chore(api): Handle deprecated and non-functional endpoints - BED-3312

[cami-specter]

Description

This PR handles deprecated endpoints as part of BED-3312. Some endpoints still exist in the codebase, but were not showing in the OpenAPI documentation. Now those are restored and/or marked with clear deprecation warnings.

• uncommented Tasks endpoints in openapi.yaml
• added path files to 9 Tasks endpoints and marked them as deprecated
• regenerated openapi.json
• updated the description section to clearly mark 3 additional endpoints as deprecated in the OpenAPI UI

Motivation and Context

Resolves BED-3312

Why is this change required? What problem does it solve?

There were several endpoints in various states of "deprecation". The changes standardize the deprecated endpoints and add clarity to the OpenAPI UI/API Explorer page.

How Has This Been Tested?

I tested this by running BHE/BHCE locally and previewing my changes in the API Explorer page.

Screenshots (optional):

Tasks endpoints:

Adding deprecation description:

Types of changes

• Chore (a change that does not modify the application functionality)

Checklist:

• I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: Issues and Pull Requests README #672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

• New Features

  • Activated a set of task-related API endpoints (list, current, available, finished, start, end, cancel, task detail, task log). All newly surfaced endpoints are marked deprecated and include migration guidance to job-equivalent endpoints.

• Documentation

  • Updated multiple endpoint descriptions to add deprecation notices and point to replacement /api/v2/jobs/* routes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR reactivates nine deprecated /api/v2/tasks/* endpoints, adds a new GET /api/v2/tasks/available path, and updates descriptions of three endpoints with deprecation notices and migration guidance. All edits are OpenAPI metadata; no business logic or data model changes.

Changes

Cohort / File(s)	Summary
Main OpenAPI spec packages/go/openapi/doc/openapi.json, packages/go/openapi/src/openapi.yaml	Reintroduced task paths into the primary spec and added the /api/v2/tasks/available reference.
Task path definitions (new/activated) packages/go/openapi/src/paths/tasks.tasks.available.yaml, packages/go/openapi/src/paths/tasks.tasks.finished.yaml, packages/go/openapi/src/paths/tasks.tasks.yaml, packages/go/openapi/src/paths/tasks.tasks.current.yaml, packages/go/openapi/src/paths/tasks.tasks.start.yaml, packages/go/openapi/src/paths/tasks.tasks.end.yaml, packages/go/openapi/src/paths/tasks.tasks.id.yaml, packages/go/openapi/src/paths/tasks.tasks.id.cancel.yaml, packages/go/openapi/src/paths/tasks.tasks.id.log.yaml	Added nine path files defining deprecated operations (GET/POST/PUT) with operationIds, numerous $ref parameters, 200 response schemas (client job display objects/envelopes), and standard error response references.
Deprecation description updates packages/go/openapi/src/paths/analysis.asset-groups.id.combo-node.yaml, packages/go/openapi/src/paths/clients.clients.id.completed-tasks.yaml, packages/go/openapi/src/paths/clients.clients.id.tasks.yaml	Replaced endpoint descriptions with multiline deprecation notices and migration guidance; no parameter, response, or signature changes.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• cweidenkeller
• maffkipp
• irshadaj

Poem

🐰
Old task paths wake with morning dew,
A sign directs to jobs brand new,
I hop through YAML, tidy and keen,
Nibble a schema, keep the spec clean,
Hooray — deprecated, but still seen! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title clearly summarizes the main change: standardizing and clarifying deprecated endpoints, matching the PR's primary objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	PR description is comprehensive and follows the template with all required sections completed: Description, Motivation/Context, Testing details, Change types, and a completed checklist.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

🤖 Fix all issues with AI agents

In `@packages/go/openapi/src/paths/analysis.asset-groups.id.combo-node.yaml`:
- Around line 30-31: The YAML description block contains extra spaces after the
colon ("description:  >") causing yamllint warnings; open the YAML for the
OpenAPI path and change the key to use a single space before the block scalar
(i.e., "description: >") so the description uses the folded scalar correctly;
update the "description" entry in the analysis.asset-groups.id.combo-node.yaml
file (the description: > line) to remove the extra space.

