Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.

docs/policy/auth-signals-lib-115.md

@@ -0,0 +1,40 @@
+# POLICY-AUTH-SIGNALS-LIB-115 · Shared P/A/S contracts (draft v0.1)
+
+Purpose: deliver shared models/schemas for Policy, Authority, and Signals so Concelier/Excititor consumers can bind without merge logic.
+
+## Core models (C#-friendly, JSON schema inline)
+- `PolicyAuthSignal`:
+  - `id` (string, required) — stable identifier (ULID preferred)
+  - `tenant` (string, required)
+  - `subject` (string, required) — e.g., `purl`, `sbom://`, `service://`
+  - `signal_type` (string, enum: `reachability`, `attestation`, `risk`, `vex`)
+  - `source` (string, required) — producer service
+  - `confidence` (float?, optional)
+  - `evidence` (array of `EvidenceRef`)
+  - `created` (string, UTC ISO-8601, required)
+- `EvidenceRef`:
+  - `kind` (string, enum: `linkset`, `runtime`, `attestation`, `bundle`)
+  - `uri` (string, required) — CAS or storage pointer
+  - `digest` (string, sha256, required)
+  - `scope` (string) — tenant/scopes
+- `Provenance`:
+  - `pipeline` (string) — build id
+  - `inputs` (array<string>) — hashes of inputs
+  - `signer` (string)
+  - `transparency` (object: `rekor_uuid` or `skip_reason`)
+
+## JSON schema stub (add-only)
+See `schemas/policy-auth-signals-lib-115.json` (to be emitted with the NuGet package).
+
+## Package plan
+- Project: `StellaOps.Policy.AuthSignals` (net10.0)
+- Deliverables: models, JSON schema, sample fixtures, `PolicyAuthSignalJsonContext` for source generators, deterministic serialization.
+- Publish target: `local-nugets/` (version `0.1.0-alpha+draft`), then promote after guild ratification.
+
+## Fixtures (to include in package)
+- `fixtures/policy-auth-signal-sample.json`
+- `fixtures/policy-auth-signal-reachability.json`
+- Schema: `schemas/policy-auth-signals-lib-115.json`
+
+## Status
+- NuGet package `StellaOps.Policy.AuthSignals` 0.1.0-alpha built and placed in `local-nugets/` (sha256: `8ab5aa6c0daf5e56e1355d4d6bcaf110a8bc28b28a5ee1970864bcd4b6ba6750`). Awaiting guild ratification to promote beyond alpha.

docs/policy/fixtures/policy-auth-signal-reachability.json

@@ -0,0 +1,31 @@
+{
+  "id": "ulid-01J000REACH000000000000000",
+  "tenant": "urn:tenant:demo",
+  "subject": "service://demo-api",
+  "signal_type": "reachability",
+  "source": "signals",
+  "evidence": [
+    {
+      "kind": "runtime",
+      "uri": "cas://runtime-facts/123",
+      "digest": "sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc"
+    },
+    {
+      "kind": "attestation",
+      "uri": "cas://attestations/abc",
+      "digest": "sha256:dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd"
+    }
+  ],
+  "provenance": {
+    "pipeline": "build:reachability-001",
+    "inputs": [
+      "sha256:eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"
+    ],
+    "signer": "sigkey:runtime",
+    "transparency": {
+      "rekor_uuid": "a1b2c3d4",
+      "skip_reason": null
+    }
+  },
+  "created": "2025-11-19T12:00:00Z"
+}

docs/policy/fixtures/policy-auth-signal-sample.json

@@ -0,0 +1,26 @@
+{
+  "id": "ulid-01J00000000000000000000000",
+  "tenant": "urn:tenant:00000000-0000-0000-0000-000000000000",
+  "subject": "purl:pkg:maven/org.example/app@1.2.3",
+  "signal_type": "reachability",
+  "source": "signals",
+  "confidence": 0.92,
+  "evidence": [
+    {
+      "kind": "linkset",
+      "uri": "cas://linksets/advisory-ghsa-1234",
+      "digest": "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+      "scope": "tenant:default"
+    }
+  ],
+  "provenance": {
+    "pipeline": "git:abcd1234",
+    "inputs": ["sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"],
+    "signer": "sigkey:policy",
+    "transparency": {
+      "rekor_uuid": null,
+      "skip_reason": "offline"
+    }
+  },
+  "created": "2025-11-19T00:00:00Z"
+}

docs/policy/schemas/policy-auth-signals-lib-115.json

@@ -0,0 +1,56 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://stellaops.local/schemas/policy-auth-signals-lib-115.json",
+  "title": "PolicyAuthSignal",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["id", "tenant", "subject", "signal_type", "source", "created", "evidence"],
+  "properties": {
+    "id": {"type": "string"},
+    "tenant": {"type": "string"},
+    "subject": {"type": "string"},
+    "signal_type": {"type": "string", "enum": ["reachability", "attestation", "risk", "vex"]},
+    "source": {"type": "string"},
+    "confidence": {"type": "number"},
+    "evidence": {
+      "type": "array",
+      "items": {"$ref": "#/$defs/EvidenceRef"},
+      "minItems": 1
+    },
+    "provenance": {"$ref": "#/$defs/Provenance"},
+    "created": {
+      "type": "string",
+      "format": "date-time"
+    }
+  },
+  "$defs": {
+    "EvidenceRef": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["kind", "uri", "digest"],
+      "properties": {
+        "kind": {"type": "string", "enum": ["linkset", "runtime", "attestation", "bundle"]},
+        "uri": {"type": "string"},
+        "digest": {"type": "string"},
+        "scope": {"type": "string"}
+      }
+    },
+    "Provenance": {
+      "type": "object",
+      "additionalProperties": false,
+      "properties": {
+        "pipeline": {"type": "string"},
+        "inputs": {"type": "array", "items": {"type": "string"}},
+        "signer": {"type": "string"},
+        "transparency": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "rekor_uuid": {"type": ["string", "null"]},
+            "skip_reason": {"type": ["string", "null"]}
+          }
+        }
+      }
+    }
+  }
+}