using System.Text.Json.Serialization; namespace StellaOps.Policy.Determinization.Evidence; ///

/// Reachability analysis evidence. ///

public sealed record ReachabilityEvidence { ///

/// Reachability status. ///

[JsonPropertyName("status")] public required ReachabilityStatus Status { get; init; } ///

/// Call path depth (if reachable). ///

[JsonPropertyName("depth")] public int? Depth { get; init; } ///

/// Entry point function name (if reachable). ///

[JsonPropertyName("entry_point")] public string? EntryPoint { get; init; } ///

/// Vulnerable function name. ///

[JsonPropertyName("vulnerable_function")] public string? VulnerableFunction { get; init; } ///

/// When this reachability analysis was performed (UTC). ///

[JsonPropertyName("analyzed_at")] public required DateTimeOffset AnalyzedAt { get; init; } ///

/// PathWitness digest (if available). ///

[JsonPropertyName("witness_digest")] public string? WitnessDigest { get; init; } ///

/// Analysis confidence [0.0, 1.0]. ///

[JsonPropertyName("confidence")] public double Confidence { get; init; } = 1.0; ///

/// Convenience property indicating if code is reachable. ///

[JsonIgnore] public bool IsReachable => Status == ReachabilityStatus.Reachable; // Sprint: SPRINT_20260112_004_BE_policy_determinization_attested_rules (DET-ATT-002) ///

/// Anchor metadata for the reachability evidence (DSSE envelope, Rekor, etc.). ///

[JsonPropertyName("anchor")] public EvidenceAnchor? Anchor { get; init; } ///

/// Whether the reachability evidence is anchored (has DSSE/Rekor attestation). ///

[JsonIgnore] public bool IsAnchored => Anchor?.Anchored == true; } ///

/// Reachability status. ///

public enum ReachabilityStatus { ///

Vulnerable code is reachable from entry points.

Reachable, ///

Vulnerable code is not reachable.

Unreachable, ///

Reachability indeterminate (analysis incomplete or failed).

Indeterminate }