Complete batch 012 (golden set diff) and 013 (advisory chat), fix build errors

Sprints completed:
- SPRINT_20260110_012_* (golden set diff layer - 10 sprints)
- SPRINT_20260110_013_* (advisory chat - 4 sprints)

Build fixes applied:
- Fix namespace conflicts with Microsoft.Extensions.Options.Options.Create
- Fix VexDecisionReachabilityIntegrationTests API drift (major rewrite)
- Fix VexSchemaValidationTests FluentAssertions method name
- Fix FixChainGateIntegrationTests ambiguous type references
- Fix AdvisoryAI test files required properties and namespace aliases
- Add stub types for CveMappingController (ICveSymbolMappingService)
- Fix VerdictBuilderService static context issue

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/VulnExplorer/StellaOps.VulnExplorer.Api/Models/FixVerificationModels.cs

@@ -0,0 +1,209 @@
+// Licensed under AGPL-3.0-or-later. Copyright (C) 2026 StellaOps Contributors.
+// Sprint: SPRINT_20260110_012_009_FE
+// Task: FVU-001 - Fix Verification API Models
+
+namespace StellaOps.VulnExplorer.Api.Models;
+
+/// <summary>
+/// Fix verification status response for frontend display.
+/// </summary>
+public sealed record FixVerificationResponse
+{
+    /// <summary>CVE identifier.</summary>
+    public required string CveId { get; init; }
+
+    /// <summary>Component PURL.</summary>
+    public required string ComponentPurl { get; init; }
+
+    /// <summary>Whether a FixChain attestation exists.</summary>
+    public required bool HasAttestation { get; init; }
+
+    /// <summary>Verdict status: fixed, partial, not_fixed, inconclusive, none.</summary>
+    public required string Verdict { get; init; }
+
+    /// <summary>Confidence score (0.0 - 1.0).</summary>
+    public required decimal Confidence { get; init; }
+
+    /// <summary>Human-readable verdict label.</summary>
+    public required string VerdictLabel { get; init; }
+
+    /// <summary>Golden set reference.</summary>
+    public FixVerificationGoldenSetRef? GoldenSet { get; init; }
+
+    /// <summary>Analysis results summary.</summary>
+    public FixVerificationAnalysis? Analysis { get; init; }
+
+    /// <summary>Risk impact from fix verification.</summary>
+    public FixVerificationRiskImpact? RiskImpact { get; init; }
+
+    /// <summary>Evidence chain references.</summary>
+    public FixVerificationEvidenceChain? EvidenceChain { get; init; }
+
+    /// <summary>When the verification was performed.</summary>
+    public DateTimeOffset? VerifiedAt { get; init; }
+
+    /// <summary>Rationale items.</summary>
+    public IReadOnlyList<string> Rationale { get; init; } = [];
+}
+
+/// <summary>
+/// Golden set reference for UI display.
+/// </summary>
+public sealed record FixVerificationGoldenSetRef
+{
+    /// <summary>Golden set ID (typically CVE ID).</summary>
+    public required string Id { get; init; }
+
+    /// <summary>Content digest.</summary>
+    public required string Digest { get; init; }
+
+    /// <summary>Reviewer/approver.</summary>
+    public string? ReviewedBy { get; init; }
+
+    /// <summary>When reviewed.</summary>
+    public DateTimeOffset? ReviewedAt { get; init; }
+}
+
+/// <summary>
+/// Analysis results for UI display.
+/// </summary>
+public sealed record FixVerificationAnalysis
+{
+    /// <summary>Function-level changes.</summary>
+    public IReadOnlyList<FunctionChangeResult> Functions { get; init; } = [];
+
+    /// <summary>Reachability changes.</summary>
+    public ReachabilityChangeResult? Reachability { get; init; }
+}
+
+/// <summary>
+/// Function-level change result.
+/// </summary>
+public sealed record FunctionChangeResult
+{
+    /// <summary>Function name.</summary>
+    public required string FunctionName { get; init; }
+
+    /// <summary>Change status: modified, removed, unchanged.</summary>
