sprints and audit work

src/Policy/__Libraries/StellaOps.Policy.Determinization/Evidence/ReachabilityEvidence.cs

@@ -0,0 +1,60 @@
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Policy.Determinization.Evidence;
+
+/// <summary>
+/// Reachability analysis evidence.
+/// </summary>
+public sealed record ReachabilityEvidence
+{
+    /// <summary>
+    /// Reachability status.
+    /// </summary>
+    [JsonPropertyName("status")]
+    public required ReachabilityStatus Status { get; init; }
+
+    /// <summary>
+    /// Call path depth (if reachable).
+    /// </summary>
+    [JsonPropertyName("depth")]
+    public int? Depth { get; init; }
+
+    /// <summary>
+    /// Entry point function name (if reachable).
+    /// </summary>
+    [JsonPropertyName("entry_point")]
+    public string? EntryPoint { get; init; }
+
+    /// <summary>
+    /// Vulnerable function name.
+    /// </summary>
+    [JsonPropertyName("vulnerable_function")]
+    public string? VulnerableFunction { get; init; }
+
+    /// <summary>
+    /// When this reachability analysis was performed (UTC).
+    /// </summary>
+    [JsonPropertyName("analyzed_at")]
+    public required DateTimeOffset AnalyzedAt { get; init; }
+
+    /// <summary>
+    /// PathWitness digest (if available).
+    /// </summary>
+    [JsonPropertyName("witness_digest")]
+    public string? WitnessDigest { get; init; }
+}
+
+/// <summary>
+/// Reachability status.
+/// </summary>
+public enum ReachabilityStatus
+{
+    /// <summary>Vulnerable code is reachable from entry points.</summary>
+    Reachable,
+
+    /// <summary>Vulnerable code is not reachable.</summary>
+    Unreachable,
+
+    /// <summary>Reachability indeterminate (analysis incomplete or failed).</summary>
+    Indeterminate
+}