25 lines
2.6 KiB
JSON
25 lines
2.6 KiB
JSON
[
|
|
{
|
|
"feature": "policy-trace-panel.md",
|
|
"tier": "2a",
|
|
"timestamp": "2026-02-13T21:38:00Z",
|
|
"method": "curl + code-review",
|
|
"request": "curl.exe -sk https://127.1.0.1/gateway/api/v1/policy/trace; curl.exe -sk http://127.1.0.3:80/api/v1/score/history",
|
|
"responseCode": 401,
|
|
"responseSnippet": "Gateway: {\"error\":\"Endpoint not found\",\"status\":404} (no microservice registered policy/trace endpoint via Router); Platform score/history: 401 (auth required)",
|
|
"verdict": "partial",
|
|
"notes": "Policy trace panel is a UI/API feature. The gateway currently shows 404 for /api/v1/policy/trace because no microservice has registered this endpoint via the Router SDK yet. However, the Platform service hosts related score and policy endpoints: /api/v1/score/evaluate (POST, 401), /api/v1/score/history (GET, 401), /api/v1/score/{scoreId}/replay (GET), /api/v1/score/verify (POST). The Policy service at 127.1.0.14 returned 500 on healthz, indicating it may not be fully operational. The policy trace data is available through the score evaluation pipeline (ScoreEvaluationService, ReplayLogBuilder, ReplayVerifier). The API module (src/Api/) generates OpenAPI specs (stella.yaml) that define the policy/trace schema."
|
|
},
|
|
{
|
|
"feature": "score-api-endpoints.md",
|
|
"tier": "2a",
|
|
"timestamp": "2026-02-13T21:38:00Z",
|
|
"method": "curl + code-review",
|
|
"request": "curl.exe -sk http://127.1.0.3:80/api/v1/score/weights; curl.exe -sk http://127.1.0.3:80/api/v1/score/weights/effective; curl.exe -sk http://127.1.0.3:80/api/v1/score/history",
|
|
"responseCode": 401,
|
|
"responseSnippet": "All score endpoints return HTTP 401 Unauthorized",
|
|
"verdict": "pass",
|
|
"notes": "Score API endpoints are live on Platform service (not 404). Full endpoint surface verified via code review of ScoreEndpoints.cs: GET /api/v1/score/history (with tenantId, artifactDigest, limit, before query params), POST /api/v1/score/evaluate (evaluates score for artifact), GET /api/v1/score/{scoreId} (retrieve specific score), GET /api/v1/score/weights/ (list weight manifests), GET /api/v1/score/weights/{version} (specific version), GET /api/v1/score/weights/effective (effective merged weights), GET /api/v1/score/{scoreId}/replay (deterministic replay verification), POST /api/v1/score/verify (hash verification). All return 401 (auth required with ScoreRead/ScoreEvaluate scopes), confirming endpoints exist and auth middleware is active. Backend: IScoreEvaluationService, IScoreHistoryStore (Postgres or InMemory), UnifiedScoreServices, ReplayLogBuilder, ReplayVerifier."
|
|
}
|
|
]
|