+    public required string Status { get; init; }
+
+    /// <summary>Status icon for UI.</summary>
+    public required string StatusIcon { get; init; }
+
+    /// <summary>Human-readable details.</summary>
+    public required string Details { get; init; }
+
+    /// <summary>Child items (edges, sinks).</summary>
+    public IReadOnlyList<FunctionChangeChild> Children { get; init; } = [];
+}
+
+/// <summary>
+/// Child item of a function change (edge or sink).
+/// </summary>
+public sealed record FunctionChangeChild
+{
+    /// <summary>Name (edge identifier or sink name).</summary>
+    public required string Name { get; init; }
+
+    /// <summary>Change status.</summary>
+    public required string Status { get; init; }
+
+    /// <summary>Status icon.</summary>
+    public required string StatusIcon { get; init; }
+
+    /// <summary>Details.</summary>
+    public required string Details { get; init; }
+}
+
+/// <summary>
+/// Reachability change result.
+/// </summary>
+public sealed record ReachabilityChangeResult
+{
+    /// <summary>Pre-patch path count.</summary>
+    public required int PrePatchPaths { get; init; }
+
+    /// <summary>Post-patch path count.</summary>
+    public required int PostPatchPaths { get; init; }
+
+    /// <summary>Whether all paths were eliminated.</summary>
+    public required bool AllPathsEliminated { get; init; }
+
+    /// <summary>Summary text.</summary>
+    public required string Summary { get; init; }
+}
+
+/// <summary>
+/// Risk impact from fix verification.
+/// </summary>
+public sealed record FixVerificationRiskImpact
+{
+    /// <summary>Base risk score before fix adjustment.</summary>
+    public required decimal BaseScore { get; init; }
+
+    /// <summary>Base severity label.</summary>
+    public required string BaseSeverity { get; init; }
+
+    /// <summary>Fix adjustment percentage (negative = reduction).</summary>
+    public required decimal AdjustmentPercent { get; init; }
+
+    /// <summary>Final risk score after adjustment.</summary>
+    public required decimal FinalScore { get; init; }
+
+    /// <summary>Final severity label.</summary>
+    public required string FinalSeverity { get; init; }
+
+    /// <summary>Progress bar value (0-100).</summary>
+    public required int ProgressValue { get; init; }
+}
+
+/// <summary>
+/// Evidence chain for audit trail.
+/// </summary>
+public sealed record FixVerificationEvidenceChain
+{
+    /// <summary>SBOM reference.</summary>
+    public EvidenceChainItem? Sbom { get; init; }
+
+    /// <summary>Golden set reference.</summary>
+    public EvidenceChainItem? GoldenSet { get; init; }
+
+    /// <summary>Diff report reference.</summary>
+    public EvidenceChainItem? DiffReport { get; init; }
+
+    /// <summary>FixChain attestation reference.</summary>
+    public EvidenceChainItem? Attestation { get; init; }
+}
+
+/// <summary>
+/// Individual evidence chain item.
+/// </summary>
+public sealed record EvidenceChainItem
+{
+    /// <summary>Item label.</summary>
+    public required string Label { get; init; }
+
+    /// <summary>Content digest (truncated for display).</summary>
+    public required string DigestShort { get; init; }
+
+    /// <summary>Full content digest.</summary>
+    public required string DigestFull { get; init; }
+
+    /// <summary>Download URL.</summary>
+    public string? DownloadUrl { get; init; }
+}
+
+/// <summary>
+/// Request to verify a fix.
+/// </summary>
+public sealed record FixVerificationRequest
+{
+    /// <summary>CVE identifier.</summary>
+    public required string CveId { get; init; }
+
+    /// <summary>Component PURL.</summary>
+    public required string ComponentPurl { get; init; }
+
+    /// <summary>Image or binary digest.</summary>
+    public string? ArtifactDigest { get; init; }
+}