up

2025-11-26 07:47:08 +02:00
parent 56e2f64d07
commit 1c782897f7
184 changed files with 8991 additions and 649 deletions
--- a/src/Signals/StellaOps.Signals/Program.cs
+++ b/src/Signals/StellaOps.Signals/Program.cs
@@ -114,6 +114,15 @@ builder.Services.AddSingleton<IMongoCollection<ReachabilityFactDocument>>(sp =>
    return collection;
 });

+builder.Services.AddSingleton<IMongoCollection<UnknownSymbolDocument>>(sp =>
+{
+    var opts = sp.GetRequiredService<IOptions<SignalsOptions>>().Value;
+    var database = sp.GetRequiredService<IMongoDatabase>();
+    var collection = database.GetCollection<UnknownSymbolDocument>(opts.Mongo.UnknownsCollection);
+    EnsureUnknownsIndexes(collection);
+    return collection;
+});
+
 builder.Services.AddSingleton<ICallgraphRepository, MongoCallgraphRepository>();
 builder.Services.AddSingleton<ICallgraphArtifactStore, FileSystemCallgraphArtifactStore>();
 builder.Services.AddSingleton<ICallgraphParser>(new SimpleJsonCallgraphParser("java"));
@@ -137,6 +146,9 @@ builder.Services.AddSingleton<IReachabilityFactRepository>(sp =>
 });
 builder.Services.AddSingleton<IReachabilityScoringService, ReachabilityScoringService>();
 builder.Services.AddSingleton<IRuntimeFactsIngestionService, RuntimeFactsIngestionService>();
+builder.Services.AddSingleton<IReachabilityUnionIngestionService, ReachabilityUnionIngestionService>();
+builder.Services.AddSingleton<IUnknownsRepository, MongoUnknownsRepository>();
+builder.Services.AddSingleton<IUnknownsIngestionService, UnknownsIngestionService>();

 if (bootstrap.Authority.Enabled)
 {
@@ -392,6 +404,109 @@ signalsGroup.MapPost("/runtime-facts", async Task<IResult> (
    }
 }).WithName("SignalsRuntimeIngest");

+signalsGroup.MapPost("/reachability/union", async Task<IResult> (
+    HttpContext context,
+    SignalsOptions options,
+    [FromHeader(Name = "X-Analysis-Id")] string? analysisId,
+    IReachabilityUnionIngestionService ingestionService,
+    SignalsSealedModeMonitor sealedModeMonitor,
+    CancellationToken cancellationToken) =>
+{
+    if (!Program.TryAuthorize(context, SignalsPolicies.Write, options.Authority.AllowAnonymousFallback, out var authFailure))
+    {
+        return authFailure ?? Results.Unauthorized();
+    }
+
+    if (!Program.TryEnsureSealedMode(sealedModeMonitor, out var sealedFailure))
+    {
+        return sealedFailure ?? Results.StatusCode(StatusCodes.Status503ServiceUnavailable);
+    }
+
+    var id = string.IsNullOrWhiteSpace(analysisId) ? Guid.NewGuid().ToString("N") : analysisId.Trim();
+
+    if (!string.Equals(context.Request.ContentType, "application/zip", StringComparison.OrdinalIgnoreCase))
+    {
+        return Results.BadRequest(new { error = "Content-Type must be application/zip" });
+    }
+
+    try
+    {
+        var response = await ingestionService.IngestAsync(id, context.Request.Body, cancellationToken).ConfigureAwait(false);
+        return Results.Accepted($"/signals/reachability/union/{response.AnalysisId}/meta", response);
+    }
+    catch (Exception ex)
+    {
+        return Results.BadRequest(new { error = ex.Message });
+    }
+}).WithName("SignalsReachabilityUnionIngest");
+
+signalsGroup.MapGet("/reachability/union/{analysisId}/meta", async Task<IResult> (
+    HttpContext context,
+    SignalsOptions options,
+    string analysisId,
+    SignalsSealedModeMonitor sealedModeMonitor,
+    CancellationToken cancellationToken) =>
+{
+    if (!Program.TryAuthorize(context, SignalsPolicies.Read, options.Authority.AllowAnonymousFallback, out var authFailure))
+    {
+        return authFailure ?? Results.Unauthorized();
+    }
+
+    if (!Program.TryEnsureSealedMode(sealedModeMonitor, out var sealedFailure))
+    {
+        return sealedFailure ?? Results.StatusCode(StatusCodes.Status503ServiceUnavailable);
+    }
+
+    if (string.IsNullOrWhiteSpace(analysisId))
+    {
+        return Results.BadRequest(new { error = "analysisId is required." });
+    }
+
+    var path = Path.Combine(options.Storage.RootPath, "reachability_graphs", analysisId.Trim(), "meta.json");
+    if (!File.Exists(path))
+    {
+        return Results.NotFound();
+    }
+
+    var bytes = await File.ReadAllBytesAsync(path, cancellationToken).ConfigureAwait(false);
+    return Results.File(bytes, "application/json");
+}).WithName("SignalsReachabilityUnionMeta");
+
+signalsGroup.MapGet("/reachability/union/{analysisId}/files/{fileName}", async Task<IResult> (
+    HttpContext context,
+    SignalsOptions options,
+    string analysisId,
+    string fileName,
+    SignalsSealedModeMonitor sealedModeMonitor,
+    CancellationToken cancellationToken) =>
+{
+    if (!Program.TryAuthorize(context, SignalsPolicies.Read, options.Authority.AllowAnonymousFallback, out var authFailure))
+    {
+        return authFailure ?? Results.Unauthorized();
+    }
+
+    if (!Program.TryEnsureSealedMode(sealedModeMonitor, out var sealedFailure))
+    {
+        return sealedFailure ?? Results.StatusCode(StatusCodes.Status503ServiceUnavailable);
+    }
+
+    if (string.IsNullOrWhiteSpace(analysisId) || string.IsNullOrWhiteSpace(fileName))
+    {
+        return Results.BadRequest(new { error = "analysisId and fileName are required." });
+    }
+
+    var root = Path.Combine(options.Storage.RootPath, "reachability_graphs", analysisId.Trim());
+    var path = Path.Combine(root, fileName.Replace('/', Path.DirectorySeparatorChar));
+    if (!File.Exists(path))
+    {
+        return Results.NotFound();
+    }
+
+    var contentType = fileName.EndsWith(".json", StringComparison.OrdinalIgnoreCase) ? "application/json" : "application/x-ndjson";
+    var bytes = await File.ReadAllBytesAsync(path, cancellationToken).ConfigureAwait(false);
+    return Results.File(bytes, contentType);
+}).WithName("SignalsReachabilityUnionFile");
+
 signalsGroup.MapPost("/runtime-facts/ndjson", async Task<IResult> (
    HttpContext context,
    SignalsOptions options,
@@ -469,6 +584,62 @@ signalsGroup.MapGet("/facts/{subjectKey}", async Task<IResult> (
    return fact is null ? Results.NotFound() : Results.Ok(fact);
 }).WithName("SignalsFactsGet");

