feat: Implement IsolatedReplayContext for deterministic audit replay

- Added IsolatedReplayContext class to provide an isolated environment for replaying audit bundles without external calls.
- Introduced methods for initializing the context, verifying input digests, and extracting inputs for policy evaluation.
- Created supporting interfaces and options for context configuration.

feat: Create ReplayExecutor for executing policy re-evaluation and verdict comparison

- Developed ReplayExecutor class to handle the execution of replay processes, including input verification and verdict comparison.
- Implemented detailed drift detection and error handling during replay execution.
- Added interfaces for policy evaluation and replay execution options.

feat: Add ScanSnapshotFetcher for fetching scan data and snapshots

- Introduced ScanSnapshotFetcher class to retrieve necessary scan data and snapshots for audit bundle creation.
- Implemented methods to fetch scan metadata, advisory feeds, policy snapshots, and VEX statements.
- Created supporting interfaces for scan data, feed snapshots, and policy snapshots.

src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/OciArtifactPusher.cs

@@ -127,7 +127,7 @@ public sealed class OciArtifactPusher
 
         return new OciArtifactManifest
         {
-            MediaType = OciMediaTypes.ArtifactManifest,
+            MediaType = OciMediaTypes.ImageManifest,
             ArtifactType = request.ArtifactType,
             Config = new OciDescriptor
             {
@@ -140,7 +140,7 @@ public sealed class OciArtifactPusher
                 ? null
                 : new OciDescriptor
                 {
-                    MediaType = OciMediaTypes.ArtifactManifest,
+                    MediaType = OciMediaTypes.ImageManifest,
                     Digest = request.SubjectDigest!,
                     Size = 0
                 },
@@ -220,7 +220,7 @@ public sealed class OciArtifactPusher
             Content = new ByteArrayContent(manifestBytes)
         };
 
-        request.Content.Headers.ContentType = new MediaTypeHeaderValue(OciMediaTypes.ArtifactManifest);
+        request.Content.Headers.ContentType = new MediaTypeHeaderValue(OciMediaTypes.ImageManifest);
         auth.ApplyTo(request);
 
         using var response = await _httpClient.SendAsync(request, cancellationToken).ConfigureAwait(false);

src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/OciMediaTypes.cs

@@ -2,7 +2,16 @@
 
 public static class OciMediaTypes
 {
+    /// <summary>
+    /// OCI 1.1 image manifest (used for all manifests including artifacts).
+    /// </summary>
+    public const string ImageManifest = "application/vnd.oci.image.manifest.v1+json";
+
+    /// <summary>
+    /// Deprecated artifact manifest type (kept for compatibility, prefer ImageManifest).
+    /// </summary>
     public const string ArtifactManifest = "application/vnd.oci.artifact.manifest.v1+json";
+
     public const string EmptyConfig = "application/vnd.oci.empty.v1+json";
     public const string OctetStream = "application/octet-stream";
 
@@ -26,4 +35,30 @@ public static class OciMediaTypes
     /// Config media type for verdict attestation artifacts.
     /// </summary>
     public const string VerdictConfig = "application/vnd.stellaops.verdict.config.v1+json";
+
+    // Sprint: SPRINT_5200_0001_0001 - Policy Pack Distribution
+    /// <summary>
+    /// Media type for policy pack artifacts.
+    /// </summary>
+    public const string PolicyPack = "application/vnd.stellaops.policy-pack.v1+json";
+
+    /// <summary>
+    /// Config media type for policy pack artifacts.
+    /// </summary>
+    public const string PolicyPackConfig = "application/vnd.stellaops.policy-pack.config.v1+json";
+
+    /// <summary>
+    /// Media type for policy pack attestation (DSSE envelope).
+    /// </summary>
+    public const string PolicyPackAttestation = "application/vnd.stellaops.policy-pack.attestation.v1+json";
+
+    /// <summary>
+    /// Media type for policy pack YAML layer.
+    /// </summary>
+    public const string PolicyPackYaml = "application/vnd.stellaops.policy-pack.yaml.v1";
+
+    /// <summary>
+    /// Media type for policy pack override layer.
+    /// </summary>
+    public const string PolicyPackOverride = "application/vnd.stellaops.policy-pack.override.v1+json";
 }

src/Scanner/__Libraries/StellaOps.Scanner.Storage.Oci/OciModels.cs

@@ -26,7 +26,7 @@ public sealed record OciArtifactManifest
     public int SchemaVersion { get; init; } = 2;
 
     [JsonPropertyName("mediaType")]
-    public string MediaType { get; init; } = OciMediaTypes.ArtifactManifest;
+    public string MediaType { get; init; } = OciMediaTypes.ImageManifest;
 
     [JsonPropertyName("artifactType")]
     public string? ArtifactType { get; init; }