risk

type ActionPath struct {
	PathID                     string   `json:"path_id"`
	Org                        string   `json:"org"`
	Repo                       string   `json:"repo"`
	AgentID                    string   `json:"agent_id,omitempty"`
	ToolType                   string   `json:"tool_type"`
	Location                   string   `json:"location,omitempty"`
	WriteCapable               bool     `json:"write_capable"`
	OperationalOwner           string   `json:"operational_owner,omitempty"`
	OwnerSource                string   `json:"owner_source,omitempty"`
	OwnershipStatus            string   `json:"ownership_status,omitempty"`
	ApprovalGapReasons         []string `json:"approval_gap_reasons,omitempty"`
	PullRequestWrite           bool     `json:"pull_request_write,omitempty"`
	MergeExecute               bool     `json:"merge_execute,omitempty"`
	DeployWrite                bool     `json:"deploy_write,omitempty"`
	DeliveryChainStatus        string   `json:"delivery_chain_status,omitempty"`
	ProductionTargetStatus     string   `json:"production_target_status,omitempty"`
	ProductionWrite            bool     `json:"production_write"`
	ApprovalGap                bool     `json:"approval_gap"`
	SecurityVisibilityStatus   string   `json:"security_visibility_status,omitempty"`
	CredentialAccess           bool     `json:"credential_access"`
	DeploymentStatus           string   `json:"deployment_status,omitempty"`
	ExecutionIdentity          string   `json:"execution_identity,omitempty"`
	ExecutionIdentityType      string   `json:"execution_identity_type,omitempty"`
	ExecutionIdentitySource    string   `json:"execution_identity_source,omitempty"`
	ExecutionIdentityStatus    string   `json:"execution_identity_status,omitempty"`
	ExecutionIdentityRationale string   `json:"execution_identity_rationale,omitempty"`
	AttackPathScore            float64  `json:"attack_path_score"`
	RiskScore                  float64  `json:"risk_score"`
	RecommendedAction          string   `json:"recommended_action"`
	MatchedProductionTargets   []string `json:"matched_production_targets,omitempty"`
}

type ActionPathSummary struct {
	TotalPaths                  int `json:"total_paths"`
	WriteCapablePaths           int `json:"write_capable_paths"`
	ProductionTargetBackedPaths int `json:"production_target_backed_paths"`
	GovernFirstPaths            int `json:"govern_first_paths"`
}

type ActionPathToControlFirst struct {
	Summary ActionPathSummary `json:"summary"`
	Path    ActionPath        `json:"path"`
}

type RepoAggregate struct {
	Org      string  `json:"org"`
	Repo     string  `json:"repo"`
	Score    float64 `json:"combined_risk_score"`
	Autonomy string  `json:"highest_autonomy"`
}

type Report struct {
	GeneratedAt              string                    `json:"generated_at"`
	TopN                     []ScoredFinding           `json:"top_findings"`
	Ranked                   []ScoredFinding           `json:"ranked_findings"`
	Repos                    []RepoAggregate           `json:"repo_risk"`
	AttackPaths              []riskattack.ScoredPath   `json:"attack_paths,omitempty"`
	TopAttackPaths           []riskattack.ScoredPath   `json:"top_attack_paths,omitempty"`
	ActionPaths              []ActionPath              `json:"action_paths,omitempty"`
	ActionPathToControlFirst *ActionPathToControlFirst `json:"action_path_to_control_first,omitempty"`
}

type ScoredFinding struct {
	CanonicalKey  string        `json:"canonical_key"`
	Score         float64       `json:"risk_score"`
	BlastRadius   float64       `json:"blast_radius"`
	Privilege     float64       `json:"privilege_level"`
	TrustDeficit  float64       `json:"trust_deficit"`
	EndpointClass string        `json:"endpoint_class"`
	DataClass     string        `json:"data_class"`
	AutonomyLevel string        `json:"autonomy_level"`
	Reasons       []string      `json:"reasons"`
	Finding       model.Finding `json:"finding"`
}