Feature/Implement Companion Edition API and OpenCRE Endpoints#2887
Open
prakhar0x01 wants to merge 10 commits intoOWASP:masterfrom
Open
Feature/Implement Companion Edition API and OpenCRE Endpoints#2887prakhar0x01 wants to merge 10 commits intoOWASP:masterfrom
prakhar0x01 wants to merge 10 commits intoOWASP:masterfrom
Conversation
sydseter
requested changes
Apr 27, 2026
Contributor
Author
|
Please review the changes, thanks, |
sydseter
requested changes
Apr 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issue : #2886
Summary
This PR implements the public API endpoints and OpenCRE mappings for the Companion Edition (AI/LLM threat modeling), bringing it into parity with the existing WebApp and MobileApp editions. It also introduces a new generic Language Metadata API and enhances the data loading resilience of the
DeckService.Changes
1. Core API Logic & Registration
DeckService.ts: Registered thecompanionedition (v1.0, EN) in the central registry.CreController.ts: Added human-readable mapping for "OWASP Cornucopia Companion Edition" and the "AI / LLM Application" category tag.[edition]/[lang]/+server.ts: Updated the CRE route guard to allowcompanionas a valid edition.2. New Endpoints
GET /api/cre/companion: Returns metadata for the Companion edition.GET /api/cre/companion/en: Returns the Companion card deck with OpenCRE mappings.GET /api/lang/[edition]/[version]: A new generic endpoint providing language metadata for any version/edition (supporting/api/lang/companion/1.0).3. Resilience & Bug Fixes
DeckServiceto handle missing markdown files gracefully. Instead of skipping cards when technical notes are missing, it now falls back to the YAML description, ensuring the Companion API remains functional even without full markdown documentation.source/companion-mappings-1.0.yamlat line 235 that was causing aYAMLExceptionduring build/dev.4. Infrastructure & Documentation
script/headers.jsandscript/headers-stage.jsto include the required CORS and Content-Type overrides for the new endpoints in production and staging environments.svelte.config.jsto include the new companion endpoints in the static build process.static/api/openapi.yaml.Verification Results
GET /api/cre/companionreturns correct metadata.GET /api/cre/companion/ensuccessfully returns the 1.0 card list.GET /api/lang/companion/1.0returns versioned language info./api/docsreflects new companion endpoints.npm run buildsucceeds with correct_headersgeneration.