handler

package
v0.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 26, 2026 License: AGPL-3.0 Imports: 49 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseIntervalListQueryParam 

func ParseIntervalListQueryParam(intervalQuery string, def []time.Duration) ([]time.Duration, error)

func RegisterHandlers 

func RegisterHandlers(server *api.Server, logger *zap.SugaredLogger, db *gorm.DB, config *config.Config, services *APIServices)

func UserDisplayName added in v0.17.0 

func UserDisplayName(user relational.User) string

Types

type APIServices added in v0.13.0 

type APIServices struct {
	EvidenceService            *evidencesvc.EvidenceService
	RiskEnqueuer               evidencesvc.RiskJobEnqueuer
	DigestService              *digest.Service
	WorkflowManager            *workflow.Manager
	NotificationEnqueuer       workflow.NotificationEnqueuer
	NotificationWorkerEnqueuer notification.WorkerEnqueuer
	DAGExecutor                *workflow.DAGExecutor
	// PEP is the shared, config-selected Policy Enforcement Point used by every guarded
	// route. cmd/run.go builds it once (around the configured PDP) and passes it in; when
	// nil (e.g. test suites) RegisterHandlers falls back to a builtin-backed PEP, which
	// reproduces the prior access rules with no behavior change.
	PEP *middleware.PEP
}

APIServices contains all services needed by API handlers

type AgentHandler added in v0.15.0 

type AgentHandler struct {
	// contains filtered or unexported fields
}

func NewAgentHandler added in v0.15.0 

func NewAgentHandler(sugar *zap.SugaredLogger, db *gorm.DB) *AgentHandler

func (*AgentHandler) CreateAgent added in v0.15.0 

func (h *AgentHandler) CreateAgent(ctx echo.Context) error

func (*AgentHandler) CreateAgentKey added in v0.15.0 

func (h *AgentHandler) CreateAgentKey(ctx echo.Context) error

func (*AgentHandler) DeleteAgent added in v0.15.0 

func (h *AgentHandler) DeleteAgent(ctx echo.Context) error

func (*AgentHandler) DeleteAgentKey added in v0.15.0 

func (h *AgentHandler) DeleteAgentKey(ctx echo.Context) error

func (*AgentHandler) GetAgent added in v0.15.0 

func (h *AgentHandler) GetAgent(ctx echo.Context) error

func (*AgentHandler) GetAgentKey added in v0.15.0 

func (h *AgentHandler) GetAgentKey(ctx echo.Context) error

func (*AgentHandler) ListAgentKeys added in v0.15.0 

func (h *AgentHandler) ListAgentKeys(ctx echo.Context) error

func (*AgentHandler) ListAgents added in v0.15.0 

func (h *AgentHandler) ListAgents(ctx echo.Context) error

func (*AgentHandler) Register added in v0.15.0 

func (h *AgentHandler) Register(api *echo.Group)

func (*AgentHandler) UpdateAgent added in v0.15.0 

func (h *AgentHandler) UpdateAgent(ctx echo.Context) error

type CreatedEvidenceResponse added in v0.15.0 

type CreatedEvidenceResponse struct {
	EvidenceFields
	Signature *relational.EvidenceSignature `json:"signature,omitempty"`
}

type DigestHandler added in v0.9.0 

type DigestHandler struct {
	// contains filtered or unexported fields
}

DigestHandler handles digest-related API endpoints

func NewDigestHandler added in v0.9.0 

func NewDigestHandler(digestService *digest.Service, logger *zap.SugaredLogger) *DigestHandler

NewDigestHandler creates a new digest handler

func (*DigestHandler) PreviewDigest added in v0.9.0 

func (h *DigestHandler) PreviewDigest(ctx echo.Context) error

PreviewDigest godoc 

@Summary		Preview evidence digest
@Description	Returns the current evidence summary that would be included in a digest email
@Tags			Digest
@Produce		json
@Success		200	{object}	GenericDataResponse[digest.EvidenceSummary]
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/digest/preview [get]

func (*DigestHandler) Register added in v0.9.0 

func (h *DigestHandler) Register(api *echo.Group)

Register registers the digest endpoints

func (*DigestHandler) TriggerDigest added in v0.9.0 

func (h *DigestHandler) TriggerDigest(ctx echo.Context) error

TriggerDigest godoc 

@Summary		Trigger evidence digest
@Description	Manually triggers the evidence digest job to send emails to all users
@Tags			Digest
@Produce		json
@Param			job	query		string	false	"Job name to trigger (default: global-evidence-digest)"
@Success		200	{object}	map[string]string
@Failure		400	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/digest/trigger [post]

type EvidenceActivity 

type EvidenceActivity struct {
	UUID        uuid.UUID
	Title       string
	Description string
	Remarks     string
	Props       []oscalTypes_1_1_3.Property
	Links       []oscalTypes_1_1_3.Link
	Steps       []EvidenceActivityStep
}

type EvidenceActivityStep 

type EvidenceActivityStep struct {
	UUID        uuid.UUID
	Title       string
	Description string
	Remarks     string
	Props       []oscalTypes_1_1_3.Property
	Links       []oscalTypes_1_1_3.Link
}

type EvidenceComponent 

type EvidenceComponent struct {
	// components/common/ssh
	// components/common/github-repository
	// components/common/github-organisation
	// components/common/ubuntu-22
	// components/internal/auth-policy
	Identifier string

	// Software
	// Service
	Type        string
	Title       string
	Description string
	Remarks     string
	Purpose     string
	Protocols   []oscalTypes_1_1_3.Protocol
	Props       []oscalTypes_1_1_3.Property
	Links       []oscalTypes_1_1_3.Link
}

type EvidenceCreateRequest 

type EvidenceCreateRequest struct {
	// UUID needs to remain consistent for a piece of evidence being collected periodically.
	// It represents the "stream" of the same observation being made over time.
	// For the same checks, performed on the same machine, the UUID for each check should remain the same.
	// For the same check, performed on two different machines, the UUID should differ.
	UUID        uuid.UUID
	Title       string
	Description string
	Remarks     *string

	// Assigning labels to Evidence makes it searchable and easily usable in the UI
	Labels map[string]string

	// When did we start collecting the evidence, and when did the process end, and how long is it valid for ?
	Start   time.Time
	End     time.Time
	Expires *time.Time

	Props      []oscalTypes_1_1_3.Property
	Links      []oscalTypes_1_1_3.Link
	BackMatter *oscalTypes_1_1_3.BackMatter `json:"back-matter,omitempty"`

	// Who or What is generating this evidence
	Origins []oscalTypes_1_1_3.Origin
	// What steps did we take to create this evidence
	Activities     []EvidenceActivity
	InventoryItems []EvidenceInventoryItem
	// Which components of the subject are being observed. A tool, user, policy etc.
	Components []EvidenceComponent
	// Who or What are we providing evidence for. What's under test.
	Subjects []EvidenceSubject
	// Did we satisfy what was being tested for, or did we fail ?
	Status oscalTypes_1_1_3.ObjectiveStatus
}

type EvidenceFields added in v0.15.0 

type EvidenceFields struct {
	ID             *uuid.UUID                           `json:"id"`
	UUID           uuid.UUID                            `json:"uuid,omitempty"`
	Title          string                               `json:"title"`
	Description    string                               `json:"description"`
	Remarks        *string                              `json:"remarks,omitempty"`
	Labels         []relational.Labels                  `json:"labels"`
	Start          time.Time                            `json:"start"`
	End            time.Time                            `json:"end"`
	Expires        *time.Time                           `json:"expires,omitempty"`
	BackMatter     *oscalTypes_1_1_3.BackMatter         `json:"back-matter,omitempty"`
	Props          []oscalTypes_1_1_3.Property          `json:"props"`
	Links          []oscalTypes_1_1_3.Link              `json:"links"`
	Origins        []oscalTypes_1_1_3.Origin            `json:"origins,omitempty"`
	Activities     []oscalTypes_1_1_3.Activity          `json:"activities,omitempty"`
	InventoryItems []oscalTypes_1_1_3.InventoryItem     `json:"inventory-items,omitempty"`
	Components     []oscalTypes_1_1_3.SystemComponent   `json:"components,omitempty"`
	Subjects       []oscalTypes_1_1_3.AssessmentSubject `json:"subjects,omitempty"`
	Status         oscalTypes_1_1_3.ObjectiveStatus     `json:"status"`
}

type EvidenceHandler 

type EvidenceHandler struct {
	// contains filtered or unexported fields
}

func NewEvidenceHandler 

func NewEvidenceHandler(sugar *zap.SugaredLogger, evidenceService *evidencesvc.EvidenceService) *EvidenceHandler

func (*EvidenceHandler) ComplianceByControl 

func (h *EvidenceHandler) ComplianceByControl(ctx echo.Context) error

ComplianceByControl godoc 

@Summary		Get compliance counts by control
@Description	Retrieves the count of evidence statuses for filters associated with a specific Control ID.
@Tags			Evidence
@Produce		json
@Param			id		path		string	true	"Control ID"
@Param			sspId	query		string	false	"System Security Plan ID; limits filters to global + same-SSP"
@Success		200		{object}	GenericDataListResponse[evidence.StatusCount]
@Failure		400		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/evidence/compliance-by-control/{id} [get]

func (*EvidenceHandler) ComplianceByFilter added in v0.5.0 

func (h *EvidenceHandler) ComplianceByFilter(ctx echo.Context) error

ComplianceByFilter godoc 

@Summary		Get compliance status counts by filter/dashboard ID
@Description	Retrieves the count of evidence statuses for a specific filter/dashboard.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Filter/Dashboard ID (UUID)"
@Success		200	{object}	GenericDataListResponse[evidence.StatusCount]
@Failure		400	{object}	api.Error	"Invalid UUID"
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/evidence/compliance-by-filter/{id} [get]

func (*EvidenceHandler) Create 

func (h *EvidenceHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create new Evidence
@Description	Creates a new Evidence record including activities, inventory items, components, and subjects.
@Tags			Evidence
@Accept			json
@Produce		json
@Param			evidence	body		EvidenceCreateRequest	true	"Evidence create request"
@Success		201			{object}	GenericDataResponse[CreatedEvidenceResponse]
@Failure		400			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/evidence [post]

func (*EvidenceHandler) ForControl 

func (h *EvidenceHandler) ForControl(ctx echo.Context) error

ForControl godoc 

@Summary		List Evidence for a Control
@Description	Retrieves Evidence records associated with a specific Control ID, including related activities, inventory items, components, subjects, and labels.
@Tags			Evidence
@Produce		json
@Param			id		path		string	true	"Control ID"
@Param			sspId	query		string	false	"System Security Plan ID; limits filters to global + same-SSP"
@Success		200		{object}	handler.ForControl.EvidenceDataListResponse
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/evidence/for-control/{id} [get]

func (*EvidenceHandler) Get 

func (h *EvidenceHandler) Get(ctx echo.Context) error

Get godoc 

@Summary		Get Evidence by ID
@Description	Retrieves a single Evidence record by its unique ID, including associated activities, inventory items, components, subjects, and labels.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Evidence ID"
@Success		200	{object}	GenericDataResponse[PublicEvidenceResponse]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/evidence/{id} [get]

func (*EvidenceHandler) GetSignature added in v0.15.0 

func (h *EvidenceHandler) GetSignature(ctx echo.Context) error

GetSignature godoc 

@Summary		Get Evidence signature by ID
@Description	Retrieves the stored signature envelope for a single Evidence record.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Evidence ID"
@Success		200	{object}	handler.EvidenceSignatureResponse
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/evidence/{id}/signature [get]

func (*EvidenceHandler) History 

func (h *EvidenceHandler) History(ctx echo.Context) error

History godoc 

@Summary		Get Evidence history by UUID
@Description	Retrieves a the history for a Evidence record by its UUID, including associated activities, inventory items, components, subjects, and labels.
@Tags			Evidence
@Produce		json
@Param			id		path		string	true	"Evidence UUID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[PublicEvidenceResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/evidence/history/{id} [get]

func (*EvidenceHandler) Latest added in v0.13.0 

func (h *EvidenceHandler) Latest(ctx echo.Context) error

Latest godoc 

@Summary		Get latest Evidence by UUID
@Description	Retrieves the most recent Evidence record for a given UUID stream, including associated activities, inventory items, components, subjects, and labels.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Evidence UUID"
@Success		200	{object}	GenericDataResponse[PublicEvidenceResponse]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/evidence/latest/{id} [get]

func (*EvidenceHandler) Register 

func (h *EvidenceHandler) Register(api *echo.Group)

func (*EvidenceHandler) RegisterCreate added in v0.15.0 

func (h *EvidenceHandler) RegisterCreate(api *echo.Group, middlewares ...echo.MiddlewareFunc)

func (*EvidenceHandler) RegisterReadRoutes added in v0.15.0 

func (h *EvidenceHandler) RegisterReadRoutes(api *echo.Group, middlewares ...echo.MiddlewareFunc)

