feat(ttp): E.1.9 API contract — seven router endpoints, admin-gated state mutations, response models

Mounts /api/v1/ttp/* with empty-list / empty-Navigator responses. GET endpoints viewer-gated; POST/DELETE /rules/{rule_id}/state admin-gated server-side. POST parses JSON manually so a malformed body returns the documented 400 (per feedback_schemathesis_400). Drops xfail-strict markers from E.2.8 tests now that the router is mounted; 26 tests pass against the contract handlers.
2026-05-01 07:20:13 -04:00
parent cfbfaabfcd
commit b7f206c8c5
15 changed files with 515 additions and 56 deletions
--- a/decnet/web/router/ttp/api_get_by_attacker.py
+++ b/decnet/web/router/ttp/api_get_by_attacker.py
@@ -0,0 +1,35 @@
+"""GET /api/v1/ttp/by-attacker/{attacker_uuid} — per-IP TTP slice.
+
+Backs the AttackerDetail page's TTP section. See TTP_TAGGING.md
+§"UI surface" + project_attacker_detail_keep memory.
+"""
+from __future__ import annotations
+
+from typing import Any
+
+from fastapi import APIRouter, Depends
+
+from decnet.telemetry import traced as _traced
+from decnet.web.db.models import IdentityTechniqueRow
+from decnet.web.dependencies import require_viewer
+
+router = APIRouter()
+
+
+@router.get(
+    "/ttp/by-attacker/{attacker_uuid}",
+    tags=["TTP Tagging"],
+    response_model=list[IdentityTechniqueRow],
+    responses={
+        401: {"description": "Could not validate credentials"},
+        403: {"description": "Insufficient permissions"},
+        404: {"description": "Attacker not found"},
+    },
+)
+@_traced("api.ttp.by_attacker")
+async def api_ttp_by_attacker(
+    attacker_uuid: str,
+    user: dict[str, Any] = Depends(require_viewer),
+) -> list[IdentityTechniqueRow]:
+    """Per-Attacker (per-IP) TTP rows. Empty at contract phase."""
+    return []