// Licensed to StellaOps under the AGPL-3.0-or-later license.

using System.Collections.Immutable;

namespace StellaOps.ReachGraph.Schema;

/// <summary>
/// Provenance information for a reachability graph.
/// </summary>
public sealed record ReachGraphProvenance
{
    /// <summary>
    /// Gets the in-toto attestation links.
    /// </summary>
    public ImmutableArray<string>? Intoto { get; init; }

    /// <summary>
    /// Gets the input artifact digests.
    /// </summary>
    public required ReachGraphInputs Inputs { get; init; }

    /// <summary>
    /// Gets when this graph was computed (UTC).
    /// </summary>
    public required DateTimeOffset ComputedAt { get; init; }

    /// <summary>
    /// Gets the analyzer that produced this graph.
    /// </summary>
    public required ReachGraphAnalyzer Analyzer { get; init; }
}

/// <summary>
/// Input artifact digests for provenance tracking.
/// </summary>
public sealed record ReachGraphInputs
{
    /// <summary>
    /// Gets the SBOM digest (sha256:...).
    /// </summary>
    public required string Sbom { get; init; }

    /// <summary>
    /// Gets the VEX digest if available.
    /// </summary>
    public string? Vex { get; init; }

    /// <summary>
    /// Gets the call graph digest.
    /// </summary>
    public string? Callgraph { get; init; }

    /// <summary>
    /// Gets the runtime facts batch digest.
    /// </summary>
    public string? RuntimeFacts { get; init; }

    /// <summary>
    /// Gets the policy digest used for filtering.
    /// </summary>
    public string? Policy { get; init; }
}

/// <summary>
/// Analyzer metadata for reproducibility.
/// </summary>
public sealed record ReachGraphAnalyzer(
    string Name,
    string Version,
    string ToolchainDigest
);