Add option to delete HasSession edges

[rtpt-romankarwacik]

Description

This pull requests adds an option for database management to delete HasSession edges. The pull request has been created using GitHub Copilot. https://github.com/SpecterOps/BloodHound/issues/853

Motivation and Context

When analyzing sessions the current state is very important. Currently, when ingesting new sessions, the old ones are not deleted. This resolves https://github.com/SpecterOps/BloodHound/issues/853

How Has This Been Tested?

I tested it with dummy data from the UI, where i queried all sessions after insertion, and after deletion.

Screenshots (optional):

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist:

• [ ] I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: https://github.com/SpecterOps/BloodHound/issues/672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• [x] I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• [ ] I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed

Summary by CodeRabbit

Release Notes

• New Features
  • Added option to delete HasSession relationship edges during database cleanup operations.
  • New checkbox in Database Management interface to control HasSession edge deletion.
  • Extended database wipe functionality to support selective HasSession edge removal with audit logging.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions[bot]]

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

[coderabbitai[bot]]

Walkthrough

Adds a flexible relationship-deletion option to the clear-database flow: UI checkbox state, API payload field deleteRelationships []string, backend flow to locate and batch-delete named graph edges via a new Resources.deleteEdges method, OpenAPI/JS client schema updates, and audit logging for success/failure. (39 words)

Changes

Cohort / File(s)	Summary
Backend API / Wipe Logic cmd/api/src/api/v2/database_wipe.go	Added DeleteRelationships []string to DatabaseWipe; extended empty-request validation to consider DeleteRelationships; added Resources.deleteEdges(ctx, auditEntry, edgeNames) which finds relationships by name via graph query and batch-deletes them; integrated audit logging for per-edge-name success/failure; added graph ops and query imports.
React UI cmd/ui/src/views/DatabaseManagement/DatabaseManagement.tsx, cmd/ui/src/views/DatabaseManagement/DatabaseManagement.test.tsx	Added deleteHasSessionEdges boolean state and reducer handling; added a FormControlLabel + Checkbox for HasSession edges (permission-gated); include deleteRelationships: ['HasSession'] in mutation payload when checked; updated tests to expect the new checklist item and checkbox count.
OpenAPI / API Schema packages/go/openapi/doc/openapi.json, packages/go/openapi/src/paths/data-quality.clear-database.yaml	Request schema for DELETE /api/v2/clear-database extended with deleteRelationships (array of strings); operation descriptions updated to mention deletable relationship types.
JavaScript Client packages/javascript/js-client-library/src/requests.ts	Added optional deleteRelationships?: string[] to the ClearDatabaseRequest interface.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant UI as DatabaseManagement UI
    participant API as Backend API
    participant Graph as Graph DB
    participant Audit as Audit Log

    User->>UI: Check "HasSession" and submit clear-database
    UI->>API: DELETE /api/v2/clear-database { ..., deleteRelationships: ["HasSession"] }

    alt deleteRelationships contains names
        API->>API: validate request, create audit entry
        API->>Graph: Query relationships matching each name (by edge type/name)
        Graph-->>API: Return matching relationship ids
        API->>Graph: Batch-delete returned relationships
        Graph-->>API: Deletion results per edge-name
        API->>Audit: Record success/failure for each edge-name
    end

    API-->>UI: Return wipe result (including any edge-delete failures)
    UI->>User: Show confirmation/errors

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Check the graph query construction and matching criteria for edge names.
• Verify batching/pagination and error handling in deleteEdges.
• Confirm audit entries accurately reflect per-edge successes/failures.
• Validate UI state-to-payload mapping (deleteHasSessionEdges → deleteRelationships: ['HasSession']) and permission gating.
• Ensure OpenAPI and JS client types match backend names (deleteRelationships as string[]).

Suggested labels

enhancement, user interface

Suggested reviewers

• brandonshearin
• cweidenkeller

Poem

🐰 I hopped the graph and found each thread,
A tiny nibble and the edges fled.
A checkbox flicked, the audit sang too,
Clean nodes, clear hops — a fresher view.
Hooray for tidy trees, from me to you! 🥕

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main feature added: a new option to delete HasSession edges in database management.
Description check	✅ Passed	The description covers main changes, motivation, and testing, but the contributing prerequisites checklist section is incomplete (not all items checked and some have outdated issue references).
Linked Issues check	✅ Passed	The PR successfully implements the core requirement from issue #853: adds a deleteRelationships option to the /clear-database endpoint [#853], extends UI with HasSession edge deletion checkbox [#853], and updates API documentation [#853].
Out of Scope Changes check	✅ Passed	All changes are directly scoped to implementing HasSession edge deletion functionality; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• [ ] 📝 Generate docstrings

🧪 Generate unit tests (beta)

• [ ] Create PR with unit tests
• [ ] Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rtpt-romankarwacik]

I have read the CLA Document and I hereby sign the CLA

[rvazarkar]

This is a great PR. Going to take some time to review it and go through our workflow. Thank you!

[rvazarkar]

recheck

[rvazarkar]

There is a failing test in the MR. Could you patch that up so it fixes the UI test run?

[rvazarkar]

Also we require commit signing as part of our PR process. Can you set up commit signing and then use a squash to sign all of your commits into a single signed one?

The process for squashing is here:

https://www.freecodecamp.org/news/git-squash-commits/

And the process for setting up commit signing is here:

https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits

[rtpt-romankarwacik]

There is a failing test in the MR. Could you patch that up so it fixes the UI test run?

Done :+1:

Also we require commit signing as part of our PR process. Can you set up commit signing and then use a squash to sign all of your commits into a single signed one?

The process for squashing is here:

https://www.freecodecamp.org/news/git-squash-commits/

And the process for setting up commit signing is here:

https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits

Done :+1:

Thank you for your review 😊