RegisterReadRoutes mounts the read-only evidence routes. Every route here is an evidence read, so the caller passes the read guard (and, since these routes carry no group auth, an optional-auth middleware) as middlewares applied uniformly. POST /search and POST /status-over-time are queries, not mutations — hence read.

func (*EvidenceHandler) RegisterSignatureRoutes added in v0.15.0 

func (h *EvidenceHandler) RegisterSignatureRoutes(api *echo.Group, middlewares ...echo.MiddlewareFunc)

RegisterSignatureRoutes mounts the signature routes; both are reads (verify validates a signature, it does not mutate). The caller passes the read guard.

func (*EvidenceHandler) Search 

func (h *EvidenceHandler) Search(ctx echo.Context) error

Search godoc 

@Summary		Search Evidence
@Description	Searches Evidence records by label filters.
@Tags			Evidence
@Accept			json
@Produce		json
@Param			request			body		filteredSearchRequest	true	"Evidence search request"
@Param			page			query		int						false	"Page number"
@Param			limit			query		int						false	"Page size"
@Param			sortBy			query		string					false	"Sort field: lastSeenAt, name, status"
@Param			sortDirection	query		string					false	"Sort direction: asc, desc"
@Param			name			query		string					false	"Case-insensitive evidence name search"
@Success		200				{object}	svc.ListResponse[PublicEvidenceResponse]
@Failure		400				{object}	api.Error
@Failure		422				{object}	api.Error
@Failure		500				{object}	api.Error
@Router			/evidence/search [post]

func (*EvidenceHandler) StatusOverTime 

func (h *EvidenceHandler) StatusOverTime(ctx echo.Context) error

StatusOverTime godoc 

@Summary		Evidence status metrics over intervals
@Description	Retrieves counts of evidence statuses at various time intervals based on a label filter.
@Tags			Evidence
@Accept			json
@Produce		json
@Param			filter		body		labelfilter.Filter	true	"Label filter"
@Param			intervals	query		string				false	"Comma-separated list of duration intervals (e.g., '10m,1h,24h')"
@Success		200			{object}	handler.GenericDataListResponse[StatusInterval]
@Failure		400			{object}	api.Error
@Failure		422			{object}	api.Error
@Failure		500			{object}	api.Error
@Router			/evidence/status-over-time [post]

func (*EvidenceHandler) StatusOverTimeByUUID 

func (h *EvidenceHandler) StatusOverTimeByUUID(ctx echo.Context) error

StatusOverTimeByUUID godoc 

@Summary		Evidence status metrics over intervals by UUID
@Description	Retrieves counts of evidence statuses at various time intervals for a specific evidence stream identified by UUID.
@Tags			Evidence
@Produce		json
@Param			id			path		string	true	"Evidence UUID"
@Param			intervals	query		string	false	"Comma-separated list of duration intervals (e.g., '10m,1h,24h')"
@Success		200			{object}	handler.GenericDataListResponse[StatusInterval]
@Failure		400			{object}	api.Error
@Failure		422			{object}	api.Error
@Failure		500			{object}	api.Error
@Router			/evidence/status-over-time/{id} [get]

func (*EvidenceHandler) VerifySignature added in v0.15.0 

func (h *EvidenceHandler) VerifySignature(ctx echo.Context) error

VerifySignature godoc 

@Summary		Verify Evidence signature by ID
@Description	Recomputes the current evidence content hash and verifies the stored signed payload.
@Tags			Evidence
@Produce		json
@Param			id	path		string	true	"Evidence ID"
@Success		200	{object}	handler.EvidenceSignatureVerificationResponse
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/evidence/{id}/verify [post]

type EvidenceInventoryItem 

type EvidenceInventoryItem struct {
	// user/chris@linguine.tech
	// operating-system/ubuntu/22.4
	// web-server/ec2/i-12345
	Identifier string

	// "operating-system"	description="System software that manages computer hardware, software resources, and provides common services for computer programs."
	// "database"			description="An electronic collection of data, or information, that is specially organized for rapid search and retrieval."
	// "web-server"			description="A system that delivers content or services to end users over the Internet or an intranet."
	// "dns-server"			description="A system that resolves domain names to internet protocol (IP) addresses."
	// "email-server"		description="A computer system that sends and receives electronic mail messages."
	// "directory-server"	description="A system that stores, organizes and provides access to directory information in order to unify network resources."
	// "pbx"				description="A private branch exchange (PBX) provides a a private telephone switchboard."
	// "firewall"			description="A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules."
	// "router"				description="A physical or virtual networking device that forwards data packets between computer networks."
	// "switch"				description="A physical or virtual networking device that connects devices within a computer network by using packet switching to receive and forward data to the destination device."
	// "storage-array"		description="A consolidated, block-level data storage capability."
	// "appliance"			description="A physical or virtual machine that centralizes hardware, software, or services for a specific purpose."
	Type                  string
	Title                 string
	Description           string
	Remarks               string
	Props                 []oscalTypes_1_1_3.Property
	Links                 []oscalTypes_1_1_3.Link
	ImplementedComponents []struct {
		Identifier string
	}
}

type EvidenceSignatureResponse added in v0.15.0 

type EvidenceSignatureResponse = GenericDataResponse[*evidencesvc.SignatureDetail]

type EvidenceSignatureVerificationResponse added in v0.15.0 

type EvidenceSignatureVerificationResponse = GenericDataResponse[*evidencesvc.VerificationResult]

type EvidenceSubject 

type EvidenceSubject struct {
	Identifier string

	// InventoryItem
	// Component
	Type string

	Description string
	Remarks     string
	Props       []oscalTypes_1_1_3.Property
	Links       []oscalTypes_1_1_3.Link
}

type FilterHandler 

type FilterHandler struct {
	// contains filtered or unexported fields
}

FilterHandler handles CRUD operations for filters.

func NewFilterHandler 

func NewFilterHandler(sugar *zap.SugaredLogger, db *gorm.DB) *FilterHandler

func (*FilterHandler) Create 

func (h *FilterHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create a new filter
@Description	Creates a new filter.
@Tags			Filters
@Accept			json
@Produce		json
@Param			filter	body		createFilterRequest	true	"Filter to add"
@Success		201		{object}	GenericDataResponse[relational.Filter]
@Failure		400		{object}	api.Error
@Failure		422		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/filters [post]

func (*FilterHandler) Delete 

func (h *FilterHandler) Delete(ctx echo.Context) error

Delete godoc 

@Summary		Delete a filter
@Description	Deletes a filter.
@Tags			Filters
@Param			id	path	string	true	"Filter ID"
@Success		204	"No Content"
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/filters/{id} [delete]

func (*FilterHandler) Get 

func (h *FilterHandler) Get(ctx echo.Context) error

Get godoc 

@Summary		Get a filter
@Description	Retrieves a single filter by its unique ID.
@Tags			Filters
@Produce		json
@Param			id	path		string	true	"Filter ID"
@Success		200	{object}	GenericDataResponse[FilterWithAssociations]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Router			/filters/{id} [get]

func (*FilterHandler) ImportFilters added in v0.7.0 

func (h *FilterHandler) ImportFilters(ctx echo.Context) error

ImportFilters godoc 

@Summary		Import dashboard filters
@Description	Import multiple dashboard filter JSON files
@Tags			Filters
@Accept			multipart/form-data
@Produce		json
@Param			files	formData	file	true	"Dashboard filter JSON files to import"
@Success		200		{object}	GenericDataResponse[FilterImportResponse]
@Failure		400		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/filters/import [post]

func (*FilterHandler) List 

func (h *FilterHandler) List(ctx echo.Context) error

List godoc 

@Summary		List filters
@Description	Retrieves filters, optionally filtered by controlId, componentId, sspId, or global scope.
@Tags			Filters
@Produce		json
@Param			controlId	query		string	false	"Control ID"
@Param			componentId	query		string	false	"Component ID"
@Param			sspId		query		string	false	"System Security Plan ID; returns global + same-SSP filters"
@Param			scope		query		string	false	"Filter scope. Use 'global' for global filters only"
@Success		200			{object}	GenericDataListResponse[FilterWithAssociations]
@Failure		400			{object}	api.Error
@Failure		401			{object}	api.Error
@Failure		500			{object}	api.Error
@Router			/filters [get]

func (*FilterHandler) Register 

func (h *FilterHandler) Register(api *echo.Group, guard middleware.ResourceGuard)

Register registers the filter endpoints.

func (*FilterHandler) Update 

func (h *FilterHandler) Update(ctx echo.Context) error

Update godoc 

@Summary		Update a filter
@Description	Updates an existing filter.
@Tags			Filters
@Accept			json
@Produce		json
@Param			id		path		string				true	"Filter ID"
@Param			filter	body		createFilterRequest	true	"Filter to update"
@Success		200		{object}	GenericDataResponse[relational.Filter]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Router			/filters/{id} [put]

type FilterImportFileResult added in v0.7.0 

type FilterImportFileResult struct {
	Filename string `json:"filename"`
	Success  bool   `json:"success"`
	Message  string `json:"message"`
	Count    int    `json:"count,omitempty"`
}

type FilterImportResponse added in v0.7.0 

type FilterImportResponse struct {
	TotalFiles      int                      `json:"total_files"`
	SuccessfulCount int                      `json:"successful_count"`
	FailedCount     int                      `json:"failed_count"`
	TotalDashboards int                      `json:"total_dashboards"`
	Results         []FilterImportFileResult `json:"results"`
}

type FilterWithAssociations added in v0.9.0 

type FilterWithAssociations struct {
	relational.Filter
	Controls   []oscalTypes_1_1_3.Control         `json:"controls"`
	Components []oscalTypes_1_1_3.SystemComponent `json:"components"`
}

type GenericDataListResponse 

type GenericDataListResponse[T any] struct {
	// Items from the list response
	Data []T `json:"data" yaml:"data"`
	Meta any `json:"meta,omitempty" yaml:"meta,omitempty"`
}

type GenericDataResponse 

type GenericDataResponse[T any] struct {
	// Wrapped response data
	Data T `json:"data" yaml:"data"`
}

type GroupsHandler added in v0.17.0 

type GroupsHandler struct {
	// contains filtered or unexported fields
}

GroupsHandler serves the admin CRUD for native CCF user groups and their membership (BCH-1328). Native groups give every user — SSO or local — a source-agnostic group set that the authz group resolver unions with IdP groups into subject.groups. Routes mount under /api/admin/groups behind the same admin gate as the other admin resources.

