tests fixes and sprints work

src/__Tests/StellaOps.Evidence.Bundle.Tests/BinaryDiffEvidenceTests.cs

@@ -97,20 +97,19 @@ public sealed class BinaryDiffEvidenceTests
             {
                 FunctionName = "z_function",
                 Operation = BinaryDiffOperation.Modified,
-                PreviousHash = "sha256:old1",
-                CurrentHash = "sha256:new1"
+                NodeHash = "sha256:z_hash"
             },
             new BinaryFunctionDiff
             {
                 FunctionName = "a_function",
                 Operation = BinaryDiffOperation.Added,
-                CurrentHash = "sha256:new2"
+                NodeHash = "sha256:a_hash"
             },
             new BinaryFunctionDiff
             {
                 FunctionName = "m_function",
                 Operation = BinaryDiffOperation.Removed,
-                PreviousHash = "sha256:old3"
+                NodeHash = "sha256:m_hash"
             }
         );
 
@@ -141,14 +140,14 @@ public sealed class BinaryDiffEvidenceTests
         var securityChanges = ImmutableArray.Create(
             new BinarySecurityChange
             {
-                ChangeType = BinarySecurityChangeType.MitigationAdded,
+                ChangeType = BinarySecurityChangeType.HardeningChange,
                 Description = "Stack canaries enabled",
-                AffectedSymbols = ImmutableArray.Create("main", "process_input"),
+                AffectedSymbol = "main",
                 Severity = "info"
             },
             new BinarySecurityChange
             {
-                ChangeType = BinarySecurityChangeType.MitigationRemoved,
+                ChangeType = BinarySecurityChangeType.MemorySafetyChange,
                 Description = "ASLR disabled",
                 Severity = "high"
             }
@@ -170,9 +169,9 @@ public sealed class BinaryDiffEvidenceTests
         // Assert
         Assert.Equal(2, bundle.BinaryDiff!.SecurityChanges.Length);
         Assert.Contains(bundle.BinaryDiff.SecurityChanges, 
-            c => c.ChangeType == BinarySecurityChangeType.MitigationAdded);
+            c => c.ChangeType == BinarySecurityChangeType.HardeningChange);
         Assert.Contains(bundle.BinaryDiff.SecurityChanges, 
-            c => c.ChangeType == BinarySecurityChangeType.MitigationRemoved);
+            c => c.ChangeType == BinarySecurityChangeType.MemorySafetyChange);
     }
 
     [Fact]
@@ -183,8 +182,10 @@ public sealed class BinaryDiffEvidenceTests
         {
             PreviousFingerprint = "fp:abc123",
             CurrentFingerprint = "fp:def456",
-            SimilarityScore = 0.87,
-            SemanticChanges = ImmutableArray.Create("control_flow_modified", "data_flow_changed")
+            Similarity = 0.87,
+            IdenticalFunctions = 10,
+            SimilarFunctions = 5,
+            DifferentFunctions = 2
         };
 
         var binaryDiff = new BinaryDiffEvidence
@@ -202,8 +203,8 @@ public sealed class BinaryDiffEvidenceTests
 
         // Assert
         Assert.NotNull(bundle.BinaryDiff!.SemanticDiff);
-        Assert.Equal(0.87, bundle.BinaryDiff.SemanticDiff.SimilarityScore);
-        Assert.Equal(2, bundle.BinaryDiff.SemanticDiff.SemanticChanges.Length);
+        Assert.Equal(0.87, bundle.BinaryDiff.SemanticDiff.Similarity);
+        Assert.Equal(2, bundle.BinaryDiff.SemanticDiff.DifferentFunctions);
     }
 
     [Fact]
@@ -246,7 +247,7 @@ public sealed class BinaryDiffEvidenceTests
             .Build();
 
         // Assert
-        Assert.Contains(bundle.Hashes.Hashes, h => h.Value == "binarydiffhash123");
+        Assert.Contains(bundle.Hashes.Hashes, h => h == "binarydiffhash123");
     }
 
     [Fact]
@@ -255,10 +256,10 @@ public sealed class BinaryDiffEvidenceTests
         // Arrange & Act - Test all diff types
         var diffTypes = new[]
         {
-            BinaryDiffType.None,
+            BinaryDiffType.HashOnly,
             BinaryDiffType.Structural,
             BinaryDiffType.Semantic,
-            BinaryDiffType.Full
+            BinaryDiffType.Combined
         };
 
         foreach (var diffType in diffTypes)

