resolve merge conflict

Author: dcairnsspecterops

.github/workflows/conventional-commits.yml

@@ -0,0 +1,36 @@
+---
+# Copyright 2025 Specter Ops, Inc.
+#
+# Licensed under the Apache License, Version 2.0
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+name: Conventional Commit Formatting
+
+on:
+  pull_request:
+    branches:
+      - main
+      - "stage/**"
+    types:
+      - opened
+      - synchronize
+      - edited
+
+jobs:
+  conventional-commit-check:
+    name: Check conventional commit formatting
+    uses: SpecterOps/BloodHound/.github/workflows/reusable.conventional-commits.yml@main
+    secrets:
+      JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
+      JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
+      JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}

.github/workflows/reusable.conventional-commits.yml

@@ -0,0 +1,179 @@
+# Copyright 2025 Specter Ops, Inc.
+#
+# Licensed under the Apache License, Version 2.0
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Conventional Commits Formatting
+
+on:
+  workflow_call:
+    secrets:
+      JIRA_BASE_URL:
+        required: true
+      JIRA_USER_EMAIL:
+        required: true
+      JIRA_API_TOKEN:
+        required: true
+
+jobs:
+  check-commit-format:
+    runs-on: self-hosted
+
+    steps:
+      - uses: amannn/action-semantic-pull-request@v6
+        id: lint_pr_title
+        with:
+          types: |
+            feat
+            fix
+            docs
+            refactor
+            test
+            chore
+          headerPattern: '^(\w*)(?:\(([\w$.\-*/ ]*)\))?: (.*) (BED-\d+|PQE-\d+|#\d+)$'
+          headerPatternCorrespondence: type, scope, subject, issue
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        if: always() && (steps.lint_pr_title.outputs.error_message != null)
+        with:
+          header: pr-title-lint-error
+          message: |
+            Howdy! Thank you for opening this pull request 🙇
+
+            It looks like your pull request title needs some adjustment.
+            We require pull request titles to follow the Conventional Commits specification as outlined in our [documentation](https://github.com/SpecterOps/BloodHound/blob/main/rfc/bh-rfc-2.md).
+            Please review the required format and update your pull request title accordingly.
+            Thank you!
+
+            Details:
+
+            ```
+            ${{ steps.lint_pr_title.outputs.error_message }}
+            ```
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-title-lint-error
+          delete: true
+
+      - name: Check Issue Reference Exists
+        id: "ref-check"
+        env:
+          JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
+          JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
+          JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
+        run: |
+          #!/usr/bin/env bash
+
+          set -euo pipefail
+
+          PR_TITLE="${{ github.event.pull_request.title }}"
+          JIRA_ISSUE_REGEX=" (BED-[0-9]+|PQE-[0-9]+)$"
+          GH_ISSUE_REGEX=" (#[0-9]+)$"
+
+          function check_jira_ref() {
+              local REFERENCE=$1
+
+              echo "Jira issue reference found: ${REFERENCE}"
+
+              local URL="${{ secrets.JIRA_BASE_URL }}/rest/api/3/issue/${REFERENCE}"
+
+              echo "::debug::JIRA ISSUE URL: $URL"
+
+              # curl for issue info with jira api
+              local ISSUE_RESPONSE=$(curl -u "${{ secrets.JIRA_USER_EMAIL }}:${{ secrets.JIRA_API_TOKEN }}" \
+              -X GET \
+              --url "$URL" \
+              -H "Accept: application/json")
+
+              local HAS_ID=$(echo "$ISSUE_RESPONSE" | jq -e 'has("id")')
+
+              if ! $HAS_ID ; then
+                  ERROR="Issue request error: Invalid Jira issue"
+
+                  echo $ERROR
+                  echo "ref_error=$ERROR" >> $GITHUB_OUTPUT
+
+                  exit 1
+              fi
+          }
+
+          function check_github_ref() {
+              local REFERENCE=$1
+
+              echo "GitHub Issue reference found: ${REFERENCE}"
+
+              local ISSUE_NUMBER="${REFERENCE:1}" # remove "#" from the start of the string
+
+              local URL="https://api.github.com/repos/SpecterOps/BloodHound/issues/${ISSUE_NUMBER}"
+
+              # curl for issue info with github api
+              local ISSUE_RESPONSE=$(curl -L \
+              -H "Accept: application/vnd.github+json" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              --url "$URL")
+
+              local IS_OPEN=$(echo "$ISSUE_RESPONSE" | jq -e 'if has("id") then .state == "open" else false end')
+
+              if ! $IS_OPEN ; then
+                  ERROR=$(echo "$ISSUE_RESPONSE" | jq -c)
+
+                  echo "Issue request error: ${ERROR}"
+                  echo "ref_error=$ERROR" >> $GITHUB_OUTPUT
+
+                  exit 1
+              fi
+          }
+
+          function main() {
+              if [[ $PR_TITLE =~ $JIRA_ISSUE_REGEX ]]; then
+                  check_jira_ref "${BASH_REMATCH[1]}"
+              elif  [[ $PR_TITLE =~ $GH_ISSUE_REGEX ]]; then
+                  check_github_ref "${BASH_REMATCH[1]}"
+              else
+                  local NO_REF_ERROR="No issue reference found in the title."
+                  echo "$NO_REF_ERROR"
+                  echo "ref_error=$NO_REF_ERROR" >> $GITHUB_OUTPUT
+                  exit 1
+              fi
+          }
+
+          main
+
+      - uses: marocchino/sticky-pull-request-comment@v2
+        if: always() && (steps.ref-check.outputs.ref_error != null)
+        with:
+          header: pr-title-ref-check-error
+          message: |
+            Howdy! Thank you for opening this pull request 🙇
+
+            Your title is formatted correctly but we did not find a matching issue reference.
+            Please verify that the reference is correct and available in Jira or GitHub issues.
+
+            Details:
+
+            ```
+            ${{ steps.ref-check.outputs.ref_error }}
+            ```
+
+      # Delete a previous comment when the issue has been resolved
+      - if: ${{ steps.ref-check.outputs.ref_error == null }}
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: pr-title-lint-error
+          delete: true