func NewGroupsHandler added in v0.17.0 

func NewGroupsHandler(sugar *zap.SugaredLogger, db *gorm.DB) *GroupsHandler

func (*GroupsHandler) AddMember added in v0.17.0 

func (h *GroupsHandler) AddMember(ctx echo.Context) error

AddMember godoc 

@Summary		Add a group member
@Description	Adds a user to a native CCF user group (idempotent)
@Tags			Groups
@Accept			json
@Produce		json
@Param			id		path		string												true	"Group ID"
@Param			member	body		handler.GroupsHandler.AddMember.addMemberRequest	true	"Member to add"
@Success		204		{object}	nil
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id}/members [post]

func (*GroupsHandler) AddSSOMapping added in v0.17.0 

func (h *GroupsHandler) AddSSOMapping(ctx echo.Context) error

AddSSOMapping godoc 

@Summary		Map an SSO group to a user group
@Description	Maps an external IdP group (provider + group name) onto a native CCF user group
@Tags			Groups
@Accept			json
@Produce		json
@Param			id		path		string													true	"Group ID"
@Param			mapping	body		handler.GroupsHandler.AddSSOMapping.addMappingRequest	true	"SSO mapping"
@Success		201		{object}	handler.GenericDataResponse[relational.SSOGroupMapping]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		409		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id}/sso-mappings [post]

func (*GroupsHandler) CreateGroup added in v0.17.0 

func (h *GroupsHandler) CreateGroup(ctx echo.Context) error

CreateGroup godoc 

@Summary		Create a user group
@Description	Creates a native CCF user group
@Tags			Groups
@Accept			json
@Produce		json
@Param			group	body		handler.GroupsHandler.CreateGroup.createGroupRequest	true	"Group details"
@Success		201		{object}	handler.GenericDataResponse[relational.UserGroup]
@Failure		400		{object}	api.Error
@Failure		409		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups [post]

func (*GroupsHandler) DeleteGroup added in v0.17.0 

func (h *GroupsHandler) DeleteGroup(ctx echo.Context) error

DeleteGroup godoc 

@Summary		Delete a user group
@Description	Soft-deletes an empty native CCF user group and removes its SSO mappings. Returns 409 if the group still has members.
@Tags			Groups
@Param			id	path		string	true	"Group ID"
@Success		204	{object}	nil
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		409	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id} [delete]

func (*GroupsHandler) GetGroup added in v0.17.0 

func (h *GroupsHandler) GetGroup(ctx echo.Context) error

GetGroup godoc 

@Summary		Get a user group
@Description	Get a native CCF user group by ID
@Tags			Groups
@Produce		json
@Param			id	path		string	true	"Group ID"
@Success		200	{object}	handler.GenericDataResponse[handler.groupResponse]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id} [get]

func (*GroupsHandler) ListGroups added in v0.17.0 

func (h *GroupsHandler) ListGroups(ctx echo.Context) error

ListGroups godoc 

@Summary		List user groups
@Description	Lists all native CCF user groups with their member counts
@Tags			Groups
@Produce		json
@Success		200	{object}	handler.GenericDataListResponse[handler.groupResponse]
@Failure		401	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups [get]

func (*GroupsHandler) ListMembers added in v0.17.0 

func (h *GroupsHandler) ListMembers(ctx echo.Context) error

ListMembers godoc 

@Summary		List group members
@Description	Lists the users that belong to a native CCF user group
@Tags			Groups
@Produce		json
@Param			id	path		string	true	"Group ID"
@Success		200	{object}	handler.GenericDataListResponse[handler.groupMemberResponse]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id}/members [get]

func (*GroupsHandler) ListSSOMappings added in v0.17.0 

func (h *GroupsHandler) ListSSOMappings(ctx echo.Context) error

ListSSOMappings godoc 

@Summary		List SSO group mappings
@Description	Lists the external IdP groups mapped to a native CCF user group
@Tags			Groups
@Produce		json
@Param			id	path		string	true	"Group ID"
@Success		200	{object}	handler.GenericDataListResponse[relational.SSOGroupMapping]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id}/sso-mappings [get]

func (*GroupsHandler) Register added in v0.17.0 

func (h *GroupsHandler) Register(api *echo.Group)

func (*GroupsHandler) RemoveMember added in v0.17.0 

func (h *GroupsHandler) RemoveMember(ctx echo.Context) error

RemoveMember godoc 

@Summary		Remove a group member
@Description	Removes a manually-added user from a native CCF user group. Returns 403 for SSO-synced memberships, which are managed by the identity provider.
@Tags			Groups
@Param			id		path		string	true	"Group ID"
@Param			userId	path		string	true	"User ID"
@Success		204		{object}	nil
@Failure		400		{object}	api.Error
@Failure		403		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id}/members/{userId} [delete]

func (*GroupsHandler) RemoveSSOMapping added in v0.17.0 

func (h *GroupsHandler) RemoveSSOMapping(ctx echo.Context) error

RemoveSSOMapping godoc 

@Summary		Remove an SSO group mapping
@Description	Removes an external IdP group mapping from a native CCF user group
@Tags			Groups
@Param			id			path		string	true	"Group ID"
@Param			mappingId	path		string	true	"Mapping ID"
@Success		204			{object}	nil
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id}/sso-mappings/{mappingId} [delete]

func (*GroupsHandler) UpdateGroup added in v0.17.0 

func (h *GroupsHandler) UpdateGroup(ctx echo.Context) error

UpdateGroup godoc 

@Summary		Update a user group
@Description	Updates a native CCF user group's name or description
@Tags			Groups
@Accept			json
@Produce		json
@Param			id		path		string													true	"Group ID"
@Param			group	body		handler.GroupsHandler.UpdateGroup.updateGroupRequest	true	"Group details"
@Success		200		{object}	handler.GenericDataResponse[relational.UserGroup]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		409		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id} [put]

type HealthHandler added in v0.5.0 

type HealthHandler struct {
	// contains filtered or unexported fields
}

func NewHealthHandler added in v0.5.0 

func NewHealthHandler(sugar *zap.SugaredLogger, db *gorm.DB) *HealthHandler

func (*HealthHandler) Health added in v0.5.0 

func (h *HealthHandler) Health(ctx echo.Context) error

func (*HealthHandler) Ready added in v0.5.0 

func (h *HealthHandler) Ready(ctx echo.Context) error

func (*HealthHandler) Register added in v0.5.0 

func (h *HealthHandler) Register(api *echo.Group)

func (*HealthHandler) WithPDP added in v0.17.0 

func (h *HealthHandler) WithPDP(pdp authz.PDP) *HealthHandler

WithPDP attaches the authorization PDP so readiness reflects the decision engine's availability (a remote AuthZen PDP being down makes the API not-ready). Returns the handler for chaining. The in-process builtin driver doesn't implement Healther, so it is treated as always healthy.

type HeartbeatCreateRequest 

type HeartbeatCreateRequest struct {
	UUID      uuid.UUID `json:"uuid,omitempty" validate:"required"`
	CreatedAt time.Time `json:"created_at,omitempty" validate:"required"`
}

type HeartbeatHandler 

type HeartbeatHandler struct {
	// contains filtered or unexported fields
}

func NewHeartbeatHandler 

func NewHeartbeatHandler(sugar *zap.SugaredLogger, db *gorm.DB) *HeartbeatHandler

func (*HeartbeatHandler) Create 

func (h *HeartbeatHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create Heartbeat
@Description	Creates a new heartbeat record for monitoring.
@Tags			Heartbeat
@Accept			json
@Produce		json
@Param			heartbeat	body	HeartbeatCreateRequest	true	"Heartbeat payload"
@Success		201			"Created"
@Failure		400			{object}	api.Error
@Failure		500			{object}	api.Error
@Router			/agent/heartbeat [post]

func (*HeartbeatHandler) OverTime 

func (h *HeartbeatHandler) OverTime(ctx echo.Context) error

OverTime godoc 

@Summary		Get Heartbeat Metrics Over Time
@Description	Retrieves heartbeat counts aggregated by 2-minute intervals.
@Tags			Heartbeat
@Produce		json
@Success		200	{object}	handler.GenericDataListResponse[handler.OverTime.HeartbeatInterval]
@Failure		500	{object}	api.Error
@Router			/agent/heartbeat/over-time [get]

func (*HeartbeatHandler) Register 

func (h *HeartbeatHandler) Register(api *echo.Group)

func (*HeartbeatHandler) RegisterCreate added in v0.15.0 

func (h *HeartbeatHandler) RegisterCreate(api *echo.Group, middlewares ...echo.MiddlewareFunc)

func (*HeartbeatHandler) RegisterOverTime added in v0.15.0 

func (h *HeartbeatHandler) RegisterOverTime(api *echo.Group, middlewares ...echo.MiddlewareFunc)

type NotificationsHandler added in v0.16.0 

type NotificationsHandler struct {
	// contains filtered or unexported fields
}

func NewNotificationsHandler added in v0.16.0 

func NewNotificationsHandler(sugar *zap.SugaredLogger, db *gorm.DB, cfg *config.Config, enqueuer notification.WorkerEnqueuer) *NotificationsHandler

func (*NotificationsHandler) CreateSystemNotificationDestination added in v0.16.0 

func (h *NotificationsHandler) CreateSystemNotificationDestination(ctx echo.Context) error

CreateSystemNotificationDestination godoc 

@Summary		Create system notification destination
@Description	Creates a new system notification destination configuration for an admin-managed notification
@Tags			Notifications
@Accept			json
@Produce		json
@Param			notificationName	path		string												true	"Notification name"
@Param			destination			body		handler.createSystemNotificationDestinationRequest	true	"Destination details"
@Success		201					{object}	handler.GenericDataResponse[handler.configuredSystemDestinationResponse]
@Failure		400					{object}	api.Error
@Failure		401					{object}	api.Error
@Failure		409					{object}	api.Error
@Failure		500					{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications/{notificationName}/destinations [post]

func (*NotificationsHandler) DeleteSystemNotificationDestination added in v0.16.0 

func (h *NotificationsHandler) DeleteSystemNotificationDestination(ctx echo.Context) error

DeleteSystemNotificationDestination godoc 

@Summary		Delete system notification destination
@Description	Deletes a stored system notification destination configuration for an admin-managed notification
@Tags			Notifications
@Accept			json
@Produce		json
@Param			notificationName	path		string												true	"Notification name"
@Param			destination			body		handler.createSystemNotificationDestinationRequest	true	"Destination details"
@Success		204					{object}	nil
@Failure		400					{object}	api.Error
@Failure		401					{object}	api.Error
@Failure		404					{object}	api.Error
@Failure		500					{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications/{notificationName}/destinations [delete]

func (*NotificationsHandler) GetNotificationDiagnostics added in v0.16.2 

func (h *NotificationsHandler) GetNotificationDiagnostics(ctx echo.Context) error

