up

src/Policy/StellaOps.Policy.Engine/Domain/EvidenceSummaryModels.cs

@@ -0,0 +1,29 @@
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Policy.Engine.Domain;
+
+public sealed record EvidenceSummaryRequest(
+    [property: JsonPropertyName("evidenceHash")] string EvidenceHash,
+    [property: JsonPropertyName("filePath")] string? FilePath,
+    [property: JsonPropertyName("digest")] string? Digest,
+    [property: JsonPropertyName("ingestedAt")] DateTimeOffset? IngestedAt,
+    [property: JsonPropertyName("connectorId")] string? ConnectorId);
+
+public sealed record EvidenceSummaryResponse(
+    [property: JsonPropertyName("evidenceHash")] string EvidenceHash,
+    [property: JsonPropertyName("summary")] EvidenceSummary Summary);
+
+public sealed record EvidenceSummary(
+    [property: JsonPropertyName("headline")] string Headline,
+    [property: JsonPropertyName("severity")] string Severity,
+    [property: JsonPropertyName("locator")] EvidenceLocator Locator,
+    [property: JsonPropertyName("provenance")] EvidenceProvenance Provenance,
+    [property: JsonPropertyName("signals")] IReadOnlyList<string> Signals);
+
+public sealed record EvidenceLocator(
+    [property: JsonPropertyName("filePath")] string FilePath,
+    [property: JsonPropertyName("digest")] string? Digest);
+
+public sealed record EvidenceProvenance(
+    [property: JsonPropertyName("ingestedAt")] DateTimeOffset IngestedAt,
+    [property: JsonPropertyName("connectorId")] string? ConnectorId);

src/Policy/StellaOps.Policy.Engine/Domain/PolicyBundleModels.cs

@@ -0,0 +1,17 @@
+using System.Collections.Immutable;
+using System.Text.Json.Serialization;
+using StellaOps.Policy.Engine.Services;
+
+namespace StellaOps.Policy.Engine.Domain;
+
+public sealed record PolicyBundleRequest(
+    [property: JsonPropertyName("dsl")] PolicyDslPayload Dsl,
+    [property: JsonPropertyName("signingKeyId")] string? SigningKeyId);
+
+public sealed record PolicyBundleResponse(
+    [property: JsonPropertyName("success")] bool Success,
+    [property: JsonPropertyName("digest")] string? Digest,
+    [property: JsonPropertyName("signature")] string? Signature,
+    [property: JsonPropertyName("sizeBytes")] int SizeBytes,
+    [property: JsonPropertyName("createdAt")] DateTimeOffset? CreatedAt,
+    [property: JsonPropertyName("diagnostics")] ImmutableArray<PolicyIssue> Diagnostics);

src/Policy/StellaOps.Policy.Engine/Domain/PolicyEvaluationModels.cs

@@ -0,0 +1,16 @@
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Policy.Engine.Domain;
+
+public sealed record PolicyEvaluationRequest(
+    [property: JsonPropertyName("packId")] string PackId,
+    [property: JsonPropertyName("version")] int Version,
+    [property: JsonPropertyName("subject")] string Subject);
+
+public sealed record PolicyEvaluationResponse(
+    [property: JsonPropertyName("packId")] string PackId,
+    [property: JsonPropertyName("version")] int Version,
+    [property: JsonPropertyName("digest")] string Digest,
+    [property: JsonPropertyName("decision")] string Decision,
+    [property: JsonPropertyName("correlationId")] string CorrelationId,
+    [property: JsonPropertyName("cached")] bool Cached);

src/Policy/StellaOps.Policy.Engine/Domain/PolicyPackRecord.cs

@@ -35,15 +35,17 @@ internal sealed class PolicyPackRecord
         => revisions.IsEmpty ? 1 : revisions.Keys.Max() + 1;
 }
 
-internal sealed class PolicyRevisionRecord
-{
-    private readonly ConcurrentDictionary<string, PolicyActivationApproval> approvals = new(StringComparer.OrdinalIgnoreCase);
-
-    public PolicyRevisionRecord(int version, bool requiresTwoPerson, PolicyRevisionStatus status, DateTimeOffset createdAt)
-    {
-        Version = version;
-        RequiresTwoPersonApproval = requiresTwoPerson;
-        Status = status;
+internal sealed class PolicyRevisionRecord
+{
+    private readonly ConcurrentDictionary<string, PolicyActivationApproval> approvals = new(StringComparer.OrdinalIgnoreCase);
+
+    public PolicyBundleRecord? Bundle { get; private set; }
+
+    public PolicyRevisionRecord(int version, bool requiresTwoPerson, PolicyRevisionStatus status, DateTimeOffset createdAt)
+    {
+        Version = version;
+        RequiresTwoPersonApproval = requiresTwoPerson;
+        Status = status;
         CreatedAt = createdAt;
     }
 
@@ -71,31 +73,43 @@ internal sealed class PolicyRevisionRecord
         }
     }
 
-    public PolicyActivationApprovalStatus AddApproval(PolicyActivationApproval approval)
-    {
-        if (!approvals.TryAdd(approval.ActorId, approval))
-        {
-            return PolicyActivationApprovalStatus.Duplicate;
+    public PolicyActivationApprovalStatus AddApproval(PolicyActivationApproval approval)
+    {
+        if (!approvals.TryAdd(approval.ActorId, approval))
+        {
+            return PolicyActivationApprovalStatus.Duplicate;
         }
 
         return approvals.Count >= 2
-            ? PolicyActivationApprovalStatus.ThresholdReached
-            : PolicyActivationApprovalStatus.Pending;
-    }
-}
-
-internal enum PolicyRevisionStatus
-{
-    Draft,
+            ? PolicyActivationApprovalStatus.ThresholdReached
+            : PolicyActivationApprovalStatus.Pending;
+    }
+
+    public void SetBundle(PolicyBundleRecord bundle)
+    {
+        Bundle = bundle ?? throw new ArgumentNullException(nameof(bundle));
+    }
+}
+
+internal enum PolicyRevisionStatus
+{
+    Draft,
     Approved,
     Active
 }
 
-internal sealed record PolicyActivationApproval(string ActorId, DateTimeOffset ApprovedAt, string? Comment);
-
-internal enum PolicyActivationApprovalStatus
-{
-    Pending,
-    ThresholdReached,
-    Duplicate
-}
+internal sealed record PolicyActivationApproval(string ActorId, DateTimeOffset ApprovedAt, string? Comment);
+
+internal enum PolicyActivationApprovalStatus
+{
+    Pending,
+    ThresholdReached,
+    Duplicate
+}
+
+internal sealed record PolicyBundleRecord(
+    string Digest,
+    string Signature,
+    int Size,
+    DateTimeOffset CreatedAt,
+    ImmutableArray<byte> Payload);