Refactor and update test projects, remove obsolete tests, and upgrade dependencies

- Deleted obsolete test files for SchedulerAuditService and SchedulerMongoSessionFactory.
- Removed unused TestDataFactory class.
- Updated project files for Mongo.Tests to remove references to deleted files.
- Upgraded BouncyCastle.Cryptography package to version 2.6.2 across multiple projects.
- Replaced Microsoft.Extensions.Http.Polly with Microsoft.Extensions.Http.Resilience in Zastava.Webhook project.
- Updated NetEscapades.Configuration.Yaml package to version 3.1.0 in Configuration library.
- Upgraded Pkcs11Interop package to version 5.1.2 in Cryptography libraries.
- Refactored Argon2idPasswordHasher to use BouncyCastle for hashing instead of Konscious.
- Updated JsonSchema.Net package to version 7.3.2 in Microservice project.
- Updated global.json to use .NET SDK version 10.0.101.

ops/devops/README.md

@@ -61,7 +61,7 @@ tests (`npm run test:e2e`) after building the Angular bundle. See
 `docs/modules/ui/operations/auth-smoke.md` for the job design, environment stubs, and
 offline runner considerations.
 
-## NuGet preview bootstrap
+## NuGet preview bootstrap
 
 `.NET 10` preview packages (Microsoft.Extensions.*, JwtBearer 10.0 RC, Sqlite 9 RC)
 ship from the public `dotnet-public` Azure DevOps feed. We mirror them into
@@ -77,13 +77,13 @@ prefers the local mirror and that `Directory.Build.props` enforces the same orde
 The validator now runs automatically in the `build-test-deploy` and `release`
 workflows so CI fails fast when a feed priority regression slips in.
 
-Detailed operator instructions live in `docs/modules/devops/runbooks/nuget-preview-bootstrap.md`.
-
-## CI harnesses (offline-friendly)
-
-- **Concelier**: `ops/devops/concelier-ci-runner/run-concelier-ci.sh` builds `concelier-webservice.slnf` and runs WebService + Storage Mongo tests. Outputs binlog + TRX + summary under `ops/devops/artifacts/concelier-ci/<ts>/`.
-- **Advisory AI**: `ops/devops/advisoryai-ci-runner/run-advisoryai-ci.sh` builds `src/AdvisoryAI/StellaOps.AdvisoryAI.sln`, runs `StellaOps.AdvisoryAI.Tests`, and emits binlog + TRX + summary under `ops/devops/artifacts/advisoryai-ci/<ts>/`. Warmed NuGet cache from `local-nugets` for offline parity.
-- **Scanner**: `ops/devops/scanner-ci-runner/run-scanner-ci.sh` builds `src/Scanner/StellaOps.Scanner.sln` and runs core/analyzer/web/worker test buckets with binlog + TRX outputs under `ops/devops/artifacts/scanner-ci/<ts>/`.
+Detailed operator instructions live in `docs/modules/devops/runbooks/nuget-preview-bootstrap.md`.
+
+## CI harnesses (offline-friendly)
+
+- **Concelier**: `ops/devops/concelier-ci-runner/run-concelier-ci.sh` builds `concelier-webservice.slnf` and runs WebService + Storage Mongo tests. Outputs binlog + TRX + summary under `ops/devops/artifacts/concelier-ci/<ts>/`.
+- **Advisory AI**: `ops/devops/advisoryai-ci-runner/run-advisoryai-ci.sh` builds `src/AdvisoryAI/StellaOps.AdvisoryAI.sln`, runs `StellaOps.AdvisoryAI.Tests`, and emits binlog + TRX + summary under `ops/devops/artifacts/advisoryai-ci/<ts>/`. For offline parity, configure a local NuGet feed in `nuget.config`.
+- **Scanner**: `ops/devops/scanner-ci-runner/run-scanner-ci.sh` builds `src/Scanner/StellaOps.Scanner.sln` and runs core/analyzer/web/worker test buckets with binlog + TRX outputs under `ops/devops/artifacts/scanner-ci/<ts>/`.
 
 ## Telemetry collector tooling (DEVOPS-OBS-50-001)
 
@@ -91,9 +91,9 @@ Detailed operator instructions live in `docs/modules/devops/runbooks/nuget-previ
   client/server certificates for the OpenTelemetry collector overlay (mutual TLS).
 - `ops/devops/telemetry/smoke_otel_collector.py` – sends OTLP traces/metrics/logs
   over TLS and validates that the collector increments its receiver counters.
-- `ops/devops/telemetry/package_offline_bundle.py` – re-packages collector assets for the Offline Kit.
-- `ops/devops/telemetry/tenant_isolation_smoke.py` – verifies Tempo/Loki tenant isolation with mTLS and scoped headers.
-- `deploy/compose/docker-compose.telemetry-storage.yaml` – Prometheus/Tempo/Loki stack for staging validation.
+- `ops/devops/telemetry/package_offline_bundle.py` – re-packages collector assets for the Offline Kit.
+- `ops/devops/telemetry/tenant_isolation_smoke.py` – verifies Tempo/Loki tenant isolation with mTLS and scoped headers.
+- `deploy/compose/docker-compose.telemetry-storage.yaml` – Prometheus/Tempo/Loki stack for staging validation.
 
 Combine these helpers with `deploy/compose/docker-compose.telemetry.yaml` to run
 a secured collector locally before rolling out the Helm-based deployment.

ops/devops/local-postgres/docker-compose.yml

@@ -13,6 +13,13 @@ services:
       - "5432:5432"
     volumes:
       - stella-postgres-data:/var/lib/postgresql/data
+      - ./init:/docker-entrypoint-initdb.d:ro
+    command:
+      - "postgres"
+      - "-c"
+      - "shared_preload_libraries=pg_stat_statements"
+      - "-c"
+      - "pg_stat_statements.track=all"
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER"]
       interval: 10s

ops/devops/local-postgres/init/01-extensions.sql

@@ -0,0 +1,17 @@
+-- Enable pg_stat_statements extension for query performance analysis
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+
+-- Enable other useful extensions
+CREATE EXTENSION IF NOT EXISTS pg_trgm;      -- Fuzzy text search
+CREATE EXTENSION IF NOT EXISTS btree_gin;    -- GIN indexes for scalar types
+CREATE EXTENSION IF NOT EXISTS pgcrypto;     -- Cryptographic functions
+
+-- Create schemas for all modules
+CREATE SCHEMA IF NOT EXISTS authority;
+CREATE SCHEMA IF NOT EXISTS vuln;
+CREATE SCHEMA IF NOT EXISTS vex;
+CREATE SCHEMA IF NOT EXISTS scheduler;
+CREATE SCHEMA IF NOT EXISTS notify;
+CREATE SCHEMA IF NOT EXISTS policy;
+CREATE SCHEMA IF NOT EXISTS concelier;
+CREATE SCHEMA IF NOT EXISTS audit;