GetNotificationDiagnostics godoc 

@Summary		Get notification diagnostics
@Description	Runs read-only diagnostics for evidence digest, workflow, risk, or POAM notifications
@Tags			Notifications
@Produce		json
@Param			notificationName	path		string	true	"Notification name or family"
@Success		200					{object}	handler.GenericDataResponse[notificationtroubleshooting.DiagnosticsResponse]
@Failure		400					{object}	api.Error
@Failure		401					{object}	api.Error
@Failure		404					{object}	api.Error	"Not Found"
@Failure		500					{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications/{notificationName}/diagnostics [get]

func (*NotificationsHandler) GetTroubleshootingHealth added in v0.16.2 

func (h *NotificationsHandler) GetTroubleshootingHealth(ctx echo.Context) error

GetTroubleshootingHealth godoc 

@Summary		Get notification troubleshooting health
@Description	Returns provider, worker, queue, subscriber, destination, and schedule health for admin notification troubleshooting
@Tags			Notifications
@Produce		json
@Success		200	{object}	handler.GenericDataResponse[notificationtroubleshooting.HealthResponse]
@Failure		401	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications/health [get]

func (*NotificationsHandler) GetTroubleshootingJob added in v0.16.2 

func (h *NotificationsHandler) GetTroubleshootingJob(ctx echo.Context) error

GetTroubleshootingJob godoc 

@Summary		Get notification River job detail
@Description	Returns one sanitized notification-related River job with attempt errors
@Tags			Notifications
@Produce		json
@Param			id	path		int	true	"River job ID"
@Success		200	{object}	handler.GenericDataResponse[notificationtroubleshooting.JobDetail]
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications/jobs/{id} [get]

func (*NotificationsHandler) ListNotificationProviderStatus added in v0.16.0 

func (h *NotificationsHandler) ListNotificationProviderStatus(ctx echo.Context) error

ListNotificationProviderStatus godoc 

@Summary		List notification provider status
@Description	Returns notification provider availability for authenticated users
@Tags			Notifications
@Produce		json
@Success		200	{object}	handler.GenericDataListResponse[handler.notificationProviderStatusResponse]
@Failure		401	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/notifications/providers [get]

func (*NotificationsHandler) ListNotificationProviders added in v0.16.0 

func (h *NotificationsHandler) ListNotificationProviders(ctx echo.Context) error

ListNotificationProviders godoc 

@Summary		List available notification providers
@Description	Returns notification providers registered in the backend
@Tags			Notifications
@Produce		json
@Success		200	{object}	handler.GenericDataListResponse[handler.availableNotificationProviderResponse]
@Failure		401	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications/providers [get]

func (*NotificationsHandler) ListSystemNotifications added in v0.16.0 

func (h *NotificationsHandler) ListSystemNotifications(ctx echo.Context) error

ListSystemNotifications godoc 

@Summary		List system notification destinations
@Description	Returns system notification destination configurations for admin management
@Tags			Notifications
@Produce		json
@Success		200	{object}	handler.GenericDataListResponse[handler.systemNotificationResponse]
@Failure		401	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications [get]

func (*NotificationsHandler) ListTroubleshootingJobs added in v0.16.2 

func (h *NotificationsHandler) ListTroubleshootingJobs(ctx echo.Context) error

ListTroubleshootingJobs godoc 

@Summary		List notification River jobs
@Description	Lists recent notification-related River jobs with sanitized notification metadata
@Tags			Notifications
@Produce		json
@Param			queue				query		[]string	false	"Queue filter; repeat or comma-separate values"
@Param			provider			query		string		false	"Provider filter: email or slack"	Enums(email, slack)
@Param			notificationKind	query		string		false	"Notification kind filter"
@Param			state				query		[]string	false	"River state filter; repeat or comma-separate values"	Enums(available, cancelled, completed, discarded, pending, retryable, running, scheduled)
@Param			since				query		string		false	"RFC3339 lower bound for job creation time"				Format(date-time)
@Param			limit				query		int			false	"Page size, default 50, max 200"						minimum(1)	maximum(200)
@Param			cursor				query		string		false	"Opaque pagination cursor"
@Success		200					{object}	notificationtroubleshooting.JobsListResponse
@Failure		400					{object}	api.Error
@Failure		401					{object}	api.Error
@Failure		500					{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications/jobs [get]

func (*NotificationsHandler) Register added in v0.16.0 

func (h *NotificationsHandler) Register(api *echo.Group)

func (*NotificationsHandler) RegisterPublic added in v0.16.0 

func (h *NotificationsHandler) RegisterPublic(api *echo.Group, guard middleware.ResourceGuard)

func (*NotificationsHandler) SendTestNotification added in v0.16.2 

func (h *NotificationsHandler) SendTestNotification(ctx echo.Context) error

SendTestNotification godoc 

@Summary		Enqueue fixed test notification
@Description	Enqueues a fixed server-side test notification to a validated admin-supplied destination
@Tags			Notifications
@Accept			json
@Produce		json
@Param			request	body		handler.testNotificationRequest	true	"Test destination"
@Success		202		{object}	handler.GenericDataResponse[handler.testNotificationResponse]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		500		{object}	api.Error
@Failure		503		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/notifications/test [post]

type PermissionsHandler added in v0.17.0 

type PermissionsHandler struct {
	// contains filtered or unexported fields
}

PermissionsHandler serves GET /me/permissions: the set of (resource, action) pairs the authenticated subject may perform, computed in a single batch PDP call over the manifest vocabulary. The UI uses it to hide actions the user can't take (BCH-1318). It holds facts only — no policy logic — and reuses the PEP's subject derivation.

func NewPermissionsHandler added in v0.17.0 

func NewPermissionsHandler(pdp authz.PDP, manifest *authz.Manifest, failMode authz.FailMode, logger *zap.SugaredLogger) *PermissionsHandler

NewPermissionsHandler constructs the handler. A nil logger becomes a no-op; an empty fail mode defaults to fail-closed.

func (*PermissionsHandler) GetPermissions added in v0.17.0 

func (h *PermissionsHandler) GetPermissions(c echo.Context) error

GetPermissions enumerates every manifest resource × action for the current subject, asks the PDP for all decisions in one batch, and returns the allowed map. Resources are always present (so the UI knows the full vocabulary) with their allowed actions; ordering is deterministic (resources sorted, actions in manifest order).

func (*PermissionsHandler) Register added in v0.17.0 

func (h *PermissionsHandler) Register(g *echo.Group, guard middleware.ResourceGuard)

Register mounts the route on a group that already enforces authentication. Reading one's own permissions is a read of the user resource.

type PoamItemsHandler added in v0.13.0 

type PoamItemsHandler struct {
	// contains filtered or unexported fields
}

PoamItemsHandler handles all HTTP requests for POAM items and their sub-resources. It delegates all persistence to PoamService and never imports gorm directly for data access.

func NewPoamItemsHandler added in v0.13.0 

func NewPoamItemsHandler(svc *poamsvc.PoamService, riskSvc *riskrel.RiskService, sugar *zap.SugaredLogger) *PoamItemsHandler

NewPoamItemsHandler constructs a PoamItemsHandler. 

func (h *PoamItemsHandler) AddControlLink(c echo.Context) error

AddControlLink godoc 

@Summary	Add a control link
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string					true	"POAM item ID"
@Param		body	body		poamControlRefRequest	true	"Control ref payload"
@Success	201		{object}	GenericDataResponse[poamsvc.PoamItemControlLink]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/controls [post]

func (h *PoamItemsHandler) AddEvidenceLink(c echo.Context) error

AddEvidenceLink godoc 

@Summary	Add an evidence link
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string			true	"POAM item ID"
@Param		body	body		addLinkRequest	true	"Evidence ID payload"
@Success	201		{object}	GenericDataResponse[poamsvc.PoamItemEvidenceLink]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/evidence [post]

func (h *PoamItemsHandler) AddFindingLink(c echo.Context) error

AddFindingLink godoc 

@Summary	Add a finding link
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string			true	"POAM item ID"
@Param		body	body		addLinkRequest	true	"Finding ID payload"
@Success	201		{object}	GenericDataResponse[poamsvc.PoamItemFindingLink]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/findings [post]

func (*PoamItemsHandler) AddMilestone added in v0.13.0 

func (h *PoamItemsHandler) AddMilestone(c echo.Context) error

AddMilestone godoc 

@Summary	Add a milestone to a POAM item
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string					true	"POAM item ID"
@Param		body	body		createMilestoneRequest	true	"Milestone payload"
@Success	201		{object}	GenericDataResponse[milestoneResponse]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/milestones [post]

func (h *PoamItemsHandler) AddRiskLink(c echo.Context) error

AddRiskLink godoc 

@Summary	Add a risk link
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string			true	"POAM item ID"
@Param		body	body		addLinkRequest	true	"Risk ID payload"
@Success	201		{object}	GenericDataResponse[poamsvc.PoamItemRiskLink]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/risks [post]

func (*PoamItemsHandler) Create added in v0.13.0 

func (h *PoamItemsHandler) Create(c echo.Context) error

Create godoc 

@Summary	Create a POAM item
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		body	body		createPoamItemRequest	true	"POAM item payload"
@Success	201		{object}	GenericDataResponse[poamItemResponse]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items [post]

func (*PoamItemsHandler) Delete added in v0.13.0 

func (h *PoamItemsHandler) Delete(c echo.Context) error

Delete godoc 

@Summary	Delete a POAM item
@Tags		POAM Items
@Param		id	path	string	true	"POAM item ID"
@Success	204	"No Content"
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id} [delete]

func (h *PoamItemsHandler) DeleteControlLink(c echo.Context) error

DeleteControlLink godoc 

@Summary	Delete a control link
@Tags		POAM Items
@Param		id			path	string	true	"POAM item ID"
@Param		catalogId	path	string	true	"Catalog ID"
@Param		controlId	path	string	true	"Control ID"
@Success	204			"No Content"
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/controls/{catalogId}/{controlId} [delete]

func (h *PoamItemsHandler) DeleteEvidenceLink(c echo.Context) error

DeleteEvidenceLink godoc 

@Summary	Delete an evidence link
@Tags		POAM Items
@Param		id			path	string	true	"POAM item ID"
@Param		evidenceId	path	string	true	"Evidence ID"
@Success	204			"No Content"
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/evidence/{evidenceId} [delete]

func (h *PoamItemsHandler) DeleteFindingLink(c echo.Context) error

DeleteFindingLink godoc 

@Summary	Delete a finding link
@Tags		POAM Items
@Param		id			path	string	true	"POAM item ID"
@Param		findingId	path	string	true	"Finding ID"
@Success	204			"No Content"
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/findings/{findingId} [delete]

func (*PoamItemsHandler) DeleteMilestone added in v0.13.0 

func (h *PoamItemsHandler) DeleteMilestone(c echo.Context) error

DeleteMilestone godoc 

@Summary	Delete a milestone
@Tags		POAM Items
@Param		id			path	string	true	"POAM item ID"
@Param		milestoneId	path	string	true	"Milestone ID"
@Success	204			"No Content"
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/milestones/{milestoneId} [delete]

func (h *PoamItemsHandler) DeleteRiskLink(c echo.Context) error

DeleteRiskLink godoc 

@Summary	Delete a risk link
@Tags		POAM Items
@Param		id		path	string	true	"POAM item ID"
@Param		riskId	path	string	true	"Risk ID"
@Success	204		"No Content"
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/risks/{riskId} [delete]

func (*PoamItemsHandler) Get added in v0.13.0 

func (h *PoamItemsHandler) Get(c echo.Context) error

Get godoc 

@Summary	Get a POAM item
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataResponse[poamItemResponse]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id} [get]

func (*PoamItemsHandler) List added in v0.13.0 

func (h *PoamItemsHandler) List(c echo.Context) error

List godoc 

@Summary	List POAM items
@Tags		POAM Items
@Produce	json
@Param		status			query		string	false	"Filter by status (open|in-progress|completed|overdue)"
@Param		sspId			query		string	false	"Filter by SSP UUID"
@Param		riskId			query		string	false	"Filter by linked risk UUID"
@Param		deadlineBefore	query		string	false	"Filter by planned_completion_date before (RFC3339)"
@Param		overdueOnly		query		bool	false	"Return only overdue items"
@Param		ownerRef		query		string	false	"Filter by primary_owner_user_id UUID"
@Success	200				{object}	GenericDataListResponse[poamItemResponse]
@Failure	400				{object}	api.Error
@Failure	500				{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items [get]

