Add signal contracts for reachability, exploitability, trust, and unknown symbols

- Introduced `ReachabilityState`, `RuntimeHit`, `ExploitabilitySignal`, `ReachabilitySignal`, `SignalEnvelope`, `SignalType`, `TrustSignal`, and `UnknownSymbolSignal` records to define various signal types and their properties.
- Implemented JSON serialization attributes for proper data interchange.
- Created project files for the new signal contracts library and corresponding test projects.
- Added deterministic test fixtures for micro-interaction testing.
- Included cryptographic keys for secure operations with cosign.

tests/EvidenceLocker/Bundles/Golden/README.md

@@ -3,9 +3,9 @@
 Purpose: reference bundles and replay records used by CI to prove deterministic packaging, DSSE subject stability, and portable redaction behaviour.
 
 ## Layout
-- `sealed/` – sealed `bundle.tgz` artifacts with matching `manifest.json`, `checksums.txt`, and expected Merkle root in `expected.json`.
-- `portable/` – redacted `portable-bundle-v1.tgz` paired with `expected.json` noting masked fields.
-- `replay/` – `replay.ndjson` records aligned to the bundle fixtures; ordering is canonical (recordedAtUtc, scanId).
+- `sealed/` – sealed bundle ingredients (`manifest.json`, `checksums.txt`, DSSE `signature.json`, `bundle.json`, evidence ndjson) plus `expected.json`.
+- `portable/` – redacted bundle ingredients and `expected.json` noting masked fields and tenant token.
+- `replay/` – `replay.ndjson` with `expected.json` (recordDigest, sequence, ledger URI); ordering is canonical (recordedAtUtc, scanId).
 
 ## Expectations
 - Gzip timestamp pinned to `2025-01-01T00:00:00Z`; tar entries use `0644` perms and fixed mtime.

tests/StellaOps.Gateway.WebService.Tests/GatewayHealthTests.cs

@@ -0,0 +1,27 @@
+using Microsoft.AspNetCore.Mvc.Testing;
+using Xunit;
+
+namespace StellaOps.Gateway.WebService.Tests;
+
+public class GatewayHealthTests : IClassFixture<WebApplicationFactory<Program>>
+{
+    private readonly WebApplicationFactory<Program> _factory;
+
+    public GatewayHealthTests(WebApplicationFactory<Program> factory)
+    {
+        _factory = factory;
+    }
+
+    [Fact]
+    public async Task HealthEndpoint_ReturnsOk()
+    {
+        // Arrange
+        var client = _factory.CreateClient();
+
+        // Act
+        var response = await client.GetAsync("/health");
+
+        // Assert
+        response.EnsureSuccessStatusCode();
+    }
+}

tests/StellaOps.Gateway.WebService.Tests/StellaOps.Gateway.WebService.Tests.csproj

@@ -0,0 +1,26 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>preview</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.0-rc.2.25502.107" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+    <PackageReference Include="xunit" Version="2.9.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+    <PackageReference Include="coverlet.collector" Version="6.0.4">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Gateway\StellaOps.Gateway.WebService\StellaOps.Gateway.WebService.csproj" />
+  </ItemGroup>
+</Project>

tests/StellaOps.Microservice.Tests/StellaMicroserviceOptionsTests.cs

@@ -0,0 +1,43 @@
+using StellaOps.Microservice;
+using StellaOps.Router.Common;
+using Xunit;
+
+namespace StellaOps.Microservice.Tests;
+
+public class StellaMicroserviceOptionsTests
+{
+    [Fact]
+    public void StellaMicroserviceOptions_CanBeCreated()
+    {
+        // Arrange & Act
+        var options = new StellaMicroserviceOptions
+        {
+            ServiceName = "test-service",
+            Version = "1.0.0",
+            Region = "eu1"
+        };
+
+        // Assert
+        Assert.Equal("test-service", options.ServiceName);
+        Assert.Equal("1.0.0", options.Version);
+        Assert.Equal("eu1", options.Region);
+        Assert.NotEmpty(options.InstanceId);
+    }
+
+    [Fact]
+    public void RouterEndpointConfig_CanBeCreated()
+    {
+        // Arrange & Act
+        var config = new RouterEndpointConfig
+        {
+            Host = "localhost",
+            Port = 5000,
+            TransportType = TransportType.Tcp
+        };
+
+        // Assert
+        Assert.Equal("localhost", config.Host);
+        Assert.Equal(5000, config.Port);
+        Assert.Equal(TransportType.Tcp, config.TransportType);
+    }
+}

tests/StellaOps.Microservice.Tests/StellaOps.Microservice.Tests.csproj

@@ -0,0 +1,25 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>preview</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+    <PackageReference Include="xunit" Version="2.9.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+    <PackageReference Include="coverlet.collector" Version="6.0.4">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\__Libraries\StellaOps.Microservice\StellaOps.Microservice.csproj" />
+  </ItemGroup>
+</Project>

