Add signal contracts for reachability, exploitability, trust, and unknown symbols

- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties.
- Implemented JSON serialization attributes for proper data interchange.
- Created project files for the new signal contracts library and corresponding test projects.
- Added deterministic test fixtures for micro-interaction testing.
- Included cryptographic keys for secure operations with cosign.

src/__Libraries/StellaOps.Signals.Contracts/Abstractions/ISignalConsumer.cs

@@ -0,0 +1,38 @@
+namespace StellaOps.Signals.Contracts;
+
+/// <summary>
+/// Interface for consuming signals from the signal bus.
+/// Implemented by services that process signals.
+/// </summary>
+public interface ISignalConsumer
+{
+    /// <summary>
+    /// Consumes signals from the signal bus as an async enumerable.
+    /// </summary>
+    /// <param name="filterType">Optional signal type to filter by.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    /// <returns>Async enumerable of signal envelopes.</returns>
+    IAsyncEnumerable<SignalEnvelope> ConsumeAsync(
+        SignalType? filterType = null,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Gets the latest signal for a given key.
+    /// </summary>
+    /// <param name="signalKey">The signal key to look up.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    /// <returns>The signal envelope if found, null otherwise.</returns>
+    ValueTask<SignalEnvelope?> GetLatestAsync(
+        string signalKey,
+        CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Gets all signals for a given PURL.
+    /// </summary>
+    /// <param name="purl">The package URL to look up.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    /// <returns>Collection of signal envelopes for the PURL.</returns>
+    ValueTask<IReadOnlyList<SignalEnvelope>> GetByPurlAsync(
+        string purl,
+        CancellationToken cancellationToken = default);
+}

src/__Libraries/StellaOps.Signals.Contracts/Abstractions/ISignalContext.cs

@@ -0,0 +1,58 @@
+namespace StellaOps.Signals.Contracts;
+
+/// <summary>
+/// Interface for signal context providing metadata and correlation.
+/// Used by signal producers to add context to emitted signals.
+/// </summary>
+public interface ISignalContext
+{
+    /// <summary>
+    /// Gets the current tenant ID.
+    /// </summary>
+    string? TenantId { get; }
+
+    /// <summary>
+    /// Gets the current correlation ID for distributed tracing.
+    /// </summary>
+    string? CorrelationId { get; }
+
+    /// <summary>
+    /// Gets the name of the service producing signals.
+    /// </summary>
+    string ServiceName { get; }
+
+    /// <summary>
+    /// Creates a signal envelope with context metadata.
+    /// </summary>
+    /// <typeparam name="T">Type of the signal value.</typeparam>
+    /// <param name="signalKey">Unique key for the signal.</param>
+    /// <param name="signalType">Type of the signal.</param>
+    /// <param name="value">The signal value.</param>
+    /// <returns>A fully populated signal envelope.</returns>
+    SignalEnvelope CreateEnvelope<T>(string signalKey, SignalType signalType, T value) where T : notnull;
+
+    /// <summary>
+    /// Creates a reachability signal envelope.
+    /// </summary>
+    SignalEnvelope CreateReachabilityEnvelope(string purl, ReachabilitySignal signal);
+
+    /// <summary>
+    /// Creates an entropy signal envelope.
+    /// </summary>
+    SignalEnvelope CreateEntropyEnvelope(string purl, EntropySignal signal);
+
+    /// <summary>
+    /// Creates an exploitability signal envelope.
+    /// </summary>
+    SignalEnvelope CreateExploitabilityEnvelope(string cveId, ExploitabilitySignal signal);
+
+    /// <summary>
+    /// Creates a trust signal envelope.
+    /// </summary>
+    SignalEnvelope CreateTrustEnvelope(string purl, TrustSignal signal);
+
+    /// <summary>
+    /// Creates an unknown symbol signal envelope.
+    /// </summary>
+    SignalEnvelope CreateUnknownSymbolEnvelope(string symbolId, UnknownSymbolSignal signal);
+}

src/__Libraries/StellaOps.Signals.Contracts/Abstractions/ISignalEmitter.cs

@@ -0,0 +1,22 @@
+namespace StellaOps.Signals.Contracts;
+
+/// <summary>
+/// Interface for emitting signals to the signal bus.
+/// Implemented by services that produce signals.
+/// </summary>
+public interface ISignalEmitter
+{
+    /// <summary>
+    /// Emits a single signal to the signal bus.
+    /// </summary>
+    /// <param name="signal">The signal envelope to emit.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    ValueTask EmitAsync(SignalEnvelope signal, CancellationToken cancellationToken = default);
+
+    /// <summary>
+    /// Emits a batch of signals to the signal bus.
+    /// </summary>
+    /// <param name="signals">The signal envelopes to emit.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    ValueTask EmitBatchAsync(IEnumerable<SignalEnvelope> signals, CancellationToken cancellationToken = default);
+}