fix(api): prefer live graphs for visualizations by jonathanhaaswriter · Pull Request #151 · writer/cerebro

jonathanhaaswriter · 2026-03-24T20:41:32Z

Summary

use the current tenant graph view for attack-path, toxic-combination, and report Mermaid endpoints
avoid unnecessary snapshot reads when a live graph is already available
add regressions to prove these visualizations stay off the snapshot store in live-graph mode

jonathanhaaswriter · 2026-03-26T18:05:59Z

One mismatch looks risky here:

visualizeAttackPath / visualizeToxicCombination now use currentTenantSecurityGraphView() (live graph), while the list endpoints still compute IDs from tenantAnalysisGraph() (snapshot-backed). If the live graph moves ahead of the snapshot, the list endpoint can return an index/ID that immediately renders a different object or 404s in the visualization endpoint.

Could these endpoints use the same graph source?

Test added 6 commits March 25, 2026 08:25

fix(api): prefer live graphs for visualizations

4b8ce17

test(ci): appease staticcheck nil guards

07d4f6d

test(ci): appease staticcheck nil guards

51c480b

test(ci): appease threat runtime nil guards

5285b88

test(ci): add explicit nil-guard returns

bd878a4

test(ci): stabilize dual-write lease expiry timing

9f09b5a

jonathanhaaswriter force-pushed the fix/visualization-live-graph branch from 7930144 to 9f09b5a Compare March 25, 2026 15:34

test(ci): fix remaining staticcheck nil guards in runtime threat tests

9b4ba5b