Resolve Concelier/Excititor merge conflicts

src/StellaOps.Cli/Services/IBackendOperationsClient.cs

@@ -1,16 +1,25 @@
-using System.Collections.Generic;
-using System.Threading;
-using System.Threading.Tasks;
-using StellaOps.Cli.Configuration;
-using StellaOps.Cli.Services.Models;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using StellaOps.Cli.Configuration;
+using StellaOps.Cli.Services.Models;
 
 namespace StellaOps.Cli.Services;
 
 internal interface IBackendOperationsClient
 {
-    Task<ScannerArtifactResult> DownloadScannerAsync(string channel, string outputPath, bool overwrite, bool verbose, CancellationToken cancellationToken);
-
-    Task UploadScanResultsAsync(string filePath, CancellationToken cancellationToken);
-
-    Task<JobTriggerResult> TriggerJobAsync(string jobKind, IDictionary<string, object?> parameters, CancellationToken cancellationToken);
-}
+    Task<ScannerArtifactResult> DownloadScannerAsync(string channel, string outputPath, bool overwrite, bool verbose, CancellationToken cancellationToken);
+
+    Task UploadScanResultsAsync(string filePath, CancellationToken cancellationToken);
+
+    Task<JobTriggerResult> TriggerJobAsync(string jobKind, IDictionary<string, object?> parameters, CancellationToken cancellationToken);
+
+    Task<ExcititorOperationResult> ExecuteExcititorOperationAsync(string route, HttpMethod method, object? payload, CancellationToken cancellationToken);
+
+    Task<ExcititorExportDownloadResult> DownloadExcititorExportAsync(string exportId, string destinationPath, string? expectedDigestAlgorithm, string? expectedDigest, CancellationToken cancellationToken);
+
+    Task<IReadOnlyList<ExcititorProviderSummary>> GetExcititorProvidersAsync(bool includeDisabled, CancellationToken cancellationToken);
+
+    Task<RuntimePolicyEvaluationResult> EvaluateRuntimePolicyAsync(RuntimePolicyEvaluationRequest request, CancellationToken cancellationToken);
+}

src/StellaOps.Cli/Services/Models/ExcititorExportDownloadResult.cs

@@ -0,0 +1,6 @@
+namespace StellaOps.Cli.Services.Models;
+
+internal sealed record ExcititorExportDownloadResult(
+    string Path,
+    long SizeBytes,
+    bool FromCache);

src/StellaOps.Cli/Services/Models/ExcititorOperationResult.cs

@@ -0,0 +1,9 @@
+using System.Text.Json;
+
+namespace StellaOps.Cli.Services.Models;
+
+internal sealed record ExcititorOperationResult(
+    bool Success,
+    string Message,
+    string? Location,
+    JsonElement? Payload);

src/StellaOps.Cli/Services/Models/ExcititorProviderSummary.cs

@@ -0,0 +1,11 @@
+using System;
+
+namespace StellaOps.Cli.Services.Models;
+
+internal sealed record ExcititorProviderSummary(
+    string Id,
+    string Kind,
+    string DisplayName,
+    string TrustTier,
+    bool Enabled,
+    DateTimeOffset? LastIngestedAt);

src/StellaOps.Cli/Services/Models/RuntimePolicyEvaluationModels.cs

@@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+
+namespace StellaOps.Cli.Services.Models;
+
+internal sealed record RuntimePolicyEvaluationRequest(
+    string? Namespace,
+    IReadOnlyDictionary<string, string> Labels,
+    IReadOnlyList<string> Images);
+
+internal sealed record RuntimePolicyEvaluationResult(
+    int TtlSeconds,
+    DateTimeOffset? ExpiresAtUtc,
+    string? PolicyRevision,
+    IReadOnlyDictionary<string, RuntimePolicyImageDecision> Decisions);
+
+internal sealed record RuntimePolicyImageDecision(
+    string PolicyVerdict,
+    bool? Signed,
+    bool? HasSbomReferrers,
+    IReadOnlyList<string> Reasons,
+    RuntimePolicyRekorReference? Rekor,
+    IReadOnlyDictionary<string, object?> AdditionalProperties);
+
+internal sealed record RuntimePolicyRekorReference(string? Uuid, string? Url, bool? Verified);

src/StellaOps.Cli/Services/Models/Transport/RuntimePolicyEvaluationTransport.cs

@@ -0,0 +1,72 @@
+using System;
+using System.Collections.Generic;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Cli.Services.Models.Transport;
+
+internal sealed class RuntimePolicyEvaluationRequestDocument
+{
+    [JsonPropertyName("namespace")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? Namespace { get; set; }
+
+    [JsonPropertyName("labels")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public Dictionary<string, string>? Labels { get; set; }
+
+    [JsonPropertyName("images")]
+    public List<string> Images { get; set; } = new();
+}
+
+internal sealed class RuntimePolicyEvaluationResponseDocument
+{
+    [JsonPropertyName("ttlSeconds")]
+    public int? TtlSeconds { get; set; }
+
+    [JsonPropertyName("expiresAtUtc")]
+    public DateTimeOffset? ExpiresAtUtc { get; set; }
+
+    [JsonPropertyName("policyRevision")]
+    public string? PolicyRevision { get; set; }
+
+    [JsonPropertyName("results")]
+    public Dictionary<string, RuntimePolicyEvaluationImageDocument>? Results { get; set; }
+}
+
+internal sealed class RuntimePolicyEvaluationImageDocument
+{
+    [JsonPropertyName("policyVerdict")]
+    public string? PolicyVerdict { get; set; }
+
+    [JsonPropertyName("signed")]
+    public bool? Signed { get; set; }
+
+    [JsonPropertyName("hasSbomReferrers")]
+    public bool? HasSbomReferrers { get; set; }
+
+    // Legacy field kept for pre-contract-sync services.
+    [JsonPropertyName("hasSbom")]
+    public bool? HasSbomLegacy { get; set; }
+
+    [JsonPropertyName("reasons")]
+    public List<string>? Reasons { get; set; }
+
+    [JsonPropertyName("rekor")]
+    public RuntimePolicyRekorDocument? Rekor { get; set; }
+
+    [JsonExtensionData]
+    public Dictionary<string, JsonElement>? ExtensionData { get; set; }
+}
+
+internal sealed class RuntimePolicyRekorDocument
+{
+    [JsonPropertyName("uuid")]
+    public string? Uuid { get; set; }
+
+    [JsonPropertyName("url")]
+    public string? Url { get; set; }
+
+    [JsonPropertyName("verified")]
+    public bool? Verified { get; set; }
+}