From c128a0fbe2ce1ebf3eb509763335e968e5963864 Mon Sep 17 00:00:00 2001
From: Adarsh Kumar <adarshkumarthakur0509@gmail.com>
Date: Thu, 7 May 2026 14:11:10 +0530
Subject: [PATCH] Add companion edition mapping API endpoint (closes #2929)

---
 cornucopia.owasp.org/script/headers-stage.js |  6 +++
 cornucopia.owasp.org/script/headers.js       |  6 +++
 cornucopia.owasp.org/static/api/openapi.yaml | 42 ++++++++++++++++++++
 cornucopia.owasp.org/svelte.config.js        |  1 +
 4 files changed, 55 insertions(+)

diff --git a/cornucopia.owasp.org/script/headers-stage.js b/cornucopia.owasp.org/script/headers-stage.js
index a4b327d19..766270fd5 100644
--- a/cornucopia.owasp.org/script/headers-stage.js
+++ b/cornucopia.owasp.org/script/headers-stage.js
@@ -67,6 +67,11 @@ function main() {
   Access-Control-Allow-Origin: *
   ! Content-Type
   Content-Type: application/json
+/api/mapping/companion/1.0
+  ! Access-Control-Allow-Origin
+  Access-Control-Allow-Origin: *
+  ! Content-Type
+  Content-Type: application/json
 /api/cre/mobileapp/en
   ! Access-Control-Allow-Origin
   Access-Control-Allow-Origin: *
@@ -124,3 +129,4 @@ function main() {
 }
 
 main();
+
diff --git a/cornucopia.owasp.org/script/headers.js b/cornucopia.owasp.org/script/headers.js
index b84ea299d..1cfdb96eb 100644
--- a/cornucopia.owasp.org/script/headers.js
+++ b/cornucopia.owasp.org/script/headers.js
@@ -128,6 +128,11 @@ function main() {
   Access-Control-Allow-Origin: *
   ! Content-Type
   Content-Type: application/json
+/api/mapping/companion/1.0
+  ! Access-Control-Allow-Origin
+  Access-Control-Allow-Origin: *
+  ! Content-Type
+  Content-Type: application/json
 `;
 
   const headersFile = path.join(buildDir, '_headers');
@@ -135,3 +140,4 @@ function main() {
 }
 
 main();
+
diff --git a/cornucopia.owasp.org/static/api/openapi.yaml b/cornucopia.owasp.org/static/api/openapi.yaml
index 68b9b70df..6bbbcf355 100644
--- a/cornucopia.owasp.org/static/api/openapi.yaml
+++ b/cornucopia.owasp.org/static/api/openapi.yaml
@@ -287,6 +287,48 @@ paths:
                           capec: [ 54, 113, 116, 143, 144, 149, 150, 155, 169, 215, 224, 497, 541, 546 ]
                           capec_map: {}
 
+  /mapping/companion/{version}:
+    get:
+      summary: Get Companion Edition mapping by version
+      description: |
+        Get the OWASP Cornucopia Companion Edition mapping data
+        by version.
+      parameters:
+        - name: version
+          in: path
+          required: true
+          schema:
+            type: string
+            enum: ["1.0"]
+      responses:
+        '200':
+          description: Companion mapping data
+          content:
+            application/json:
+              schema:
+                type: object
+              examples:
+                example:
+                  summary: Example Companion mapping response
+                  value:
+                    meta:
+                      edition: companion
+                      component: mappings
+                      language: ALL
+                      version: "1.0"
+                    cards:
+                      LLM2:
+                        id: "LLM2"
+                        value: "2"
+                        url: "https://cornucopia.owasp.org/cards/LLM2"
+                        stride: [ D ]
+                        stride_print: [ "Denial of Service" ]
+                        cia: [ A ]
+                        cia_print: [ "Availability" ]
+                        owasp_llm_top10: [ LLM10:2025 ]
+                        owasp_llm_top10_print: [ "LLM10:2025: Unbounded Consumption" ]
+                        cwe: [ CWE-400, CWE-770 ]
+
   /mapping/mobileapp/{version}:
     get:
       summary: Get Mobile App mapping by version
diff --git a/cornucopia.owasp.org/svelte.config.js b/cornucopia.owasp.org/svelte.config.js
index c9ae93ce2..5683385f3 100644
--- a/cornucopia.owasp.org/svelte.config.js
+++ b/cornucopia.owasp.org/svelte.config.js
@@ -348,6 +348,7 @@ export default {
 				'/api/mapping/webapp/2.2',
 				'/api/mapping/webapp/3.0',
 				'/api/mapping/mobileapp/1.1',
+                                '/api/mapping/companion/1.0',
 				'/edition/mobileapp/PC2/1.1/en',
 				'/edition/mobileapp/PC2/1.1/uk',
                 '/edition/mobileapp/PC2/1.1/hi',