sprints work

src/Scanner/__Libraries/StellaOps.Scanner.ProofSpine/ProofSpineModels.cs

@@ -5,6 +5,19 @@ namespace StellaOps.Scanner.ProofSpine;
 /// <summary>
 /// Represents a complete verifiable decision chain from SBOM to VEX verdict.
 /// </summary>
+/// <param name="SpineId">Content-addressed ID of this proof spine.</param>
+/// <param name="ArtifactId">The artifact (container image, package) this spine evaluates.</param>
+/// <param name="VulnerabilityId">The vulnerability ID being evaluated.</param>
+/// <param name="PolicyProfileId">The policy profile used for evaluation.</param>
+/// <param name="Segments">Ordered list of evidence segments in the proof chain.</param>
+/// <param name="Verdict">Final verdict (affected, not_affected, fixed, under_investigation).</param>
+/// <param name="VerdictReason">Human-readable explanation of the verdict.</param>
+/// <param name="RootHash">Merkle root hash of all segment hashes.</param>
+/// <param name="ScanRunId">ID of the scan run that produced this spine.</param>
+/// <param name="CreatedAt">When this spine was created.</param>
+/// <param name="SupersededBySpineId">If superseded, the ID of the newer spine.</param>
+/// <param name="GraphRootAttestationId">Optional: Content-addressed ID of the graph root attestation.</param>
+/// <param name="GraphRootEnvelope">Optional: DSSE envelope containing the graph root attestation.</param>
 public sealed record ProofSpine(
     string SpineId,
     string ArtifactId,
@@ -16,7 +29,9 @@ public sealed record ProofSpine(
     string RootHash,
     string ScanRunId,
     DateTimeOffset CreatedAt,
-    string? SupersededBySpineId);
+    string? SupersededBySpineId,
+    string? GraphRootAttestationId = null,
+    DsseEnvelope? GraphRootEnvelope = null);
 
 /// <summary>
 /// A single evidence segment in the proof chain.