src/__Tests/fixtures/e2e/bundle-0001/manifest.json

@@ -12,22 +12,56 @@
     "toolchain": "stellaops/scanner:test",
     "analyzerSetDigest": "sha256:analyzers123..."
   },
+  "bundle": {
+    "image": "alpine:3.19",
+    "digest": "sha256:abc123def456...",
+    "artifacts": [
+      {
+        "path": "inputs/sbom.cdx.json",
+        "type": "sbom",
+        "digest": "sha256:c5529fe93ce776d4ec787e1a532bc60b0a9f365fa93fc38af19d810d56bd78ca",
+        "mediaType": "application/vnd.cyclonedx+json",
+        "size": 2451
+      },
+      {
+        "path": "inputs/feeds/osv-snapshot.json",
+        "type": "feed",
+        "digest": "sha256:2877a4e93166a5fc40df7f5e152b0902510af83e04ee5984c46da230337fbf9b",
+        "mediaType": "application/json",
+        "size": 1972
+      },
+      {
+        "path": "inputs/vex/vendor.openvex.json",
+        "type": "vex",
+        "digest": "sha256:770843d5ff7bb60d1c10edc4ff0c907971470062e5d253e6526f25354e2139bd",
+        "mediaType": "application/openvex+json",
+        "size": 628
+      },
+      {
+        "path": "inputs/policy/rules.yaml",
+        "type": "policy",
+        "digest": "sha256:1e0092e5937e1f34c0ef0d3d4071708a39e1f35d0d0b71179f0b0214d8ee3f43",
+        "mediaType": "text/yaml",
+        "size": 883
+      }
+    ]
+  },
   "inputs": {
     "sbom": {
       "path": "inputs/sbom.cdx.json",
-      "sha256": "sha256:to-be-computed"
+      "sha256": "sha256:c5529fe93ce776d4ec787e1a532bc60b0a9f365fa93fc38af19d810d56bd78ca"
     },
     "feeds": {
       "path": "inputs/feeds/",
-      "sha256": "sha256:to-be-computed"
+      "sha256": "sha256:2877a4e93166a5fc40df7f5e152b0902510af83e04ee5984c46da230337fbf9b"
     },
     "vex": {
       "path": "inputs/vex/",
-      "sha256": "sha256:to-be-computed"
+      "sha256": "sha256:770843d5ff7bb60d1c10edc4ff0c907971470062e5d253e6526f25354e2139bd"
     },
     "policy": {
       "path": "inputs/policy/",
-      "sha256": "sha256:to-be-computed"
+      "sha256": "sha256:1e0092e5937e1f34c0ef0d3d4071708a39e1f35d0d0b71179f0b0214d8ee3f43"
     }
   },
   "expectedOutputs": {

src/__Tests/fixtures/fixtures.manifest.yml

@@ -34,6 +34,12 @@ fixtures:
       imageDigest: null
       expectedSbomHash: null
       refreshPolicy: "quarterly"
+    - id: sbom-analytics-minimal-cdx
+      description: "Synthetic CycloneDX SBOM for analytics dependency-path tests"
+      source: "manual"
+      imageDigest: null
+      expectedSbomHash: null
+      refreshPolicy: "manual"
 
   # Feed snapshot fixtures - vulnerability feed samples
   feeds:

src/__Tests/fixtures/sbom/sbom-analytics-minimal-cdx/meta.json

@@ -0,0 +1,10 @@
+{
+  "id": "sbom-analytics-minimal-cdx",
+  "source": "manual",
+  "retrievedAt": "2026-01-21T00:00:00Z",
+  "license": "BUSL-1.1",
+  "sha256": "sha256:ddc23941de4ae8a4df3411ce709b09cd55d1afb2e994cea275d2d009a7b6f77c",
+  "refreshPolicy": "manual",
+  "tier": "T0",
+  "notes": "Synthetic CycloneDX SBOM for analytics dependency path and hash tests."
+}

src/__Tests/fixtures/sbom/sbom-analytics-minimal-cdx/raw/bom.json

@@ -0,0 +1,56 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "serialNumber": "urn:uuid:11111111-2222-3333-4444-555555555555",
+  "metadata": {
+    "timestamp": "2026-01-20T00:00:00Z",
+    "component": {
+      "type": "application",
+      "bom-ref": "root-app",
+      "name": "stellaops-analytics-sample",
+      "version": "1.0.0",
+      "purl": "pkg:generic/stellaops-analytics-sample@1.0.0"
+    }
+  },
+  "components": [
+    {
+      "type": "library",
+      "bom-ref": "lib-a",
+      "name": "lib-a",
+      "version": "2.1.0",
+      "purl": "pkg:generic/lib-a@2.1.0",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "ABCDEF"
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "bom-ref": "lib-b",
+      "name": "lib-b",
+      "version": "3.0.0",
+      "purl": "pkg:generic/lib-b@3.0.0"
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "root-app",
+      "dependsOn": [
+        "lib-a",
+        "lib-b"
+      ]
+    },
+    {
+      "ref": "lib-a",
+      "dependsOn": [
+        "lib-b"
+      ]
+    },
+    {
+      "ref": "lib-b",
+      "dependsOn": []
+    }
+  ]
+}

src/__Tests/reachability/StellaOps.ScannerSignals.IntegrationTests/ScannerToSignalsReachabilityTests.cs

@@ -289,6 +289,7 @@ public sealed class ScannerToSignalsReachabilityTests
     private sealed class NullEventsPublisher : IEventsPublisher
     {
         public Task PublishFactUpdatedAsync(ReachabilityFactDocument fact, CancellationToken cancellationToken) => Task.CompletedTask;
+        public Task PublishRuntimeUpdatedAsync(RuntimeUpdatedEvent runtimeEvent, CancellationToken cancellationToken) => Task.CompletedTask;
     }
 
     private sealed class NullCallGraphSyncService : ICallGraphSyncService

src/__Tests/reachability/StellaOps.Signals.Reachability.Tests/ReachabilityScoringTests.cs

@@ -326,6 +326,7 @@ public sealed class ReachabilityScoringTests
     private sealed class NullEventsPublisher : IEventsPublisher
     {
         public Task PublishFactUpdatedAsync(ReachabilityFactDocument fact, CancellationToken cancellationToken) => Task.CompletedTask;
+        public Task PublishRuntimeUpdatedAsync(RuntimeUpdatedEvent runtimeEvent, CancellationToken cancellationToken) => Task.CompletedTask;
     }
 
     private static string LocateRepoRoot()

src/__Tests/reachability/StellaOps.Signals.Reachability.Tests/RuntimeFactsIngestionServiceTests.cs

@@ -207,6 +207,8 @@ public sealed class RuntimeFactsIngestionServiceTests
             Published.Add(fact);
             return Task.CompletedTask;
         }
+
+        public Task PublishRuntimeUpdatedAsync(RuntimeUpdatedEvent runtimeEvent, CancellationToken cancellationToken) => Task.CompletedTask;
     }
 
     private sealed class FakeScoringService : IReachabilityScoringService