func (*PoamItemsHandler) ListControls added in v0.13.0 

func (h *PoamItemsHandler) ListControls(c echo.Context) error

ListControls godoc 

@Summary	List linked controls
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[poamsvc.PoamItemControlLink]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/controls [get]

func (*PoamItemsHandler) ListEvidence added in v0.13.0 

func (h *PoamItemsHandler) ListEvidence(c echo.Context) error

ListEvidence godoc 

@Summary	List linked evidence
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[poamsvc.PoamItemEvidenceLink]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/evidence [get]

func (*PoamItemsHandler) ListFindings added in v0.13.0 

func (h *PoamItemsHandler) ListFindings(c echo.Context) error

ListFindings godoc 

@Summary	List linked findings
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[poamsvc.PoamItemFindingLink]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/findings [get]

func (*PoamItemsHandler) ListMilestones added in v0.13.0 

func (h *PoamItemsHandler) ListMilestones(c echo.Context) error

ListMilestones godoc 

@Summary	List milestones for a POAM item
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[milestoneResponse]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/milestones [get]

func (*PoamItemsHandler) ListRisks added in v0.13.0 

func (h *PoamItemsHandler) ListRisks(c echo.Context) error

ListRisks godoc 

@Summary	List linked risks
@Tags		POAM Items
@Produce	json
@Param		id	path		string	true	"POAM item ID"
@Success	200	{object}	GenericDataListResponse[poamsvc.PoamItemRiskLink]
@Failure	400	{object}	api.Error
@Failure	404	{object}	api.Error
@Failure	500	{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/risks [get]

func (*PoamItemsHandler) Register added in v0.13.0 

func (h *PoamItemsHandler) Register(g *echo.Group, guard middleware.ResourceGuard)

Register mounts all POAM routes onto the given Echo group. JWT middleware is applied at the group level in api.go.

func (*PoamItemsHandler) RegisterSSPScoped added in v0.13.0 

func (h *PoamItemsHandler) RegisterSSPScoped(g *echo.Group, guard middleware.ResourceGuard)

RegisterSSPScoped mounts all POAM routes under an SSP-scoped group (e.g. /system-security-plans/:sspId/poam-items). The :sspId path param is extracted and injected into list/create filters automatically.

func (*PoamItemsHandler) Update added in v0.13.0 

func (h *PoamItemsHandler) Update(c echo.Context) error

Update godoc 

@Summary	Update a POAM item
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id		path		string					true	"POAM item ID"
@Param		body	body		updatePoamItemRequest	true	"Update payload"
@Success	200		{object}	GenericDataResponse[poamItemResponse]
@Failure	400		{object}	api.Error
@Failure	404		{object}	api.Error
@Failure	500		{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id} [put]

func (*PoamItemsHandler) UpdateMilestone added in v0.13.0 

func (h *PoamItemsHandler) UpdateMilestone(c echo.Context) error

UpdateMilestone godoc 

@Summary	Update a milestone
@Tags		POAM Items
@Accept		json
@Produce	json
@Param		id			path		string					true	"POAM item ID"
@Param		milestoneId	path		string					true	"Milestone ID"
@Param		body		body		updateMilestoneRequest	true	"Milestone update payload"
@Success	200			{object}	GenericDataResponse[milestoneResponse]
@Failure	400			{object}	api.Error
@Failure	404			{object}	api.Error
@Failure	500			{object}	api.Error
@Security	OAuth2Password
@Router		/poam-items/{id}/milestones/{milestoneId} [put]

type PublicEvidenceResponse added in v0.15.0 

type PublicEvidenceResponse struct {
	EvidenceFields
}

type RiskHandler added in v0.13.0 

type RiskHandler struct {
	// contains filtered or unexported fields
}

func NewRiskHandler added in v0.13.0 

func NewRiskHandler(sugar *zap.SugaredLogger, db *gorm.DB, poamSvc *poamsvc.PoamService, riskSvc *riskrel.RiskService) *RiskHandler

func (*RiskHandler) Accept added in v0.13.0 

func (h *RiskHandler) Accept(ctx echo.Context) error

Accept godoc 

@Summary		Accept risk
@Description	Accepts a risk with required justification and a future review deadline.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string				true	"Risk ID"
@Param			body	body		acceptRiskRequest	true	"Accept payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/accept [post]

func (*RiskHandler) AcceptForSSP added in v0.13.0 

func (h *RiskHandler) AcceptForSSP(ctx echo.Context) error

AcceptForSSP godoc 

@Summary		Accept risk for SSP
@Description	Accepts a risk by ID scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string				true	"SSP ID"
@Param			id		path		string				true	"Risk ID"
@Param			body	body		acceptRiskRequest	true	"Accept payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/accept [post]

func (h *RiskHandler) AddComponentLink(ctx echo.Context) error

AddComponentLink godoc 

@Summary		Link component to risk
@Description	Idempotently links a component to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addComponentLinkRequest	true	"Component link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskComponentLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/components [post]

func (*RiskHandler) AddComponentLinkForSSP added in v0.13.0 

func (h *RiskHandler) AddComponentLinkForSSP(ctx echo.Context) error

AddComponentLinkForSSP godoc 

@Summary		Link component to risk for SSP
@Description	Idempotently links a component to a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string					true	"SSP ID"
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addComponentLinkRequest	true	"Component link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskComponentLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/components [post]

func (h *RiskHandler) AddControlLink(ctx echo.Context) error

AddControlLink godoc 

@Summary		Link control to risk
@Description	Idempotently links a control to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addControlLinkRequest	true	"Control link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskControlLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/controls [post]

func (*RiskHandler) AddControlLinkForSSP added in v0.13.0 

func (h *RiskHandler) AddControlLinkForSSP(ctx echo.Context) error

AddControlLinkForSSP godoc 

@Summary		Link control to risk for SSP
@Description	Idempotently links a control to a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string					true	"SSP ID"
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addControlLinkRequest	true	"Control link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskControlLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/controls [post]

func (h *RiskHandler) AddEvidenceLink(ctx echo.Context) error

AddEvidenceLink godoc 

@Summary		Link evidence to risk
@Description	Idempotently links an evidence item to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addEvidenceLinkRequest	true	"Evidence link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskEvidenceLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/evidence [post]

func (*RiskHandler) AddEvidenceLinkForSSP added in v0.13.0 

func (h *RiskHandler) AddEvidenceLinkForSSP(ctx echo.Context) error

AddEvidenceLinkForSSP godoc 

@Summary		Link evidence to risk for SSP
@Description	Idempotently links an evidence item to a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string					true	"SSP ID"
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addEvidenceLinkRequest	true	"Evidence link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskEvidenceLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/evidence [post]

func (h *RiskHandler) AddSubjectLink(ctx echo.Context) error

AddSubjectLink godoc 

@Summary		Link subject to risk
@Description	Idempotently links a subject to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			link	body		addSubjectLinkRequest	true	"Subject link payload"
@Success		201		{object}	GenericDataResponse[risks.RiskSubjectLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/subjects [post]

func (*RiskHandler) AddThreatRef added in v0.13.0 

func (h *RiskHandler) AddThreatRef(ctx echo.Context) error

AddThreatRef godoc 

@Summary		Add risk threat reference
@Description	Adds a threat reference to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string			true	"Risk ID"
@Param			threat	body		threatIDRequest	true	"Threat reference payload"
@Success		201		{object}	GenericDataResponse[threatIDResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/threat-ids [post]

func (*RiskHandler) AddThreatRefForSSP added in v0.13.0 

func (h *RiskHandler) AddThreatRefForSSP(ctx echo.Context) error

AddThreatRefForSSP godoc 

@Summary		Add risk threat reference for SSP
@Description	Adds a threat reference to a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string			true	"SSP ID"
@Param			id		path		string			true	"Risk ID"
@Param			threat	body		threatIDRequest	true	"Threat reference payload"
@Success		201		{object}	GenericDataResponse[threatIDResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/threat-ids [post]

func (*RiskHandler) Create added in v0.13.0 

func (h *RiskHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create risk
@Description	Creates a risk register entry.
@Tags			Risks
@Accept			json
@Produce		json
@Param			risk	body		createRiskRequest	true	"Risk payload"
@Success		201		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks [post]

func (*RiskHandler) CreateForSSP added in v0.13.0 

func (h *RiskHandler) CreateForSSP(ctx echo.Context) error

CreateForSSP godoc 

@Summary		Create risk for SSP
@Description	Creates a risk register entry scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string				true	"SSP ID"
@Param			risk	body		createRiskRequest	true	"Risk payload"
@Success		201		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks [post]

func (*RiskHandler) CreateRemediationTemplate added in v0.13.0 

func (h *RiskHandler) CreateRemediationTemplate(ctx echo.Context) error

CreateRemediationTemplate godoc 

@Summary		Create risk remediation template
@Description	Creates a remediation template for a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id			path		string						true	"Risk ID"
@Param			template	body		remediationTemplateRequest	true	"Remediation template payload"
@Success		201			{object}	GenericDataResponse[remediationTemplateResponse]
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		409			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/remediation-template [post]

func (*RiskHandler) CreateRemediationTemplateForSSP added in v0.13.0 

func (h *RiskHandler) CreateRemediationTemplateForSSP(ctx echo.Context) error

CreateRemediationTemplateForSSP godoc 

@Summary		Create risk remediation template for SSP
@Description	Creates a remediation template for a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId		path		string						true	"SSP ID"
@Param			id			path		string						true	"Risk ID"
@Param			template	body		remediationTemplateRequest	true	"Remediation template payload"
@Success		201			{object}	GenericDataResponse[remediationTemplateResponse]
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		409			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/remediation-template [post]

func (*RiskHandler) Delete added in v0.13.0 

func (h *RiskHandler) Delete(ctx echo.Context) error

Delete godoc 

@Summary		Delete risk
@Description	Deletes a risk register entry and link rows by ID.
@Tags			Risks
@Param			id	path	string	true	"Risk ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id} [delete]

func (h *RiskHandler) DeleteComponentLink(ctx echo.Context) error

DeleteComponentLink godoc 

@Summary		Delete risk component link
@Description	Deletes the link between a risk and component.
@Tags			Risks
@Param			id			path	string	true	"Risk ID"
@Param			componentId	path	string	true	"Component ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/components/{componentId} [delete]

func (*RiskHandler) DeleteComponentLinkForSSP added in v0.13.0 

func (h *RiskHandler) DeleteComponentLinkForSSP(ctx echo.Context) error

DeleteComponentLinkForSSP godoc 

@Summary		Delete risk component link for SSP
@Description	Deletes the link between a risk and component scoped to an SSP.
@Tags			Risks
@Param			sspId		path	string	true	"SSP ID"
@Param			id			path	string	true	"Risk ID"
@Param			componentId	path	string	true	"Component ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/components/{componentId} [delete]

func (h *RiskHandler) DeleteControlLink(ctx echo.Context) error

DeleteControlLink godoc 

@Summary		Delete risk control link
@Description	Deletes the link between a risk and control.
@Tags			Risks
@Param			id			path	string	true	"Risk ID"
@Param			catalogId	path	string	true	"Catalog ID"
@Param			controlId	path	string	true	"Control ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/controls/{catalogId}/{controlId} [delete]

