wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10

src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageCaseCurrent.cs

@@ -17,6 +17,12 @@ public sealed class TriageCaseCurrent
     [Column("case_id")]
     public Guid CaseId { get; init; }
 
+    /// <summary>
+    /// Tenant owning this case.
+    /// </summary>
+    [Column("tenant_id")]
+    public string TenantId { get; init; } = string.Empty;
+
     /// <summary>
     /// The asset ID.
     /// </summary>

src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageFinding.cs

@@ -18,6 +18,13 @@ public sealed class TriageFinding
     [Column("id")]
     public required Guid Id { get; init; }
 
+    /// <summary>
+    /// Tenant that owns this finding.
+    /// </summary>
+    [Required]
+    [Column("tenant_id")]
+    public required string TenantId { get; init; }
+
     /// <summary>
     /// The asset this finding applies to.
     /// </summary>

src/Scanner/__Libraries/StellaOps.Scanner.Triage/Entities/TriageScan.cs

@@ -16,6 +16,13 @@ public sealed class TriageScan
     [Column("id")]
     public required Guid Id { get; init; }
 
+    /// <summary>
+    /// Tenant that owns this scan.
+    /// </summary>
+    [Required]
+    [Column("tenant_id")]
+    public required string TenantId { get; init; }
+
     /// <summary>
     /// Image reference that was scanned.
     /// </summary>

src/Scanner/__Libraries/StellaOps.Scanner.Triage/Migrations/V3700_001__triage_schema.sql

@@ -65,6 +65,7 @@ END $$;
 -- Scan metadata
 CREATE TABLE IF NOT EXISTS triage_scan (
   id                  uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  tenant_id           text NOT NULL DEFAULT 'default',
   image_reference      text NOT NULL,
   image_digest         text NULL,
   target_digest        text NULL,
@@ -86,6 +87,7 @@ CREATE TABLE IF NOT EXISTS triage_scan (
 -- Core: finding (caseId == findingId)
 CREATE TABLE IF NOT EXISTS triage_finding (
   id              uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  tenant_id        text NOT NULL DEFAULT 'default',
   asset_id         uuid NOT NULL,
   environment_id   uuid NULL,
   asset_label      text NOT NULL,
@@ -104,14 +106,18 @@ CREATE TABLE IF NOT EXISTS triage_finding (
   superseded_by    text NULL,
   delta_comparison_id uuid NULL,
   knowledge_snapshot_id text NULL,
-  UNIQUE (asset_id, environment_id, purl, cve_id, rule_id)
+  UNIQUE (tenant_id, asset_id, environment_id, purl, cve_id, rule_id)
 );
 
+CREATE INDEX IF NOT EXISTS ix_triage_scan_tenant_id ON triage_scan (tenant_id);
+CREATE INDEX IF NOT EXISTS ix_triage_finding_tenant_id ON triage_finding (tenant_id);
 CREATE INDEX IF NOT EXISTS ix_triage_finding_last_seen ON triage_finding (last_seen_at DESC);
 CREATE INDEX IF NOT EXISTS ix_triage_finding_asset_label ON triage_finding (asset_label);
 CREATE INDEX IF NOT EXISTS ix_triage_finding_purl ON triage_finding (purl);
 CREATE INDEX IF NOT EXISTS ix_triage_finding_cve ON triage_finding (cve_id);
 
+ALTER TABLE triage_scan ADD COLUMN IF NOT EXISTS tenant_id text NOT NULL DEFAULT 'default';
+ALTER TABLE triage_finding ADD COLUMN IF NOT EXISTS tenant_id text NOT NULL DEFAULT 'default';
 ALTER TABLE triage_finding ADD COLUMN IF NOT EXISTS artifact_digest text NULL;
 ALTER TABLE triage_finding ADD COLUMN IF NOT EXISTS scan_id uuid NULL;
 ALTER TABLE triage_finding ADD COLUMN IF NOT EXISTS updated_at timestamptz NOT NULL DEFAULT now();
@@ -122,6 +128,9 @@ ALTER TABLE triage_finding ADD COLUMN IF NOT EXISTS fixed_in_version text NULL;
 ALTER TABLE triage_finding ADD COLUMN IF NOT EXISTS superseded_by text NULL;
 ALTER TABLE triage_finding ADD COLUMN IF NOT EXISTS delta_comparison_id uuid NULL;
 ALTER TABLE triage_finding ADD COLUMN IF NOT EXISTS knowledge_snapshot_id text NULL;
+ALTER TABLE triage_finding DROP CONSTRAINT IF EXISTS triage_finding_asset_id_environment_id_purl_cve_id_rule_id_key;
+CREATE UNIQUE INDEX IF NOT EXISTS ux_triage_finding_tenant_asset_env_purl_cve_rule
+  ON triage_finding (tenant_id, asset_id, environment_id, purl, cve_id, rule_id);
 
 DO $$
 BEGIN
@@ -296,6 +305,7 @@ latest_vex AS (
 )
 SELECT
   f.id AS case_id,
+  f.tenant_id,
   f.asset_id,
   f.environment_id,
   f.asset_label,
@@ -323,4 +333,3 @@ FROM triage_finding f
 LEFT JOIN latest_risk r ON r.finding_id = f.id
 LEFT JOIN latest_reach re ON re.finding_id = f.id
 LEFT JOIN latest_vex v ON v.finding_id = f.id;
-

src/Scanner/__Libraries/StellaOps.Scanner.Triage/TASKS.md

@@ -7,3 +7,4 @@ Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_sol
 | REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Scanner/__Libraries/StellaOps.Scanner.Triage/StellaOps.Scanner.Triage.md. |
 | REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
 | SPRINT-20260208-063-TRIAGE-001 | DONE | Implement deterministic exploit-path grouping algorithm and triage cluster model wiring for sprint 063 (2026-02-08). |
+| SPRINT-20260222-057-SCAN-TEN | DONE | `SPRINT_20260222_057_Scanner_tenant_isolation_for_scans_triage_webhooks.md`: added `tenant_id` discriminator fields and tenant-scoped triage uniqueness/indexing for SCAN-TEN-04 (2026-02-22). |

src/Scanner/__Libraries/StellaOps.Scanner.Triage/TriageDbContext.cs

@@ -104,7 +104,10 @@ public sealed class TriageDbContext : DbContext
             entity.HasIndex(e => e.CveId)
                 .HasDatabaseName("ix_triage_finding_cve");
 
-            entity.HasIndex(e => new { e.AssetId, e.EnvironmentId, e.Purl, e.CveId, e.RuleId })
+            entity.HasIndex(e => e.TenantId)
+                .HasDatabaseName("ix_triage_finding_tenant_id");
+
+            entity.HasIndex(e => new { e.TenantId, e.AssetId, e.EnvironmentId, e.Purl, e.CveId, e.RuleId })
                 .IsUnique();
         });