/**
 * Evidence source trust levels and record types.
 *
 * Trust levels determine how much confidence we can place in a piece of evidence
 * during ship validation. Lower-trust sources require residual-risk callouts.
 */

/** Where the evidence originated and how much we trust it. */
export type EvidenceSourceTrust =
  | "local-command"
  | "project-metadata"
  | "project-source"
  | "user-provided"
  | "external-system"
  | "manual-note";

/** What category of evidence this record captures. */
export type EvidenceRecordKind =
  | "sdk-signature"
  | "metadata"
  | "tdd-red"
  | "tdd-green"
  | "verify"
  | "evaluation"
  | "manual";

/**
 * A single piece of evidence produced during a development run.
 *
 * `id` follows the format `E-{seq_4digits}`, e.g. `E-0001`.
 */
export interface EvidenceRecord {
  /** Unique identifier, e.g. "E-0001". */
  id: string;

  /** Logical path / topic this evidence relates to. */
  path: string;

  /** Category of the evidence. */
  kind: EvidenceRecordKind;

  /** How much we trust the source. */
  sourceTrust: EvidenceSourceTrust;

  /** Trace id linking back to the producer (e.g. a command run id). */
  producerTraceId: string;

  /** Shell command that produced this evidence (if applicable). */
  command?: string;

  /** Exit code of the command (if applicable). */
  exitCode?: number;

  /** References to source files, URLs, or other artefacts. */
  sourceRefs: string[];

  /** ISO-8601 timestamp when the evidence was created. */
  createdAt: string;
}