Implement ledger metrics for observability and add tests for Ruby packages endpoints

- Added `LedgerMetrics` class to record write latency and total events for ledger operations. - Created comprehensive tests for Ruby packages endpoints, covering scenarios for missing inventory, successful retrieval, and identifier handling. - Introduced `TestSurfaceSecretsScope` for managing environment variables during tests. - Developed `ProvenanceMongoExtensions` for attaching DSSE provenance and trust information to event documents. - Implemented `EventProvenanceWriter` and `EventWriter` classes for managing event provenance in MongoDB. - Established MongoDB indexes for efficient querying of events based on provenance and trust. - Added models and JSON parsing logic for DSSE provenance and trust information.
2025-11-13 09:29:09 +02:00
parent 151f6b35cc
commit 61f963fd52
101 changed files with 5881 additions and 1776 deletions
--- a/src/Concelier/StellaOps.Concelier.WebService/Contracts/AdvisoryChunkResponses.cs
+++ b/src/Concelier/StellaOps.Concelier.WebService/Contracts/AdvisoryChunkResponses.cs
@@ -1,26 +1,72 @@
 using System.Collections.Generic;
+using System.Text.Json.Serialization;

 namespace StellaOps.Concelier.WebService.Contracts;

-public sealed record AdvisoryChunkCollectionResponse(
+public sealed record AdvisoryStructuredFieldResponse(
    string AdvisoryKey,
    int Total,
    bool Truncated,
-    IReadOnlyList<AdvisoryChunkItemResponse> Chunks,
-    IReadOnlyList<AdvisoryChunkSourceResponse> Sources);
+    IReadOnlyList<AdvisoryStructuredFieldEntry> Entries);

-public sealed record AdvisoryChunkItemResponse(
+public sealed record AdvisoryStructuredFieldEntry(
+    string Type,
    string DocumentId,
+    string FieldPath,
    string ChunkId,
-    string Section,
-    string ParagraphId,
-    string Text,
-    IReadOnlyDictionary<string, string> Metadata);
+    AdvisoryStructuredFieldContent Content,
+    AdvisoryStructuredFieldProvenance Provenance);

-public sealed record AdvisoryChunkSourceResponse(
-    string ObservationId,
-    string DocumentId,
-    string Format,
-    string Vendor,
-    string ContentHash,
-    DateTimeOffset CreatedAt);
+public sealed record AdvisoryStructuredFieldContent
+{
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? Title { get; init; }
+
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? Description { get; init; }
+
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? Url { get; init; }
+
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? Note { get; init; }
+
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public AdvisoryStructuredFixContent? Fix { get; init; }
+
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public AdvisoryStructuredCvssContent? Cvss { get; init; }
+
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public AdvisoryStructuredAffectedContent? Affected { get; init; }
+}
+
+public sealed record AdvisoryStructuredFixContent(
+    string? PackageType,
+    string? PackageIdentifier,
+    string? FixedVersion,
+    string? ReferenceUrl);
+
+public sealed record AdvisoryStructuredCvssContent(
+    string Version,
+    string Vector,
+    double BaseScore,
+    string Severity);
+
+public sealed record AdvisoryStructuredAffectedContent(
+    string PackageType,
+    string PackageIdentifier,
+    string? Platform,
+    string RangeKind,
+    string? IntroducedVersion,
+    string? FixedVersion,
+    string? LastAffectedVersion,
+    string? RangeExpression,
+    string? Status);
+
+public sealed record AdvisoryStructuredFieldProvenance(
+    string Source,
+    string Kind,
+    string? Value,
+    DateTimeOffset RecordedAt,
+    IReadOnlyList<string> FieldMask);