git.stella-ops.org/src/StellaOps.Zastava.Core/Contracts/RuntimeEvent.cs

namespace StellaOps.Zastava.Core.Contracts;

/// <summary>
/// Envelope published by the observer towards Scanner runtime ingestion.
/// </summary>
public sealed record class RuntimeEventEnvelope
{
    /// <summary>
    /// Contract identifier consumed by negotiation logic (<c>zastava.runtime.event@v1</c>).
    /// </summary>
    public required string SchemaVersion { get; init; }

    /// <summary>
    /// Runtime event payload.
    /// </summary>
    public required RuntimeEvent Event { get; init; }

    /// <summary>
    /// Creates an envelope using the provided runtime contract version.
    /// </summary>
    public static RuntimeEventEnvelope Create(RuntimeEvent runtimeEvent, ZastavaContractVersions.ContractVersion contract)
    {
        ArgumentNullException.ThrowIfNull(runtimeEvent);
        return new RuntimeEventEnvelope
        {
            SchemaVersion = contract.ToString(),
            Event = runtimeEvent
        };
    }

    /// <summary>
    /// Checks whether the envelope schema is supported by the current runtime.
    /// </summary>
    public bool IsSupported()
        => ZastavaContractVersions.IsRuntimeEventSupported(SchemaVersion);
}

/// <summary>
/// Canonical runtime event emitted by the observer.
/// </summary>
public sealed record class RuntimeEvent
{
    public required string EventId { get; init; }

    public required DateTimeOffset When { get; init; }

    public required RuntimeEventKind Kind { get; init; }

    public required string Tenant { get; init; }

    public required string Node { get; init; }

    public required RuntimeEngine Runtime { get; init; }

    public required RuntimeWorkload Workload { get; init; }

    public RuntimeProcess? Process { get; init; }

    [JsonPropertyName("loadedLibs")]
    public IReadOnlyList<RuntimeLoadedLibrary> LoadedLibraries { get; init; } = Array.Empty<RuntimeLoadedLibrary>();

    public RuntimePosture? Posture { get; init; }

    public RuntimeDelta? Delta { get; init; }

    public IReadOnlyList<RuntimeEvidence> Evidence { get; init; } = Array.Empty<RuntimeEvidence>();

    public IReadOnlyDictionary<string, string>? Annotations { get; init; }
}

public enum RuntimeEventKind
{
    ContainerStart,
    ContainerStop,
    Drift,
    PolicyViolation,
    AttestationStatus
}

public sealed record class RuntimeEngine
{
    public required string Engine { get; init; }

    public string? Version { get; init; }
}

public sealed record class RuntimeWorkload
{
    public required string Platform { get; init; }

    [JsonPropertyName("namespace")]
    public string? Namespace { get; init; }

    public string? Pod { get; init; }

    public string? Container { get; init; }

    public string? ContainerId { get; init; }

    public string? ImageRef { get; init; }

    public RuntimeWorkloadOwner? Owner { get; init; }
}

public sealed record class RuntimeWorkloadOwner
{
    public string? Kind { get; init; }

    public string? Name { get; init; }
}

public sealed record class RuntimeProcess
{
    public int Pid { get; init; }

    public IReadOnlyList<string> Entrypoint { get; init; } = Array.Empty<string>();

    [JsonPropertyName("entryTrace")]
    public IReadOnlyList<RuntimeEntryTrace> EntryTrace { get; init; } = Array.Empty<RuntimeEntryTrace>();
}

public sealed record class RuntimeEntryTrace
{
    public string? File { get; init; }

    public int? Line { get; init; }

    public string? Op { get; init; }

    public string? Target { get; init; }
}

public sealed record class RuntimeLoadedLibrary
{
    public required string Path { get; init; }

    public long? Inode { get; init; }

    public string? Sha256 { get; init; }
}

public sealed record class RuntimePosture
{
    public bool? ImageSigned { get; init; }

    public string? SbomReferrer { get; init; }

    public RuntimeAttestation? Attestation { get; init; }
}

public sealed record class RuntimeAttestation
{
    public string? Uuid { get; init; }

    public bool? Verified { get; init; }
}

public sealed record class RuntimeDelta
{
    public string? BaselineImageDigest { get; init; }

    public IReadOnlyList<string> ChangedFiles { get; init; } = Array.Empty<string>();

    public IReadOnlyList<RuntimeNewBinary> NewBinaries { get; init; } = Array.Empty<RuntimeNewBinary>();
}

public sealed record class RuntimeNewBinary
{
    public required string Path { get; init; }

    public string? Sha256 { get; init; }
}

public sealed record class RuntimeEvidence
{
    public required string Signal { get; init; }

    public string? Value { get; init; }
}