Refactor code structure for improved readability and maintainability; optimize performance in key functions.

src/Cli/StellaOps.Cli/Services/Models/ImageVerificationModels.cs

@@ -0,0 +1,45 @@
+using System;
+using System.Collections.Generic;
+
+namespace StellaOps.Cli.Services.Models;
+
+public sealed record ImageVerificationRequest
+{
+    public required string Reference { get; init; }
+    public required IReadOnlyList<string> RequiredTypes { get; init; }
+    public string? TrustPolicyPath { get; init; }
+    public bool Strict { get; init; }
+}
+
+public sealed record ImageVerificationResult
+{
+    public required string ImageReference { get; init; }
+    public required string ImageDigest { get; init; }
+    public string? Registry { get; init; }
+    public string? Repository { get; init; }
+    public required DateTimeOffset VerifiedAt { get; init; }
+    public bool IsValid { get; set; }
+    public List<AttestationVerification> Attestations { get; } = new();
+    public List<string> MissingTypes { get; set; } = new();
+    public List<string> Errors { get; } = new();
+}
+
+public sealed record AttestationVerification
+{
+    public required string Type { get; init; }
+    public required bool IsValid { get; init; }
+    public required AttestationStatus Status { get; init; }
+    public string? Digest { get; init; }
+    public string? SignerIdentity { get; init; }
+    public string? Message { get; init; }
+    public DateTimeOffset? VerifiedAt { get; init; }
+}
+
+public enum AttestationStatus
+{
+    Verified,
+    Invalid,
+    Missing,
+    Expired,
+    UntrustedSigner
+}

src/Cli/StellaOps.Cli/Services/Models/OciModels.cs

@@ -0,0 +1,70 @@
+using System.Collections.Generic;
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Cli.Services.Models;
+
+public sealed record OciImageReference
+{
+    public required string Registry { get; init; }
+    public required string Repository { get; init; }
+    public string? Tag { get; init; }
+    public string? Digest { get; init; }
+    public required string Original { get; init; }
+}
+
+public sealed record OciReferrersResponse
+{
+    [JsonPropertyName("referrers")]
+    public List<OciReferrerDescriptor> Referrers { get; init; } = new();
+}
+
+public sealed record OciReferrerDescriptor
+{
+    [JsonPropertyName("mediaType")]
+    public string? MediaType { get; init; }
+
+    [JsonPropertyName("artifactType")]
+    public string? ArtifactType { get; init; }
+
+    [JsonPropertyName("digest")]
+    public string Digest { get; init; } = string.Empty;
+
+    [JsonPropertyName("size")]
+    public long Size { get; init; }
+
+    [JsonPropertyName("annotations")]
+    public Dictionary<string, string>? Annotations { get; init; }
+}
+
+public sealed record OciManifest
+{
+    [JsonPropertyName("mediaType")]
+    public string? MediaType { get; init; }
+
+    [JsonPropertyName("artifactType")]
+    public string? ArtifactType { get; init; }
+
+    [JsonPropertyName("config")]
+    public OciDescriptor? Config { get; init; }
+
+    [JsonPropertyName("layers")]
+    public List<OciDescriptor> Layers { get; init; } = new();
+
+    [JsonPropertyName("annotations")]
+    public Dictionary<string, string>? Annotations { get; init; }
+}
+
+public sealed record OciDescriptor
+{
+    [JsonPropertyName("mediaType")]
+    public string? MediaType { get; init; }
+
+    [JsonPropertyName("digest")]
+    public string Digest { get; init; } = string.Empty;
+
+    [JsonPropertyName("size")]
+    public long Size { get; init; }
+
+    [JsonPropertyName("annotations")]
+    public Dictionary<string, string>? Annotations { get; init; }
+}

src/Cli/StellaOps.Cli/Services/Models/SbomModels.cs

@@ -1,5 +1,7 @@
 using System;
 using System.Collections.Generic;
+using System.Text.Json;
+using System.Text.Json;
 using System.Text.Json.Serialization;
 
 namespace StellaOps.Cli.Services.Models;
@@ -66,6 +68,102 @@ internal sealed class SbomListResponse
     public string? NextCursor { get; init; }
 }
 
