namespace StellaOps.VulnExplorer.Api.Models;

/// <summary>
/// In-toto style attestation for vulnerability scan results.
/// Based on docs/schemas/attestation-vuln-scan.schema.json
/// </summary>
public sealed record VulnScanAttestationDto(
    string Type,
    string PredicateType,
    IReadOnlyList<AttestationSubjectDto> Subject,
    VulnScanPredicateDto Predicate,
    AttestationMetaDto AttestationMeta);

/// <summary>
/// Subject of an attestation (artifact that was scanned).
/// </summary>
public sealed record AttestationSubjectDto(
    string Name,
    IReadOnlyDictionary<string, string> Digest);

/// <summary>
/// Vulnerability scan result predicate.
/// </summary>
public sealed record VulnScanPredicateDto(
    ScannerInfoDto Scanner,
    ScannerDbInfoDto? ScannerDb,
    DateTimeOffset ScanStartedAt,
    DateTimeOffset ScanCompletedAt,
    SeverityCountsDto SeverityCounts,
    FindingReportDto FindingReport);

/// <summary>
/// Scanner information.
/// </summary>
public sealed record ScannerInfoDto(
    string Name,
    string Version);

/// <summary>
/// Vulnerability database information.
/// </summary>
public sealed record ScannerDbInfoDto(
    DateTimeOffset? LastUpdatedAt);

/// <summary>
/// Count of findings by severity.
/// </summary>
public sealed record SeverityCountsDto(
    int Critical,
    int High,
    int Medium,
    int Low);

/// <summary>
/// Reference to the full findings report.
/// </summary>
public sealed record FindingReportDto(
    string MediaType,
    string Location,
    IReadOnlyDictionary<string, string> Digest);

/// <summary>
/// Attestation metadata including signer info.
/// </summary>
public sealed record AttestationMetaDto(
    string StatementId,
    DateTimeOffset CreatedAt,
    AttestationSignerDto Signer);

/// <summary>
/// Entity that signed an attestation.
/// </summary>
public sealed record AttestationSignerDto(
    string Name,
    string KeyId);

/// <summary>
/// Response for listing attestations.
/// </summary>
public sealed record AttestationListResponse(
    IReadOnlyList<AttestationSummaryDto> Items,
    string? NextPageToken);

/// <summary>
/// Summary view of an attestation for listing.
/// </summary>
public sealed record AttestationSummaryDto(
    string Id,
    AttestationType Type,
    string SubjectName,
    IReadOnlyDictionary<string, string> SubjectDigest,
    string PredicateType,
    DateTimeOffset CreatedAt,
    string? SignerName,
    string? SignerKeyId,
    bool Verified);

/// <summary>
/// Attestation type enumeration.
/// </summary>
public enum AttestationType
{
    VulnScan,
    Sbom,
    Vex,
    PolicyEval,
    Other
}