Skip to content

Merge beta into next#449

Draft
seansica wants to merge 231 commits intonextfrom
beta
Draft

Merge beta into next#449
seansica wants to merge 231 commits intonextfrom
beta

Conversation

@seansica
Copy link
Contributor

@seansica seansica commented Jan 14, 2026

No description provided.

seansica and others added 30 commits June 13, 2025 10:41
@seansica
build(semantic-release): create new release branches 'adm' and 'detec…
5a7dfcf 
…tions'
@adpare
feat: new endpoint for validation
9107976
@adpare
feat: validate api setup
33ad9bf
@adpare
chore: format code
7982290
@clemiller
Merge pull request #416 from center-for-threat-informed-defense/main
4b0ed96 
Merge main into adm
@adpare
feat: attempt to use campaign middleware
e93e748
@adpare
Merge branch 'adm' into adm-temp
a92b985
@adpare
feat: add validation for tactics and techniques
dcc8dfc
@adpare
feat: add validation for tactics and techniques
c605617
@clemiller
Merge pull request #421 from center-for-threat-informed-defense/main
a06baee 
Merge main into adm
@seansica
refactor: replace openapi request body validator in yaml spec files
e7067e0 
- change all  stix component pointers to simple object check
- validation will be replaced with custom ADM middleware
@seansica
refactor: update validation middleware
c679461
@seansica
refactor: delete workflow-states module
4cf91e0
@seansica
refactor: validation endpoint (router, controller, service)
44ed739
@seansica
refactor: add validation middleware to all post and put endpoints
5b16158
@seansica
build: upgrade ADM and install http-status-codes
5c501c4
@seansica
Merge branch 'main' into adm-temp
7a56756
@seansica
feat: add relationship, marking def, and collection support to the va…
a358b40 
…lidate service
@seansica
feat: implement poc for validating tool and software
e1a1689
@seansica
refactor: mod validation middleware to take an array of schemas
8d79d6b 
- middleware now accepts stixSchemasorSchemas (single schema or array of schemas)
- software router now passes [toolSchema, malwareSchema] instead of softwareSchema
- no more special handling for softwareSchema
@seansica
build: upgrade ADM to 4.4.1
aa2a9f2
@seansica
Merge branch 'main' into adm
f08ac62
@seansica
fix: remove dtos sub-package (artifact from prev poc)
2f2c70a
@seansica
feat: enable ADM validation on relationships PUT endpoint
b2c99db
@seansica
fix: loosen restrictions on validation endpoint response structure
f4894cf
@seansica
fix: revert openapi schema names
bd30abb
@seansica
chore: update vscode launch.json to set critical env variables for la…
af25e62 
…unch config
@seansica
feat(config): add validateRequests runtime config to allow toggling b…
9ccb78b 
…etween validation mechanisms

- VALIDATE_WITH_ADM_SCHEMAS: when enabled, requests are validated with the ATT&CK Data Model Zod schemas
- VALIDATE_WITH_LEGACY_SCHEMAS: when enabled, requests are validated with the preexisting, OpenAPI YAML-based spec files
@seansica
feat(validation-middleware): add global toggle for optionally bypassi…
25c1941 
…ng ADM validation

The ADM validation middlware now reads a runtime config value at request time to determine whether to perform validation
@seansica
feat: condition the global OpenApiValidator middleware execution on r…
8829360 
…untime config parameter

- The OpenApiValidator.middleware will attach to the global router ONLY if config.validateRequests.withOpenApi is enabled
- The default value for this config parameter is true, so the change is non-breaking
seansica and others added 16 commits February 5, 2026 15:14
@seansica
docs(release-tracks): remove section on migration handling for existi…
5a0a470 
…ng tracks
@seansica
feat(release-tracks): execute phase A of member sync strategy impl
730430c 
Updated schemas and snapshot service: release tracks will automatically
receive the default member_sync config. The Update Config endpoint now
accepts member_sync configuration updates
@seansica
feat(release-tracks): implement member sync strategies
867a32f
@seansica
fix(release-tracks): remove include_candidates_in_snapshots config se…
a20a783 
…tting
@adpare
chore: update zod and adm versions
22d37a5
@seansica
refactor: compose ADM schemas with base+checks to avoid Zod .check() …
04638ec 
…restriction

Zod v4.3.6+ disallows .omit(), .pick(), and .partial() on schemas that
already have .check() applied. Restructure schema composition to apply
operations in the safe order: base → .omit() → .partial() → .check().

- Import base schemas (without refinements) instead of full schemas
- Add getSchema() to compose schemas at request time in the correct order
- Simplify validateWorkspaceStixData() to accept STIX type strings
- Remove unused createWorkspaceStixSchema and type extraction helpers
- Remove ADM schema imports from all route files
@adpare
fix: update tests to incorporate new schema structure
58e556c
@adpare
chore: fix identation
3b5e8f0
@adpare
feat: add source and target objects to parallel relationships
bf51068
@adpare
chore: fix identation
df93627
@adpare
Merge branch 'beta' of github.com:center-for-threat-informed-defense/…
a944401 
…attack-workbench-rest-api into beta
@adpare
chore: clean imports
5bdea1b
@adpare
chore: code cleanup
abc6669
@adpare
chore: fox identation
d9bcafd
@adpare
chore: code cleanup
7a8208f
@jondricek
ci: add environment variable for MongoDB store crypto secret in regre…
2e7fda8 
…ssion tests
@github-actions
Copy link

github-actions bot commented Feb 20, 2026

🎉 This PR is included in version 4.10.0-beta.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions
Copy link

github-actions bot commented Feb 20, 2026

🎉 This PR is included in version 4.10.0-beta.6 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions
Copy link

github-actions bot commented Mar 5, 2026

🎉 This PR is included in version 4.10.0-beta.7 🎉

The release is available on:

Your semantic-release bot 📦🚀

@seansica
feat: refactor ADM validation into service-layer ETL pipeline
0a793b1 
Move ADM validation from early-stage middleware into a late-stage step
within `create()` and `updateFull()`, restructured as ETL pipelines:
Analyze → Compose → Set Server Fields → Hooks → Validate → Persist.

- Remove `validation-middleware.js` and its imports from 15 route files
- Relocate ADM validation logic into `base.service.js` as the pipeline's
  validate step, ensuring validation runs against fully composed objects
- Strip server-controlled fields (`x_mitre_attack_spec_version`,
  `x_mitre_modified_by_ref`, ATT&CK external references) instead of
  rejecting them, with scaffolding for future server control of `id`,
  `created`, and `modified`
- Add `?dryRun=true` query parameter that short-circuits persistence in
  the actual create/update pipeline, replacing the deprecated
  `POST /api/validate` endpoint and eliminating validation/service drift
- Surface ADM validation warnings (e.g., non-standard `x_mitre_shortname`)
  in the response body alongside `stix` and `workspace`
- Add `toJSON`/`toObject` transforms to the base Mongoose schema and
  query-level exclusions to strip `_id`, `__v`, `__t` from all responses
- Define `dryRun` as a reusable OpenAPI component in `query-parameters.yml`
@github-actions
Copy link

github-actions bot commented Mar 9, 2026

🎉 This PR is included in version 4.10.0-beta.8 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@seansica seansica

Labels

released on @beta

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@seansica @adpare @clemiller @elucchesileon @jondricek