mondoohq · slntopp · Apr 17, 2026 · Apr 13, 2026
diff --git a/cmd/mondoo-operator/garbage_collect/cmd.go b/cmd/mondoo-operator/garbage_collect/cmd.go
@@ -90,7 +90,7 @@ func init() {
 }
 
 func GarbageCollectCmd(ctx context.Context, client mondooclient.MondooClient, spaceMrn, platformRuntime, olderThan, managedBy string, logger logr.Logger) error {
-	req := &mondooclient.DeleteAssetsRequest{
+	req := &mondooclient.GarbageCollectAssetsRequest{
 		SpaceMrn:  spaceMrn,
 		ManagedBy: managedBy,
 	}
@@ -118,8 +118,7 @@ func GarbageCollectCmd(ctx context.Context, client mondooclient.MondooClient, sp
 		}
 	}
 
-	resp, err := client.DeleteAssets(ctx, req)
-	if err != nil {
+	if err := client.GarbageCollectAssets(ctx, req); err != nil {
 		if errors.Is(err, context.DeadlineExceeded) {
 			logger.Error(err, "failed to receive a response before timeout was exceeded")
 		} else {
@@ -128,13 +127,7 @@ func GarbageCollectCmd(ctx context.Context, client mondooclient.MondooClient, sp
 		return err
 	}
 
-	if len(resp.AssetMrns) > 0 {
-		logger.Info("Deleted assets", "count", len(resp.AssetMrns))
-	}
-	if len(resp.Errors) > 0 {
-		logger.Info("DeleteAssets completed with errors", "errors", resp.Errors)
-	}
-
+	logger.Info("Garbage collection complete")
 	return nil
 }
 

diff --git a/controllers/k8s_scan/deployment_handler.go b/controllers/k8s_scan/deployment_handler.go
@@ -610,7 +610,7 @@ func (n *DeploymentHandler) garbageCollectIfNeeded(ctx context.Context, clusterU
 
 // performGarbageCollection calls the Mondoo API to delete stale K8s resource scan assets.
 func (n *DeploymentHandler) performGarbageCollection(ctx context.Context, managedBy string) error {
-	req := &mondooclient.DeleteAssetsRequest{
+	req := &mondooclient.GarbageCollectAssetsRequest{
 		ManagedBy:       managedBy,
 		PlatformRuntime: "k8s-cluster",
 		DateFilter: &mondooclient.DateFilter{
@@ -620,7 +620,7 @@ func (n *DeploymentHandler) performGarbageCollection(ctx context.Context, manage
 		},
 	}
 
-	if err := mondoo.DeleteStaleAssets(ctx, n.KubeClient, n.Mondoo, n.MondooOperatorConfig, n.MondooClientBuilder, req, logger); err != nil {
+	if err := mondoo.GarbageCollectAssets(ctx, n.KubeClient, n.Mondoo, n.MondooOperatorConfig, n.MondooClientBuilder, req, logger); err != nil {
 		return err
 	}
 

diff --git a/controllers/k8s_scan/deployment_handler_test.go b/controllers/k8s_scan/deployment_handler_test.go
@@ -1578,7 +1578,7 @@ func TestExternalClusterNaming(t *testing.T) {
 
 func (s *DeploymentHandlerSuite) TestGarbageCollection_RunsAfterSuccessfulScan() {
 	gcCalled := false
-	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, req *mondooclient.DeleteAssetsRequest) error {
+	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, req *mondooclient.GarbageCollectAssetsRequest) error {
 		gcCalled = true
 		s.Equal("k8s-cluster", req.PlatformRuntime)
 		s.Contains(req.ManagedBy, "mondoo-operator-")
@@ -1609,13 +1609,13 @@ func (s *DeploymentHandlerSuite) TestGarbageCollection_RunsAfterSuccessfulScan()
 	s.NoError(err)
 	s.True(result.IsZero())
 
-	s.True(gcCalled, "DeleteAssets should have been called")
+	s.True(gcCalled, "GarbageCollectAssets should have been called")
 	s.NotNil(d.Mondoo.Status.LastK8sResourceGarbageCollectionTime, "GC timestamp should be set in status")
 }
 
 func (s *DeploymentHandlerSuite) TestGarbageCollection_SkipsWhenAlreadyRun() {
 	gcCalled := false
-	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, opts *mondooclient.DeleteAssetsRequest) error {
+	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, opts *mondooclient.GarbageCollectAssetsRequest) error {
 		gcCalled = true
 		return nil
 	})
@@ -1644,11 +1644,11 @@ func (s *DeploymentHandlerSuite) TestGarbageCollection_SkipsWhenAlreadyRun() {
 	s.NoError(err)
 	s.True(result.IsZero())
 