func (*RiskHandler) DeleteControlLinkForSSP added in v0.13.0 

func (h *RiskHandler) DeleteControlLinkForSSP(ctx echo.Context) error

DeleteControlLinkForSSP godoc 

@Summary		Delete risk control link for SSP
@Description	Deletes the link between a risk and control scoped to an SSP.
@Tags			Risks
@Param			sspId		path	string	true	"SSP ID"
@Param			id			path	string	true	"Risk ID"
@Param			catalogId	path	string	true	"Catalog ID"
@Param			controlId	path	string	true	"Control ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/controls/{catalogId}/{controlId} [delete]

func (h *RiskHandler) DeleteEvidenceLink(ctx echo.Context) error

DeleteEvidenceLink godoc 

@Summary		Delete risk evidence link
@Description	Deletes the link between a risk and evidence item.
@Tags			Risks
@Param			id			path	string	true	"Risk ID"
@Param			evidenceId	path	string	true	"Evidence ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/evidence/{evidenceId} [delete]

func (*RiskHandler) DeleteEvidenceLinkForSSP added in v0.13.0 

func (h *RiskHandler) DeleteEvidenceLinkForSSP(ctx echo.Context) error

DeleteEvidenceLinkForSSP godoc 

@Summary		Delete risk evidence link for SSP
@Description	Deletes the link between a risk and evidence item scoped to an SSP.
@Tags			Risks
@Param			sspId		path	string	true	"SSP ID"
@Param			id			path	string	true	"Risk ID"
@Param			evidenceId	path	string	true	"Evidence ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/evidence/{evidenceId} [delete]

func (*RiskHandler) DeleteForSSP added in v0.13.0 

func (h *RiskHandler) DeleteForSSP(ctx echo.Context) error

DeleteForSSP godoc 

@Summary		Delete risk for SSP
@Description	Deletes a risk register entry by ID scoped to an SSP.
@Tags			Risks
@Param			sspId	path	string	true	"SSP ID"
@Param			id		path	string	true	"Risk ID"
@Success		204		"No Content"
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id} [delete]

func (*RiskHandler) DeleteRemediationTemplate added in v0.13.0 

func (h *RiskHandler) DeleteRemediationTemplate(ctx echo.Context) error

DeleteRemediationTemplate godoc 

@Summary		Delete risk remediation template
@Description	Deletes the remediation template linked to a risk.
@Tags			Risks
@Produce		json
@Param			id	path	string	true	"Risk ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/remediation-template [delete]

func (*RiskHandler) DeleteRemediationTemplateForSSP added in v0.13.0 

func (h *RiskHandler) DeleteRemediationTemplateForSSP(ctx echo.Context) error

DeleteRemediationTemplateForSSP godoc 

@Summary		Delete risk remediation template for SSP
@Description	Deletes the remediation template linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path	string	true	"SSP ID"
@Param			id		path	string	true	"Risk ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/remediation-template [delete]

func (*RiskHandler) DeleteThreatRef added in v0.13.0 

func (h *RiskHandler) DeleteThreatRef(ctx echo.Context) error

DeleteThreatRef godoc 

@Summary		Delete risk threat reference
@Description	Deletes a threat reference linked to a risk.
@Tags			Risks
@Produce		json
@Param			id			path	string	true	"Risk ID"
@Param			threatRefId	path	string	true	"Threat reference ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/threat-ids/{threatRefId} [delete]

func (*RiskHandler) DeleteThreatRefForSSP added in v0.13.0 

func (h *RiskHandler) DeleteThreatRefForSSP(ctx echo.Context) error

DeleteThreatRefForSSP godoc 

@Summary		Delete risk threat reference for SSP
@Description	Deletes a threat reference linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId		path	string	true	"SSP ID"
@Param			id			path	string	true	"Risk ID"
@Param			threatRefId	path	string	true	"Threat reference ID"
@Success		204
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/threat-ids/{threatRefId} [delete]

func (*RiskHandler) Get added in v0.13.0 

func (h *RiskHandler) Get(ctx echo.Context) error

Get godoc 

@Summary		Get risk
@Description	Retrieves a risk register entry by ID.
@Tags			Risks
@Produce		json
@Param			id	path		string	true	"Risk ID"
@Success		200	{object}	GenericDataResponse[riskResponse]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id} [get]

func (h *RiskHandler) GetComponentLinks(ctx echo.Context) error

GetComponentLinks godoc 

@Summary		List risk component links
@Description	Lists components linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskComponentLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/components [get]

func (*RiskHandler) GetComponentLinksForSSP added in v0.13.0 

func (h *RiskHandler) GetComponentLinksForSSP(ctx echo.Context) error

GetComponentLinksForSSP godoc 

@Summary		List risk component links for SSP
@Description	Lists components linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskComponentLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/components [get]

func (h *RiskHandler) GetControlLinks(ctx echo.Context) error

GetControlLinks godoc 

@Summary		List risk control links
@Description	Lists controls linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskControlLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/controls [get]

func (*RiskHandler) GetControlLinksForSSP added in v0.13.0 

func (h *RiskHandler) GetControlLinksForSSP(ctx echo.Context) error

GetControlLinksForSSP godoc 

@Summary		List risk control links for SSP
@Description	Lists controls linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskControlLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/controls [get]

func (*RiskHandler) GetEvents added in v0.13.0 

func (h *RiskHandler) GetEvents(ctx echo.Context) error

GetEvents godoc 

@Summary		List risk events
@Description	Lists events for a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskEvent]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/events [get]

func (*RiskHandler) GetEventsForSSP added in v0.13.0 

func (h *RiskHandler) GetEventsForSSP(ctx echo.Context) error

GetEventsForSSP godoc 

@Summary		List risk events for SSP
@Description	Lists events for a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskEvent]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/events [get]

func (h *RiskHandler) GetEvidenceLinks(ctx echo.Context) error

GetEvidenceLinks godoc 

@Summary		List risk evidence links
@Description	Lists evidence IDs linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[uuid.UUID]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/evidence [get]

func (*RiskHandler) GetEvidenceLinksForSSP added in v0.13.0 

func (h *RiskHandler) GetEvidenceLinksForSSP(ctx echo.Context) error

GetEvidenceLinksForSSP godoc 

@Summary		List risk evidence links for SSP
@Description	Lists evidence IDs linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[uuid.UUID]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/evidence [get]

func (*RiskHandler) GetForSSP added in v0.13.0 

func (h *RiskHandler) GetForSSP(ctx echo.Context) error

GetForSSP godoc 

@Summary		Get risk for SSP
@Description	Retrieves a risk register entry by ID scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id} [get]

func (*RiskHandler) GetRemediationTemplate added in v0.13.0 

func (h *RiskHandler) GetRemediationTemplate(ctx echo.Context) error

GetRemediationTemplate godoc 

@Summary		Get risk remediation template
@Description	Gets the remediation template linked to a risk.
@Tags			Risks
@Produce		json
@Param			id	path		string	true	"Risk ID"
@Success		200	{object}	GenericDataResponse[remediationTemplateResponse]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/remediation-template [get]

func (*RiskHandler) GetRemediationTemplateForSSP added in v0.13.0 

func (h *RiskHandler) GetRemediationTemplateForSSP(ctx echo.Context) error

GetRemediationTemplateForSSP godoc 

@Summary		Get risk remediation template for SSP
@Description	Gets the remediation template linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Success		200		{object}	GenericDataResponse[remediationTemplateResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/remediation-template [get]

func (*RiskHandler) GetReviews added in v0.13.0 

func (h *RiskHandler) GetReviews(ctx echo.Context) error

GetReviews godoc 

@Summary		List risk audit trail
@Description	Lists risk reviews (audit trail) for a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskReview]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/reviews [get]

func (*RiskHandler) GetReviewsForSSP added in v0.13.0 

func (h *RiskHandler) GetReviewsForSSP(ctx echo.Context) error

GetReviewsForSSP godoc 

@Summary		List risk audit trail for SSP
@Description	Lists risk reviews (audit trail) for a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskReview]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/reviews [get]

func (*RiskHandler) GetScoreHistory added in v0.15.0 

func (h *RiskHandler) GetScoreHistory(ctx echo.Context) error

GetScoreHistory godoc 

@Summary		List risk score history
@Description	Lists score snapshots for a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[riskScoreResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/score-history [get]

func (*RiskHandler) GetScoreHistoryForSSP added in v0.15.0 

func (h *RiskHandler) GetScoreHistoryForSSP(ctx echo.Context) error

GetScoreHistoryForSSP godoc 

@Summary		List risk score history for SSP
@Description	Lists score snapshots for a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[riskScoreResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/score-history [get]

func (*RiskHandler) GetScoreTimeseries added in v0.15.0 

func (h *RiskHandler) GetScoreTimeseries(ctx echo.Context) error

GetScoreTimeseries godoc 

@Summary		Get risk score timeseries
@Description	Returns aggregate open baseline and residual score time series.
@Tags			Risks
@Produce		json
@Param			sspId	query		string	false	"SSP ID"
@Param			from	query		string	false	"Start timestamp (RFC3339)"
@Param			to		query		string	false	"End timestamp (RFC3339)"
@Param			bucket	query		string	false	"Bucket size; only day is supported"
@Success		200		{object}	GenericDataListResponse[riskScoreTimeseriesResponse]
@Failure		400		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/score-timeseries [get]

func (*RiskHandler) GetScoreTimeseriesForSSP added in v0.15.0 

func (h *RiskHandler) GetScoreTimeseriesForSSP(ctx echo.Context) error

GetScoreTimeseriesForSSP godoc 

@Summary		Get risk score timeseries for SSP
@Description	Returns aggregate open baseline and residual score time series for an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			from	query		string	false	"Start timestamp (RFC3339)"
@Param			to		query		string	false	"End timestamp (RFC3339)"
@Param			bucket	query		string	false	"Bucket size; only day is supported"
@Success		200		{object}	GenericDataListResponse[riskScoreTimeseriesResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/score-timeseries [get]

func (h *RiskHandler) GetSubjectLinks(ctx echo.Context) error

GetSubjectLinks godoc 

@Summary		List risk subject links
@Description	Lists subjects linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[risks.RiskSubjectLink]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/subjects [get]

func (*RiskHandler) GetThreatRef added in v0.13.0 

func (h *RiskHandler) GetThreatRef(ctx echo.Context) error

GetThreatRef godoc 

@Summary		Get risk threat reference
@Description	Gets a threat reference linked to a risk.
@Tags			Risks
@Produce		json
@Param			id			path		string	true	"Risk ID"
@Param			threatRefId	path		string	true	"Threat reference ID"
@Success		200			{object}	GenericDataResponse[threatIDResponse]
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/threat-ids/{threatRefId} [get]

func (*RiskHandler) GetThreatRefForSSP added in v0.13.0 

func (h *RiskHandler) GetThreatRefForSSP(ctx echo.Context) error

GetThreatRefForSSP godoc 

@Summary		Get risk threat reference for SSP
@Description	Gets a threat reference linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId		path		string	true	"SSP ID"
@Param			id			path		string	true	"Risk ID"
@Param			threatRefId	path		string	true	"Threat reference ID"
@Success		200			{object}	GenericDataResponse[threatIDResponse]
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/threat-ids/{threatRefId} [get]

