feat: add GET /jobs/{job_id}/findings and verify endpoints

[anahaaaa]

Linked issue

Closes #4

What this PR does

Adds two new API endpoints for retrieving persisted job data from SQLite:

• GET /jobs/{job_id}/findings
• GET /jobs/{job_id}/verify

The findings endpoint returns all persisted findings associated with a job along with a finding count. The verify endpoint returns the latest verify outcome for a job. Both endpoints return a clear 404 response when the provided job_id does not exist.

Type of change

• Bug fix
• New feature
• ML model / training pipeline
• Refactor (no behaviour change)
• Documentation
• Tests only

ML tier (if applicable)

• Tier 1 — Triage
• Tier 2 — Predictive
• Tier 3 — Autonomous
• Not ML-related

---

Changes

Backend

• Added GET /jobs/{job_id}/findings endpoint.
• Added GET /jobs/{job_id}/verify endpoint.
• Added validation to return 404 for unknown job IDs.
• Added SQLite retrieval logic for persisted findings.
• Added SQLite retrieval logic for persisted verify outcomes.
• Added automated tests covering successful and failure scenarios for both endpoints.
• Updated database access to follow the existing get_db() / close() pattern used elsewhere in the codebase.

Frontend

• None.

New dependencies

• None.

Database / schema changes

• None. Uses the existing jobs, findings, and verify_outcomes tables.

---

Testing

How did you test this?

Added unit tests covering:

• Valid findings retrieval
• Findings returned from all three scanners (Semgrep, OSV, and Gitleaks)
• Empty findings list handling
• Unknown job ID returns 404
• Valid verify outcome retrieval
• Verify endpoint returns 404 when no verify outcome exists
• Verify endpoint returns 404 for unknown job IDs

Executed:

python -m pytest tests/test_job_endpoints.py -v

Result:

8 passed

Checklist

• Tested locally end-to-end (upload ZIP or GitHub URL → scan → findings returned correctly)
• No new console.error or unhandled Python exceptions introduced
• Added or updated tests where applicable
• No new dependencies added
• No model files (.pkl, .pt, etc.) were committed

---

Anything reviewers should focus on

Please review the response structure and SQLite retrieval logic for the new /jobs/{job_id}/findings and /jobs/{job_id}/verify endpoints.

During manual testing, I observed two existing persistence-related issues in the scan flows:

• /scan currently encounters a SQLite connection error during persistence (RuntimeError: threads can only be started once) due to the current database connection pattern.
• /scan-url does not currently persist jobs or findings to SQLite, so scans imported from GitHub URLs are not available through the new retrieval endpoints.

These issues are outside the scope of this PR. The new endpoints correctly return 404 when the requested job is not present in the database, as required by the issue.

Screenshots (if UI changed)

N/A

[ionfwsrijan]

@anahaaaa Checks are failing. Also join our discord to connect with mentors : https://discord.gg/FcXuyw2Rs

[anahaaaa]

@anahaaaa Checks are failing. Also join our discord to connect with mentors : https://discord.gg/FcXuyw2Rs

@ionfwsrijan Thanks for the heads-up. The CI failure was due to Ruff formatting checks. I've applied the required formatting changes and pushed a new commit. The workflow is awaiting approval and should rerun once approved. I'll also join the Discord server. Thanks.

[ionfwsrijan]

The code LGTM. Merging it now. Hope you joined our discord server already