DECNET

Files

anti dc3d08dd41 feat(web): read-only /api/v1/identities/* endpoints + repo methods

Second of the five-step identity-resolution substrate. Ships the API
surface against the empty AttackerIdentity table from commit 1 — every
endpoint returns empty/404 cleanly until the clusterer populates rows.

Routes (auth-gated, viewer role):
* GET /api/v1/identities — paginated list, excludes merged-out rows
* GET /api/v1/identities/{uuid} — detail; transparently follows
  merged_into_uuid to surface the canonical winner
* GET /api/v1/identities/{uuid}/observations — Attacker rows FK'd
  to the (resolved) identity uuid

Repository (BaseRepository abstract + SQLModelRepository concrete):
* get_identity_by_uuid (with merge-chain following, hop-bounded)
* list_identities / count_identities (excluding merged-out)
* list_observations_for_identity / count_observations_for_identity

Tests: 12 new (empty-table behavior, seeded data, merge-chain
resolution, repo-level smoke against real SQLite). Also fixes the
pre-existing test_base_repo_coverage failure (DEBT-041 added abstract
methods without updating the DummyRepo stub) — included here because
this PR adds 5 more abstract methods, fixing it as a bonus.

474 db/web/profiler/correlation tests green.

2026-04-26 07:08:55 -04:00

artifacts

feat(api/artifacts): explicit Content-Disposition + X-Content-Type-Options

2026-04-24 13:24:34 -04:00

attackers

refactor(intel): re-key attacker_intel on attacker_uuid (closes DEBT-041)

2026-04-26 05:35:29 -04:00

auth

feat(api): pin response_model on dict-returning mutation routes

2026-04-24 14:27:58 -04:00

bounty

perf: cache /bounty, /logs/histogram, /deckies; bump /config TTL to 5s