chore: release 25.4.4 (#300)

* feat(ci): add security-scan workflow to scan for vulnerabilities in dependencies for APIHUB
Related issue: Netcracker/.github#209

* Merge pull request #268 from Netcracker/split-api-internal-external

docs: deleted APIHUB API spec and add only "system info" endpoint and…

* feat(ci): add security-scan workflow to scan for vulnerabilities in dependencies for APIHUB (#278)

* feat(ci): add security-scan workflow to scan for vulnerabilities in dependencies for APIHUB
Related issue: Netcracker/.github#209, Netcracker/.github#223

* feat(ci): add security-scan workflow to scan for vulnerabilities in dependencies for APIHUB
Related issue: Netcracker/.github#209, Netcracker/.github#223

---------

Co-authored-by: borislavr <noreply@github.com>

* fix: business_metric table inconsistent data (#261)

* fix: add release_versions_published business metric handling during version patch + data fix

* chore: add release_versions_deleted business metric

* chore(ci): remove security-scan-apihub workflow (#284)

Related issue: Netcracker/.github#236

Co-authored-by: borislavr <noreply@github.com>

* feat(ci): add security-scan workflow to scan for vulnerabilities in dependencies for APIHUB (#286)

Related issue: Netcracker/.github#209, Netcracker/.github#223

Co-authored-by: borislavr <noreply@github.com>

* feat: onboard api-spec-exposure lib (#271)

* feat: onboard api-spec-exposure lib

* feat: update log messages

* feat: switch to release library version

---------

Co-authored-by: Aleksandr Agishev <aleksandr.agishev.qubership@gmail.com>

* fix: local run (#290)

* doc: add mandatory for local run config element

* feat: MCP server PoC (#287)

* feat: initial PoC implementation - MCP API on stubs

* feat: MCP with APIHUB services

* feat: add logs, improve prompts

* feat: add api-key authentication for MCP endpoint

* feat: add parameter to limit MCP requests to workspace configured via MCP_WORKSPACE env var

* feat: switch MCP endpoint from /mcp to /api/mcp

* Add lite operations search

* feat: initial implementation for AI Chat API and OpenAI client

* add lite search filters

* Update search query

* feat: refactoring #1 + adding packages_list MCP resource

* feat: refactoring #2

* feat: prompts tuning

* feat: refactoring #3

* fix: redo OpenAI proxy support

* feat: switch to OpenAI client + add caching for resource api_packages_list

* fix: fix proxy parameter for OpenAI

* fix: filter out RUNENV packages

* fix: adaptation for gpt-5 model

* fix: change default model to gpt-5 to be aligned with api-linter

* feat: add LLM parameters to config + some errors logging

* chore: go mod tidy + renew migration number

* feat: bring back old search, make SearchLite in MCP only

* feat: add LLM instruction about search query features

* feat: lite search v2 (#291)

* Updated lite search

* Update search logic

* Lite search: correct filter for API type.
Lite search mode in global search.

---------

Co-authored-by: Viacheslav Lunev <viacheslav.lunev.qubership@gmail.com>

* MCP refactoring

* mcp refactoring

* remove comment

* feat: adaptation for merging to develop

* feat: fix build

---------

Co-authored-by: Viacheslav Lunev <viacheslav.lunev.qubership@gmail.com>

---------

Co-authored-by: borislavr <noreply@github.com>
Co-authored-by: Adil Bektursunov <60805564+zloiadil@users.noreply.github.com>
Co-authored-by: NetcrackerCLPLCI <112641018+NetcrackerCLPLCI@users.noreply.github.com>
Co-authored-by: Aleksandr Karpov <aleksandr.v.karpov.qubership@gmail.com>
Co-authored-by: Viacheslav Lunev <viacheslav.lunev.qubership@gmail.com>

