Skip to content

[BACKEND] Align API with dashboard contract for resources, playbooks, prioritization, and drift #113

Open
Open
[BACKEND] Align API with dashboard contract for resources, playbooks, prioritization, and drift#113
Assignees
safidnadaf
Labels
coreCore team ownership not for studentsenhancementNew feature or request
@m-khan-97

Description

@m-khan-97
m-khan-97
opened on Jun 3, 2026

Objective

Close the backend/frontend API contract gap so Live mode can use real data instead of mock fallback for core product pages.

Why this matters

The dashboard defines and calls several product-level endpoints that are not implemented in the current Flask API. Without these endpoints, the UI can look complete in demo mode but cannot become a true CSPM workflow in live mode.

Current backend endpoints

Implemented today:

  • GET /health
  • GET /api/findings
  • GET /api/findings/
  • GET /api/scans
  • POST /api/scans/trigger
  • GET /api/score
  • GET /api/score/cve-summary
  • GET /api/compliance/
  • Current AI routes under /api/ai/...

Dashboard contract gaps

The frontend contract expects endpoints such as:

  • GET /api/resources
  • GET /api/findings//playbook
  • GET /api/scans/<scan_id>
  • GET /api/prioritization
  • GET /api/drift
  • GET /api/monitoring
  • AI endpoints with names/semantics that may differ from the backend today

Recommended implementation order

  1. GET /api/scans/<scan_id> - needed for scan polling
  2. GET /api/resources - aggregate resources from findings and scan metadata
  3. GET /api/findings//playbook - expose remediation content from existing playbooks
  4. GET /api/prioritization - compute risk-ranked findings from severity, CVSS, exploit flags, and fix effort
  5. GET /api/monitoring - score trend and category distribution
  6. GET /api/drift - likely requires historical resource snapshots and may need a separate design issue

Files likely involved

  • api/routes/
  • api/models/finding.py
  • api/app.py
  • docs/api-reference.md
  • frontend/API_ENDPOINTS.txt once the dashboard PR lands
  • tests/

Acceptance criteria

  • Backend and frontend agree on endpoint names, methods, auth, and response shapes
  • API reference documents every implemented dashboard endpoint
  • Live mode can render Discovery without mock fallback
  • Live mode can render Detailed Scan playbook data without frontend-only static assumptions
  • At least one test covers each newly added endpoint
  • Deferred endpoints are explicitly marked as deferred in docs, not shown as complete

Metadata

Metadata

Assignees

Labels

coreCore team ownership not for studentsenhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

OpenShield MVP — Phase 1
Status
📋 Backlog

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions