feat: Implement IsolatedReplayContext for deterministic audit replay

- Added IsolatedReplayContext class to provide an isolated environment for replaying audit bundles without external calls.
- Introduced methods for initializing the context, verifying input digests, and extracting inputs for policy evaluation.
- Created supporting interfaces and options for context configuration.

feat: Create ReplayExecutor for executing policy re-evaluation and verdict comparison

- Developed ReplayExecutor class to handle the execution of replay processes, including input verification and verdict comparison.
- Implemented detailed drift detection and error handling during replay execution.
- Added interfaces for policy evaluation and replay execution options.

feat: Add ScanSnapshotFetcher for fetching scan data and snapshots

- Introduced ScanSnapshotFetcher class to retrieve necessary scan data and snapshots for audit bundle creation.
- Implemented methods to fetch scan metadata, advisory feeds, policy snapshots, and VEX statements.
- Created supporting interfaces for scan data, feed snapshots, and policy snapshots.

src/Cli/StellaOps.Cli/Commands/Compare/CompareCommandBuilder.cs

@@ -33,39 +33,42 @@ internal static class CompareCommandBuilder
         Option<bool> verboseOption,
         CancellationToken cancellationToken)
     {
-        var baseDigestOption = new Option<string>("--base", "Base snapshot digest (the 'before' state)")
+        var baseDigestOption = new Option<string>("--base", new[] { "-b" })
         {
-            IsRequired = true
+            Description = "Base snapshot digest (the 'before' state)",
+            Required = true
         };
-        baseDigestOption.AddAlias("-b");
 
-        var targetDigestOption = new Option<string>("--target", "Target snapshot digest (the 'after' state)")
+        var targetDigestOption = new Option<string>("--target", new[] { "-t" })
         {
-            IsRequired = true
+            Description = "Target snapshot digest (the 'after' state)",
+            Required = true
         };
-        targetDigestOption.AddAlias("-t");
 
-        var outputOption = new Option<string?>("--output", "Output format (table, json, sarif)")
+        var outputOption = new Option<string?>("--output", new[] { "-o" })
         {
-            ArgumentHelpName = "format"
+            Description = "Output format (table, json, sarif)"
         };
-        outputOption.AddAlias("-o");
 
-        var outputFileOption = new Option<string?>("--output-file", "Write output to file instead of stdout")
+        var outputFileOption = new Option<string?>("--output-file", new[] { "-f" })
         {
-            ArgumentHelpName = "path"
+            Description = "Write output to file instead of stdout"
         };
-        outputFileOption.AddAlias("-f");
 
-        var includeUnchangedOption = new Option<bool>("--include-unchanged", "Include findings that are unchanged");
-
-        var severityFilterOption = new Option<string?>("--severity", "Filter by severity (critical, high, medium, low)")
+        var includeUnchangedOption = new Option<bool>("--include-unchanged")
         {
-            ArgumentHelpName = "level"
+            Description = "Include findings that are unchanged"
         };
-        severityFilterOption.AddAlias("-s");
 
-        var backendUrlOption = new Option<string?>("--backend-url", "Scanner WebService URL override");
+        var severityFilterOption = new Option<string?>("--severity", new[] { "-s" })
+        {
+            Description = "Filter by severity (critical, high, medium, low)"
+        };
+
+        var backendUrlOption = new Option<string?>("--backend-url")
+        {
+            Description = "Scanner WebService URL override"
+        };
 
         // compare diff - Full comparison
         var diffCommand = new Command("diff", "Compare two scan snapshots and show detailed diff.");
@@ -188,10 +191,10 @@ internal static class CompareCommandBuilder
 
         // Main compare command
         var compareCommand = new Command("compare", "Compare scan snapshots (SBOM/vulnerability diff).");
-        compareCommand.AddCommand(diffCommand);
-        compareCommand.AddCommand(summaryCommand);
-        compareCommand.AddCommand(canShipCommand);
-        compareCommand.AddCommand(vulnsCommand);
+        compareCommand.Subcommands.Add(diffCommand);
+        compareCommand.Subcommands.Add(summaryCommand);
+        compareCommand.Subcommands.Add(canShipCommand);
+        compareCommand.Subcommands.Add(vulnsCommand);
 
         return compareCommand;
     }