feat: Phase 3 - CRUD core for Techniques, Tests and Evidence (T-014 to T-017)

- Add Pydantic schemas for Technique, Test and Evidence
- Add CRUD endpoints for Techniques (list with filters, detail, create, update, review)
- Add CRUD endpoints for Tests (create, detail, update, validate, reject)
- Add evidence upload with SHA-256 integrity and presigned download URLs
- Add MinIO/S3 storage client with bucket auto-creation on startup
- Add status_service to recalculate technique coverage from test results
- Add require_any_role RBAC dependency for multi-role authorization
- Update README with API endpoints reference and project structure

backend/app/schemas/__init__.py

@@ -0,0 +1,38 @@
+"""Pydantic schemas — re-exported for convenient imports."""
+
+from app.schemas.auth import LoginRequest, TokenResponse, UserOut
+
+from app.schemas.technique import (
+    TechniqueCreate,
+    TechniqueOut,
+    TechniqueSummary,
+    TechniqueUpdate,
+)
+
+from app.schemas.test import (
+    TestCreate,
+    TestOut,
+    TestUpdate,
+    TestValidate,
+)
+
+from app.schemas.evidence import EvidenceOut
+
+__all__ = [
+    # Auth
+    "LoginRequest",
+    "TokenResponse",
+    "UserOut",
+    # Technique
+    "TechniqueCreate",
+    "TechniqueOut",
+    "TechniqueSummary",
+    "TechniqueUpdate",
+    # Test
+    "TestCreate",
+    "TestOut",
+    "TestUpdate",
+    "TestValidate",
+    # Evidence
+    "EvidenceOut",
+]

backend/app/schemas/evidence.py

@@ -0,0 +1,23 @@
+"""Pydantic schemas for Evidence endpoints."""
+
+import uuid
+from datetime import datetime
+
+from pydantic import BaseModel, ConfigDict
+
+
+class EvidenceOut(BaseModel):
+    """Representation of an evidence record returned by the API.
+
+    ``download_url`` is a presigned URL generated at response time.
+    """
+
+    id: uuid.UUID
+    test_id: uuid.UUID
+    file_name: str
+    sha256_hash: str
+    uploaded_by: uuid.UUID | None = None
+    uploaded_at: datetime | None = None
+    download_url: str | None = None
+
+    model_config = ConfigDict(from_attributes=True)

backend/app/schemas/technique.py

@@ -0,0 +1,69 @@
+"""Pydantic schemas for Technique endpoints."""
+
+import uuid
+from datetime import datetime
+
+from pydantic import BaseModel, ConfigDict
+
+from app.models.enums import TechniqueStatus
+
+
+# ── Create ──────────────────────────────────────────────────────────
+
+class TechniqueCreate(BaseModel):
+    """Payload for creating a new technique."""
+
+    mitre_id: str
+    name: str
+    description: str | None = None
+    tactic: str | None = None
+    platforms: list[str] | None = None
+
+
+# ── Update ──────────────────────────────────────────────────────────
+
+class TechniqueUpdate(BaseModel):
+    """Payload for partially updating an existing technique.
+    Every field is optional so callers send only what changed."""
+
+    name: str | None = None
+    description: str | None = None
+    tactic: str | None = None
+    platforms: list[str] | None = None
+    status_global: TechniqueStatus | None = None
+
+
+# ── Read (full) ─────────────────────────────────────────────────────
+
+class TechniqueOut(BaseModel):
+    """Complete representation returned by the API."""
+
+    id: uuid.UUID
+    mitre_id: str
+    name: str
+    description: str | None = None
+    tactic: str | None = None
+    platforms: list[str] | None = None
+    mitre_version: str | None = None
+    mitre_last_modified: datetime | None = None
+    is_subtechnique: bool = False
+    parent_mitre_id: str | None = None
+    status_global: TechniqueStatus = TechniqueStatus.not_evaluated
+    review_required: bool = False
+    last_review_date: datetime | None = None
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+# ── Read (summary) ──────────────────────────────────────────────────
+
+class TechniqueSummary(BaseModel):
+    """Lightweight representation used in list endpoints."""
+
+    id: uuid.UUID
+    mitre_id: str
+    name: str
+    tactic: str | None = None
+    status_global: TechniqueStatus = TechniqueStatus.not_evaluated
+
+    model_config = ConfigDict(from_attributes=True)

backend/app/schemas/test.py

@@ -0,0 +1,67 @@
+"""Pydantic schemas for Test endpoints."""
+
+import uuid
+from datetime import datetime
+
+from pydantic import BaseModel, ConfigDict
+
+from app.models.enums import TestResult, TestState
+
+
+# ── Create ──────────────────────────────────────────────────────────
+
+class TestCreate(BaseModel):
+    """Payload for creating a new test."""
+
+    technique_id: uuid.UUID
+    name: str
+    description: str | None = None
+    platform: str | None = None
+    procedure_text: str | None = None
+    tool_used: str | None = None
+
+
+# ── Update ──────────────────────────────────────────────────────────
+
+class TestUpdate(BaseModel):
+    """Payload for partially updating an existing test.
+    Every field is optional so callers send only what changed."""
+
+    name: str | None = None
+    description: str | None = None
+    platform: str | None = None
+    procedure_text: str | None = None
+    tool_used: str | None = None
+    result: TestResult | None = None
+
+
+# ── Read (full) ─────────────────────────────────────────────────────
+
+class TestOut(BaseModel):
+    """Complete representation returned by the API."""
+
+    id: uuid.UUID
+    technique_id: uuid.UUID
+    name: str
+    description: str | None = None
+    platform: str | None = None
+    procedure_text: str | None = None
+    tool_used: str | None = None
+    execution_date: datetime | None = None
+    created_by: uuid.UUID | None = None
+    result: TestResult | None = None
+    state: TestState = TestState.draft
+    validated_by: uuid.UUID | None = None
+    validated_at: datetime | None = None
+    created_at: datetime | None = None
+
+    model_config = ConfigDict(from_attributes=True)
+
+
+# ── Validate ────────────────────────────────────────────────────────
+
+class TestValidate(BaseModel):
+    """Payload sent by a reviewer to validate / reject a test."""
+
+    result: TestResult
+    comments: str | None = None