audit work, fixed StellaOps.sln warnings/errors, fixed tests, sprints work, new advisories

src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Policies/DeterminizationPolicyTests.cs

@@ -3,6 +3,7 @@ using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 using StellaOps.Policy;
 using StellaOps.Policy.Determinization;
+using StellaOps.Policy.Determinization.Evidence;
 using StellaOps.Policy.Determinization.Models;
 using StellaOps.Policy.Engine.Policies;
 
@@ -10,11 +11,12 @@ namespace StellaOps.Policy.Engine.Tests.Policies;
 
 public class DeterminizationPolicyTests
 {
+    private static readonly DateTimeOffset Now = DateTimeOffset.UtcNow;
     private readonly DeterminizationPolicy _policy;
 
     public DeterminizationPolicyTests()
     {
-        var options = Options.Create(new DeterminizationOptions());
+        var options = Microsoft.Extensions.Options.Options.Create(new DeterminizationOptions());
         _policy = new DeterminizationPolicy(options, NullLogger<DeterminizationPolicy>.Instance);
     }
 
@@ -22,12 +24,16 @@ public class DeterminizationPolicyTests
     public void Evaluate_RuntimeEvidenceLoaded_ReturnsEscalated()
     {
         // Arrange
+        var runtimeEvidence = new RuntimeEvidence
+        {
+            Detected = true,
+            Source = "tracer",
+            ObservationStart = Now.AddHours(-1),
+            ObservationEnd = Now,
+            Confidence = 0.95
+        };
         var context = CreateContext(
-            runtime: new SignalState<RuntimeEvidence>
-            {
-                HasValue = true,
-                Value = new RuntimeEvidence { ObservedLoaded = true }
-            });
+            runtime: SignalState<RuntimeEvidence>.Queried(runtimeEvidence, Now));
 
         // Act
         var result = _policy.Evaluate(context);
@@ -42,12 +48,15 @@ public class DeterminizationPolicyTests
     public void Evaluate_HighEpss_ReturnsQuarantined()
     {
         // Arrange
+        var epssEvidence = new EpssEvidence
+        {
+            Cve = "CVE-2024-0001",
+            Epss = 0.8,
+            Percentile = 0.95,
+            PublishedAt = Now.AddDays(-1)
+        };
         var context = CreateContext(
-            epss: new SignalState<EpssEvidence>
-            {
-                HasValue = true,
-                Value = new EpssEvidence { Score = 0.8 }
-            },
+            epss: SignalState<EpssEvidence>.Queried(epssEvidence, Now),
             environment: DeploymentEnvironment.Production);
 
         // Act
@@ -63,12 +72,14 @@ public class DeterminizationPolicyTests
     public void Evaluate_ReachableCode_ReturnsQuarantined()
     {
         // Arrange
+        var reachabilityEvidence = new ReachabilityEvidence
+        {
+            Status = ReachabilityStatus.Reachable,
+            AnalyzedAt = Now,
+            Confidence = 0.9
+        };
         var context = CreateContext(
-            reachability: new SignalState<ReachabilityEvidence>
-            {
-                HasValue = true,
-                Value = new ReachabilityEvidence { IsReachable = true, Confidence = 0.9 }
-            });
+            reachability: SignalState<ReachabilityEvidence>.Queried(reachabilityEvidence, Now));
 
         // Act
         var result = _policy.Evaluate(context);
@@ -135,12 +146,14 @@ public class DeterminizationPolicyTests
     public void Evaluate_UnreachableWithHighConfidence_ReturnsAllowed()
     {
         // Arrange
+        var reachabilityEvidence = new ReachabilityEvidence
+        {
+            Status = ReachabilityStatus.Unreachable,
+            AnalyzedAt = Now,
+            Confidence = 0.9
+        };
         var context = CreateContext(
-            reachability: new SignalState<ReachabilityEvidence>
-            {
-                HasValue = true,
-                Value = new ReachabilityEvidence { IsReachable = false, Confidence = 0.9 }
-            },
+            reachability: SignalState<ReachabilityEvidence>.Queried(reachabilityEvidence, Now),
             trustScore: 0.8);
 
         // Act
@@ -156,12 +169,15 @@ public class DeterminizationPolicyTests
     public void Evaluate_VexNotAffected_ReturnsAllowed()
     {
         // Arrange
+        var vexSummary = new VexClaimSummary
+        {
+            Status = "not_affected",
+            Confidence = 0.9,
+            StatementCount = 2,
+            ComputedAt = Now
+        };
         var context = CreateContext(
-            vex: new SignalState<VexClaimSummary>
-            {
-                HasValue = true,
-                Value = new VexClaimSummary { IsNotAffected = true, IssuerTrust = 0.9 }
-            },
+            vex: SignalState<VexClaimSummary>.Queried(vexSummary, Now),
             trustScore: 0.8);
 
         // Act
@@ -249,22 +265,21 @@ public class DeterminizationPolicyTests
             Backport = SignalState<BackportEvidence>.NotQueried(),
             Sbom = SignalState<SbomLineageEvidence>.NotQueried(),
             Cvss = SignalState<CvssEvidence>.NotQueried(),
-            SnapshotAt = DateTimeOffset.UtcNow
+            SnapshotAt = Now
         };
 
         return new DeterminizationContext
         {
             SignalSnapshot = snapshot,
-            UncertaintyScore = new UncertaintyScore
-            {
-                Entropy = entropy,
-                Tier = tier,
-                Completeness = 1.0 - entropy,
-                MissingSignals = []
-            },
+            UncertaintyScore = UncertaintyScore.Create(
+                entropy,
+                Array.Empty<SignalGap>(),
+                presentWeight: (1.0 - entropy) * 100,
+                maxWeight: 100,
+                calculatedAt: Now),
             Decay = new ObservationDecay
             {
-                LastSignalUpdate = DateTimeOffset.UtcNow.AddDays(-1),
+                LastSignalUpdate = Now.AddDays(-1),
                 AgeDays = 1,
                 DecayedMultiplier = isStale ? 0.3 : 0.9,
                 IsStale = isStale