docs/ARCHITECTURE_CONCELIER.md

@@ -94,6 +94,34 @@ mergedAt
 inputs[]            // source doc digests that contributed
 ```
 
+**AdvisoryStatement (event log)**
+
+```
+statementId         // GUID (immutable)
+vulnerabilityKey    // canonical advisory key (e.g., CVE-2025-12345)
+advisoryKey         // merge snapshot advisory key (may reference variant)
+statementHash       // canonical hash of advisory payload
+asOf                // timestamp of snapshot (UTC)
+recordedAt          // persistence timestamp (UTC)
+inputDocuments[]    // document IDs contributing to the snapshot
+payload             // canonical advisory document (BSON / canonical JSON)
+```
+
+**AdvisoryConflict**
+
+```
+conflictId          // GUID
+vulnerabilityKey    // canonical advisory key
+conflictHash        // deterministic hash of conflict payload
+asOf                // timestamp aligned with originating statement set
+recordedAt          // persistence timestamp
+statementIds[]      // related advisoryStatement identifiers
+details             // structured conflict explanation / merge reasoning
+```
+
+- `AdvisoryEventLog` (Concelier.Core) provides the public API for appending immutable statements/conflicts and querying replay history. Inputs are normalized by trimming and lower-casing `vulnerabilityKey`, serializing advisories with `CanonicalJsonSerializer`, and computing SHA-256 hashes (`statementHash`, `conflictHash`) over the canonical JSON payloads. Consumers can replay by key with an optional `asOf` filter to obtain deterministic snapshots ordered by `asOf` then `recordedAt`.
+- Concelier.WebService exposes the immutable log via `GET /concelier/advisories/{vulnerabilityKey}/replay[?asOf=UTC_ISO8601]`, returning the latest statements (with hex-encoded hashes) and any conflict explanations for downstream exporters and APIs.
+
 **ExportState**
 
 ```
@@ -252,6 +280,7 @@ public interface IFeedConnector {
   ```
 * Optional ORAS push (OCI layout) for registries.
 * Offline kit bundles include Trivy DB + JSON tree + export manifest.
+* Mirror-ready bundles: when `concelier.trivy.mirror` defines domains, the exporter emits `mirror/index.json` plus per-domain `manifest.json`, `metadata.json`, and `db.tar.gz` files with SHA-256 digests so Concelier mirrors can expose domain-scoped download endpoints.
 
 ### 7.3 Hand‑off to Signer/Attestor (optional)
 
@@ -286,6 +315,10 @@ GET  /jobs/{id}                            → job status
 POST /exports/json   { full?:bool, force?:bool, attest?:bool } → { exportId, digest, rekor? }
 POST /exports/trivy  { full?:bool, force?:bool, publish?:bool, attest?:bool } → { exportId, digest, rekor? }
 GET  /exports/{id}   → export metadata (kind, digest, createdAt, rekor?)
+GET  /concelier/exports/index.json        → mirror index describing available domains/bundles
+GET  /concelier/exports/mirror/{domain}/manifest.json
+GET  /concelier/exports/mirror/{domain}/bundle.json
+GET  /concelier/exports/mirror/{domain}/bundle.json.jws
 ```
 
 **Search (operator debugging)**