doctor enhancements, setup, enhancements, ui functionality and design consolidation and , test projects fixes , product advisory attestation/rekor and delta verfications enhancements

src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Models/BundleManifest.cs

@@ -5,11 +5,12 @@ namespace StellaOps.AirGap.Bundle.Models;
 /// <summary>
 /// Manifest for an offline bundle, inventorying all components with content digests.
 /// Used for integrity verification and completeness checking in air-gapped environments.
+/// Sprint: SPRINT_20260118_018 (TASK-018-001) - Updated to v2.0.0
 /// </summary>
 public sealed record BundleManifest
 {
     public required string BundleId { get; init; }
-    public string SchemaVersion { get; init; } = "1.0.0";
+    public string SchemaVersion { get; init; } = "2.0.0";
     public required string Name { get; init; }
     public required string Version { get; init; }
     public required DateTimeOffset CreatedAt { get; init; }
@@ -23,6 +24,103 @@ public sealed record BundleManifest
     public ImmutableArray<RuleBundleComponent> RuleBundles { get; init; } = [];
     public long TotalSizeBytes { get; init; }
     public string? BundleDigest { get; init; }
+
+    // -------------------------------------------------------------------------
+    // v2.0.0 Additions - Sprint: SPRINT_20260118_018 (TASK-018-001)
+    // -------------------------------------------------------------------------
+
+    /// <summary>
+    /// Image reference this bundle is for (advisory-specified format).
+    /// Example: "registry.example.com/app@sha256:..."
+    /// </summary>
+    public string? Image { get; init; }
+
+    /// <summary>
+    /// List of artifacts in the bundle with path and type information.
+    /// </summary>
+    public ImmutableArray<BundleArtifact> Artifacts { get; init; } = [];
+
+    /// <summary>
+    /// Verification section with keys and expectations.
+    /// </summary>
+    public BundleVerifySection? Verify { get; init; }
+}
+
+/// <summary>
+/// Artifact entry in a bundle (v2.0.0).
+/// Sprint: SPRINT_20260118_018 (TASK-018-001)
+/// </summary>
+public sealed record BundleArtifact(
+    /// <summary>Relative path within the bundle.</summary>
+    string Path,
+    /// <summary>Artifact type: sbom, vex, dsse, rekor-proof, oci-referrers, etc.</summary>
+    string Type,
+    /// <summary>Content type (MIME).</summary>
+    string? ContentType,
+    /// <summary>SHA-256 digest of the artifact.</summary>
+    string? Digest,
+    /// <summary>Size in bytes.</summary>
+    long? SizeBytes);
+
+/// <summary>
+/// Verification section for bundle validation (v2.0.0).
+/// Sprint: SPRINT_20260118_018 (TASK-018-001)
+/// </summary>
+public sealed record BundleVerifySection
+{
+    /// <summary>
+    /// Trusted signing keys for verification.
+    /// Formats: kms://..., file://..., sigstore://...
+    /// </summary>
+    public ImmutableArray<string> Keys { get; init; } = [];
+
+    /// <summary>
+    /// Verification expectations.
+    /// </summary>
+    public BundleVerifyExpectations? Expectations { get; init; }
+
+    /// <summary>
+    /// Optional: path to trust root certificate.
+    /// </summary>
+    public string? TrustRoot { get; init; }
+
+    /// <summary>
+    /// Optional: Rekor checkpoint for offline proof verification.
+    /// </summary>
+    public string? RekorCheckpointPath { get; init; }
+}
+
+/// <summary>
+/// Verification expectations (v2.0.0).
+/// Sprint: SPRINT_20260118_018 (TASK-018-001)
+/// </summary>
+public sealed record BundleVerifyExpectations
+{
+    /// <summary>
+    /// Expected payload types in DSSE envelopes.
+    /// Example: ["application/vnd.cyclonedx+json;version=1.6", "application/vnd.openvex+json"]
+    /// </summary>
+    public ImmutableArray<string> PayloadTypes { get; init; } = [];
+
+    /// <summary>
+    /// Whether Rekor proof is required for verification.
+    /// </summary>
+    public bool RekorRequired { get; init; } = true;
+
+    /// <summary>
+    /// Minimum number of signatures required.
+    /// </summary>
+    public int MinSignatures { get; init; } = 1;
+
+    /// <summary>
+    /// Required artifact types that must be present.
+    /// </summary>
+    public ImmutableArray<string> RequiredArtifacts { get; init; } = [];
+
+    /// <summary>
+    /// Whether all artifacts must pass checksum verification.
+    /// </summary>
+    public bool VerifyChecksums { get; init; } = true;
 }
 
 public sealed record FeedComponent(