stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10

Browse Source
This commit is contained in:
master
2026-02-23 15:30:50 +02:00
parent bd8fee6ed8
commit e746577380
1424 changed files with 81225 additions and 25251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/modules/graph/README.md
View File

@@ -37,7 +37,14 @@ Graph Indexer + Graph API build the tenant-scoped knowledge graph that powers bl
## Operations & runbook (Sprint 030)
- Dashboards: import `Observability/graph-api-grafana.json` (panels for latency, budget denials, overlay cache ratio, export latency). Apply tenant filter in every panel.
- Health checks: `/healthz` should be 200; search/query/paths/diff/export endpoints require `X-Stella-Tenant`, `Authorization`, and scopes (`graph:read/query/export`).
- Health checks: `/healthz` should be 200; search/query/paths/diff/export endpoints require tenant context, `Authorization`, and graph scopes (`graph:read/query/export`).
- Tenant context resolution:
- Canonical header: `X-StellaOps-Tenant`.
- Compatibility headers: `X-Stella-Tenant`, `X-Tenant-Id` (migration-only).
- Conflicting tenant values across headers/claims are rejected deterministically with `400 GRAPH_VALIDATION_FAILED`.
- Scope enforcement:
- Graph endpoints authorize against claim-based policies (`Graph.ReadOrQuery`, `Graph.Query`, `Graph.Export`).
- Header scope compatibility (`X-StellaOps-Scopes`, `X-Stella-Scopes`) is bridged once at authentication and then evaluated only through policies.
- Key metrics (new):
- `graph_tile_latency_seconds` histogram (label `route`); alert when p95 > 1.5s for 5m.
- `graph_query_budget_denied_total` counter (label `reason`); investigate spikes (>50 in 5m).