chore(api): remove stale _provider_id references and dead parameter from attack paths

api/src/backend/tasks/jobs/attack_paths/findings.py

@@ -196,7 +196,6 @@ def cleanup_findings(
 ) -> None:
     """Remove stale findings (classic Cartography behaviour)."""
     parameters = {
-        "provider_uid": str(prowler_api_provider.uid),
         "last_updated": config.update_tag,
         "batch_size": BATCH_SIZE,
     }

api/src/backend/tasks/jobs/attack_paths/scan.py

@@ -38,12 +38,12 @@ Pipeline steps:
    Stale findings from previous scans are cleaned up.
 
 7. Sync the temp database into the tenant database:
-   - Drop the old provider subgraph (matched by _provider_id property).
+   - Drop the old provider subgraph (matched by dynamic _Provider_{uuid} label).
      graph_data_ready is set to False for all scans of this provider while
      the swap happens so the API doesn't serve partial data.
    - Copy nodes and relationships in batches. Every synced node gets a
-     _ProviderResource label and _provider_id / _provider_element_id
-     properties for multi-provider isolation.
+     _ProviderResource label and dynamic _Tenant_{uuid} / _Provider_{uuid}
+     isolation labels, plus a _provider_element_id property for MERGE keys.
    - Set graph_data_ready back to True.
 
 8. Drop the temporary database, mark the AttackPathsScan as COMPLETED.

api/src/backend/tasks/jobs/attack_paths/sync.py

@@ -10,8 +10,6 @@ from typing import Any
 
 import neo4j
 from celery.utils.log import get_task_logger
-
-from api.attack_paths import database as graph_database
 from tasks.jobs.attack_paths.config import (
     PROVIDER_ISOLATION_PROPERTIES,
     PROVIDER_RESOURCE_LABEL,
@@ -28,6 +26,8 @@ from tasks.jobs.attack_paths.queries import (
     render_cypher_template,
 )
 
+from api.attack_paths import database as graph_database
+
 logger = get_task_logger(__name__)
 
 
@@ -81,8 +81,8 @@ def sync_nodes(
     """
     Sync nodes from source to target database.
 
-    Adds `_ProviderResource` label and `_provider_id` property to all nodes.
-    Also adds dynamic `_Tenant_{id}` and `_Provider_{id}` isolation labels.
+    Adds `_ProviderResource` label and dynamic `_Tenant_{id}` and `_Provider_{id}`
+    isolation labels to all nodes.
 
     Source and target sessions are opened sequentially per batch to avoid
     holding two Bolt connections simultaneously for the entire sync duration.
@@ -137,7 +137,7 @@ def sync_relationships(
     """
     Sync relationships from source to target database.
 
-    Adds `_provider_id` property to all relationships.
+    Matches source and target nodes by `_provider_element_id` in the tenant database.
 
     Source and target sessions are opened sequentially per batch to avoid
     holding two Bolt connections simultaneously for the entire sync duration.

api/src/backend/tasks/tests/test_attack_paths_scan.py

@@ -1327,7 +1327,6 @@ class TestAttackPathsFindingsHelpers:
 
         assert mock_session.run.call_count == 2
         params = mock_session.run.call_args.args[1]
-        assert params["provider_uid"] == str(provider.uid)
         assert params["last_updated"] == config.update_tag
 
     def test_stream_findings_with_resources_returns_latest_scan_data(