consolidation of some of the modules, localization fixes, product advisories work, qa work

src/Policy/__Tests/StellaOps.Policy.Tests/Scoring/EvidenceWeightedScoreModelTests.cs

@@ -207,6 +207,7 @@ public sealed class EvidenceWeightedScoreModelTests
         var policy = new ScorePolicy
         {
             PolicyVersion = "score.v1",
+            PolicyId = "test-policy.invalid-weights",
             WeightsBps = new WeightsBps
             {
                 BaseSeverity = 1000,

src/Policy/__Tests/StellaOps.Policy.Tests/Scoring/ScorePolicyLoaderContractTests.cs

@@ -0,0 +1,107 @@
+using FluentAssertions;
+using StellaOps.Policy.Scoring;
+using System.Text.Json;
+using Xunit;
+
+namespace StellaOps.Policy.Tests.Scoring;
+
+[Trait("Category", "Unit")]
+public sealed class ScorePolicyLoaderContractTests
+{
+    private readonly ScorePolicyLoader _loader = new();
+
+    [Fact]
+    public void LoadFromYaml_MissingPolicyId_FailsValidation()
+    {
+        var yaml = """
+        policyVersion: score.v1
+        weightsBps:
+          baseSeverity: 2500
+          reachability: 2500
+          evidence: 2500
+          provenance: 2500
+        """;
+
+        var act = () => _loader.LoadFromYaml(yaml, "missing-policy-id");
+
+        act.Should()
+            .Throw<ScorePolicyLoadException>()
+            .WithMessage("*Missing required field 'policyId'*");
+    }
+
+    [Fact]
+    public void LoadFromYaml_ValidPolicyWithPolicyId_LoadsSuccessfully()
+    {
+        var yaml = """
+        policyVersion: score.v1
+        policyId: tenant-default-score
+        scoringProfile: advanced
+        weightsBps:
+          baseSeverity: 2500
+          reachability: 2500
+          evidence: 2500
+          provenance: 2500
+        reachability:
+          unreachableScore: 0
+        evidence:
+          points:
+            runtime: 60
+            dast: 30
+            sast: 20
+            sca: 10
+        provenance:
+          levels:
+            unsigned: 0
+            signed: 30
+            signedWithSbom: 60
+            signedWithSbomAndAttestations: 80
+            reproducible: 100
+        """;
+
+        var policy = _loader.LoadFromYaml(yaml, "valid-policy");
+
+        policy.PolicyId.Should().Be("tenant-default-score");
+        policy.PolicyVersion.Should().Be("score.v1");
+        policy.ValidateWeights().Should().BeTrue();
+        policy.Reachability.Should().NotBeNull();
+        policy.Evidence.Should().NotBeNull();
+        policy.Provenance.Should().NotBeNull();
+    }
+
+    [Fact]
+    public void EmbeddedSchemaAndSourceSchema_RemainInParity()
+    {
+        var embeddedSchema = JsonDocument.Parse(ScorePolicySchemaResource.ReadSchemaJson());
+        var sourceSchema = JsonDocument.Parse(File.ReadAllText(FindSourceSchemaPath()));
+
+        var embeddedNormalized = JsonSerializer.Serialize(embeddedSchema.RootElement);
+        var sourceNormalized = JsonSerializer.Serialize(sourceSchema.RootElement);
+
+        embeddedNormalized.Should().Be(sourceNormalized,
+            "embedded schema and source schema must stay identical");
+    }
+
+    private static string FindSourceSchemaPath()
+    {
+        var directory = new DirectoryInfo(AppContext.BaseDirectory);
+        while (directory is not null)
+        {
+            var candidate = Path.Combine(
+                directory.FullName,
+                "src",
+                "Policy",
+                "__Libraries",
+                "StellaOps.Policy",
+                "Schemas",
+                "score-policy.v1.schema.json");
+            if (File.Exists(candidate))
+            {
+                return candidate;
+            }
+
+            directory = directory.Parent;
+        }
+
+        throw new InvalidOperationException("Unable to locate score-policy.v1.schema.json from test base directory.");
+    }
+}