func (*RiskHandler) List added in v0.13.0 

func (h *RiskHandler) List(ctx echo.Context) error

List godoc 

@Summary		List risks
@Description	Lists risk register entries with filtering, sorting, and pagination.
@Tags			Risks
@Produce		json
@Param			status					query		string	false	"Risk status"
@Param			likelihood				query		string	false	"Risk likelihood"
@Param			impact					query		string	false	"Risk impact"
@Param			sspId					query		string	false	"SSP ID"
@Param			controlId				query		string	false	"Control ID"
@Param			componentId				query		string	false	"Component ID"
@Param			evidenceId				query		string	false	"Evidence ID"
@Param			ownerKind				query		string	false	"Owner kind"
@Param			ownerRef				query		string	false	"Owner reference"
@Param			reviewDeadlineBefore	query		string	false	"Review deadline upper bound (RFC3339)"
@Param			page					query		int		false	"Page number"
@Param			limit					query		int		false	"Page size"
@Param			sort					query		string	false	"Sort field"
@Param			order					query		string	false	"Sort order (asc|desc)"
@Success		200						{object}	svc.ListResponse[riskResponse]
@Failure		400						{object}	api.Error
@Failure		500						{object}	api.Error
@Security		OAuth2Password
@Router			/risks [get]

func (*RiskHandler) ListForSSP added in v0.13.0 

func (h *RiskHandler) ListForSSP(ctx echo.Context) error

ListForSSP godoc 

@Summary		List risks for SSP
@Description	Lists risk register entries scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId					path		string	true	"SSP ID"
@Param			status					query		string	false	"Risk status"
@Param			likelihood				query		string	false	"Risk likelihood"
@Param			impact					query		string	false	"Risk impact"
@Param			controlId				query		string	false	"Control ID"
@Param			componentId				query		string	false	"Component ID"
@Param			evidenceId				query		string	false	"Evidence ID"
@Param			ownerKind				query		string	false	"Owner kind"
@Param			ownerRef				query		string	false	"Owner reference"
@Param			reviewDeadlineBefore	query		string	false	"Review deadline upper bound (RFC3339)"
@Param			page					query		int		false	"Page number"
@Param			limit					query		int		false	"Page size"
@Param			sort					query		string	false	"Sort field"
@Param			order					query		string	false	"Sort order (asc|desc)"
@Success		200						{object}	svc.ListResponse[riskResponse]
@Failure		400						{object}	api.Error
@Failure		404						{object}	api.Error
@Failure		500						{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks [get]

func (*RiskHandler) ListThreatRefs added in v0.13.0 

func (h *RiskHandler) ListThreatRefs(ctx echo.Context) error

ListThreatRefs godoc 

@Summary		List risk threat references
@Description	Lists threat references linked to a risk.
@Tags			Risks
@Produce		json
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[threatIDResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/threat-ids [get]

func (*RiskHandler) ListThreatRefsForSSP added in v0.13.0 

func (h *RiskHandler) ListThreatRefsForSSP(ctx echo.Context) error

ListThreatRefsForSSP godoc 

@Summary		List risk threat references for SSP
@Description	Lists threat references linked to a risk scoped to an SSP.
@Tags			Risks
@Produce		json
@Param			sspId	path		string	true	"SSP ID"
@Param			id		path		string	true	"Risk ID"
@Param			page	query		int		false	"Page number"
@Param			limit	query		int		false	"Page size"
@Success		200		{object}	svc.ListResponse[threatIDResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/threat-ids [get]

func (*RiskHandler) PromoteToPoam added in v0.15.0 

func (h *RiskHandler) PromoteToPoam(ctx echo.Context) error

PromoteToPoam godoc 

@Summary		Promote risk to POAM item
@Description	Promotes an investigating risk to a POAM item and transitions the risk to mitigating-planned. The risk must be in investigating status (risk-accepted risks cannot be promoted — they have been formally accepted as tolerable). The POAM item is pre-populated from the risk's data and any RemediationTemplate tasks. The entire operation is transactional.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string					true	"Risk ID"
@Param			body	body		promoteToPoamRequest	false	"Promotion payload"
@Success		201		{object}	GenericDataResponse[poamItemResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		422		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/promote-to-poam [post]

func (*RiskHandler) PromoteToPoamForSSP added in v0.15.0 

func (h *RiskHandler) PromoteToPoamForSSP(ctx echo.Context) error

PromoteToPoamForSSP godoc 

@Summary		Promote risk to POAM item (SSP-scoped)
@Description	Promotes an investigating risk to a POAM item, scoped to a specific SSP. The risk must belong to the given SSP and be in investigating status. On success, the risk transitions to mitigating-planned.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string					true	"SSP ID"
@Param			id		path		string					true	"Risk ID"
@Param			body	body		promoteToPoamRequest	false	"Promotion payload"
@Success		201		{object}	GenericDataResponse[poamItemResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		422		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/promote-to-poam [post]

func (*RiskHandler) Register added in v0.13.0 

func (h *RiskHandler) Register(api *echo.Group, guard middleware.ResourceGuard)

Register mounts the flat /risks routes. guard enforces the risk resource: top-level create/delete map to risk create/delete; mutating a risk's sub-parts (links, threat-ids, remediation template, accept/review) is an update of the risk aggregate; promote-to-poam is the dedicated promote action.

func (*RiskHandler) RegisterSSPScoped added in v0.13.0 

func (h *RiskHandler) RegisterSSPScoped(api *echo.Group, guard middleware.ResourceGuard)

RegisterSSPScoped mounts the SSP-scoped /system-security-plans/:sspId/risks routes; the same risk action mapping as Register applies.

func (*RiskHandler) Review added in v0.13.0 

func (h *RiskHandler) Review(ctx echo.Context) error

Review godoc 

@Summary		Review risk
@Description	Records a structured review. For decision=extend, nextReviewDeadline is required and risk must be risk-accepted. For decision=reopen, nextReviewDeadline must be omitted and risk must be risk-accepted. For decision=reassess, likelihood and impact are required, nextReviewDeadline must be omitted, and risk must be open/investigating/mitigating-implemented. For decision=implement, nextReviewDeadline must be omitted and risk must be mitigating-planned.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string				true	"Risk ID"
@Param			body	body		reviewRiskRequest	true	"Review payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/review [post]

func (*RiskHandler) ReviewForSSP added in v0.13.0 

func (h *RiskHandler) ReviewForSSP(ctx echo.Context) error

ReviewForSSP godoc 

@Summary		Review risk for SSP
@Description	Records a risk review by ID scoped to an SSP. For decision=extend, nextReviewDeadline is required and risk must be risk-accepted. For decision=reopen, nextReviewDeadline must be omitted and risk must be risk-accepted. For decision=reassess, likelihood and impact are required, nextReviewDeadline must be omitted, and risk must be open/investigating/mitigating-implemented.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string				true	"SSP ID"
@Param			id		path		string				true	"Risk ID"
@Param			body	body		reviewRiskRequest	true	"Review payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/review [post]

func (*RiskHandler) Update added in v0.13.0 

func (h *RiskHandler) Update(ctx echo.Context) error

Update godoc 

@Summary		Update risk
@Description	Updates a risk register entry by ID.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id		path		string				true	"Risk ID"
@Param			risk	body		updateRiskRequest	true	"Risk payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id} [put]

func (*RiskHandler) UpdateForSSP added in v0.13.0 

func (h *RiskHandler) UpdateForSSP(ctx echo.Context) error

UpdateForSSP godoc 

@Summary		Update risk for SSP
@Description	Updates a risk register entry by ID scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId	path		string				true	"SSP ID"
@Param			id		path		string				true	"Risk ID"
@Param			risk	body		updateRiskRequest	true	"Risk payload"
@Success		200		{object}	GenericDataResponse[riskResponse]
@Failure		400		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id} [put]

func (*RiskHandler) UpdateThreatRef added in v0.13.0 

func (h *RiskHandler) UpdateThreatRef(ctx echo.Context) error

UpdateThreatRef godoc 

@Summary		Update risk threat reference
@Description	Updates a threat reference linked to a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id			path		string			true	"Risk ID"
@Param			threatRefId	path		string			true	"Threat reference ID"
@Param			threat		body		threatIDRequest	true	"Threat reference payload"
@Success		200			{object}	GenericDataResponse[threatIDResponse]
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/threat-ids/{threatRefId} [put]

func (*RiskHandler) UpdateThreatRefForSSP added in v0.13.0 

func (h *RiskHandler) UpdateThreatRefForSSP(ctx echo.Context) error

UpdateThreatRefForSSP godoc 

@Summary		Update risk threat reference for SSP
@Description	Updates a threat reference linked to a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId		path		string			true	"SSP ID"
@Param			id			path		string			true	"Risk ID"
@Param			threatRefId	path		string			true	"Threat reference ID"
@Param			threat		body		threatIDRequest	true	"Threat reference payload"
@Success		200			{object}	GenericDataResponse[threatIDResponse]
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/threat-ids/{threatRefId} [put]

func (*RiskHandler) UpsertRemediationTemplate added in v0.13.0 

func (h *RiskHandler) UpsertRemediationTemplate(ctx echo.Context) error

UpsertRemediationTemplate godoc 

@Summary		Upsert risk remediation template
@Description	Replaces or creates the remediation template for a risk.
@Tags			Risks
@Accept			json
@Produce		json
@Param			id			path		string						true	"Risk ID"
@Param			template	body		remediationTemplateRequest	true	"Remediation template payload"
@Success		200			{object}	GenericDataResponse[remediationTemplateResponse]
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/risks/{id}/remediation-template [put]

func (*RiskHandler) UpsertRemediationTemplateForSSP added in v0.13.0 

func (h *RiskHandler) UpsertRemediationTemplateForSSP(ctx echo.Context) error

UpsertRemediationTemplateForSSP godoc 

@Summary		Upsert risk remediation template for SSP
@Description	Replaces or creates the remediation template for a risk scoped to an SSP.
@Tags			Risks
@Accept			json
@Produce		json
@Param			sspId		path		string						true	"SSP ID"
@Param			id			path		string						true	"Risk ID"
@Param			template	body		remediationTemplateRequest	true	"Remediation template payload"
@Success		200			{object}	GenericDataResponse[remediationTemplateResponse]
@Failure		400			{object}	api.Error
@Failure		404			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/oscal/system-security-plans/{sspId}/risks/{id}/remediation-template [put]

type RoleAssignmentsHandler added in v0.17.0 

type RoleAssignmentsHandler struct {
	// contains filtered or unexported fields
}

RoleAssignmentsHandler serves the admin API for system-level role assignments (BCH-1333): granting manifest roles to users and groups, and reading a subject's effective roles. The persisted ccf_role_assignments table it manages is the PDP's source of truth for roles (the cedar engine reads it via authz.NewDBRoleResolver), so a grant created here takes effect for authorization within the resolver's short cache TTL. It is distinct from the workflow role-assignment handler, which manages workflow-instance-scoped step personas.

