Add Policy DSL Validator, Schema Exporter, and Simulation Smoke tools

- Implemented PolicyDslValidator with command-line options for strict mode and JSON output.
- Created PolicySchemaExporter to generate JSON schemas for policy-related models.
- Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes.
- Added project files and necessary dependencies for each tool.
- Ensured proper error handling and usage instructions across tools.

docs/events/samples/scanner.event.report.ready@1.sample.json

@@ -0,0 +1,93 @@
+{
+  "eventId": "6d2d1b77-f3c3-4f70-8a9d-6f2d0c8801ab",
+  "kind": "scanner.event.report.ready",
+  "version": 1,
+  "tenant": "tenant-alpha",
+  "occurredAt": "2025-10-19T12:34:56Z",
+  "recordedAt": "2025-10-19T12:34:57Z",
+  "source": "scanner.webservice",
+  "idempotencyKey": "scanner.event.report.ready:tenant-alpha:report-abc",
+  "correlationId": "report-abc",
+  "traceId": "0af7651916cd43dd8448eb211c80319c",
+  "spanId": "b7ad6b7169203331",
+  "scope": {
+    "namespace": "acme/edge",
+    "repo": "api",
+    "digest": "sha256:feedface"
+  },
+  "attributes": {
+    "reportId": "report-abc",
+    "policyRevisionId": "rev-42",
+    "policyDigest": "digest-123",
+    "verdict": "blocked"
+  },
+  "payload": {
+    "reportId": "report-abc",
+    "scanId": "report-abc",
+    "imageDigest": "sha256:feedface",
+    "generatedAt": "2025-10-19T12:34:56Z",
+    "verdict": "fail",
+    "summary": {
+      "total": 1,
+      "blocked": 1,
+      "warned": 0,
+      "ignored": 0,
+      "quieted": 0
+    },
+    "delta": {
+      "newCritical": 1,
+      "kev": [
+        "CVE-2024-9999"
+      ]
+    },
+    "quietedFindingCount": 0,
+    "policy": {
+      "digest": "digest-123",
+      "revisionId": "rev-42"
+    },
+  "links": {
+    "ui": "https://scanner.example/ui/reports/report-abc",
+    "report": "https://scanner.example/api/v1/reports/report-abc",
+    "policy": "https://scanner.example/api/v1/policy/revisions/rev-42",
+    "attestation": "https://scanner.example/ui/attestations/report-abc"
+  },
+    "dsse": {
+      "payloadType": "application/vnd.stellaops.report+json",
+      "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC1hYmMiLCJpbWFnZURpZ2VzdCI6InNoYTI1NjpmZWVkZmFjZSIsImdlbmVyYXRlZEF0IjoiMjAyNS0xMC0xOVQxMjozNDo1NiswMDowMCIsInZlcmRpY3QiOiJibG9ja2VkIiwicG9saWN5Ijp7InJldmlzaW9uSWQiOiJyZXYtNDIiLCJkaWdlc3QiOiJkaWdlc3QtMTIzIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJzdGF0dXMiOiJCbG9ja2VkIiwic2NvcmUiOjQ3LjUsInNvdXJjZVRydXN0IjoiTlZEIiwicmVhY2hhYmlsaXR5IjoicnVudGltZSJ9XSwiaXNzdWVzIjpbXX0=",
+      "signatures": [
+        {
+          "keyId": "test-key",
+          "algorithm": "hs256",
+          "signature": "signature-value"
+        }
+      ]
+    },
+    "report": {
+      "reportId": "report-abc",
+      "generatedAt": "2025-10-19T12:34:56Z",
+      "imageDigest": "sha256:feedface",
+      "policy": {
+        "digest": "digest-123",
+        "revisionId": "rev-42"
+      },
+      "summary": {
+        "total": 1,
+        "blocked": 1,
+        "warned": 0,
+        "ignored": 0,
+        "quieted": 0
+      },
+      "verdict": "blocked",
+      "verdicts": [
+        {
+          "findingId": "finding-1",
+          "status": "Blocked",
+          "score": 47.5,
+          "sourceTrust": "NVD",
+          "reachability": "runtime"
+        }
+      ],
+      "issues": []
+    }
+  }
+}

