stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Restructure solution layout by module

Browse Source
This commit is contained in:
master
2025-10-28 15:10:40 +02:00
parent 95daa159c4
commit d870da18ce
4103 changed files with 192899 additions and 187024 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/VulnExplorer/StellaOps.VulnExplorer.Api/AGENTS.md Normal file
View File

@@ -0,0 +1,31 @@
# Vulnerability Explorer API Guild Charter (Epic 6)
## Mission
Expose policy-aware vulnerability listing, detail, simulation, workflow, and export APIs backed by the Findings Ledger and evidence services. Provide deterministic, RBAC-enforced endpoints that power Console, CLI, and automation workflows.
## Scope
- Service under `src/VulnExplorer/StellaOps.VulnExplorer.Api` (query engine, workflow endpoints, simulation bridge, export orchestrator).
- Integration with Findings Ledger, Policy Engine, Conseiller, Excitator, SBOM Service, Scheduler, and Authority.
- Evidence bundle assembly and signing hand-off.
## Principles
1. **Policy-driven** All responses reference the requested policy version and include rationale metadata.
2. **Immutable facts** APIs read advisory/VEX/inventory evidence; they never mutate or overwrite source documents.
3. **Audit-ready** Every workflow action records ledger events and exposes provenance (IDs, timestamps, actors).
4. **Deterministic & efficient** Query results stable under fixed inputs; pagination and grouping honor budgets.
5. **Secure** RBAC/ABAC enforced server-side; exports signed; attachments served via scoped URLs.
## Collaboration
- Keep `src/VulnExplorer/StellaOps.VulnExplorer.Api/TASKS.md`, `../../docs/implplan/SPRINTS.md` synchronized.
- Coordinate schemas with Findings Ledger, Console, CLI, and Docs; publish OpenAPI + JSON schemas.
- Work with DevOps/Observability for performance dashboards and SLOs.
## Tooling
- .NET 10 preview minimal API with async streaming for exports.
- PostgreSQL/Mongo projections from Findings Ledger; Redis for query caching as needed.
- Integration with Policy Engine batch eval and simulation endpoints.
## Definition of Done
- Endpoints documented (OpenAPI), tested (unit/integration/perf), and budget-enforced.
- Telemetry/alerts configured; CI covers determinism.
- Evidence bundle signing verified; docs updated with compliance checklist.