+signalsGroup.MapPost("/unknowns", async Task<IResult> (
+    HttpContext context,
+    SignalsOptions options,
+    UnknownsIngestRequest request,
+    IUnknownsIngestionService ingestionService,
+    SignalsSealedModeMonitor sealedModeMonitor,
+    CancellationToken cancellationToken) =>
+{
+    if (!Program.TryAuthorize(context, SignalsPolicies.Write, options.Authority.AllowAnonymousFallback, out var authFailure))
+    {
+        return authFailure ?? Results.Unauthorized();
+    }
+
+    if (!Program.TryEnsureSealedMode(sealedModeMonitor, out var sealedFailure))
+    {
+        return sealedFailure ?? Results.StatusCode(StatusCodes.Status503ServiceUnavailable);
+    }
+
+    try
+    {
+        var response = await ingestionService.IngestAsync(request, cancellationToken).ConfigureAwait(false);
+        return Results.Accepted($"/signals/unknowns/{response.SubjectKey}", response);
+    }
+    catch (UnknownsValidationException ex)
+    {
+        return Results.BadRequest(new { error = ex.Message });
+    }
+}).WithName("SignalsUnknownsIngest");
+
+signalsGroup.MapGet("/unknowns/{subjectKey}", async Task<IResult> (
+    HttpContext context,
+    SignalsOptions options,
+    string subjectKey,
+    IUnknownsRepository repository,
+    SignalsSealedModeMonitor sealedModeMonitor,
+    CancellationToken cancellationToken) =>
+{
+    if (!Program.TryAuthorize(context, SignalsPolicies.Read, options.Authority.AllowAnonymousFallback, out var authFailure))
+    {
+        return authFailure ?? Results.Unauthorized();
+    }
+
+    if (!Program.TryEnsureSealedMode(sealedModeMonitor, out var sealedFailure))
+    {
+        return sealedFailure ?? Results.StatusCode(StatusCodes.Status503ServiceUnavailable);
+    }
+
+    if (string.IsNullOrWhiteSpace(subjectKey))
+    {
+        return Results.BadRequest(new { error = "subjectKey is required." });
+    }
+
+    var items = await repository.GetBySubjectAsync(subjectKey.Trim(), cancellationToken).ConfigureAwait(false);
+    return items.Count == 0 ? Results.NotFound() : Results.Ok(items);
+}).WithName("SignalsUnknownsGet");
+
 signalsGroup.MapPost("/reachability/recompute", async Task<IResult> (
    HttpContext context,
    SignalsOptions options,
@@ -621,4 +792,31 @@ public partial class Program
            statusCode: StatusCodes.Status503ServiceUnavailable);
        return false;
    }
+
+    internal static void EnsureUnknownsIndexes(IMongoCollection<UnknownSymbolDocument> collection)
+    {
+        ArgumentNullException.ThrowIfNull(collection);
+
+        try
+        {
+            var subjectIndex = new CreateIndexModel<UnknownSymbolDocument>(
+                Builders<UnknownSymbolDocument>.IndexKeys.Ascending(doc => doc.SubjectKey),
+                new CreateIndexOptions { Name = "unknowns_subject_lookup" });
+
+            var dedupeIndex = new CreateIndexModel<UnknownSymbolDocument>(
+                Builders<UnknownSymbolDocument>.IndexKeys
+                    .Ascending(doc => doc.SubjectKey)
+                    .Ascending(doc => doc.SymbolId)
+                    .Ascending(doc => doc.Purl)
+                    .Ascending(doc => doc.EdgeFrom)
+                    .Ascending(doc => doc.EdgeTo),
+                new CreateIndexOptions { Name = "unknowns_subject_symbol_edge_unique", Unique = true });
+
+            collection.Indexes.CreateMany(new[] { subjectIndex, dedupeIndex });
+        }
+        catch (MongoCommandException ex) when (string.Equals(ex.CodeName, "IndexOptionsConflict", StringComparison.Ordinal))
+        {
+            // Ignore to keep startup idempotent when index options differ.
+        }
+    }
 }