docs/events/samples/scanner.event.scan.completed@1.sample.json

@@ -0,0 +1,99 @@
+{
+  "eventId": "08a6de24-4a94-4d14-8432-9d14f36f6da3",
+  "kind": "scanner.event.scan.completed",
+  "version": 1,
+  "tenant": "tenant-alpha",
+  "occurredAt": "2025-10-19T12:34:56Z",
+  "recordedAt": "2025-10-19T12:34:57Z",
+  "source": "scanner.webservice",
+  "idempotencyKey": "scanner.event.scan.completed:tenant-alpha:report-abc",
+  "correlationId": "report-abc",
+  "traceId": "4bf92f3577b34da6a3ce929d0e0e4736",
+  "scope": {
+    "namespace": "acme/edge",
+    "repo": "api",
+    "digest": "sha256:feedface"
+  },
+  "attributes": {
+    "reportId": "report-abc",
+    "policyRevisionId": "rev-42",
+    "policyDigest": "digest-123",
+    "verdict": "blocked"
+  },
+  "payload": {
+    "reportId": "report-abc",
+    "scanId": "report-abc",
+    "imageDigest": "sha256:feedface",
+    "verdict": "fail",
+    "summary": {
+      "total": 1,
+      "blocked": 1,
+      "warned": 0,
+      "ignored": 0,
+      "quieted": 0
+    },
+    "delta": {
+      "newCritical": 1,
+      "kev": [
+        "CVE-2024-9999"
+      ]
+    },
+    "policy": {
+      "digest": "digest-123",
+      "revisionId": "rev-42"
+    },
+    "findings": [
+      {
+        "id": "finding-1",
+        "severity": "Critical",
+        "cve": "CVE-2024-9999",
+        "purl": "pkg:docker/acme/edge-api@sha256-feedface",
+        "reachability": "runtime"
+      }
+    ],
+    "links": {
+      "ui": "https://scanner.example/ui/reports/report-abc",
+      "report": "https://scanner.example/api/v1/reports/report-abc",
+      "policy": "https://scanner.example/api/v1/policy/revisions/rev-42",
+      "attestation": "https://scanner.example/ui/attestations/report-abc"
+    },
+    "dsse": {
+      "payloadType": "application/vnd.stellaops.report+json",
+      "payload": "eyJyZXBvcnRJZCI6InJlcG9ydC1hYmMiLCJpbWFnZURpZ2VzdCI6InNoYTI1NjpmZWVkZmFjZSIsImdlbmVyYXRlZEF0IjoiMjAyNS0xMC0xOVQxMjozNDo1NiswMDowMCIsInZlcmRpY3QiOiJibG9ja2VkIiwicG9saWN5Ijp7InJldmlzaW9uSWQiOiJyZXYtNDIiLCJkaWdlc3QiOiJkaWdlc3QtMTIzIn0sInN1bW1hcnkiOnsidG90YWwiOjEsImJsb2NrZWQiOjEsIndhcm5lZCI6MCwiaWdub3JlZCI6MCwicXVpZXRlZCI6MH0sInZlcmRpY3RzIjpbeyJmaW5kaW5nSWQiOiJmaW5kaW5nLTEiLCJzdGF0dXMiOiJCbG9ja2VkIiwic2NvcmUiOjQ3LjUsInNvdXJjZVRydXN0IjoiTlZEIiwicmVhY2hhYmlsaXR5IjoicnVudGltZSJ9XSwiaXNzdWVzIjpbXX0=",
+      "signatures": [
+        {
+          "keyId": "test-key",
+          "algorithm": "hs256",
+          "signature": "signature-value"
+        }
+      ]
+    },
+    "report": {
+      "reportId": "report-abc",
+      "generatedAt": "2025-10-19T12:34:56Z",
+      "imageDigest": "sha256:feedface",
+      "policy": {
+        "digest": "digest-123",
+        "revisionId": "rev-42"
+      },
+      "summary": {
+        "total": 1,
+        "blocked": 1,
+        "warned": 0,
+        "ignored": 0,
+        "quieted": 0
+      },
+      "verdict": "blocked",
+      "verdicts": [
+        {
+          "findingId": "finding-1",
+          "status": "Blocked",
+          "score": 47.5,
+          "sourceTrust": "NVD",
+          "reachability": "runtime"
+        }
+      ],
+      "issues": []
+    }
+  }
+}

docs/events/samples/scheduler.graph.job.completed@1.sample.json

@@ -0,0 +1,36 @@
+{
+  "eventId": "4d33c19c-1c8a-44d1-9954-1d5e98b2af71",
+  "kind": "scheduler.graph.job.completed",
+  "tenant": "tenant-alpha",
+  "ts": "2025-10-26T12:00:45Z",
+  "payload": {
+    "jobType": "build",
+    "status": "completed",
+    "occurredAt": "2025-10-26T12:00:45Z",
+    "job": {
+      "schemaVersion": "scheduler.graph-build-job@1",
+      "id": "gbj_20251026a",
+      "tenantId": "tenant-alpha",
+      "sbomId": "sbom_20251026",
+      "sbomVersionId": "sbom_ver_20251026",
+      "sbomDigest": "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
+      "graphSnapshotId": "graph_snap_20251026",
+      "status": "completed",
+      "trigger": "sbom-version",
+      "attempts": 1,
+      "cartographerJobId": "carto_job_42",
+      "correlationId": "evt_svc_987",
+      "createdAt": "2025-10-26T12:00:00+00:00",
+      "startedAt": "2025-10-26T12:00:05+00:00",
+      "completedAt": "2025-10-26T12:00:45+00:00",
+      "metadata": {
+        "sbomEventId": "sbom_evt_20251026"
+      }
+    },
+    "resultUri": "oras://cartographer/offline/tenant-alpha/graph_snap_20251026"
+  },
+  "attributes": {
+    "cartographerCluster": "offline-kit",
+    "plannerShard": "graph-builders-01"
+  }
+}