51 lines
1.8 KiB
C#
51 lines
1.8 KiB
C#
using System;
|
|
|
|
namespace StellaOps.Provcache;
|
|
|
|
/// <summary>
|
|
/// Fluent builder for constructing a VeriKey (provenance identity key).
|
|
/// VeriKey is a composite hash that uniquely identifies a provenance decision context.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// <para>
|
|
/// VeriKey = SHA256(source_hash || sbom_hash || vex_hash_set_hash || merge_policy_hash || signer_set_hash || time_window)
|
|
/// </para>
|
|
/// <para>
|
|
/// Each component ensures cache invalidation when relevant inputs change:
|
|
/// <list type="bullet">
|
|
/// <item><c>source_hash</c>: Different artifacts get different keys</item>
|
|
/// <item><c>sbom_hash</c>: SBOM changes (new packages) create new key</item>
|
|
/// <item><c>vex_hash_set</c>: VEX updates create new key</item>
|
|
/// <item><c>policy_hash</c>: Policy changes create new key</item>
|
|
/// <item><c>signer_set_hash</c>: Key rotation creates new key (security)</item>
|
|
/// <item><c>time_window</c>: Temporal bucketing enables controlled expiry</item>
|
|
/// </list>
|
|
/// </para>
|
|
/// </remarks>
|
|
public sealed partial class VeriKeyBuilder
|
|
{
|
|
private string? _sourceHash;
|
|
private string? _sbomHash;
|
|
private string? _vexHashSetHash;
|
|
private string? _mergePolicyHash;
|
|
private string? _signerSetHash;
|
|
private string? _timeWindow;
|
|
private readonly ProvcacheOptions _options;
|
|
|
|
/// <summary>
|
|
/// Creates a new VeriKeyBuilder with default options.
|
|
/// </summary>
|
|
public VeriKeyBuilder() : this(new ProvcacheOptions())
|
|
{
|
|
}
|
|
|
|
/// <summary>
|
|
/// Creates a new VeriKeyBuilder with the specified options.
|
|
/// </summary>
|
|
/// <param name="options">Provcache configuration options.</param>
|
|
public VeriKeyBuilder(ProvcacheOptions options)
|
|
{
|
|
_options = options ?? throw new ArgumentNullException(nameof(options));
|
|
}
|
|
}
|