stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c568e09a1db4649976d14ce8e18998dc44bebe02
git.stella-ops.org/docs/features/checked/reachgraph/reachgraph-slice-query-rest-apis.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.8 KiB
Raw Blame History

ReachGraph Slice Query REST APIs

Module

ReachGraph

Status

IMPLEMENTED

Description

REST API layer for ReachGraph with slice queries by package, CVE, entrypoint, and file path. Includes replay endpoint for deterministic verification, pagination service, and store service. While "ReachGraph Service" is known, the specific slice query API layer with multi-dimensional querying (by-package, by-CVE, by-entrypoint, by-file) is a distinct shipped capability.

Implementation Details

  • ReachGraphController: src/ReachGraph/StellaOps.ReachGraph.WebService/Controllers/ReachGraphController.cs -- REST API at v1/reachgraphs with full CRUD and slice queries:
    • POST / -- upsert graph (idempotent by BLAKE3 digest)
    • GET /{digest} -- retrieve full graph (cached 24h, ETag support)
    • GET /{digest}/slice?q= -- slice by package PURL with wildcards, configurable depth/direction
    • GET /{digest}/slice?cve= -- slice by CVE with sinks and reachability paths
    • GET /{digest}/slice?entrypoint= -- slice by entrypoint (max depth 10)
    • GET /{digest}/slice?file= -- slice by file path
    • POST /replay -- deterministic replay verification
    • GET /by-artifact/{artifactDigest} -- list graphs for artifact
    • DELETE /{digest} -- admin delete
  • IReachGraphSliceService: src/ReachGraph/StellaOps.ReachGraph.WebService/Services/IReachGraphSliceService.cs -- four slice methods with configurable depth
  • ReachGraphSliceService: src/ReachGraph/StellaOps.ReachGraph.WebService/Services/ReachGraphSliceService.cs -- cached slice computation
  • SliceQueryResponse model: src/ReachGraph/StellaOps.ReachGraph.WebService/Models/ReachGraphContracts.cs -- SchemaVersion, SliceQuery (type/query/cve/entrypoint/file/depth/direction), Nodes, Edges, counts
  • CveSliceResponse: extends SliceQueryResponse with Sinks and ReachabilityPath (entrypoint-to-sink hops with edges)
  • PaginationService: src/ReachGraph/StellaOps.ReachGraph.WebService/Services/PaginationService.cs -- cursor-based pagination for large slices
  • Tests: src/ReachGraph/__Tests/StellaOps.ReachGraph.WebService.Tests/ReachGraphApiIntegrationTests.cs, ReachGraphTestFactory.cs
  • Source: SPRINT_1227_0012_0002_BE_reachgraph_store.md

E2E Test Plan

  • Verify package slice returns subgraph with nodes/edges at configurable depth (default 3)
  • Test CVE slice returns sinks and reachability paths with hop sequences
  • Verify entrypoint slice traces all downstream paths (max depth 10)
  • Test file-based slice returns reachability for all symbols in a file
  • Verify direction parameter filters upstream/downstream/both edges
  • Test by-artifact listing returns all graphs for an artifact digest
  • Verify response caching (24h for full graph, slice-specific cache keys)