up

src/Concelier/StellaOps.Concelier.WebService/Program.cs

@@ -1752,6 +1752,9 @@ LnmLinksetResponse ToLnmResponse(
     bool includeObservations)
 {
     var normalized = linkset.Normalized;
+    var severity = normalized?.Severities?.FirstOrDefault() is { } severityDict
+        ? ExtractSeverity(severityDict)
+        : null;
     var conflicts = includeConflicts
         ? (linkset.Conflicts ?? Array.Empty<AdvisoryLinksetConflict>()).Select(c =>
             new LnmLinksetConflict(
@@ -1764,7 +1767,13 @@ LnmLinksetResponse ToLnmResponse(
         : Array.Empty<LnmLinksetConflict>();
 
     var timeline = includeTimeline
-        ? Array.Empty<LnmLinksetTimeline>() // timeline not yet captured in linkset store
+        ? new[]
+        {
+            new LnmLinksetTimeline(
+                Event: "created",
+                At: linkset.CreatedAt,
+                EvidenceHash: linkset.Provenance?.ObservationHashes?.FirstOrDefault())
+        }
         : Array.Empty<LnmLinksetTimeline>();
 
     var provenance = linkset.Provenance is null
@@ -1780,6 +1789,7 @@ LnmLinksetResponse ToLnmResponse(
         : new LnmLinksetNormalized(
             Aliases: null,
             Purl: normalized.Purls,
+            Cpe: normalized.Cpes,
             Versions: normalized.Versions,
             Ranges: normalized.Ranges?.Select(r => (object)r).ToArray(),
             Severities: normalized.Severities?.Select(s => (object)s).ToArray());
@@ -1788,11 +1798,11 @@ LnmLinksetResponse ToLnmResponse(
         linkset.AdvisoryId,
         linkset.Source,
         normalized?.Purls ?? Array.Empty<string>(),
-        Array.Empty<string>(),
+        normalized?.Cpes ?? Array.Empty<string>(),
         Summary: null,
         PublishedAt: linkset.CreatedAt,
         ModifiedAt: linkset.CreatedAt,
-        Severity: null,
+        Severity: severity,
         Status: "fact-only",
         provenance,
         conflicts,
@@ -1803,6 +1813,27 @@ LnmLinksetResponse ToLnmResponse(
         Observations: includeObservations ? linkset.ObservationIds : Array.Empty<string>());
 }
 
+string? ExtractSeverity(IReadOnlyDictionary<string, object?> severityDict)
+{
+    if (severityDict.TryGetValue("system", out var systemObj) && systemObj is string system && !string.IsNullOrWhiteSpace(system) &&
+        severityDict.TryGetValue("score", out var scoreObj))
+    {
+        return $"{system}:{scoreObj}";
+    }
+
+    if (severityDict.TryGetValue("score", out var scoreOnly) && scoreOnly is not null)
+    {
+        return scoreOnly.ToString();
+    }
+
+    if (severityDict.TryGetValue("value", out var value) && value is string valueString && !string.IsNullOrWhiteSpace(valueString))
+    {
+        return valueString;
+    }
+
+    return null;
+}
+
 IResult JsonResult<T>(T value, int? statusCode = null)
 {
     var payload = JsonSerializer.Serialize(value, Program.JsonOptions);