// // Copyright (c) StellaOps. Licensed under the BUSL-1.1. // using System.Collections.Immutable; namespace StellaOps.Evidence.Pack.Models; ///

/// A signed evidence pack with DSSE envelope. /// Sprint: SPRINT_20260109_011_005 Task: EVPK-001 ///

public sealed record SignedEvidencePack { ///

Gets the evidence pack.

public required EvidencePack Pack { get; init; } ///

Gets the DSSE envelope containing the signature.

public required DsseEnvelope Envelope { get; init; } ///

Gets when the pack was signed.

public required DateTimeOffset SignedAt { get; init; } } ///

/// DSSE (Dead Simple Signing Envelope) for evidence pack signatures. /// See: https://github.com/secure-systems-lab/dsse ///

public sealed record DsseEnvelope { ///

Gets the payload type URI.

public required string PayloadType { get; init; } ///

Gets the base64-encoded payload.

public required string Payload { get; init; } ///

Gets the computed payload digest.

public required string PayloadDigest { get; init; } ///

Gets the signatures.

public required ImmutableArray Signatures { get; init; } } ///

/// A signature within a DSSE envelope. ///

public sealed record DsseSignature { ///

Gets the key identifier.

public required string KeyId { get; init; } ///

Gets the base64-encoded signature.

public required string Sig { get; init; } } ///

/// Result of verifying an evidence pack. ///

public sealed record EvidencePackVerificationResult { ///

Gets whether the pack is valid.

public required bool Valid { get; init; } ///

Gets the pack content digest.

public required string PackDigest { get; init; } ///

Gets the signing key identifier.

public required string SignatureKeyId { get; init; } ///

Gets any verification issues.

public ImmutableArray Issues { get; init; } = ImmutableArray.Empty; ///

Gets individual evidence resolution results.

public ImmutableArray EvidenceResolutions { get; init; } = ImmutableArray.Empty; } ///

/// Result of resolving a single evidence item. ///

public sealed record EvidenceResolutionResult { ///

Gets the evidence identifier.

public required string EvidenceId { get; init; } ///

Gets the evidence URI.

public required string Uri { get; init; } ///

Gets whether the evidence was resolved.

public required bool Resolved { get; init; } ///

Gets whether the digest matches.

public required bool DigestMatches { get; init; } ///

Gets any resolution error.

public string? Error { get; init; } } ///

/// Export format options for evidence packs. ///

public enum EvidencePackExportFormat { ///

Raw JSON format.

Json, ///

Signed JSON with DSSE envelope.

SignedJson, ///

Human-readable Markdown.

Markdown, ///

PDF report.

Pdf, ///

Styled HTML report.

Html, // Sprint: SPRINT_20260112_005_BE_evidence_card_api (EVPCARD-BE-001) ///

Single-file evidence card with SBOM excerpt, DSSE envelope, and Rekor receipt.

EvidenceCard, ///

Compact evidence card without full SBOM.

EvidenceCardCompact } ///

/// Result of exporting an evidence pack. ///

public sealed record EvidencePackExport { ///

Gets the pack identifier.

public required string PackId { get; init; } ///

Gets the export format.

public required EvidencePackExportFormat Format { get; init; } ///

Gets the content bytes.

public required byte[] Content { get; init; } ///

Gets the content type.

public required string ContentType { get; init; } ///

Gets the suggested filename.

public required string FileName { get; init; } }