using System.Collections.Immutable; using System.Linq; namespace StellaOps.Policy.Exceptions.Models; ///

/// Policy defining conditions that trigger exception re-evaluation. /// When any condition is met, the exception may be invalidated or flagged. ///

public sealed record RecheckPolicy { ///

/// Unique identifier for this policy configuration. ///

public required string PolicyId { get; init; } ///

/// Human-readable name for this policy. ///

public required string Name { get; init; } ///

/// Conditions that trigger recheck. ///

public required ImmutableArray Conditions { get; init; } ///

/// Default action when any condition is triggered. ///

public required RecheckAction DefaultAction { get; init; } ///

/// Whether this policy is active. ///

public bool IsActive { get; init; } = true; ///

/// When this policy was created. ///

public required DateTimeOffset CreatedAt { get; init; } } ///

/// A single condition that triggers exception re-evaluation. ///

public sealed record RecheckCondition { ///

/// Type of condition to check. ///

public required RecheckConditionType Type { get; init; } ///

/// Threshold value (interpretation depends on Type). ///

public decimal? Threshold { get; init; } ///

/// Environment scopes where this condition applies. ///

public ImmutableArray EnvironmentScope { get; init; } = []; ///

/// Action to take when this specific condition is triggered. /// If null, uses policy's DefaultAction. ///

public RecheckAction? Action { get; init; } ///

/// Human-readable description of this condition. ///

public string? Description { get; init; } } ///

/// Types of recheck conditions. ///

public enum RecheckConditionType { ///

Reachability graph changes (new paths discovered).

ReachGraphChange, ///

EPSS score exceeds threshold.

EPSSAbove, ///

CVSS score exceeds threshold.

CVSSAbove, ///

Unknown budget exceeds threshold.

UnknownsAbove, ///

New CVE added to same package.

NewCVEInPackage, ///

KEV (Known Exploited Vulnerability) flag set.

KEVFlagged, ///

Exception nearing expiry (days before).

ExpiryWithin, ///

VEX status changes (e.g., from NotAffected to Affected).

VEXStatusChange, ///

Package version changes.

PackageVersionChange } ///

/// Action to take when a recheck condition is triggered. ///

public enum RecheckAction { ///

Log warning but allow exception to remain active.

Warn, ///

Require manual re-approval of exception.

RequireReapproval, ///

Automatically revoke the exception.

Revoke, ///

Block build/deployment pipeline.

Block } ///

/// Result of evaluating recheck conditions against an exception. ///

public sealed record RecheckEvaluationResult { ///

Whether any conditions were triggered.

public required bool IsTriggered { get; init; } ///

List of triggered conditions with details.

public required ImmutableArray TriggeredConditions { get; init; } ///

Recommended action based on triggered conditions.

public required RecheckAction? RecommendedAction { get; init; } ///

When this evaluation was performed.

public required DateTimeOffset EvaluatedAt { get; init; } ///

Human-readable summary.

public string Summary => IsTriggered ? $"{TriggeredConditions.Length} condition(s) triggered: {string.Join(", ", TriggeredConditions.Select(t => t.Type))}" : "No conditions triggered"; } ///

/// Details of a triggered recheck condition. ///

public sealed record TriggeredCondition( RecheckConditionType Type, string Description, decimal? CurrentValue, decimal? ThresholdValue, RecheckAction Action);