up

docs/modules/excititor/vex_linksets_api.md

@@ -101,4 +101,29 @@ Response 200:
 - Determinism: responses sorted by `vulnerabilityId`, then `productKey`; arrays sorted lexicographically.
 
 ## SDK generation
-- Use this file plus `vex_observations.md` as the source of truth for SDK examples in EXCITITOR-LNM-21-203.
+- Source of truth for EXCITITOR-LNM-21-203 SDK samples (TypeScript/Go/Python) and OpenAPI snippets.
+- Suggested generation inputs:
+  - Schema: this doc + `docs/modules/excititor/vex_observations.md` for field semantics.
+  - Auth: bearer token + `X-Stella-Tenant` header (required).
+  - Pagination: `cursor` (opaque) + `limit` (default 200, max 500).
+- Minimal client example (TypeScript, fetch):
+```ts
+const resp = await fetch(
+  `${baseUrl}/v1/vex/observations?` + new URLSearchParams({
+    vulnerabilityId: "CVE-2024-0001",
+    productKey: "pkg:maven/org.demo/app@1.2.3",
+    limit: "100"
+  }),
+  {
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "X-Stella-Tenant": "default"
+    }
+  }
+);
+const body = await resp.json();
+```
+- Determinism requirements for SDKs:
+  - Preserve server ordering; do not resort items client-side.
+  - Treat `cursor` as opaque; echo it back for next page.
+  - Keep enums case-sensitive as returned by API.