func NewRoleAssignmentsHandler added in v0.17.0 

func NewRoleAssignmentsHandler(sugar *zap.SugaredLogger, db *gorm.DB) *RoleAssignmentsHandler

func (*RoleAssignmentsHandler) Create added in v0.17.0 

func (h *RoleAssignmentsHandler) Create(ctx echo.Context) error

Create godoc 

@Summary		Create a role assignment
@Description	Grants a manifest role to a user (by email) or group (by name), system-wide. The grant is source=manual and becomes the PDP's source of truth for that subject's role. The assignee is not required to exist: a user may be granted ahead of signup, and a group grant is matched by name and stays inert until a group with that name exists (a rename orphans it) — consistent with the prior file-based model.
@Tags			RoleAssignments
@Accept			json
@Produce		json
@Param			assignment	body		handler.createRoleAssignmentRequest	true	"Role assignment"
@Success		201			{object}	handler.GenericDataResponse[relational.CCFRoleAssignment]
@Failure		400			{object}	api.Error
@Failure		409			{object}	api.Error
@Failure		500			{object}	api.Error
@Security		OAuth2Password
@Router			/admin/role-assignments [post]

func (*RoleAssignmentsHandler) Delete added in v0.17.0 

func (h *RoleAssignmentsHandler) Delete(ctx echo.Context) error

Delete godoc 

@Summary		Delete a role assignment
@Description	Deletes a manual role assignment. Config-sourced grants (managed by the boot reconcile) cannot be deleted and return 409.
@Tags			RoleAssignments
@Param			id	path		string	true	"Role assignment ID"
@Success		204	{object}	nil
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		409	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/role-assignments/{id} [delete]

func (*RoleAssignmentsHandler) GroupRoles added in v0.17.0 

func (h *RoleAssignmentsHandler) GroupRoles(ctx echo.Context) error

GroupRoles godoc 

@Summary		Get a group's roles
@Description	Returns the roles assigned directly to a native CCF group.
@Tags			RoleAssignments
@Produce		json
@Param			id	path		string	true	"Group ID"
@Success		200	{object}	handler.GenericDataListResponse[relational.CCFRoleAssignment]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/groups/{id}/roles [get]

func (*RoleAssignmentsHandler) List added in v0.17.0 

func (h *RoleAssignmentsHandler) List(ctx echo.Context) error

List godoc 

@Summary		List role assignments
@Description	Lists system-level role assignments, optionally filtered by assignee (type and/or id) or role.
@Tags			RoleAssignments
@Produce		json
@Param			assigneeType	query		string	false	"Filter by assignee type (user|group)"
@Param			assigneeId		query		string	false	"Filter by assignee id (email or group name)"
@Param			roleName		query		string	false	"Filter by role name"
@Success		200				{object}	handler.GenericDataListResponse[relational.CCFRoleAssignment]
@Failure		500				{object}	api.Error
@Security		OAuth2Password
@Router			/admin/role-assignments [get]

func (*RoleAssignmentsHandler) Register added in v0.17.0 

func (h *RoleAssignmentsHandler) Register(api *echo.Group, guard middleware.ResourceGuard)

Register mounts the role-assignment CRUD under /admin/role-assignments, gated on the role-assignment resource (as the workflow handler is) rather than the admin umbrella.

func (*RoleAssignmentsHandler) RegisterGroupRoles added in v0.17.0 

func (h *RoleAssignmentsHandler) RegisterGroupRoles(api *echo.Group, guard middleware.ResourceGuard)

RegisterGroupRoles mounts GET /admin/groups/:id/roles.

func (*RoleAssignmentsHandler) RegisterUserRoles added in v0.17.0 

func (h *RoleAssignmentsHandler) RegisterUserRoles(api *echo.Group, guard middleware.ResourceGuard)

RegisterUserRoles mounts GET /admin/users/:id/roles. It lives in this handler (not the user handler) so all role-assignment reads share one guard and one resolution path.

func (*RoleAssignmentsHandler) UserRoles added in v0.17.0 

func (h *RoleAssignmentsHandler) UserRoles(ctx echo.Context) error

UserRoles godoc 

@Summary		Get a user's effective roles
@Description	Returns a user's effective roles: direct grants plus roles inherited from the user's native groups (each inherited entry names the granting group). Matches what the PDP enforces.
@Tags			RoleAssignments
@Produce		json
@Param			id	path		string	true	"User ID"
@Success		200	{object}	handler.GenericDataListResponse[handler.effectiveRole]
@Failure		400	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users/{id}/roles [get]

type StatusInterval 

type StatusInterval struct {
	Interval time.Time                 `json:"interval"`
	Statuses []evidencesvc.StatusCount `json:"statuses"`
}

type SubscriptionsResponse added in v0.12.0 

type SubscriptionsResponse struct {
	// Notifications maps notification types to delivery channels.
	// Supported types include taskAvailable, evidenceDigest, taskDailyDigest, and riskNotifications.
	Notifications map[string][]string `json:"notifications"`
}

type UpdateSubscriptionsRequest added in v0.12.0 

type UpdateSubscriptionsRequest struct {
	// Notifications maps notification types to delivery channels.
	// Supported types include taskAvailable, evidenceDigest, taskDailyDigest, and riskNotifications.
	Notifications map[string][]string `json:"notifications"`
}

type UserHandler added in v0.4.2 

type UserHandler struct {
	// contains filtered or unexported fields
}

func NewUserHandler added in v0.4.2 

func NewUserHandler(sugar *zap.SugaredLogger, db *gorm.DB) *UserHandler

func (*UserHandler) ChangeLoggedInUserPassword added in v0.4.2 

func (h *UserHandler) ChangeLoggedInUserPassword(ctx echo.Context) error

ChangeLoggedInUserPassword godoc 

@Summary		Change password for logged-in user
@Description	Changes the password for the currently logged-in user
@Tags			Users
@Accept			json
@Produce		json
@Param			changePasswordRequest	body		handler.UserHandler.ChangeLoggedInUserPassword.changePasswordRequest	true	"Change Password Request"
@Success		204						{object}	nil
@Failure		400						{object}	api.Error
@Failure		401						{object}	api.Error
@Failure		500						{object}	api.Error
@Security		OAuth2Password
@Router			/users/me/change-password [post]

func (*UserHandler) ChangePassword added in v0.4.2 

func (h *UserHandler) ChangePassword(ctx echo.Context) error

ChangePassword godoc 

@Summary		Change password for a specific user
@Description	Changes the password for a user by ID
@Tags			Users
@Accept			json
@Produce		json
@Param			id						path		string														true	"User ID"
@Param			changePasswordRequest	body		handler.UserHandler.ChangePassword.changePasswordRequest	true	"Change Password Request"
@Success		204						{object}	nil
@Failure		400						{object}	api.Error
@Failure		401						{object}	api.Error
@Failure		404						{object}	api.Error
@Failure		500						{object}	api.Error
@Security		OAuth2Password
@Router			/users/{id}/change-password [post]

func (*UserHandler) CreateUser added in v0.4.2 

func (h *UserHandler) CreateUser(ctx echo.Context) error

CreateUser godoc 

@Summary		Create a new user
@Description	Creates a new user in the system
@Tags			Users
@Accept			json
@Produce		json
@Param			user	body		handler.UserHandler.CreateUser.createUserRequest	true	"User details"
@Success		201		{object}	handler.GenericDataResponse[relational.User]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		409		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users [post]

func (*UserHandler) DeleteUser added in v0.4.2 

func (h *UserHandler) DeleteUser(ctx echo.Context) error

DeleteUser godoc 

@Summary		Delete a user
@Description	Deletes a user from the system
@Tags			Users
@Param			id	path		string	true	"User ID"
@Success		204	{object}	nil
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users/{id} [delete]

func (*UserHandler) GetMe added in v0.4.2 

func (h *UserHandler) GetMe(ctx echo.Context) error

GetMe godoc 

@Summary		Get logged-in user details
@Description	Retrieves the details of the currently logged-in user
@Tags			Users
@Produce		json
@Success		200	{object}	handler.GenericDataResponse[relational.User]
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/users/me [get]

func (*UserHandler) GetPublicUser added in v0.13.0 

func (h *UserHandler) GetPublicUser(ctx echo.Context) error

GetPublicUser godoc 

@Summary		Get public user details by ID
@Description	Get minimal user details by user ID
@Tags			Users
@Produce		json
@Param			id	path		string	true	"User ID"
@Success		200	{object}	handler.GenericDataResponse[handler.publicUserResponse]
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/users/{id} [get]

func (*UserHandler) GetSubscriptions added in v0.12.0 

func (h *UserHandler) GetSubscriptions(ctx echo.Context) error

GetSubscriptions godoc 

@Summary		Get notification preferences
@Description	Gets the current user's notification delivery preferences
@Tags			Users
@Produce		json
@Success		200	{object}	handler.GenericDataResponse[handler.SubscriptionsResponse]
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/users/me/subscriptions [get]

func (*UserHandler) GetUser added in v0.4.2 

func (h *UserHandler) GetUser(ctx echo.Context) error

GetUser godoc 

@Summary		Get user by ID
@Description	Get user details by user ID
@Tags			Users
@Produce		json
@Param			id	path		string	true	"User ID"
@Success		200	{object}	handler.GenericDataResponse[relational.User]
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users/{id} [get]

func (*UserHandler) GetUserGroups added in v0.17.0 

func (h *UserHandler) GetUserGroups(ctx echo.Context) error

GetUserGroups godoc 

@Summary		List a user's native group memberships
@Description	Returns the native CCF groups a user belongs to, flagging memberships inherited from an SSO IdP (read-only) vs assigned natively.
@Tags			Users
@Produce		json
@Param			id	path		string	true	"User ID"
@Success		200	{object}	handler.GenericDataListResponse[handler.userGroupMembershipResponse]
@Failure		400	{object}	api.Error
@Failure		401	{object}	api.Error
@Failure		404	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users/{id}/groups [get]

func (*UserHandler) ListSelectableUsers added in v0.13.0 

func (h *UserHandler) ListSelectableUsers(ctx echo.Context) error

ListSelectableUsers godoc 

@Summary		List selectable users
@Description	Lists users with only id and display name for selection controls
@Tags			Users
@Produce		json
@Param			search	query		string	false	"Filter users by name"
@Param			limit	query		int		false	"Maximum users to return"
@Param			offset	query		int		false	"Number of users to skip"
@Success		200		{object}	handler.GenericDataListResponse[handler.selectableUserResponse]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/users/select [get]

func (*UserHandler) ListUsers added in v0.4.2 

func (h *UserHandler) ListUsers(ctx echo.Context) error

ListUsers godoc 

@Summary		List all users
@Description	Lists all users in the system
@Tags			Users
@Produce		json
@Success		200	{object}	handler.GenericDataListResponse[relational.User]
@Failure		401	{object}	api.Error
@Failure		500	{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users [get]

func (*UserHandler) Register added in v0.4.2 

func (h *UserHandler) Register(api *echo.Group)

func (*UserHandler) RegisterPublicRoutes added in v0.13.0 

func (h *UserHandler) RegisterPublicRoutes(api *echo.Group, guard middleware.ResourceGuard)

func (*UserHandler) RegisterSelfRoutes added in v0.5.0 

func (h *UserHandler) RegisterSelfRoutes(api *echo.Group, guard middleware.ResourceGuard)

func (*UserHandler) UpdateSubscriptions added in v0.12.0 

func (h *UserHandler) UpdateSubscriptions(ctx echo.Context) error

UpdateSubscriptions godoc 

@Summary		Update notification preferences
@Description	Updates the current user's notification delivery preferences
@Tags			Users
@Accept			json
@Produce		json
@Param			subscription	body		handler.UpdateSubscriptionsRequest	true	"Notification preferences"
@Success		200				{object}	handler.GenericDataResponse[handler.SubscriptionsResponse]
@Failure		400				{object}	api.Error
@Failure		401				{object}	api.Error
@Failure		404				{object}	api.Error
@Failure		500				{object}	api.Error
@Security		OAuth2Password
@Router			/users/me/subscriptions [put]

func (*UserHandler) UpdateUser added in v0.4.2 

func (h *UserHandler) UpdateUser(ctx echo.Context) error

UpdateUser godoc 

@Summary		Update user details
@Description	Updates the details of an existing user
@Tags			Users
@Accept			json
@Produce		json
@Param			id		path		string												true	"User ID"
@Param			user	body		handler.UserHandler.UpdateUser.updateUserRequest	true	"User details"
@Success		200		{object}	handler.GenericDataResponse[relational.User]
@Failure		400		{object}	api.Error
@Failure		401		{object}	api.Error
@Failure		404		{object}	api.Error
@Failure		500		{object}	api.Error
@Security		OAuth2Password
@Router			/admin/users/{id} [put]

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.