up

2025-12-13 18:08:55 +02:00
parent 6e45066e37
commit f1a39c4ce3
234 changed files with 24038 additions and 6910 deletions
--- a/src/Cli/StellaOps.Cli/Services/BackendOperationsClient.cs
+++ b/src/Cli/StellaOps.Cli/Services/BackendOperationsClient.cs
@@ -2443,6 +2443,29 @@ internal sealed class BackendOperationsClient : IBackendOperationsClient

        var updatedAt = document.UpdatedAt ?? DateTimeOffset.MinValue;

+        PolicyFindingUncertainty? uncertainty = null;
+        if (document.Uncertainty is not null)
+        {
+            IReadOnlyList<PolicyFindingUncertaintyState>? states = null;
+            if (document.Uncertainty.States is not null)
+            {
+                states = document.Uncertainty.States
+                    .Where(s => s is not null)
+                    .Select(s => new PolicyFindingUncertaintyState(
+                        string.IsNullOrWhiteSpace(s!.Code) ? null : s.Code,
+                        string.IsNullOrWhiteSpace(s.Name) ? null : s.Name,
+                        s.Entropy,
+                        string.IsNullOrWhiteSpace(s.Tier) ? null : s.Tier))
+                    .ToList();
+            }
+
+            uncertainty = new PolicyFindingUncertainty(
+                string.IsNullOrWhiteSpace(document.Uncertainty.AggregateTier) ? null : document.Uncertainty.AggregateTier,
+                document.Uncertainty.RiskScore,
+                states,
+                document.Uncertainty.ComputedAt);
+        }
+
        return new PolicyFindingDocument(
            findingId,
            status,
@@ -2450,6 +2473,7 @@ internal sealed class BackendOperationsClient : IBackendOperationsClient
            sbomId,
            advisoryIds,
            vex,
+            uncertainty,
            document.PolicyVersion ?? 0,
            updatedAt,
            string.IsNullOrWhiteSpace(document.RunId) ? null : document.RunId);
--- a/src/Cli/StellaOps.Cli/Services/Models/EntryTraceResponseModel.cs
+++ b/src/Cli/StellaOps.Cli/Services/Models/EntryTraceResponseModel.cs
@@ -10,4 +10,36 @@ internal sealed record EntryTraceResponseModel(
    DateTimeOffset GeneratedAt,
    EntryTraceGraph Graph,
    IReadOnlyList<string> Ndjson,
-    EntryTracePlan? BestPlan);
+    EntryTracePlan? BestPlan,
+    SemanticEntrypointSummary? Semantic = null);
+
+/// <summary>
+/// Summary of semantic entrypoint analysis for CLI display.
+/// </summary>
+internal sealed record SemanticEntrypointSummary
+{
+    public string Intent { get; init; } = "Unknown";
+    public IReadOnlyList<string> Capabilities { get; init; } = Array.Empty<string>();
+    public IReadOnlyList<ThreatVectorSummary> Threats { get; init; } = Array.Empty<ThreatVectorSummary>();
+    public IReadOnlyList<DataBoundarySummary> DataBoundaries { get; init; } = Array.Empty<DataBoundarySummary>();
+    public string? Framework { get; init; }
+    public string? Language { get; init; }
+    public double ConfidenceScore { get; init; }
+    public string ConfidenceTier { get; init; } = "Unknown";
+    public string AnalyzedAt { get; init; } = string.Empty;
+}
+
+internal sealed record ThreatVectorSummary
+{
+    public string Type { get; init; } = string.Empty;
+    public double Confidence { get; init; }
+    public string? CweId { get; init; }
+    public string? OwaspCategory { get; init; }
+}
+
+internal sealed record DataBoundarySummary
+{
+    public string Type { get; init; } = string.Empty;
+    public string Direction { get; init; } = string.Empty;
+    public string Sensitivity { get; init; } = string.Empty;
+}
--- a/src/Cli/StellaOps.Cli/Services/Models/PolicyFindingsModels.cs
+++ b/src/Cli/StellaOps.Cli/Services/Models/PolicyFindingsModels.cs
@@ -25,6 +25,7 @@ internal sealed record PolicyFindingDocument(
    string SbomId,
    IReadOnlyList<string> AdvisoryIds,
    PolicyFindingVexMetadata? Vex,
+    PolicyFindingUncertainty? Uncertainty,
    int PolicyVersion,
    DateTimeOffset UpdatedAt,
    string? RunId);
@@ -33,6 +34,18 @@ internal sealed record PolicyFindingSeverity(string Normalized, double? Score);

 internal sealed record PolicyFindingVexMetadata(string? WinningStatementId, string? Source, string? Status);

+internal sealed record PolicyFindingUncertainty(
+    string? AggregateTier,
+    double? RiskScore,
+    IReadOnlyList<PolicyFindingUncertaintyState>? States,
+    DateTimeOffset? ComputedAt);
+
+internal sealed record PolicyFindingUncertaintyState(
+    string? Code,
+    string? Name,
+    double? Entropy,
+    string? Tier);
+
 internal sealed record PolicyFindingExplainResult(
    string FindingId,
    int PolicyVersion,
--- a/src/Cli/StellaOps.Cli/Services/Models/Transport/PolicyFindingsTransport.cs
+++ b/src/Cli/StellaOps.Cli/Services/Models/Transport/PolicyFindingsTransport.cs
@@ -27,6 +27,8 @@ internal sealed class PolicyFindingDocumentDocument

    public PolicyFindingVexDocument? Vex { get; set; }

+    public PolicyFindingUncertaintyDocument? Uncertainty { get; set; }
+
    public int? PolicyVersion { get; set; }

    public DateTimeOffset? UpdatedAt { get; set; }
@@ -34,6 +36,28 @@ internal sealed class PolicyFindingDocumentDocument
    public string? RunId { get; set; }
 }

+internal sealed class PolicyFindingUncertaintyDocument
+{
+    public string? AggregateTier { get; set; }
+
+    public double? RiskScore { get; set; }
+
+    public List<PolicyFindingUncertaintyStateDocument>? States { get; set; }
+
+    public DateTimeOffset? ComputedAt { get; set; }
+}
+
+internal sealed class PolicyFindingUncertaintyStateDocument
+{
+    public string? Code { get; set; }
+
+    public string? Name { get; set; }
+
+    public double? Entropy { get; set; }
+
+    public string? Tier { get; set; }
+}
+
 internal sealed class PolicyFindingSeverityDocument
 {
    public string? Normalized { get; set; }