+/// <summary>
+/// SBOM upload request payload.
+/// </summary>
+internal sealed class SbomUploadRequest
+{
+    [JsonPropertyName("artifactRef")]
+    public string ArtifactRef { get; init; } = string.Empty;
+
+    [JsonPropertyName("sbom")]
+    public JsonElement? Sbom { get; init; }
+
+    [JsonPropertyName("sbomBase64")]
+    public string? SbomBase64 { get; init; }
+
+    [JsonPropertyName("format")]
+    public string? Format { get; init; }
+
+    [JsonPropertyName("source")]
+    public SbomUploadSource? Source { get; init; }
+}
+
+/// <summary>
+/// SBOM upload source metadata.
+/// </summary>
+internal sealed class SbomUploadSource
+{
+    [JsonPropertyName("tool")]
+    public string? Tool { get; init; }
+
+    [JsonPropertyName("version")]
+    public string? Version { get; init; }
+
+    [JsonPropertyName("ciContext")]
+    public SbomUploadCiContext? CiContext { get; init; }
+}
+
+/// <summary>
+/// CI context metadata for SBOM uploads.
+/// </summary>
+internal sealed class SbomUploadCiContext
+{
+    [JsonPropertyName("buildId")]
+    public string? BuildId { get; init; }
+
+    [JsonPropertyName("repository")]
+    public string? Repository { get; init; }
+}
+
+/// <summary>
+/// SBOM upload response payload.
+/// </summary>
+internal sealed class SbomUploadResponse
+{
+    [JsonPropertyName("sbomId")]
+    public string SbomId { get; init; } = string.Empty;
+
+    [JsonPropertyName("artifactRef")]
+    public string ArtifactRef { get; init; } = string.Empty;
+
+    [JsonPropertyName("digest")]
+    public string Digest { get; init; } = string.Empty;
+
+    [JsonPropertyName("format")]
+    public string Format { get; init; } = string.Empty;
+
+    [JsonPropertyName("formatVersion")]
+    public string FormatVersion { get; init; } = string.Empty;
+
+    [JsonPropertyName("validationResult")]
+    public SbomUploadValidationSummary ValidationResult { get; init; } = new();
+
+    [JsonPropertyName("analysisJobId")]
+    public string AnalysisJobId { get; init; } = string.Empty;
+}
+
+/// <summary>
+/// SBOM upload validation summary.
+/// </summary>
+internal sealed class SbomUploadValidationSummary
+{
+    [JsonPropertyName("valid")]
+    public bool Valid { get; init; }
+
+    [JsonPropertyName("qualityScore")]
+    public double QualityScore { get; init; }
+
+    [JsonPropertyName("warnings")]
+    public IReadOnlyList<string> Warnings { get; init; } = [];
+
+    [JsonPropertyName("errors")]
+    public IReadOnlyList<string> Errors { get; init; } = [];
+
+    [JsonPropertyName("componentCount")]
+    public int ComponentCount { get; init; }
+}
+
 /// <summary>
 /// Summary view of an SBOM.
 /// </summary>
@@ -552,6 +650,111 @@ internal sealed class SbomExportResult
     public IReadOnlyList<string>? Errors { get; init; }
 }
 