…1.0.0-alpha.31-3831705a03-d8068b2f39.zip …1.0.0-alpha.32-fc3ceed39d-f90e90290b.zip.yarn/cache/@bloodhoundenterprise-doodleui-npm-1.0.0-alpha.31-3831705a03-d8068b2f39.zip renamed to .yarn/cache/@bloodhoundenterprise-doodleui-npm-1.0.0-alpha.32-fc3ceed39d-f90e90290b.zip .yarn/cache/@bloodhoundenterprise-doodleui-npm-1.0.0-alpha.31-3831705a03-d8068b2f39.zip renamed to .yarn/cache/@bloodhoundenterprise-doodleui-npm-1.0.0-alpha.32-fc3ceed39d-f90e90290b.zip

@@ -24,6 +24,7 @@ import (
 	"github.com/specterops/bloodhound/cmd/api/src/api"
 	"github.com/specterops/bloodhound/cmd/api/src/api/bloodhoundgraph"
 	"github.com/specterops/bloodhound/cmd/api/src/model"
+	"github.com/specterops/bloodhound/cmd/api/src/model/appcfg"
 	"github.com/specterops/bloodhound/cmd/api/src/queries"
 	"github.com/specterops/bloodhound/packages/go/graphschema/ad"
 	"github.com/specterops/bloodhound/packages/go/graphschema/azure"
@@ -168,8 +169,9 @@ func (s *Resources) GetSearchResult(response http.ResponseWriter, request *http.
 				searchType = strings.ToLower(searchTypeParameters[0])
 			}
 		}
-
-		if nodes, err := s.GraphQuery.SearchByNameOrObjectID(request.Context(), searchValue, searchType); err != nil {
+		if openGraphSearchFeatureFlag, err := s.DB.GetFlagByKey(request.Context(), appcfg.FeatureOpenGraphSearch); err != nil {
+			api.HandleDatabaseError(request, response, err)
+		} else if nodes, err := s.GraphQuery.SearchByNameOrObjectID(request.Context(), openGraphSearchFeatureFlag.Enabled, searchValue, searchType); err != nil {
 			api.WriteErrorResponse(request.Context(), api.BuildErrorResponse(http.StatusBadRequest, fmt.Sprintf("Error getting search results: %v", err), request), response)
 		} else {
 			api.WriteBasicResponse(request.Context(), bloodhoundgraph.NodeSetToBloodHoundGraph(nodes), http.StatusOK, response)