In `@packages/go/openapi/src/paths/clients.clients.id.completed-tasks.yaml`:
- Around line 31-33: The YAML lint error is caused by extra spaces after the
description key before the block scalar indicator; update the description
mapping by removing the extra spaces so the line reads with a single space
between the key and the block indicator (i.e., change "description:  >" to
"description: >") for the completed-tasks endpoint's description block to
satisfy YAMLlint (refer to the description key/block scalar in
clients.clients.id.completed-tasks.yaml).

In `@packages/go/openapi/src/paths/clients.clients.id.tasks.yaml`:
- Around line 31-33: The YAML description block has extra spaces after the colon
("description:  >") causing yamllint spacing errors; update the key to remove
the extra space so it reads "description: >" (i.e., ensure a single space or no
space between the colon and block scalar indicator) for the
clients.clients.id.tasks.yaml description entry to satisfy YAML linting.

In `@packages/go/openapi/src/paths/tasks.tasks.available.yaml`:
- Around line 58-79: The responses for the tasks.tasks.available endpoint are
missing a 429 rate-limit response; add a 429 entry under the responses block for
the path defined in packages/go/openapi/src/paths/tasks.tasks.available.yaml so
it mirrors tasks.tasks.finished. Specifically, insert a 429 response reference
consistent with other endpoints (e.g., $ref:
'./../responses/too-many-requests.yaml' or the existing 429 response used by
tasks.tasks.finished) under the responses mapping for the
200/400/401/403/404/500 entries so the endpoint documents rate-limiting
consistently.

In `@packages/go/openapi/src/paths/tasks.tasks.current.yaml`:
- Around line 29-48: This endpoint's OpenAPI responses omit a 429 Too Many
Requests entry, causing inconsistency with other task endpoints; update
packages/go/openapi/src/paths/tasks.tasks.current.yaml (the GET /tasks/current
deprecated endpoint) by adding a 429 response entry referencing the shared 429
response (e.g., ../responses/too-many-requests.yaml) under the responses block
so it matches the pattern used by finished/id/id.cancel/id.log/main task
endpoints, or alternatively add a short comment in the file explaining why 429
is intentionally omitted due to deprecation and parity with GET
/api/v2/jobs/current.

In `@packages/go/openapi/src/paths/tasks.tasks.id.log.yaml`:
- Around line 37-58: Add a 400 Bad Request response entry to the responses list
in tasks.tasks.id.log.yaml to mirror the other task endpoints; insert a "400:"
mapping (e.g. 400: $ref: './../responses/bad-request.yaml') alongside the
existing 401/403/404/429/500 entries so the GET /api/v2/tasks/{task_id} log
response follows the same invalid task_id pattern used by GET
/api/v2/tasks/{task_id} and PUT /api/v2/tasks/{task_id}/cancel.

In `@packages/go/openapi/src/paths/tasks.tasks.yaml`:
- Around line 56-67: Add the same pagination query parameters and response
envelope used in tasks.tasks.finished.yaml: add `skip` and `limit` query
parameters to this endpoint's parameters list and change the 200 response schema
to reference the pagination envelope `api.response.pagination.yaml` with its
`data` items pointing to ./../schemas/model.client-scheduled-job-display.yaml;
ensure the envelope structure matches the finished endpoint so clients receive
paginated metadata plus the array of scheduled-job-display items.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b9501e2 and a3983f3.

📒 Files selected for processing (14)

• packages/go/openapi/doc/openapi.json
• packages/go/openapi/src/openapi.yaml
• packages/go/openapi/src/paths/analysis.asset-groups.id.combo-node.yaml
• packages/go/openapi/src/paths/clients.clients.id.completed-tasks.yaml
• packages/go/openapi/src/paths/clients.clients.id.tasks.yaml
• packages/go/openapi/src/paths/tasks.tasks.available.yaml
• packages/go/openapi/src/paths/tasks.tasks.current.yaml
• packages/go/openapi/src/paths/tasks.tasks.end.yaml
• packages/go/openapi/src/paths/tasks.tasks.finished.yaml
• packages/go/openapi/src/paths/tasks.tasks.id.cancel.yaml
• packages/go/openapi/src/paths/tasks.tasks.id.log.yaml
• packages/go/openapi/src/paths/tasks.tasks.id.yaml
• packages/go/openapi/src/paths/tasks.tasks.start.yaml
• packages/go/openapi/src/paths/tasks.tasks.yaml

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-08-28T16:43:43.961Z

Learnt from: mvlipka
Repo: SpecterOps/BloodHound PR: 1784
File: packages/go/openapi/doc/openapi.json:18008-18029
Timestamp: 2025-08-28T16:43:43.961Z
Learning: In SpecterOps/BloodHound, packages/go/openapi/doc/openapi.json is generated from YAML under packages/go/openapi/src/schemas; edits must be made to the YAML and then the spec regenerated.

