up

2025-11-27 21:10:06 +02:00
parent cfa2274d31
commit 8abbf9574d
106 changed files with 7078 additions and 3197 deletions
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Core/Contracts/ScanAnalysisKeys.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Core/Contracts/ScanAnalysisKeys.cs
@@ -32,4 +32,8 @@ public static class ScanAnalysisKeys
    public const string FileEntries = "analysis.files.entries";
    public const string EntropyReport = "analysis.entropy.report";
    public const string EntropyLayerSummary = "analysis.entropy.layer.summary";
+
+    public const string DeterminismEvidence = "analysis.determinism.evidence";
+
+    public const string ReplaySealedBundleMetadata = "analysis.replay.sealed.bundle";
 }
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS/FileSurfaceManifestStore.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS/FileSurfaceManifestStore.cs
@@ -104,7 +104,7 @@ public sealed class FileSurfaceManifestStore :
            normalized.Tenant,
            digest);

-        return new SurfaceManifestPublishResult(digest, uri, artifactId, normalized);
+        return new SurfaceManifestPublishResult(digest, uri, artifactId, normalized, null);
    }

    public async Task<SurfaceManifestDocument?> TryGetByDigestAsync(
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS/SurfaceManifestModels.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Surface.FS/SurfaceManifestModels.cs
@@ -40,6 +40,35 @@ public sealed record SurfaceManifestDocument
    [JsonPropertyName("artifacts")]
    public IReadOnlyList<SurfaceManifestArtifact> Artifacts { get; init; }
        = ImmutableArray<SurfaceManifestArtifact>.Empty;
+
+    [JsonPropertyName("determinismRoot")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? DeterminismMerkleRoot { get; init; }
+        = null;
+
+    [JsonPropertyName("replayBundle")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public ReplayBundleReference? ReplayBundle { get; init; }
+        = null;
+}
+
+public sealed record ReplayBundleReference
+{
+    [JsonPropertyName("uri")]
+    public string Uri { get; init; } = string.Empty;
+
+    [JsonPropertyName("sha256")]
+    public string Sha256 { get; init; } = string.Empty;
+
+    [JsonPropertyName("policyPin")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? PolicySnapshotId { get; init; }
+        = null;
+
+    [JsonPropertyName("feedPin")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? FeedSnapshotId { get; init; }
+        = null;
 }

 /// <summary>
@@ -139,4 +168,5 @@ public sealed record SurfaceManifestPublishResult(
    string ManifestDigest,
    string ManifestUri,
    string ArtifactId,
-    SurfaceManifestDocument Document);
+    SurfaceManifestDocument Document,
+    string? DeterminismMerkleRoot = null);