+/// <summary>
+/// SBOM upload request payload.
+/// </summary>
+internal sealed class SbomUploadRequest
+{
+    [JsonPropertyName("artifactRef")]
+    public string ArtifactRef { get; init; } = string.Empty;
+
+    [JsonPropertyName("artifactDigest")]
+    public string? ArtifactDigest { get; init; }
+
+    [JsonPropertyName("sbom")]
+    public JsonElement? Sbom { get; init; }
+
+    [JsonPropertyName("sbomBase64")]
+    public string? SbomBase64 { get; init; }
+
+    [JsonPropertyName("format")]
+    public string? Format { get; init; }
+
+    [JsonPropertyName("source")]
+    public SbomUploadSource? Source { get; init; }
+}
+
+/// <summary>
+/// SBOM upload provenance metadata.
+/// </summary>
+internal sealed class SbomUploadSource
+{
+    [JsonPropertyName("tool")]
+    public string? Tool { get; init; }
+
+    [JsonPropertyName("version")]
+    public string? Version { get; init; }
+
+    [JsonPropertyName("ciContext")]
+    public SbomUploadCiContext? CiContext { get; init; }
+}
+
+/// <summary>
+/// CI context for SBOM upload provenance.
+/// </summary>
+internal sealed class SbomUploadCiContext
+{
+    [JsonPropertyName("buildId")]
+    public string? BuildId { get; init; }
+
+    [JsonPropertyName("repository")]
+    public string? Repository { get; init; }
+}
+
+/// <summary>
+/// SBOM upload response payload.
+/// </summary>
+internal sealed class SbomUploadResponse
+{
+    [JsonPropertyName("sbomId")]
+    public string SbomId { get; init; } = string.Empty;
+
+    [JsonPropertyName("artifactRef")]
+    public string ArtifactRef { get; init; } = string.Empty;
+
+    [JsonPropertyName("artifactDigest")]
+    public string? ArtifactDigest { get; init; }
+
+    [JsonPropertyName("digest")]
+    public string Digest { get; init; } = string.Empty;
+
+    [JsonPropertyName("format")]
+    public string Format { get; init; } = string.Empty;
+
+    [JsonPropertyName("formatVersion")]
+    public string FormatVersion { get; init; } = string.Empty;
+
+    [JsonPropertyName("validationResult")]
+    public SbomUploadValidationSummary? ValidationResult { get; init; }
+
+    [JsonPropertyName("analysisJobId")]
+    public string AnalysisJobId { get; init; } = string.Empty;
+
+    [JsonPropertyName("uploadedAtUtc")]
+    public DateTimeOffset UploadedAtUtc { get; init; }
+}
+
+/// <summary>
+/// SBOM upload validation summary.
+/// </summary>
+internal sealed class SbomUploadValidationSummary
+{
+    [JsonPropertyName("valid")]
+    public bool Valid { get; init; }
+
+    [JsonPropertyName("qualityScore")]
+    public double QualityScore { get; init; }
+
+    [JsonPropertyName("warnings")]
+    public IReadOnlyList<string> Warnings { get; init; } = [];
+
+    [JsonPropertyName("errors")]
+    public IReadOnlyList<string> Errors { get; init; } = [];
+
+    [JsonPropertyName("componentCount")]
+    public int ComponentCount { get; init; }
+}
+
 // CLI-PARITY-41-001: Parity matrix models
 
 /// <summary>

src/Cli/StellaOps.Cli/Services/Models/TrustPolicyContextModels.cs

@@ -0,0 +1,20 @@
+using System;
+using System.Collections.Generic;
+
+namespace StellaOps.Cli.Services.Models;
+
+public sealed record TrustPolicyContext
+{
+    public TrustPolicy Policy { get; init; } = new();
+    public IReadOnlyList<TrustPolicyKeyMaterial> Keys { get; init; } = Array.Empty<TrustPolicyKeyMaterial>();
+    public bool RequireRekor { get; init; }
+    public TimeSpan? MaxAge { get; init; }
+}
+
+public sealed record TrustPolicyKeyMaterial
+{
+    public required string KeyId { get; init; }
+    public required string Fingerprint { get; init; }
+    public required string Algorithm { get; init; }
+    public required byte[] PublicKey { get; init; }
+}

src/Cli/StellaOps.Cli/Services/Models/TrustPolicyModels.cs

@@ -0,0 +1,45 @@
+using System;
+using System.Collections.Generic;
+
+namespace StellaOps.Cli.Services.Models;
+
+public sealed class TrustPolicy
+{
+    public string Version { get; set; } = "1";
+
+    public Dictionary<string, TrustPolicyAttestation> Attestations { get; set; } = new();
+
+    public TrustPolicyDefaults Defaults { get; set; } = new();
+
+    public List<TrustPolicyKey> Keys { get; set; } = new();
+}
+
+public sealed class TrustPolicyAttestation
+{
+    public bool Required { get; set; }
+
+    public List<TrustPolicySigner> Signers { get; set; } = new();
+}
+
+public sealed class TrustPolicySigner
+{
+    public string? Identity { get; set; }
+
+    public string? Issuer { get; set; }
+}
+
+public sealed class TrustPolicyDefaults
+{
+    public bool RequireRekor { get; set; }
+
+    public string? MaxAge { get; set; }
+}
+
+public sealed class TrustPolicyKey
+{
+    public string? Id { get; set; }
+
+    public string? Path { get; set; }
+
+    public string? Algorithm { get; set; }
+}