Applied to files:

• packages/go/openapi/src/paths/tasks.tasks.start.yaml
• packages/go/openapi/src/paths/tasks.tasks.end.yaml
• packages/go/openapi/src/openapi.yaml

🪛 YAMLlint (1.37.1)

packages/go/openapi/src/paths/analysis.asset-groups.id.combo-node.yaml

[warning] 30-30: too many spaces after colon

(colons)

packages/go/openapi/src/paths/clients.clients.id.completed-tasks.yaml

[warning] 31-31: too many spaces after colon

(colons)

packages/go/openapi/src/paths/clients.clients.id.tasks.yaml

[warning] 31-31: too many spaces after colon

(colons)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Build BloodHound Container Image / Build and Package Container
• GitHub Check: build-ui
• GitHub Check: run-tests
• GitHub Check: run-analysis

🔇 Additional comments (18)

packages/go/openapi/src/paths/tasks.tasks.start.yaml (1)

17-48: LGTM — deprecated task start path is clearly documented.
Deprecation guidance and response schema wiring look consistent.

packages/go/openapi/src/paths/tasks.tasks.end.yaml (1)

17-48: LGTM — deprecated task end path is clearly documented.
Deprecation guidance and response schema wiring look consistent.

packages/go/openapi/src/paths/tasks.tasks.id.yaml (1)

26-57: LGTM — clear deprecation guidance and response schema.

packages/go/openapi/src/paths/tasks.tasks.id.cancel.yaml (1)

26-57: LGTM — deprecation note and response set are consistent.

packages/go/openapi/src/paths/tasks.tasks.finished.yaml (1)

1-83: LGTM! Well-structured deprecated endpoint definition.

The deprecation notice is clear with proper migration guidance to GET /api/v2/jobs/finished. The response schema correctly uses allOf composition with the pagination envelope.

One minor observation: This endpoint does not define a 404 response, whereas tasks.tasks.yaml does include one. This is likely intentional since a "list" endpoint returns an empty array rather than 404 when no items are found, so the current design is appropriate.

packages/go/openapi/src/openapi.yaml (1)

694-712: Deprecated task endpoints properly wired.

All 9 path references exist and follow the established pattern from the jobs endpoints. The Tasks tag is correctly registered in x-tagGroups under the Enterprise Only section, ensuring these endpoints appear correctly in API documentation.

packages/go/openapi/doc/openapi.json (12)

13833-13836: Clear deprecation notice for combo-node

The explicit deprecation description improves visibility in the explorer.

---

14518-14521: Deprecation guidance is explicit

The replacement endpoint reference is clear and user-facing.

---

14833-14836: Deprecation notice with migration path looks good

The guidance to the jobs endpoint is concise and consistent.

---

15697-15821: /api/v2/tasks/available documented consistently as deprecated

Parameters and response schema look aligned with the jobs equivalent.

---

15822-15959: /api/v2/tasks/finished deprecation metadata is consistent

Pagination and error responses are documented clearly.

---

15960-16081: /api/v2/tasks deprecation entry is clear

Schema and error mappings are well defined.

---

16082-16130: /api/v2/tasks/current deprecation entry looks good

The response shape is clear and concise.

---

16131-16179: /api/v2/tasks/start deprecation entry looks good

Deprecated flag and migration guidance are explicit.

---

16180-16228: /api/v2/tasks/end deprecation entry looks good

Metadata and responses are consistent with other task endpoints.

---

16229-16290: /api/v2/tasks/{task_id} deprecation entry is clear

The path parameter and response schema are documented cleanly.

---

16291-16352: /api/v2/tasks/{task_id}/cancel deprecation entry looks good

Responses and deprecation guidance are consistent.

---

16353-16416: /api/v2/tasks/{task_id}/log deprecation entry looks good

The response schema is clear and aligns with the deprecated status.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[cweidenkeller]

LGTM