POST /lookup/shells/{aasIdentifier} also creates asset links, so 404 is never a valid response

[aaronzi]

What happens?

In AAS Discovery, POST /lookup/shells/{aasIdentifier} behaves as create-or-update for asset links.

For a non-existing AAS identifier, the endpoint still creates links and returns 201 Created.

Minimal example:

BASE_URL="http://localhost:8086"
NON_EXISTING_AAS_ID_ENC="aHR0cHM6Ly9leGFtcGxlLmNvbS9pZHMvYWFzL2RvZXMtbm90LWV4aXN0"

curl -i \
  -X POST "$BASE_URL/lookup/shells/$NON_EXISTING_AAS_ID_ENC" \
  -H "Content-Type: application/json" \
  -d '[{"name":"globalAssetId","value":"https://example.com/ids/asset/7600_5912_3951_6917"}]'

Observed response:

• HTTP 201 Created

The OpenAPI spec currently documents 404 for this operation.

Why is this wrong?

404 Not Found is not consistent with create-or-update semantics for this POST endpoint.

If the operation is allowed to create links for an AAS identifier that does not yet exist in discovery links, then "not found" is not the expected contract for this specific call.

Keeping 404 in the response set creates ambiguity for implementers, SDKs, and conformance tests.

How should it be fixed?

Remove 404 from the documented responses for POST /lookup/shells/{aasIdentifier} in the AAS Discovery OpenAPI spec.

Proposed response block:

paths:
  /lookup/shells/{aasIdentifier}:
    post:
      operationId: PostAllAssetLinksById
      responses:
        '201':
          description: Specific asset identifiers created/updated successfully.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/SpecificAssetId'
        '400':
          $ref: '#/components/responses/BadRequest'
        '409':
          $ref: '#/components/responses/Conflict'
        default:
          $ref: '#/components/responses/Error'

• I have signed the required Developer Certificate of Origin (DCO) already.

[aaronzi]

Related to #550 and #596