sprints and audit work

src/EvidenceLocker/__Libraries/StellaOps.EvidenceLocker.Export/IBundleDataProvider.cs

@@ -0,0 +1,138 @@
+// -----------------------------------------------------------------------------
+// IBundleDataProvider.cs
+// Sprint: SPRINT_20260106_003_003_EVIDENCE_export_bundle
+// Task: T008, T009, T010, T011
+// Description: Interface for loading bundle data from storage.
+// -----------------------------------------------------------------------------
+
+using StellaOps.EvidenceLocker.Export.Models;
+
+namespace StellaOps.EvidenceLocker.Export;
+
+/// <summary>
+/// Provides access to bundle data from the evidence locker storage.
+/// </summary>
+public interface IBundleDataProvider
+{
+    /// <summary>
+    /// Loads all data for a bundle.
+    /// </summary>
+    /// <param name="bundleId">Bundle ID.</param>
+    /// <param name="tenantId">Optional tenant ID for access control.</param>
+    /// <param name="cancellationToken">Cancellation token.</param>
+    /// <returns>Bundle data or null if not found.</returns>
+    Task<BundleData?> LoadBundleDataAsync(string bundleId, string? tenantId, CancellationToken cancellationToken);
+}
+
+/// <summary>
+/// Complete data for a bundle export.
+/// </summary>
+public sealed record BundleData
+{
+    /// <summary>
+    /// Bundle metadata.
+    /// </summary>
+    public required BundleMetadata Metadata { get; init; }
+
+    /// <summary>
+    /// SBOM artifacts.
+    /// </summary>
+    public IReadOnlyList<BundleArtifact> Sboms { get; init; } = [];
+
+    /// <summary>
+    /// VEX statement artifacts.
+    /// </summary>
+    public IReadOnlyList<BundleArtifact> VexStatements { get; init; } = [];
+
+    /// <summary>
+    /// Attestation artifacts.
+    /// </summary>
+    public IReadOnlyList<BundleArtifact> Attestations { get; init; } = [];
+
+    /// <summary>
+    /// Policy verdict artifacts.
+    /// </summary>
+    public IReadOnlyList<BundleArtifact> PolicyVerdicts { get; init; } = [];
+
+    /// <summary>
+    /// Scan result artifacts.
+    /// </summary>
+    public IReadOnlyList<BundleArtifact> ScanResults { get; init; } = [];
+
+    /// <summary>
+    /// Public keys for verification.
+    /// </summary>
+    public IReadOnlyList<BundleKeyData> PublicKeys { get; init; } = [];
+}
+
+/// <summary>
+/// An artifact to include in the bundle.
+/// </summary>
+public sealed record BundleArtifact
+{
+    /// <summary>
+    /// File name within the category directory.
+    /// </summary>
+    public required string FileName { get; init; }
+
+    /// <summary>
+    /// Artifact content bytes.
+    /// </summary>
+    public required byte[] Content { get; init; }
+
+    /// <summary>
+    /// MIME type.
+    /// </summary>
+    public required string MediaType { get; init; }
+
+    /// <summary>
+    /// Format version (e.g., "cyclonedx-1.7").
+    /// </summary>
+    public string? Format { get; init; }
+
+    /// <summary>
+    /// Subject of the artifact.
+    /// </summary>
+    public string? Subject { get; init; }
+}
+
+/// <summary>
+/// Public key data for bundle export.
+/// </summary>
+public sealed record BundleKeyData
+{
+    /// <summary>
+    /// File name for the key.
+    /// </summary>
+    public required string FileName { get; init; }
+
+    /// <summary>
+    /// PEM-encoded public key.
+    /// </summary>
+    public required string PublicKeyPem { get; init; }
+
+    /// <summary>
+    /// Key identifier.
+    /// </summary>
+    public required string KeyId { get; init; }
+
+    /// <summary>
+    /// Key algorithm.
+    /// </summary>
+    public required string Algorithm { get; init; }
+
+    /// <summary>
+    /// Key purpose.
+    /// </summary>
+    public string Purpose { get; init; } = "signing";
+
+    /// <summary>
+    /// Key issuer.
+    /// </summary>
+    public string? Issuer { get; init; }
+
+    /// <summary>
+    /// Key expiration.
+    /// </summary>
+    public DateTimeOffset? ExpiresAt { get; init; }
+}