feat(graph-api): Add schema review notes for upcoming Graph API changes
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
feat(sbomservice): Add placeholder for SHA256SUMS in LNM v1 fixtures docs(devportal): Create README for SDK archives in public directory build(devportal): Implement offline bundle build script test(devportal): Add link checker script for validating links in documentation test(devportal): Create performance check script for dist folder size test(devportal): Implement accessibility check script using Playwright and Axe docs(devportal): Add SDK quickstart guide with examples for Node.js, Python, and cURL feat(excititor): Implement MongoDB storage for airgap import records test(findings): Add unit tests for export filters hash determinism feat(findings): Define attestation contracts for ledger web service feat(graph): Add MongoDB options and service collection extensions for graph indexing test(graph): Implement integration tests for MongoDB provider and service collection extensions feat(zastava): Define configuration options for Zastava surface secrets build(tests): Create script to run Concelier linkset tests with TRX output
This commit is contained in:
StellaOps Bot
@@ -5,7 +5,7 @@ Graph Indexer + Graph API build the tenant-scoped knowledge graph that powers bl
|
||||
## Scope & responsibilities
|
||||
- Ingest SBOM snapshots, advisory/VEX events, policy overlays, and runtime signals to maintain a first-party graph representation with deterministic node/edge identities.
|
||||
- Serve APIs and saved-query tooling for impact analysis, dependency traversal, diffing, and policy/VEX overlays with explainable provenance.
|
||||
- Supply Graph Explorer UI/CLI experiences, plus Offline Kit exports (`nodes.jsonl`, `edges.jsonl`, `overlays/`) with DSSE manifests for air-gapped replay.
|
||||
- Supply Graph Explorer UI/CLI experiences, plus Offline Kit exports (`nodes.jsonl`, `edges.jsonl`, `overlays/`) with DSSE manifests for air-gapped replay. Analytics overlays are emitted as NDJSON (`overlays/clusters.ndjson`, `overlays/centrality.ndjson`) with deterministic ordering; Mongo-backed providers support production wiring.
|
||||
- Maintain the [Graph Index Canonical Schema](schema.md) and coordinate query/overlay lifecycle with Scheduler, Policy Engine, Vulnerability Explorer, and Export Center.
|
||||
|
||||
## Architecture snapshot (Sprint 30 groundwork)
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
- Helm/Compose should expose two timers for analytics: `GRAPH_ANALYTICS_CLUSTER_INTERVAL` and `GRAPH_ANALYTICS_CENTRALITY_INTERVAL` (ISO-8601 duration, default 5m). Map to `GraphAnalyticsOptions`.
|
||||
- Change-stream/backfill worker toggles via `GRAPH_CHANGE_POLL_INTERVAL`, `GRAPH_BACKFILL_INTERVAL`, `GRAPH_CHANGE_MAX_RETRIES`, `GRAPH_CHANGE_RETRY_BACKOFF`.
|
||||
- Mongo bindings (optional): `GRAPH_CHANGE_COLLECTION`, `GRAPH_CHANGE_SEQUENCE_FIELD`, `GRAPH_CHANGE_NODE_FIELD`, `GRAPH_CHANGE_EDGE_FIELD`, `GRAPH_CHANGE_IDEMPOTENCY_COLLECTION`, `GRAPH_ANALYTICS_SNAPSHOT_COLLECTION`, `GRAPH_ANALYTICS_PROGRESS_COLLECTION`.
|
||||
- Mongo connection: `STELLAOPS_GRAPH_MONGO_CONNECTION` and `STELLAOPS_GRAPH_MONGO_DB` feed `AddGraphMongoDatabase` for clients/services.
|
||||
- New Mongo collections:
|
||||
- `graph_cluster_overlays` — cluster assignments (`tenant`, `snapshot_id`, `node_id`, `cluster_id`, `generated_at`).
|
||||
- `graph_centrality_overlays` — degree + betweenness approximations per node.
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
# Graph API schema review notes (planned)
|
||||
Date: 2025-11-24 (target)
|
||||
Scope: Review OpenAPI/JSON schema for search/query/paths/diff/export, tiles, budgets, and overlays alignment (GRAPH-API-28-001).
|
||||
|
||||
## Attendees
|
||||
- Graph API Guild: TBD
|
||||
- Policy Engine Guild: TBD
|
||||
- QA Guild (observer): TBD
|
||||
|
||||
## Pre-reads
|
||||
- `docs/api/graph-gateway-spec-draft.yaml`
|
||||
- `docs/modules/graph/prep/2025-11-22-graph-api-schema-outline.md`
|
||||
- Policy overlay contract references: `POLICY-ENGINE-30-001..003`
|
||||
|
||||
## Agenda
|
||||
- Validate tile envelope shape and budget semantics.
|
||||
- Confirm overlay payload fields and versioning handshake with Policy Engine.
|
||||
- Decide DSL vs structured filter scope for `/graph/query` v1.
|
||||
- Agree on export manifest shape and size caps for PNG/SVG.
|
||||
|
||||
## Decisions
|
||||
- TODO (capture during review)
|
||||
|
||||
## Open items / follow-ups
|
||||
- TODO
|
||||
|
||||
## Outcomes snapshot
|
||||
- TODO (link to sprint Execution Log once review completes)
|
||||
Reference in New Issue
Block a user