new advisories work and features gaps work

2026-01-14 18:39:19 +02:00
parent 95d5898650
commit 15aeac8e8b
148 changed files with 16731 additions and 554 deletions
--- a/src/Policy/__Libraries/StellaOps.Policy.Determinization/Evidence/VexClaimSummary.cs
+++ b/src/Policy/__Libraries/StellaOps.Policy.Determinization/Evidence/VexClaimSummary.cs
@@ -38,6 +38,14 @@ public sealed record VexClaimSummary
    [JsonPropertyName("justification")]
    public string? Justification { get; init; }

+    // Sprint: SPRINT_20260112_004_BE_policy_determinization_attested_rules (DET-ATT-001)
+
+    /// <summary>
+    /// Anchor metadata for the VEX claim (DSSE envelope, Rekor, etc.).
+    /// </summary>
+    [JsonPropertyName("anchor")]
+    public VexClaimAnchor? Anchor { get; init; }
+
    /// <summary>
    /// Convenience property indicating if the VEX status is "not_affected".
    /// </summary>
@@ -50,4 +58,71 @@ public sealed record VexClaimSummary
    /// </summary>
    [JsonIgnore]
    public double IssuerTrust => Confidence;
+
+    /// <summary>
+    /// Whether the VEX claim is anchored (has DSSE/Rekor attestation).
+    /// </summary>
+    [JsonIgnore]
+    public bool IsAnchored => Anchor?.Anchored == true;
+}
+
+/// <summary>
+/// Anchor metadata for VEX claims.
+/// Sprint: SPRINT_20260112_004_BE_policy_determinization_attested_rules (DET-ATT-001)
+/// </summary>
+public sealed record VexClaimAnchor
+{
+    /// <summary>
+    /// Whether the claim is anchored with attestation.
+    /// </summary>
+    [JsonPropertyName("anchored")]
+    public required bool Anchored { get; init; }
+
+    /// <summary>
+    /// DSSE envelope digest (sha256:hex).
+    /// </summary>
+    [JsonPropertyName("envelope_digest")]
+    public string? EnvelopeDigest { get; init; }
+
+    /// <summary>
+    /// Predicate type of the attestation.
+    /// </summary>
+    [JsonPropertyName("predicate_type")]
+    public string? PredicateType { get; init; }
+
+    /// <summary>
+    /// Rekor log index if transparency-anchored.
+    /// </summary>
+    [JsonPropertyName("rekor_log_index")]
+    public long? RekorLogIndex { get; init; }
+
+    /// <summary>
+    /// Rekor entry ID if transparency-anchored.
+    /// </summary>
+    [JsonPropertyName("rekor_entry_id")]
+    public string? RekorEntryId { get; init; }
+
+    /// <summary>
+    /// Scope of the attestation.
+    /// </summary>
+    [JsonPropertyName("scope")]
+    public string? Scope { get; init; }
+
+    /// <summary>
+    /// Whether the attestation has been verified.
+    /// </summary>
+    [JsonPropertyName("verified")]
+    public bool? Verified { get; init; }
+
+    /// <summary>
+    /// Timestamp when the attestation was created.
+    /// </summary>
+    [JsonPropertyName("attested_at")]
+    public DateTimeOffset? AttestedAt { get; init; }
+
+    /// <summary>
+    /// Whether the claim is Rekor-anchored (has log index).
+    /// </summary>
+    [JsonIgnore]
+    public bool IsRekorAnchored => RekorLogIndex.HasValue;
 }