wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10

2026-02-23 15:30:50 +02:00
parent bd8fee6ed8
commit e746577380
1424 changed files with 81225 additions and 25251 deletions
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/EvidenceThreadEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/EvidenceThreadEndpoints.cs
@@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Services;
 using StellaOps.ReleaseOrchestrator.EvidenceThread.Export;
 using StellaOps.ReleaseOrchestrator.EvidenceThread.Models;
@@ -31,13 +32,14 @@ public static class EvidenceThreadEndpoints
    public static IEndpointRouteBuilder MapEvidenceThreadEndpoints(this IEndpointRouteBuilder app)
    {
        var evidence = app.MapGroup("/api/v1/evidence")
-            .WithTags("Evidence Thread");
+            .WithTags("Evidence Thread")
+            .RequireAuthorization(PlatformPolicies.ContextRead);

        // GET /api/v1/evidence/{artifactDigest} - Get evidence thread for artifact
        evidence.MapGet("/{artifactDigest}", GetEvidenceThread)
            .WithName("GetEvidenceThread")
            .WithSummary("Get evidence thread for an artifact")
-            .WithDescription("Retrieves the full evidence thread graph for an artifact by its digest.")
+            .WithDescription("Retrieves the full evidence thread graph for an artifact by its digest, including node count, link count, verdict, and risk score.")
            .Produces<EvidenceThreadResponse>(StatusCodes.Status200OK)
            .Produces(StatusCodes.Status404NotFound)
            .Produces(StatusCodes.Status400BadRequest);
@@ -46,7 +48,8 @@ public static class EvidenceThreadEndpoints
        evidence.MapPost("/{artifactDigest}/export", ExportEvidenceThread)
            .WithName("ExportEvidenceThread")
            .WithSummary("Export evidence thread as DSSE bundle")
-            .WithDescription("Exports the evidence thread as a signed DSSE envelope for offline verification.")
+            .WithDescription("Exports the evidence thread as a signed DSSE envelope for offline verification. Supports DSSE, JSON, Markdown, and PDF formats. The envelope is optionally signed with the specified key.")
+            .RequireAuthorization(PlatformPolicies.ContextWrite)
            .Produces<EvidenceExportResponse>(StatusCodes.Status200OK)
            .Produces(StatusCodes.Status404NotFound)
            .Produces(StatusCodes.Status400BadRequest);
@@ -55,7 +58,8 @@ public static class EvidenceThreadEndpoints
        evidence.MapPost("/{artifactDigest}/transcript", GenerateTranscript)
            .WithName("GenerateEvidenceTranscript")
            .WithSummary("Generate natural language transcript")
-            .WithDescription("Generates a natural language transcript explaining the evidence thread.")
+            .WithDescription("Generates a natural language transcript explaining the evidence thread in summary, detailed, or audit format. May invoke an LLM for rationale generation when enabled.")
+            .RequireAuthorization(PlatformPolicies.ContextWrite)
            .Produces<EvidenceTranscriptResponse>(StatusCodes.Status200OK)
            .Produces(StatusCodes.Status404NotFound)
            .Produces(StatusCodes.Status400BadRequest);
@@ -64,7 +68,7 @@ public static class EvidenceThreadEndpoints
        evidence.MapGet("/{artifactDigest}/nodes", GetEvidenceNodes)
            .WithName("GetEvidenceNodes")
            .WithSummary("Get evidence nodes for an artifact")
-            .WithDescription("Retrieves all evidence nodes in the thread.")
+            .WithDescription("Retrieves all evidence nodes in the thread, optionally filtered by node kind (e.g., sbom, scan, attestation). Returns node summaries, confidence scores, and anchor counts.")
            .Produces<EvidenceNodeListResponse>(StatusCodes.Status200OK)
            .Produces(StatusCodes.Status404NotFound)
            .Produces(StatusCodes.Status400BadRequest);
@@ -73,7 +77,7 @@ public static class EvidenceThreadEndpoints
        evidence.MapGet("/{artifactDigest}/links", GetEvidenceLinks)
            .WithName("GetEvidenceLinks")
            .WithSummary("Get evidence links for an artifact")
-            .WithDescription("Retrieves all evidence links in the thread.")
+            .WithDescription("Retrieves all directed evidence links in the thread, describing provenance and dependency relationships between evidence nodes.")
            .Produces<EvidenceLinkListResponse>(StatusCodes.Status200OK)
            .Produces(StatusCodes.Status404NotFound)
            .Produces(StatusCodes.Status400BadRequest);
@@ -82,7 +86,8 @@ public static class EvidenceThreadEndpoints
        evidence.MapPost("/{artifactDigest}/collect", CollectEvidence)
            .WithName("CollectEvidence")
            .WithSummary("Collect evidence for an artifact")
-            .WithDescription("Triggers collection of all available evidence for an artifact.")
+            .WithDescription("Triggers collection of all available evidence for an artifact: SBOM diff, reachability graph, VEX advisories, and attestations. Returns the count of nodes and links created, plus any collection errors.")
+            .RequireAuthorization(PlatformPolicies.ContextWrite)
            .Produces<EvidenceCollectionResponse>(StatusCodes.Status200OK)
            .Produces(StatusCodes.Status400BadRequest);