up

src/Scanner/StellaOps.Scanner.WebService/Endpoints/RuntimeEndpoints.cs

@@ -37,6 +37,15 @@ internal static class RuntimeEndpoints
             .Produces(StatusCodes.Status400BadRequest)
             .Produces(StatusCodes.Status429TooManyRequests)
             .RequireAuthorization(ScannerPolicies.RuntimeIngest);
+
+        runtime.MapPost("/reconcile", HandleRuntimeReconcileAsync)
+            .WithName("scanner.runtime.reconcile")
+            .WithSummary("Reconcile runtime-observed libraries against SBOM inventory")
+            .WithDescription("Compares libraries observed at runtime against the static SBOM to identify discrepancies")
+            .Produces<RuntimeReconcileResponseDto>(StatusCodes.Status200OK)
+            .Produces(StatusCodes.Status400BadRequest)
+            .Produces(StatusCodes.Status404NotFound)
+            .RequireAuthorization(ScannerPolicies.RuntimeIngest);
     }
 
     private static async Task<IResult> HandleRuntimeEventsAsync(
@@ -234,6 +243,75 @@ internal static class RuntimeEndpoints
         return null;
     }
 
+    private static async Task<IResult> HandleRuntimeReconcileAsync(
+        RuntimeReconcileRequestDto request,
+        IRuntimeInventoryReconciler reconciler,
+        HttpContext context,
+        CancellationToken cancellationToken)
+    {
+        ArgumentNullException.ThrowIfNull(request);
+        ArgumentNullException.ThrowIfNull(reconciler);
+
+        if (string.IsNullOrWhiteSpace(request.ImageDigest))
+        {
+            return ProblemResultFactory.Create(
+                context,
+                ProblemTypes.Validation,
+                "Invalid reconciliation request",
+                StatusCodes.Status400BadRequest,
+                detail: "imageDigest is required.");
+        }
+
+        var reconcileRequest = new RuntimeReconciliationRequest
+        {
+            ImageDigest = request.ImageDigest,
+            RuntimeEventId = request.RuntimeEventId,
+            MaxMisses = request.MaxMisses > 0 ? request.MaxMisses : 100
+        };
+
+        var result = await reconciler.ReconcileAsync(reconcileRequest, cancellationToken).ConfigureAwait(false);
+
+        var responseDto = new RuntimeReconcileResponseDto
+        {
+            ImageDigest = result.ImageDigest,
+            RuntimeEventId = result.RuntimeEventId,
+            SbomArtifactId = result.SbomArtifactId,
+            TotalRuntimeLibraries = result.TotalRuntimeLibraries,
+            TotalSbomComponents = result.TotalSbomComponents,
+            MatchCount = result.MatchCount,
+            MissCount = result.MissCount,
+            Misses = result.Misses
+                .Select(m => new RuntimeLibraryMissDto
+                {
+                    Path = m.Path,
+                    Sha256 = m.Sha256,
+                    Inode = m.Inode
+                })
+                .ToList(),
+            Matches = result.Matches
+                .Select(m => new RuntimeLibraryMatchDto
+                {
+                    RuntimePath = m.RuntimePath,
+                    RuntimeSha256 = m.RuntimeSha256,
+                    SbomComponentKey = m.SbomComponentKey,
+                    SbomComponentName = m.SbomComponentName,
+                    MatchType = m.MatchType
+                })
+                .ToList(),
+            ReconciledAt = result.ReconciledAt,
+            ErrorCode = result.ErrorCode,
+            ErrorMessage = result.ErrorMessage
+        };
+
+        if (!string.IsNullOrEmpty(result.ErrorCode) &&
+            result.ErrorCode is "RUNTIME_EVENT_NOT_FOUND" or "NO_RUNTIME_EVENTS")
+        {
+            return Json(responseDto, StatusCodes.Status404NotFound);
+        }
+
+        return Json(responseDto, StatusCodes.Status200OK);
+    }
+
     private static string NormalizeSegment(string segment)
     {
         if (string.IsNullOrWhiteSpace(segment))