Author: 6 people

.github/workflows/security-scan-apihub.yml

@@ -0,0 +1,106 @@
+name: Security Scan Docker Packages
+run-name: >
+  Security Scan #${{ github.run_number }} for ${{ inputs.image != '' && inputs.image != null && inputs.image || 'all repository docker images' }}
+on:
+  workflow_dispatch:
+    inputs:
+      target:
+        description: "Target type for the scan (docker, etc.)"
+        required: false
+        type: choice
+        options:
+          - docker
+          - source
+      image:
+        description: "Docker image (for docker). By default ghcr.io/<owner>/<repo>:latest"
+        required: false
+        default: ""
+        type: string
+      tag:
+        description: "Tag of the image to scan. By default 'latest'"
+        required: false
+        default: "latest"
+        type: string
+      only-high-critical:
+        description: "Scope only HIGH + CRITICAL"
+        required: false
+        default: true
+        type: boolean
+      trivy-scan:
+        description: "Trivy scan"
+        required: false
+        default: true
+        type: boolean
+      grype-scan:
+        description: "Grype scan"
+        required: false
+        default: true
+        type: boolean
+      continue-on-error:
+        description: "Continue on error"
+        required: false
+        default: true
+        type: boolean
+      only-fixed:
+        description: "Ignore unfixed vulnerabilities"
+        required: false
+        default: true
+        type: boolean
+  schedule:
+    - cron: "0 3 * * 0" # every Sunday at 03:00 UTC
+
+jobs:
+  debug-packages:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: read
+    outputs:
+      packages: ${{ steps.ghcr.outputs.packages }}
+      has-packages: ${{ steps.ghcr.outputs.has-packages }}
+    steps:
+      - name: List GHCR packages for this repo
+        id: ghcr
+        uses: Netcracker/qubership-workflow-hub/actions/ghcr-discover-repo-packages@396774180000abdb825cbf150b56cc59c6913db8 #v2.0.5
+        env:
+          GH_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
+
+      - name: Print packages
+        run: echo '${{ steps.ghcr.outputs.packages }}' | jq '.'
+
+      - name: Continue only if repo has GHCR packages
+        if: ${{ steps.ghcr.outputs.has-packages == 'true' }}
+        run: echo "Packages found!"
+
+      - name: No packages found, fail the job
+        if: ${{ steps.ghcr.outputs.has-packages != 'true' }}
+        run: |
+          echo "No packages found in GHCR for this repository."
+          exit 1
+
+
+  security-scan-matrix:
+    needs: debug-packages
+    if: ${{ inputs.image == '' || inputs.image == null }}
+    strategy:
+      matrix:
+        package: ${{ fromJson(needs.debug-packages.outputs.packages) }}
+
+    name: "Run Security Scan (matrix)"
+    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@396774180000abdb825cbf150b56cc59c6913db8 #v2.0.5
+    with:
+      target: ${{ inputs.target || 'docker' }}
+      image: ${{ format('{0}:{1}', matrix.package.path, inputs.tag || 'dev') }}
+
+  security-scan-single:
+    needs: debug-packages
+    if: ${{ inputs.image != '' && inputs.image != null }}
+    name: "Run Security Scan (single image)"
+    uses: netcracker/qubership-workflow-hub/.github/workflows/re-security-scan.yml@396774180000abdb825cbf150b56cc59c6913db8 #v2.0.5
+    with:
+      target: ${{ inputs.target || 'docker' }}
+      image: ${{ inputs.image }}
+      only-high-critical: ${{ inputs.only-high-critical || true }}
+      trivy-scan: ${{ inputs.trivy-scan || true }}
+      grype-scan: ${{ inputs.grype-scan || true }}
+      only-fixed: ${{ inputs.only-fixed || true }}
+      continue-on-error: ${{ inputs.continue-on-error || true }}

docs/README.md

@@ -17,10 +17,9 @@
 
 ## API documentation
 ### API specifications
-- [APIHUB API](api/APIHUB%20API.yaml)
-- [Admin API](api/Admin%20API.yaml)
-- [Public Registry API](api/Public%20Registry%20API.yaml)
-- [WebSocket API](api/apihub-ws.yaml)
+- [APIHUB API](api/APIHUB_API.yaml)
+- [APIHUB Admin API](api/Admin%20API.yaml)
+- [APIHUB Internal API](api/APIHUB_API_internal.yaml)
 ### [Postman Collections](postman_collections.md)
 
 ## Security