Add tests for SBOM generation determinism across multiple formats

- Created `StellaOps.TestKit.Tests` project for unit tests related to determinism.
- Implemented `DeterminismManifestTests` to validate deterministic output for canonical bytes and strings, file read/write operations, and error handling for invalid schema versions.
- Added `SbomDeterminismTests` to ensure identical inputs produce consistent SBOMs across SPDX 3.0.1 and CycloneDX 1.6/1.7 formats, including parallel execution tests.
- Updated project references in `StellaOps.Integration.Determinism` to include the new determinism testing library.

docs2/README.md

@@ -36,6 +36,7 @@ How to navigate
 - orchestrator/api.md - Orchestrator API surface
 - orchestrator/cli.md - Orchestrator CLI commands
 - orchestrator/console.md - Orchestrator console views
+- orchestrator/runbook.md - Orchestrator operations runbook
 - operations/quickstart.md - First scan workflow
 - operations/install-deploy.md - Install and deployment guidance
 - operations/deployment-versioning.md - Versioning and promotion model
@@ -47,6 +48,12 @@ How to navigate
 - operations/runtime-readiness.md - Runtime readiness checks
 - operations/slo.md - Service SLO overview
 - operations/runbooks.md - Operational runbooks and incident response
+- operations/key-rotation.md - Signing key rotation runbook
+- operations/proof-verification.md - Proof verification runbook
+- operations/score-proofs.md - Score proofs and replay operations
+- operations/reachability.md - Reachability operations
+- operations/trust-lattice.md - Trust lattice operations
+- operations/unknowns-queue.md - Unknowns queue operations
 - operations/notifications.md - Notifications Studio operations
 - notifications/overview.md - Notifications overview
 - notifications/rules.md - Notification rules and routing
@@ -54,8 +61,11 @@ How to navigate
 - notifications/templates.md - Notification templates
 - notifications/digests.md - Notification digests
 - notifications/pack-approvals.md - Pack approval notifications
+- notifications/runbook.md - Notifications operations runbook
 - operations/router-rate-limiting.md - Gateway rate limiting
 - release/release-engineering.md - Release and CI/CD overview
+- release/promotion-attestations.md - Promotion-time attestation predicate
+- release/release-notes.md - Release notes index and templates
 - api/overview.md - API surface and conventions
 - api/auth-and-tokens.md - Authority, OpTok, DPoP and mTLS, PoE
 - policy/policy-system.md - Policy DSL, lifecycle, and governance
@@ -99,12 +109,16 @@ How to navigate
 - ui/branding.md - Tenant branding model
 - data-and-schemas.md - Storage, schemas, and determinism rules
 - data/persistence.md - Database model and migration notes
+- data/postgresql-operations.md - PostgreSQL operations guide
+- data/postgresql-patterns.md - RLS and partitioning patterns
 - data/events.md - Event envelopes and validation
 - sbom/overview.md - SBOM formats, mapping, and heuristics
 - governance/approvals.md - Approval routing and audit
 - governance/exceptions.md - Exception lifecycle and controls
 - security-and-governance.md - Security policy, hardening, governance, compliance
 - security/identity-tenancy-and-scopes.md - Authority scopes and tenancy rules
+- security/multi-tenancy.md - Tenant lifecycle and isolation model
+- security/row-level-security.md - Database RLS enforcement
 - security/crypto-and-trust.md - Crypto profiles and trust roots
 - security/crypto-compliance.md - Regional crypto profiles and licensing notes
 - security/quota-and-licensing.md - Offline quota and JWT licensing
@@ -114,8 +128,19 @@ How to navigate
 - security/audit-events.md - Authority audit event schema
 - security/revocation-bundles.md - Revocation bundle format and verification
 - security/risk-model.md - Risk scoring model and explainability
+- risk/overview.md - Risk scoring overview
+- risk/factors.md - Risk factor catalog
+- risk/formulas.md - Risk scoring formulas
+- risk/profiles.md - Risk profile schema and lifecycle
+- risk/explainability.md - Risk explainability payloads
+- risk/api.md - Risk API endpoints
 - security/forensics-and-evidence-locker.md - Evidence locker and forensic storage
+- security/evidence-locker-publishing.md - Evidence locker publishing process
+- security/timeline.md - Timeline event ledger and exports
 - provenance/inline-provenance.md - DSSE metadata and transparency links
+- provenance/attestation-workflow.md - Attestation workflow and verification
+- provenance/rekor-policy.md - Rekor submission budget policy
+- provenance/backfill.md - Provenance backfill procedure
 - signals/unknowns.md - Unknowns registry and signals model
 - signals/unknowns-ranking.md - Unknowns scoring and triage bands
 - signals/uncertainty.md - Uncertainty states and tiers
@@ -129,7 +154,18 @@ How to navigate
 - migration/overview.md - Migration paths and parity guidance
 - vex/consensus.md - VEX consensus overview
 - testing-and-quality.md - Test strategy and quality gates
+- testing/router-chaos.md - Router chaos testing scenarios
 - observability.md - Metrics, logs, tracing, telemetry stack
+- observability-standards.md - Telemetry envelope, scrubbing, sampling
+- observability-logging.md - Logging fields and redaction
+- observability-tracing.md - Trace propagation and span conventions
+- observability-metrics-slos.md - Core metrics and SLO guidance
+- observability-telemetry-controls.md - Propagation, sealed mode, incident mode
+- observability-aoc.md - AOC ingestion observability
+- observability-aggregation.md - Aggregation pipeline observability
+- observability-policy.md - Policy Engine observability
+- observability-ui-telemetry.md - Console telemetry metrics and alerts
+- observability-vuln-telemetry.md - Vulnerability explorer telemetry
 - developer/onboarding.md - Local dev setup and workflows
 - developer/plugin-sdk.md - Plugin SDK summary
 - developer/devportal.md - Developer portal publishing