stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

fix(findings): wire VulnExplorer adapters to Postgres + fix route mismatch

Browse Source 
Replace ConcurrentDictionary-based in-memory stores (VexDecisionStore,
FixVerificationStore, AuditBundleStore) with Postgres-backed repositories
that persist VEX decisions, fix verifications, and audit bundles to the
findings schema. The stores auto-detect NpgsqlDataSource availability and
fall back to in-memory mode for tests/offline.

Changes:
- Add migration 010_vex_fix_audit_tables.sql creating vex_decisions,
  fix_verifications, and audit_bundles tables (partitioned by tenant_id)
- Rewrite VexDecisionStore with dual-mode: Postgres when ConnectionStrings__Default
  is configured, ConcurrentDictionary otherwise (backwards-compatible for tests)
- Rewrite FixVerificationStore and AuditBundleStore with same dual-mode pattern
- Wire NpgsqlDataSource in Program.cs from ConnectionStrings__Default
- Add /api/vuln-explorer/findings/{vulnId}/evidence-subgraph route alias to
  match what the Angular UI (EvidenceSubgraphService) actually calls -- the
  gateway forwards this path as-is to the service
- Convert all endpoint handlers to async to use the new Postgres-backed methods
- Add Npgsql PackageReference to VulnExplorer.Api.csproj
- Add VulnExplorerRepositories.cs placeholder in Findings.Ledger.WebService

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-08 18:29:09 +03:00
parent 53f294400f
commit 414049ef82
6 changed files with 887 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/Findings/StellaOps.Findings.Ledger.WebService/Services/VulnExplorerRepositories.cs Normal file
View File

@@ -0,0 +1,33 @@
// <copyright file="VulnExplorerRepositories.cs" company="StellaOps">
// SPDX-License-Identifier: BUSL-1.1
// </copyright>
//
// Postgres-backed repositories for VulnExplorer triage data.
// These replace the ConcurrentDictionary-based stores in VulnExplorer.Api/Data/
// when a database connection is available.
//
// The VulnExplorer.Api service wires these via its own thin adapters
// (see VulnExplorer.Api/Data/VexDecisionStore.cs, TriageWorkflowStores.cs).
// This file is kept here for colocation with the Findings Ledger migration set
// and is Compile-linked into VulnExplorer.Api.csproj.
using Microsoft.Extensions.Logging;
using Npgsql;
using NpgsqlTypes;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace StellaOps.Findings.Ledger.WebService.Services;
/// <summary>
/// Shared JSON serializer options for VulnExplorer Postgres repositories.
/// </summary>
internal static class VulnExplorerJsonDefaults
{
internal static readonly JsonSerializerOptions Options = new()
{
PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
DefaultIgnoreCondition = JsonIgnoreCondition.WhenWritingNull,
Converters = { new JsonStringEnumConverter(JsonNamingPolicy.CamelCase) }
};
}