// ----------------------------------------------------------------------------- // VexGateResult.cs // Sprint: SPRINT_20260106_003_002_SCANNER_vex_gate_service // Description: VEX gate evaluation result with evidence. // ----------------------------------------------------------------------------- using System.Collections.Immutable; using System.Text.Json.Serialization; namespace StellaOps.Scanner.Gate; ///

/// Result of VEX gate evaluation for a single finding. /// Contains the decision, rationale, and supporting evidence. ///

public sealed record VexGateResult { ///

/// Gate decision: Pass, Warn, or Block. ///

[JsonPropertyName("decision")] public required VexGateDecision Decision { get; init; } ///

/// Human-readable explanation of why this decision was made. ///

[JsonPropertyName("rationale")] public required string Rationale { get; init; } ///

/// ID of the policy rule that matched and produced this decision. ///

[JsonPropertyName("policyRuleMatched")] public required string PolicyRuleMatched { get; init; } ///

/// VEX statements that contributed to this decision. ///

[JsonPropertyName("contributingStatements")] public required ImmutableArray ContributingStatements { get; init; } ///

/// Detailed evidence supporting the decision. ///

[JsonPropertyName("evidence")] public required VexGateEvidence Evidence { get; init; } ///

/// When this evaluation was performed (UTC ISO-8601). ///

[JsonPropertyName("evaluatedAt")] public required DateTimeOffset EvaluatedAt { get; init; } } ///

/// Evidence collected during VEX gate evaluation. ///

public sealed record VexGateEvidence { ///

/// VEX status from vendor or authoritative source. /// Null if no VEX statement found. ///

[JsonPropertyName("vendorStatus")] public VexStatus? VendorStatus { get; init; } ///

/// Justification type from VEX statement. ///

[JsonPropertyName("justification")] public VexJustification? Justification { get; init; } ///

/// Whether the vulnerable code is reachable from entrypoints. ///

[JsonPropertyName("isReachable")] public bool IsReachable { get; init; } ///

/// Whether compensating controls mitigate the vulnerability. ///

[JsonPropertyName("hasCompensatingControl")] public bool HasCompensatingControl { get; init; } ///

/// Confidence score in the gate decision (0.0 to 1.0). ///

[JsonPropertyName("confidenceScore")] public double ConfidenceScore { get; init; } ///

/// Hints about backport fixes detected. ///

[JsonPropertyName("backportHints")] public ImmutableArray BackportHints { get; init; } = ImmutableArray.Empty; ///

/// Whether the vulnerability is exploitable based on available intelligence. ///

[JsonPropertyName("isExploitable")] public bool IsExploitable { get; init; } ///

/// Severity level from the advisory. ///

[JsonPropertyName("severityLevel")] public string? SeverityLevel { get; init; } } ///

/// Reference to a VEX statement that contributed to a gate decision. ///

public sealed record VexStatementRef { ///

/// Unique identifier for the VEX statement. ///

[JsonPropertyName("statementId")] public required string StatementId { get; init; } ///

/// Issuer of the VEX statement. ///

[JsonPropertyName("issuerId")] public required string IssuerId { get; init; } ///

/// VEX status declared in the statement. ///

[JsonPropertyName("status")] public required VexStatus Status { get; init; } ///

/// When the statement was issued. ///

[JsonPropertyName("timestamp")] public required DateTimeOffset Timestamp { get; init; } ///

/// Trust weight of this statement in consensus (0.0 to 1.0). ///

[JsonPropertyName("trustWeight")] public double TrustWeight { get; init; } }