using StellaOps.Scanner.WebService.Domain; namespace StellaOps.Scanner.WebService.Services; ///

/// Explanation reason with code and impact. ///

public sealed record ExplanationReason( string Code, string Description, double? Impact = null); ///

/// Static analysis evidence. ///

public sealed record StaticAnalysisEvidence( string? CallgraphDigest = null, int? PathLength = null, IReadOnlyList? EdgeTypes = null); ///

/// Runtime evidence. ///

public sealed record RuntimeEvidence( bool Observed, int HitCount = 0, DateTimeOffset? LastObserved = null); ///

/// Policy evaluation result. ///

public sealed record PolicyEvaluationEvidence( string? PolicyDigest = null, string? Verdict = null, string? VerdictReason = null); ///

/// Evidence chain for explanation. ///

public sealed record EvidenceChain( StaticAnalysisEvidence? StaticAnalysis = null, RuntimeEvidence? RuntimeEvidence = null, PolicyEvaluationEvidence? PolicyEvaluation = null); ///

/// Full reachability explanation. ///

public sealed record ReachabilityExplanation( string CveId, string Purl, string Status, double Confidence, string? LatticeState = null, IReadOnlyList? PathWitness = null, IReadOnlyList? Why = null, EvidenceChain? Evidence = null, string? SpineId = null); ///

/// Service for explaining reachability decisions. ///

public interface IReachabilityExplainService { ///

/// Explains why a CVE affects a component. ///

Task ExplainAsync( ScanId scanId, string cveId, string purl, CancellationToken cancellationToken = default); }