up

src/Cli/StellaOps.Cli/Services/Models/AttestationBundleModels.cs

@@ -0,0 +1,126 @@
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Cli.Services.Models;
+
+/// <summary>
+/// Options for attestation bundle verification.
+/// </summary>
+public sealed record AttestationBundleVerifyOptions(
+    string FilePath,
+    bool Offline = false,
+    bool VerifyTransparency = true,
+    string? TrustRootPath = null);
+
+/// <summary>
+/// Options for attestation bundle import.
+/// </summary>
+public sealed record AttestationBundleImportOptions(
+    string FilePath,
+    string? Tenant = null,
+    string? Namespace = null,
+    bool Offline = false,
+    bool VerifyTransparency = true,
+    string? TrustRootPath = null);
+
+/// <summary>
+/// Result of attestation bundle verification.
+/// </summary>
+public sealed record AttestationBundleVerifyResult(
+    bool Success,
+    string Status,
+    string? ExportId,
+    string? AttestationId,
+    string? RootHash,
+    IReadOnlyList<string>? Subjects,
+    string? PredicateType,
+    string? StatementVersion,
+    string BundlePath,
+    string? ErrorMessage = null,
+    int ExitCode = 0);
+
+/// <summary>
+/// Result of attestation bundle import.
+/// </summary>
+public sealed record AttestationBundleImportResult(
+    bool Success,
+    string Status,
+    string? AttestationId,
+    string? TenantId,
+    string? Namespace,
+    string? RootHash,
+    string? ErrorMessage = null,
+    int ExitCode = 0);
+
+/// <summary>
+/// JSON output for attestation bundle verify command.
+/// </summary>
+public sealed record AttestationBundleVerifyJson(
+    [property: JsonPropertyName("status")] string Status,
+    [property: JsonPropertyName("exportId")] string? ExportId,
+    [property: JsonPropertyName("attestationId")] string? AttestationId,
+    [property: JsonPropertyName("rootHash")] string? RootHash,
+    [property: JsonPropertyName("subjects")] IReadOnlyList<string>? Subjects,
+    [property: JsonPropertyName("predicateType")] string? PredicateType,
+    [property: JsonPropertyName("bundlePath")] string BundlePath);
+
+/// <summary>
+/// JSON output for attestation bundle import command.
+/// </summary>
+public sealed record AttestationBundleImportJson(
+    [property: JsonPropertyName("status")] string Status,
+    [property: JsonPropertyName("attestationId")] string? AttestationId,
+    [property: JsonPropertyName("tenantId")] string? TenantId,
+    [property: JsonPropertyName("namespace")] string? Namespace,
+    [property: JsonPropertyName("rootHash")] string? RootHash);
+
+/// <summary>
+/// Exit codes for attestation bundle commands.
+/// </summary>
+public static class AttestationBundleExitCodes
+{
+    /// <summary>Success.</summary>
+    public const int Success = 0;
+
+    /// <summary>General failure.</summary>
+    public const int GeneralFailure = 1;
+
+    /// <summary>Checksum mismatch.</summary>
+    public const int ChecksumMismatch = 2;
+
+    /// <summary>DSSE signature verification failure.</summary>
+    public const int SignatureFailure = 3;
+
+    /// <summary>Missing required TSA/CT log entry.</summary>
+    public const int MissingTransparency = 4;
+
+    /// <summary>Archive or file format error.</summary>
+    public const int FormatError = 5;
+
+    /// <summary>File not found.</summary>
+    public const int FileNotFound = 6;
+
+    /// <summary>Import failed.</summary>
+    public const int ImportFailed = 7;
+}
+
+/// <summary>
+/// Metadata parsed from an attestation bundle.
+/// </summary>
+internal sealed record AttestationBundleMetadata(
+    string? Version,
+    string? ExportId,
+    string? AttestationId,
+    string? TenantId,
+    DateTimeOffset? CreatedAtUtc,
+    string? RootHash,
+    string? SourceUri,
+    string? StatementVersion,
+    IReadOnlyList<AttestationBundleSubjectDigest>? SubjectDigests);
+
+/// <summary>
+/// Subject digest from attestation bundle metadata.
+/// </summary>
+internal sealed record AttestationBundleSubjectDigest(
+    string? Name,
+    string? Digest,
+    string? Algorithm);