up
This commit is contained in:
StellaOps Bot
@@ -646,6 +646,25 @@ Persisted documents capture the canonical envelope (`payload` field), tenant/nod
|
||||
|
||||
---
|
||||
|
||||
### 2.10 Signals - Reachability evidence chain
|
||||
|
||||
Signals APIs (base path: `/signals`) provide deterministic ingestion + scoring for the reachability evidence chain (callgraph -> runtime facts -> unknowns -> reachability facts) consumed by Policy and UI explainers.
|
||||
|
||||
| Method | Path | Scope | Notes |
|
||||
|--------|------|-------|-------|
|
||||
| `POST` | `/signals/callgraphs` | `signals:write` | Ingest a callgraph artifact (base64 JSON); response includes `graphHash` (sha256) and CAS URIs. |
|
||||
| `POST` | `/signals/runtime-facts` | `signals:write` | Ingest runtime hit events (JSON). |
|
||||
| `POST` | `/signals/runtime-facts/ndjson` | `signals:write` | Stream NDJSON events (optional gzip) with subject in query params. |
|
||||
| `POST` | `/signals/unknowns` | `signals:write` | Ingest unresolved symbols/edges; influences `unknownsPressure`. |
|
||||
| `GET` | `/signals/facts/{subjectKey}` | `signals:read` | Fetch `ReachabilityFactDocument` including `metadata.fact.digest` and per-target `states[]`. |
|
||||
| `POST` | `/signals/reachability/recompute` | `signals:admin` | Recompute reachability for explicit targets and blocked edges. |
|
||||
|
||||
Docs & samples:
|
||||
- `docs/api/signals/reachability-contract.md`
|
||||
- `docs/api/signals/samples/callgraph-sample.json`
|
||||
- `docs/api/signals/samples/facts-sample.json`
|
||||
- `docs/reachability/lattice.md`
|
||||
|
||||
### 2.9 CVSS Receipts (Policy Gateway)
|
||||
|
||||
Policy Gateway proxies the Policy Engine CVSS v4 receipt APIs. Scopes: `policy.run` for create/amend, `findings.read` for read/history/policies.
|
||||
|
||||
Reference in New Issue
Block a user