feat: Add DigestUpsertRequest and LockEntity models

- Introduced DigestUpsertRequest for handling digest upsert requests with properties like ChannelId, Recipient, DigestKey, Events, and CollectUntil.
- Created LockEntity to represent a lightweight distributed lock entry with properties such as Id, TenantId, Resource, Owner, ExpiresAt, and CreatedAt.

feat: Implement ILockRepository interface and LockRepository class

- Defined ILockRepository interface with methods for acquiring and releasing locks.
- Implemented LockRepository class with methods to try acquiring a lock and releasing it, using SQL for upsert operations.

feat: Add SurfaceManifestPointer record for manifest pointers

- Introduced SurfaceManifestPointer to represent a minimal pointer to a Surface.FS manifest associated with an image digest.

feat: Create PolicySimulationInputLock and related validation logic

- Added PolicySimulationInputLock record to describe policy simulation inputs and expected digests.
- Implemented validation logic for policy simulation inputs, including checks for digest drift and shadow mode requirements.

test: Add unit tests for ReplayVerificationService and ReplayVerifier

- Created ReplayVerificationServiceTests to validate the behavior of the ReplayVerificationService under various scenarios.
- Developed ReplayVerifierTests to ensure the correctness of the ReplayVerifier logic.

test: Implement PolicySimulationInputLockValidatorTests

- Added tests for PolicySimulationInputLockValidator to verify the validation logic against expected inputs and conditions.

chore: Add cosign key example and signing scripts

- Included a placeholder cosign key example for development purposes.
- Added a script for signing Signals artifacts using cosign with support for both v2 and v3.

chore: Create script for uploading evidence to the evidence locker

- Developed a script to upload evidence to the evidence locker, ensuring required environment variables are set.

docs/replay/policy-sim/README.md

@@ -0,0 +1,30 @@
+# Policy Simulation Gaps (PS1–PS10) — Lockfile, Quotas, and Shadow Safety
+
+This note closes POLICY-GAPS-185-006 by defining a signed inputs lock, offline verifier, and shadow isolation guardrails for policy simulations.
+
+## Lockfile
+- Schema: `docs/replay/policy-sim/lock.schema.json`
+- Sample: `docs/replay/policy-sim/inputs.lock.sample.json`
+- Fields cover policy bundle, graph, SBOM, time anchor, dataset digests; shadowIsolation flag; requiredScopes.
+- Recommended signing: DSSE over the lockfile with Ed25519; record envelope digest alongside artefacts.
+
+## Validation
+- Library helper: `PolicySimulationInputLockValidator` in `StellaOps.Replay.Core` compares materialized digests and enforces shadow mode + scope `policy:simulate:shadow`.
+- Staleness: pass `maxAge` (suggested 24h) to reject outdated locks.
+
+## CLI / CI contract
+- Script: `scripts/replay/verify-policy-sim-lock.sh` (offline). Exit codes: 0 OK, 2 missing tools/args, 3 schema/hash mismatch, 4 stale, 5 shadow/scope failure.
+- CI should run verifier before simulations and fail fast on non-zero exit.
+
+## Quotas & backpressure
+- Default limits: max 10 concurrent shadow runs per tenant; queue depth 100; reject when `policy:simulate:shadow` scope missing.
+- Simulators must be read-only: no writes to policy stores; only emit shadow metrics.
+
+## Offline policy-sim kit
+- Lockfile + DSSE, digests of policy/graph/sbom/time-anchor/dataset.
+- Bundle alongside replay packs; verifier uses local SHA256 only (no network).
+
+## Shadow isolation & redaction
+- Always run in `shadow` mode; block if requested runMode != `shadow`.
+- Redact PII fields (`user`, `ip`, `headers`, `secrets`) before storing fixtures; keep only hashes.
+- Require DSSE evidence when storing fixtures or responding to API clients.

docs/replay/policy-sim/inputs.lock.sample.json

@@ -0,0 +1,13 @@
+{
+  "$schema": "./lock.schema.json",
+  "schemaVersion": "1.0.0",
+  "generatedAt": "2025-12-03T00:00:00Z",
+  "policyBundleSha256": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+  "graphSha256": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
+  "sbomSha256": "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
+  "timeAnchorSha256": "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+  "datasetSha256": "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee",
+  "shadowIsolation": true,
+  "requiredScopes": ["policy:simulate:shadow", "graph:read"],
+  "notes": "Lock for PS1–PS10 remediation; DSSE signature optional"
+}

docs/replay/policy-sim/lock.schema.json

@@ -0,0 +1,35 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://stellaops.local/replay/policy-sim/lock.schema.json",
+  "title": "Policy Simulation Inputs Lock",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schemaVersion",
+    "generatedAt",
+    "policyBundleSha256",
+    "graphSha256",
+    "sbomSha256",
+    "timeAnchorSha256",
+    "datasetSha256",
+    "shadowIsolation",
+    "requiredScopes"
+  ],
+  "properties": {
+    "schemaVersion": { "type": "string", "pattern": "^1\\.0\\.\\d+$" },
+    "generatedAt": { "type": "string", "format": "date-time" },
+    "policyBundleSha256": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+    "graphSha256": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+    "sbomSha256": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+    "timeAnchorSha256": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+    "datasetSha256": { "type": "string", "pattern": "^[A-Fa-f0-9]{64}$" },
+    "shadowIsolation": { "type": "boolean" },
+    "requiredScopes": {
+      "type": "array",
+      "items": { "type": "string" },
+      "minItems": 1,
+      "uniqueItems": true
+    },
+    "notes": { "type": "string" }
+  }
+}