cmd/api/src/api/v2/pathfinding.go

@@ -24,6 +24,9 @@ import (
 	"github.com/specterops/bloodhound/cmd/api/src/api"
 	v2 "github.com/specterops/bloodhound/cmd/api/src/api/v2"
 	"github.com/specterops/bloodhound/cmd/api/src/api/v2/apitest"
+	"github.com/specterops/bloodhound/cmd/api/src/database/mocks"
+	"github.com/specterops/bloodhound/cmd/api/src/model/appcfg"
+	"github.com/specterops/bloodhound/cmd/api/src/queries"
 	mocks_graph "github.com/specterops/bloodhound/cmd/api/src/queries/mocks"
 	"github.com/specterops/bloodhound/packages/go/graphschema/ad"
 	"github.com/specterops/dawgs/graph"
@@ -335,7 +338,8 @@ func TestResources_GetSearchResult(t *testing.T) {
 	var (
 		mockCtrl  = gomock.NewController(t)
 		mockGraph = mocks_graph.NewMockGraph(mockCtrl)
-		resources = v2.Resources{GraphQuery: mockGraph}
+		mockDB    = mocks.NewMockDatabase(mockCtrl)
+		resources = v2.Resources{GraphQuery: mockGraph, DB: mockDB}
 	)
 	defer mockCtrl.Finish()
 
@@ -371,14 +375,32 @@ func TestResources_GetSearchResult(t *testing.T) {
 					apitest.BodyContains(output, "Expected only one search type.")
 				},
 			},
+			{
+				Name: "FeatureFlagDatabaseError",
+				Input: func(input *apitest.Input) {
+					apitest.AddQueryParam(input, "query", "some query")
+				},
+				Setup: func() {
+					mockDB.EXPECT().
+						GetFlagByKey(gomock.Any(), appcfg.FeatureOpenGraphSearch).
+						Return(appcfg.FeatureFlag{}, errors.New("database error"))
+				},
+				Test: func(output apitest.Output) {
+					apitest.StatusCode(output, http.StatusInternalServerError)
+					apitest.BodyContains(output, "an internal error has occurred that is preventing the service from servicing this request")
+				},
+			},
 			{
 				Name: "GraphDBSearchByNameOrObjectIDError",
 				Input: func(input *apitest.Input) {
 					apitest.AddQueryParam(input, "query", "some query")
 				},
 				Setup: func() {
+					mockDB.EXPECT().
+						GetFlagByKey(gomock.Any(), appcfg.FeatureOpenGraphSearch).
+						Return(appcfg.FeatureFlag{Enabled: true}, nil)
 					mockGraph.EXPECT().
-						SearchByNameOrObjectID(gomock.Any(), gomock.Any(), gomock.Any()).
+						SearchByNameOrObjectID(gomock.Any(), true, "some query", queries.SearchTypeFuzzy).
 						Return(nil, errors.New("graph error"))
 				},
 				Test: func(output apitest.Output) {
@@ -387,14 +409,35 @@ func TestResources_GetSearchResult(t *testing.T) {
 				},
 			},
 			{
-				Name: "Success",
+				Name: "Success -- include OpenGraph results",
+				Input: func(input *apitest.Input) {
+					apitest.AddQueryParam(input, "query", "some query")
+					apitest.AddQueryParam(input, "type", "fuzzy")
+				},
+				Setup: func() {
+					mockDB.EXPECT().
+						GetFlagByKey(gomock.Any(), appcfg.FeatureOpenGraphSearch).
+						Return(appcfg.FeatureFlag{Enabled: true}, nil)
+					mockGraph.EXPECT().
+						SearchByNameOrObjectID(gomock.Any(), true, "some query", queries.SearchTypeFuzzy).
+						Return(graph.NewNodeSet(), nil)
+				},
+				Test: func(output apitest.Output) {
+					apitest.StatusCode(output, http.StatusOK)
+				},
+			},
+			{
+				Name: "Success -- exclude OpenGraph results",
 				Input: func(input *apitest.Input) {
 					apitest.AddQueryParam(input, "query", "some query")
 					apitest.AddQueryParam(input, "type", "fuzzy")
 				},
 				Setup: func() {
+					mockDB.EXPECT().
+						GetFlagByKey(gomock.Any(), appcfg.FeatureOpenGraphSearch).
+						Return(appcfg.FeatureFlag{Enabled: false}, nil)
 					mockGraph.EXPECT().
-						SearchByNameOrObjectID(gomock.Any(), gomock.Any(), gomock.Any()).
+						SearchByNameOrObjectID(gomock.Any(), false, "some query", queries.SearchTypeFuzzy).
 						Return(graph.NewNodeSet(), nil)
 				},
 				Test: func(output apitest.Output) {

