stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10

Browse Source
This commit is contained in:
master
2026-02-23 15:30:50 +02:00
parent bd8fee6ed8
commit e746577380
1424 changed files with 81225 additions and 25251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/Findings/StellaOps.Findings.Ledger.WebService/Endpoints/RuntimeTracesEndpoints.cs
View File

@@ -6,6 +6,7 @@
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Findings.Ledger.WebService.Contracts;
namespace StellaOps.Findings.Ledger.WebService.Endpoints;
@@ -22,29 +23,36 @@ public static class RuntimeTracesEndpoints
{
var group = app.MapGroup("/api/v1/findings")
.WithTags("Runtime Evidence")
.RequireAuthorization();
.RequireAuthorization("scoring.read")
.RequireTenant();
// POST /api/v1/findings/{findingId}/runtime/traces
group.MapPost("/{findingId:guid}/runtime/traces", IngestRuntimeTrace)
.WithName("IngestRuntimeTrace")
.WithDescription("Ingest runtime trace observation for a finding")
.WithSummary("Ingest runtime trace observation for a finding")
.WithDescription("Accepts a runtime trace observation from an eBPF or APM agent, recording which function frames were observed executing within a vulnerable component at runtime. Requires artifact digest and component PURL for cross-referencing. Returns 202 Accepted; the trace is processed asynchronously.")
.Accepts<RuntimeTraceIngestRequest>("application/json")
.Produces<RuntimeTraceIngestResponse>(202)
.ProducesValidationProblem();
.ProducesValidationProblem()
.RequireAuthorization("ledger.events.write");
// GET /api/v1/findings/{findingId}/runtime/traces
group.MapGet("/{findingId:guid}/runtime/traces", GetRuntimeTraces)
.WithName("GetRuntimeTraces")
.WithDescription("Get runtime function traces for a finding")
.WithSummary("Get runtime function traces for a finding")
.WithDescription("Returns the aggregated runtime function traces recorded for a finding, sorted by hit count or recency. Each trace entry includes the function frame, hit count, artifact digest, and component PURL for cross-referencing with SBOM data.")
.Produces<RuntimeTracesResponse>(200)
.Produces(404);
.Produces(404)
.RequireAuthorization("scoring.read");
// GET /api/v1/findings/{findingId}/runtime/score
group.MapGet("/{findingId:guid}/runtime/score", GetRtsScore)
.WithName("GetRtsScore")
.WithDescription("Get Runtime Trustworthiness Score for a finding")
.WithSummary("Get Runtime Trustworthiness Score for a finding")
.WithDescription("Returns the Runtime Trustworthiness Score (RTS) for a finding, derived from observed runtime trace density and recency. A higher RTS indicates that the vulnerable code path has been recently and frequently exercised in production, increasing remediation priority.")
.Produces<RtsScoreResponse>(200)
.Produces(404);
.Produces(404)
.RequireAuthorization("scoring.read");
}
/// <summary>
@@ -54,6 +62,7 @@ public static class RuntimeTracesEndpoints
Guid findingId,
RuntimeTraceIngestRequest request,
IRuntimeTracesService service,
IStellaOpsTenantAccessor tenantAccessor,
CancellationToken ct)
{
var errors = new Dictionary<string, string[]>();
@@ -87,6 +96,7 @@ public static class RuntimeTracesEndpoints
private static async Task<Results<Ok<RuntimeTracesResponse>, NotFound>> GetRuntimeTraces(
Guid findingId,
IRuntimeTracesService service,
IStellaOpsTenantAccessor tenantAccessor,
CancellationToken ct,
[FromQuery] int? limit = null,
[FromQuery] string? sortBy = null)
@@ -110,6 +120,7 @@ public static class RuntimeTracesEndpoints
private static async Task<Results<Ok<RtsScoreResponse>, NotFound>> GetRtsScore(
Guid findingId,
IRuntimeTracesService service,
IStellaOpsTenantAccessor tenantAccessor,
CancellationToken ct)
{
var score = await service.GetRtsScoreAsync(findingId, ct);