tests/StellaOps.Router.Common.Tests/FrameTypeTests.cs

@@ -0,0 +1,40 @@
+using StellaOps.Router.Common;
+using Xunit;
+
+namespace StellaOps.Router.Common.Tests;
+
+public class FrameTypeTests
+{
+    [Fact]
+    public void FrameType_HasExpectedValues()
+    {
+        // Verify all expected frame types exist
+        Assert.True(Enum.IsDefined(typeof(FrameType), FrameType.Hello));
+        Assert.True(Enum.IsDefined(typeof(FrameType), FrameType.Heartbeat));
+        Assert.True(Enum.IsDefined(typeof(FrameType), FrameType.Request));
+        Assert.True(Enum.IsDefined(typeof(FrameType), FrameType.Response));
+        Assert.True(Enum.IsDefined(typeof(FrameType), FrameType.Cancel));
+    }
+
+    [Fact]
+    public void TransportType_HasExpectedValues()
+    {
+        // Verify all expected transport types exist
+        Assert.True(Enum.IsDefined(typeof(TransportType), TransportType.InMemory));
+        Assert.True(Enum.IsDefined(typeof(TransportType), TransportType.Tcp));
+        Assert.True(Enum.IsDefined(typeof(TransportType), TransportType.Tls));
+        Assert.True(Enum.IsDefined(typeof(TransportType), TransportType.Udp));
+        Assert.True(Enum.IsDefined(typeof(TransportType), TransportType.RabbitMq));
+    }
+
+    [Fact]
+    public void InstanceHealthStatus_HasExpectedValues()
+    {
+        // Verify all expected health statuses exist
+        Assert.True(Enum.IsDefined(typeof(InstanceHealthStatus), InstanceHealthStatus.Unknown));
+        Assert.True(Enum.IsDefined(typeof(InstanceHealthStatus), InstanceHealthStatus.Healthy));
+        Assert.True(Enum.IsDefined(typeof(InstanceHealthStatus), InstanceHealthStatus.Degraded));
+        Assert.True(Enum.IsDefined(typeof(InstanceHealthStatus), InstanceHealthStatus.Draining));
+        Assert.True(Enum.IsDefined(typeof(InstanceHealthStatus), InstanceHealthStatus.Unhealthy));
+    }
+}

tests/StellaOps.Router.Common.Tests/StellaOps.Router.Common.Tests.csproj

@@ -0,0 +1,25 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>preview</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+    <PackageReference Include="xunit" Version="2.9.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+    <PackageReference Include="coverlet.collector" Version="6.0.4">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\__Libraries\StellaOps.Router.Common\StellaOps.Router.Common.csproj" />
+  </ItemGroup>
+</Project>

tests/fixtures/micro/micro-fixtures.ts

@@ -0,0 +1,89 @@
+/**
+ * Micro-interaction test fixtures with deterministic seeds (MI8)
+ *
+ * Usage:
+ * - Import these constants in Storybook stories and Playwright tests
+ * - Use frozenTimestamp for all date operations
+ * - Use rngSeed for any randomized content
+ */
+
+// Frozen timestamp: 2025-12-04T12:00:00Z (as per advisory)
+export const FROZEN_TIMESTAMP = new Date('2025-12-04T12:00:00.000Z');
+export const FROZEN_TIMESTAMP_MS = 1733313600000;
+
+// Fixed RNG seed as per advisory: 0x5EED2025
+export const RNG_SEED = 0x5EED2025;
+
+// Deterministic UUID generator (seeded)
+export function seededUuid(seed: number = RNG_SEED, index: number = 0): string {
+  const hash = ((seed + index) * 2654435761) >>> 0;
+  const hex = hash.toString(16).padStart(8, '0');
+  return `${hex.slice(0, 8)}-${hex.slice(0, 4)}-4${hex.slice(1, 4)}-8${hex.slice(4, 7)}-${hex}0000`.slice(0, 36);
+}
+
+// Skeleton state fixture
+export const skeletonFixture = {
+  showAfterMs: 400,
+  loadingDurationMs: 1200,
+  state: 'loading' as const,
+  timestamp: FROZEN_TIMESTAMP,
+};
+
+// Error state fixture
+export const errorFixture = {
+  code: 'UI_ERR_001',
+  message: 'Failed to load data',
+  retryAvailable: true,
+  timestamp: FROZEN_TIMESTAMP,
+  correlationId: seededUuid(RNG_SEED, 1),
+};
+
+// Offline state fixture
+export const offlineFixture = {
+  isOffline: true,
+  lastOnline: new Date(FROZEN_TIMESTAMP_MS - 300000), // 5 minutes ago
+  cachedDataAge: 'less than 1 hour',
+  timestamp: FROZEN_TIMESTAMP,
+};
+
+// Toast/snackbar fixture
+export const toastFixture = {
+  id: seededUuid(RNG_SEED, 2),
+  type: 'info' as const,
+  message: 'Changes saved successfully',
+  undoAvailable: true,
+  undoWindowMs: 8000,
+  timestamp: FROZEN_TIMESTAMP,
+};
+
+// Reduced motion test config
+export const reducedMotionConfig = {
+  enabled: true,
+  emulateQuery: true,
+  dataAttribute: 'data-reduce-motion',
+  dataValue: '1',
+};
+
+// Playwright/Storybook timer config
+export const timerConfig = {
+  useFakeTimers: true,
+  now: FROZEN_TIMESTAMP_MS,
+  shouldAdvanceTime: false,
+};
+
+// Sample telemetry event
+export const sampleTelemetryEvent = {
+  schema_version: 'v1.0',
+  event_type: 'ui.micro.interaction',
+  timestamp: FROZEN_TIMESTAMP.toISOString(),
+  tenant_id: 'test-tenant',
+  surface: 'dashboard',
+  component: 'button',
+  action: 'click',
+  latency_ms: 45,
+  outcome: 'success',
+  reduced_motion: false,
+  offline_mode: false,
+  error_code: null,
+  correlation_id: seededUuid(RNG_SEED, 3),
+};