cmd/api/src/api/v2/pathfinding_test.go

@@ -23,9 +23,11 @@ import (
 
 	"github.com/specterops/bloodhound/cmd/api/src/api"
 	"github.com/specterops/bloodhound/cmd/api/src/model"
+	"github.com/specterops/bloodhound/cmd/api/src/model/appcfg"
 	"github.com/specterops/bloodhound/cmd/api/src/utils"
 	"github.com/specterops/bloodhound/packages/go/analysis"
 	"github.com/specterops/bloodhound/packages/go/graphschema"
+	"github.com/specterops/bloodhound/packages/go/graphschema/ad"
 	"github.com/specterops/bloodhound/packages/go/graphschema/azure"
 	"github.com/specterops/bloodhound/packages/go/graphschema/common"
 	"github.com/specterops/dawgs/graph"
@@ -43,15 +45,26 @@ func (s Resources) SearchHandler(response http.ResponseWriter, request *http.Req
 		api.WriteErrorResponse(request.Context(), api.BuildErrorResponse(http.StatusBadRequest, "Invalid search parameter", request), response)
 	} else if skip, limit, _, err := utils.GetPageParamsForGraphQuery(context.Background(), queryParams); err != nil {
 		api.WriteErrorResponse(request.Context(), api.BuildErrorResponse(http.StatusBadRequest, fmt.Sprintf("Invalid query parameter: %v", err), request), response)
-	} else if nodeKinds, err := analysis.ParseKinds(nodeTypes...); err != nil {
+	} else if openGraphSearchFeatureFlag, err := s.DB.GetFlagByKey(request.Context(), appcfg.FeatureOpenGraphSearch); err != nil {
+		api.HandleDatabaseError(request, response, err)
+	} else if nodeKinds, err := getNodeKinds(openGraphSearchFeatureFlag.Enabled, nodeTypes...); err != nil {
 		api.WriteErrorResponse(request.Context(), api.BuildErrorResponse(http.StatusBadRequest, "Invalid type parameter", request), response)
-	} else if result, err := s.GraphQuery.SearchNodesByName(ctx, nodeKinds, searchQuery, skip, limit); err != nil {
+	} else if result, err := s.GraphQuery.SearchNodesByNameOrObjectId(ctx, nodeKinds, searchQuery, skip, limit); err != nil {
 		api.WriteErrorResponse(request.Context(), api.BuildErrorResponse(http.StatusInternalServerError, fmt.Sprintf("Graph error: %v", err), request), response)
 	} else {
 		api.WriteBasicResponse(request.Context(), result, http.StatusOK, response)
 	}
 }
 
+// getNodeKinds preserves legacy parseKinds behavior when the OpenGraphSearch feature flag is disabled.
+func getNodeKinds(openGraphSearchEnabled bool, nodeTypes ...string) (graph.Kinds, error) {
+	if !openGraphSearchEnabled && len(nodeTypes) == 0 {
+		return analysis.ParseKinds(ad.Entity.String(), azure.Entity.String())
+	} else {
+		return analysis.ParseKinds(nodeTypes...)
+	}
+}
+
 func (s *Resources) GetAvailableDomains(response http.ResponseWriter, request *http.Request) {
 	var domains model.DomainSelectors