git.stella-ops.org/src/Aoc/__Libraries/StellaOps.Aoc/AocGuardOptions.cs

using System.Collections.Immutable;
using System.Linq;

namespace StellaOps.Aoc;

public sealed record AocGuardOptions
{
    private static readonly ImmutableHashSet<string> DefaultRequiredTopLevel = new[]
    {
        "tenant",
        "source",
        "upstream",
        "content",
        "linkset",
    }.ToImmutableHashSet(StringComparer.OrdinalIgnoreCase);

    private static readonly ImmutableHashSet<string> DefaultAllowedTopLevel = DefaultRequiredTopLevel
        .Union(new[]
        {
            "_id",
            "identifiers",
            "attributes",
            "supersedes",
            "createdAt",
            "created_at",
            "ingestedAt",
            "ingested_at",
            "links",
            "advisory_key"
        }, StringComparer.OrdinalIgnoreCase)
        .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase);

    public static AocGuardOptions Default { get; } = new();

    public ImmutableHashSet<string> RequiredTopLevelFields { get; init; } = DefaultRequiredTopLevel;

    /// <summary>
    /// Optional allowlist for top-level fields. Unknown fields trigger ERR_AOC_007.
    /// </summary>
    public ImmutableHashSet<string> AllowedTopLevelFields { get; init; } = DefaultAllowedTopLevel;

    /// <summary>
    /// When true, signature metadata is required under upstream.signature.
    /// </summary>
    public bool RequireSignatureMetadata { get; init; } = true;

    /// <summary>
    /// When true, tenant must be a non-empty string.
    /// </summary>
    public bool RequireTenant { get; init; } = true;
}