using StellaOps.Scanner.Reachability.Slices; using StellaOps.Scanner.WebService.Domain; namespace StellaOps.Scanner.WebService.Services; ///

/// Query request for reachability slices. ///

public sealed record SliceQueryRequest { public string? CveId { get; init; } public IReadOnlyList? Symbols { get; init; } public IReadOnlyList? Entrypoints { get; init; } public string? PolicyHash { get; init; } public required string ScanId { get; init; } } ///

/// Response from slice query. ///

public sealed record SliceQueryResponse { public required string SliceDigest { get; init; } public required string Verdict { get; init; } public required double Confidence { get; init; } public IReadOnlyList? PathWitnesses { get; init; } public required bool CacheHit { get; init; } public string? JobId { get; init; } } ///

/// Replay request for slice verification. ///

public sealed record SliceReplayRequest { public required string SliceDigest { get; init; } } ///

/// Response from slice replay verification. ///

public sealed record SliceReplayResponse { public required bool Match { get; init; } public required string OriginalDigest { get; init; } public required string RecomputedDigest { get; init; } public SliceDiff? Diff { get; init; } } ///

/// Diff information when replay doesn't match. ///

public sealed record SliceDiff { public IReadOnlyList? MissingNodes { get; init; } public IReadOnlyList? ExtraNodes { get; init; } public IReadOnlyList? MissingEdges { get; init; } public IReadOnlyList? ExtraEdges { get; init; } public string? VerdictDiff { get; init; } } ///

/// Service for querying and managing reachability slices. ///

public interface ISliceQueryService { ///

/// Query reachability for CVE/symbols and generate slice. ///

Task QueryAsync( SliceQueryRequest request, CancellationToken cancellationToken = default); ///

/// Retrieve an attested slice by digest. ///

Task GetSliceAsync( string digest, CancellationToken cancellationToken = default); ///

/// Retrieve DSSE envelope for a slice. ///

Task GetSliceDsseAsync( string digest, CancellationToken cancellationToken = default); ///

/// Verify slice reproducibility by recomputing. ///

Task ReplayAsync( SliceReplayRequest request, CancellationToken cancellationToken = default); }