feat: adding stewardship tables and small fixis (CM-1218)#4191
Merged
Conversation
ulemons
force-pushed
the
feat/stewardship-tables
branch
from
3555909 to
b7f1724
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR provisions the initial database schema for OSSPREY Self Serve “stewardship” (v1) and refactors the public Packages API typing + OpenAPI spec to introduce a stewardship surface area (currently backed by mocks).
Changes:
- Add a new packages-db migration creating six stewardship-related tables with indexes/FKs.
- Introduce a single
types.tssource-of-truth for stewardship/domain types and update mocks/handlers to use it. - Update the Packages OpenAPI schema to include stewardship fields and adjust the list/batch shapes.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| backend/src/osspckgs/migrations/V1781094067__stewardship-tables.sql | Adds stewardship tables + indexes for v1/v2 rollout. |
| backend/src/api/public/v1/packages/types.ts | Adds centralized TS domain types for packages stewardship API. |
| backend/src/api/public/v1/packages/openapi.yaml | Extends public OpenAPI contract with stewardship fields and tweaks required fields. |
| backend/src/api/public/v1/packages/mockData.ts | Updates mocks to use shared types and adds stewardship to detail mocks. |
| backend/src/api/public/v1/packages/batchGetStewardship.ts | Aligns batch endpoint output with new types and mock detail stewardship status. |
Comments suppressed due to low confidence (1)
backend/src/api/public/v1/packages/openapi.yaml:201
stewardsis named as a plural but is modeled as a singleSteward(or null), and the description also says “Single assigned steward”. This is inconsistent for API consumers and future evolution (especially since the DB schema is many-to-many). Either rename the field to singular (steward) everywhere, or change the shape to an array (stewards: Steward[]) and update the OpenAPI schema + handlers/mocks accordingly.
stewards:
description: Single assigned steward or null.
oneOf:
- $ref: '#/components/schemas/Steward'
- type: 'null'
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+35
to
+38
| openVulns: OpenVulns | null | ||
| stewardship: StewardshipStatus | ||
| stewards: Steward | null | ||
| lastActivityAt: string | null |
Comment on lines
+415
to
+426
| stewardship: | ||
| type: object | ||
| description: Stewardship state. In v1 always unassigned with no stewards or activity. | ||
| properties: | ||
| status: | ||
| $ref: '#/components/schemas/StewardshipStatus' | ||
| stewards: | ||
| description: Single assigned steward or null. Null in v1. | ||
| oneOf: | ||
| - $ref: '#/components/schemas/Steward' | ||
| - type: 'null' | ||
| lastActivityAt: |
joanagmaia
previously approved these changes
Jun 11, 2026
Comment on lines
+35
to
+38
| openVulns: OpenVulns | null | ||
| stewardship: StewardshipStatus | ||
| stewards: Steward | null | ||
| lastActivityAt: string | null |
Comment on lines
136
to
137
| stewardship: | ||
| $ref: '#/components/schemas/StewardshipStatus' |
Comment on lines
197
to
198
| stewardship: | ||
| $ref: '#/components/schemas/StewardshipStatus' |
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
… filter Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
ulemons
force-pushed
the
feat/stewardship-tables
branch
from
f1421c2 to
03acaab
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Provisions the six stewardship tables for the OSSPREY Self Serve program (v1) and cleans up the packages API type layer. In v1 only
stewardshipsis populated — oneunassignedrow per critical package via the import job. The other five tables are schema-only, empty until v2 write flows land.Changes
V1781094067__stewardship-tables.sql: createsstewardships,stewardship_stewards,stewardship_activity,stewardship_assessments,stewardship_findings,stewardship_remediation_actionswith all indexes and FK constraints. Notable deviations from the original spec:updated_atadded tostewardship_assessments(was missing vs all other mutable tables); optionalassessment_idFK onstewardship_findingsto link findings to the assessment that produced them when v2 landstypes.ts(new): single source of truth for domain types —StewardshipStatus,Lifecycle,SeverityLevel,OpenVulns,Steward,StewardshipSummary— previously scattered as inline literals across handler filesstewardshipblock toPackageDetail; renamedPackageListItem.steward→stewards; addedopenVulnstoStewardshipSummary.requiredbatchGetStewardship.ts: readsstewardship.statusfrom mock detail instead of hardcoding'unassigned'; removed redundantinguard on severity accumulatormockData.ts: all types now referencetypes.ts; stewardship block added toMockPackageDetailType of change
JIRA ticket
ticket
Note
Medium Risk
Introduces new production schema with package FKs and changes the public API contract (steward → stewards array); handlers remain mock-backed until DB wiring lands.
Overview
Adds OSSPREY stewardship persistence via migration
V1781094067__stewardship-tables.sql: six related tables (stewardshipsplus stewards, activity, assessments, findings, remediation actions) with indexes and FKs topackages. v1 is intended to populate onlystewardships(oneunassignedrow per critical package); the rest are schema-only for future write flows.Packages public API alignment: introduces shared
types.ts(StewardshipStatus,Lifecycle,OpenVulns,Steward,StewardshipSummary) and wires mock handlers to it. OpenAPI documents astewardshipobject on package detail, treatsstewardsas an array (replacing singularstewardon list/summary shapes), and requiresopenVulnsonStewardshipSummary.batchGetStewardshipreturns stewardship status/stewards from mock detail instead of hardcoded values;listPackagesunstewardedOnlynow treatsnullstewardship like unstewarded alongsideunassigned. Mock package detail gains astewardshipblock matching the contract.Reviewed by Cursor Bugbot for commit 03acaab. Bugbot is set up for automated code reviews on this repo. Configure here.