sprints work

2026-01-10 20:32:13 +02:00
parent 0d5eda86fc
commit 17d0631b8e
189 changed files with 40667 additions and 497 deletions
--- a/src/__Libraries/StellaOps.Evidence.Pack/Models/SignedEvidencePack.cs
+++ b/src/__Libraries/StellaOps.Evidence.Pack/Models/SignedEvidencePack.cs
@@ -0,0 +1,138 @@
+// <copyright file="SignedEvidencePack.cs" company="StellaOps">
+// Copyright (c) StellaOps. Licensed under the AGPL-3.0-or-later.
+// </copyright>
+
+using System.Collections.Immutable;
+
+namespace StellaOps.Evidence.Pack.Models;
+
+/// <summary>
+/// A signed evidence pack with DSSE envelope.
+/// Sprint: SPRINT_20260109_011_005 Task: EVPK-001
+/// </summary>
+public sealed record SignedEvidencePack
+{
+    /// <summary>Gets the evidence pack.</summary>
+    public required EvidencePack Pack { get; init; }
+
+    /// <summary>Gets the DSSE envelope containing the signature.</summary>
+    public required DsseEnvelope Envelope { get; init; }
+
+    /// <summary>Gets when the pack was signed.</summary>
+    public required DateTimeOffset SignedAt { get; init; }
+}
+
+/// <summary>
+/// DSSE (Dead Simple Signing Envelope) for evidence pack signatures.
+/// See: https://github.com/secure-systems-lab/dsse
+/// </summary>
+public sealed record DsseEnvelope
+{
+    /// <summary>Gets the payload type URI.</summary>
+    public required string PayloadType { get; init; }
+
+    /// <summary>Gets the base64-encoded payload.</summary>
+    public required string Payload { get; init; }
+
+    /// <summary>Gets the computed payload digest.</summary>
+    public required string PayloadDigest { get; init; }
+
+    /// <summary>Gets the signatures.</summary>
+    public required ImmutableArray<DsseSignature> Signatures { get; init; }
+}
+
+/// <summary>
+/// A signature within a DSSE envelope.
+/// </summary>
+public sealed record DsseSignature
+{
+    /// <summary>Gets the key identifier.</summary>
+    public required string KeyId { get; init; }
+
+    /// <summary>Gets the base64-encoded signature.</summary>
+    public required string Sig { get; init; }
+}
+
+/// <summary>
+/// Result of verifying an evidence pack.
+/// </summary>
+public sealed record EvidencePackVerificationResult
+{
+    /// <summary>Gets whether the pack is valid.</summary>
+    public required bool Valid { get; init; }
+
+    /// <summary>Gets the pack content digest.</summary>
+    public required string PackDigest { get; init; }
+
+    /// <summary>Gets the signing key identifier.</summary>
+    public required string SignatureKeyId { get; init; }
+
+    /// <summary>Gets any verification issues.</summary>
+    public ImmutableArray<string> Issues { get; init; } = ImmutableArray<string>.Empty;
+
+    /// <summary>Gets individual evidence resolution results.</summary>
+    public ImmutableArray<EvidenceResolutionResult> EvidenceResolutions { get; init; } = ImmutableArray<EvidenceResolutionResult>.Empty;
+}
+
+/// <summary>
+/// Result of resolving a single evidence item.
+/// </summary>
+public sealed record EvidenceResolutionResult
+{
+    /// <summary>Gets the evidence identifier.</summary>
+    public required string EvidenceId { get; init; }
+
+    /// <summary>Gets the evidence URI.</summary>
+    public required string Uri { get; init; }
+
+    /// <summary>Gets whether the evidence was resolved.</summary>
+    public required bool Resolved { get; init; }
+
+    /// <summary>Gets whether the digest matches.</summary>
+    public required bool DigestMatches { get; init; }
+
+    /// <summary>Gets any resolution error.</summary>
+    public string? Error { get; init; }
+}
+
+/// <summary>
+/// Export format options for evidence packs.
+/// </summary>
+public enum EvidencePackExportFormat
+{
+    /// <summary>Raw JSON format.</summary>
+    Json,
+
+    /// <summary>Signed JSON with DSSE envelope.</summary>
+    SignedJson,
+
+    /// <summary>Human-readable Markdown.</summary>
+    Markdown,
+
+    /// <summary>PDF report.</summary>
+    Pdf,
+
+    /// <summary>Styled HTML report.</summary>
+    Html
+}
+
+/// <summary>
+/// Result of exporting an evidence pack.
+/// </summary>
+public sealed record EvidencePackExport
+{
+    /// <summary>Gets the pack identifier.</summary>
+    public required string PackId { get; init; }
+
+    /// <summary>Gets the export format.</summary>
+    public required EvidencePackExportFormat Format { get; init; }
+
+    /// <summary>Gets the content bytes.</summary>
+    public required byte[] Content { get; init; }
+
+    /// <summary>Gets the content type.</summary>
+    public required string ContentType { get; init; }
+
+    /// <summary>Gets the suggested filename.</summary>
+    public required string FileName { get; init; }
+}