-	s.False(gcCalled, "DeleteAssets should NOT have been called")
+	s.False(gcCalled, "GarbageCollectAssets should NOT have been called")
 }
 
 func (s *DeploymentHandlerSuite) TestGarbageCollection_FailureStillUpdatesTimestamp() {
-	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, opts *mondooclient.DeleteAssetsRequest) error {
+	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, opts *mondooclient.GarbageCollectAssetsRequest) error {
 		return fmt.Errorf("API error")
 	})
 	s.NoError(d.KubeClient.Create(s.ctx, &s.auditConfig))
@@ -1677,8 +1677,8 @@ func (s *DeploymentHandlerSuite) TestGarbageCollection_FailureStillUpdatesTimest
 }
 
 // createDeploymentHandlerWithGCMock creates a DeploymentHandler with a mock MondooClientBuilder
-// that captures calls to DeleteAssets.
-func (s *DeploymentHandlerSuite) createDeploymentHandlerWithGCMock(gcFunc func(context.Context, *mondooclient.DeleteAssetsRequest) error) DeploymentHandler {
+// that captures calls to GarbageCollectAssets.
+func (s *DeploymentHandlerSuite) createDeploymentHandlerWithGCMock(gcFunc func(context.Context, *mondooclient.GarbageCollectAssetsRequest) error) DeploymentHandler {
 	// Create a mock credentials secret so GC can read it
 	key := credentials.MondooServiceAccount(s.T())
 	mockSA := mondooclient.ServiceAccountCredentials{
@@ -1713,14 +1713,14 @@ func (s *DeploymentHandlerSuite) createDeploymentHandlerWithGCMock(gcFunc func(c
 // fakeMondooClient implements just enough of MondooClient to test GC
 type fakeMondooClient struct {
 	mondooclient.MondooClient
-	gcFunc func(context.Context, *mondooclient.DeleteAssetsRequest) error
+	gcFunc func(context.Context, *mondooclient.GarbageCollectAssetsRequest) error
 }
 
-func (f *fakeMondooClient) DeleteAssets(ctx context.Context, req *mondooclient.DeleteAssetsRequest) (*mondooclient.DeleteAssetsConfirmation, error) {
+func (f *fakeMondooClient) GarbageCollectAssets(ctx context.Context, req *mondooclient.GarbageCollectAssetsRequest) error {
 	if f.gcFunc != nil {
-		return &mondooclient.DeleteAssetsConfirmation{}, f.gcFunc(ctx, req)
+		return f.gcFunc(ctx, req)
 	}
-	return &mondooclient.DeleteAssetsConfirmation{}, nil
+	return nil
 }
 
 func TestDeploymentHandlerSuite(t *testing.T) {

diff --git a/controllers/nodes/deployment_handler.go b/controllers/nodes/deployment_handler.go
@@ -438,7 +438,7 @@ func (n *DeploymentHandler) performGarbageCollection(ctx context.Context, manage
 	// Node assets are scanned via the filesystem/OS provider and have no PlatformRuntime set
 	// (unlike k8s resource assets which have PlatformRuntime "k8s-cluster").
 	// Omitting PlatformRuntime so the filter matches node assets.
-	req := &mondooclient.DeleteAssetsRequest{
+	req := &mondooclient.GarbageCollectAssetsRequest{
 		ManagedBy: managedBy,
 		DateFilter: &mondooclient.DateFilter{
 			Timestamp:  time.Now().Add(-mondoo.GCOlderThan(n.Mondoo.Spec.Nodes.Schedule)).Format(time.RFC3339),
@@ -447,7 +447,7 @@ func (n *DeploymentHandler) performGarbageCollection(ctx context.Context, manage
 		},
 	}
 
-	if err := mondoo.DeleteStaleAssets(ctx, n.KubeClient, n.Mondoo, n.MondooOperatorConfig, n.MondooClientBuilder, req, logger); err != nil {
+	if err := mondoo.GarbageCollectAssets(ctx, n.KubeClient, n.Mondoo, n.MondooOperatorConfig, n.MondooClientBuilder, req, logger); err != nil {
 		return err
 	}
 

diff --git a/controllers/nodes/deployment_handler_test.go b/controllers/nodes/deployment_handler_test.go
@@ -772,7 +772,7 @@ func (s *DeploymentHandlerSuite) TestReconcile_Deployment_CustomInterval() {
 func (s *DeploymentHandlerSuite) TestGarbageCollection_RunsAfterSuccessfulScan() {
 	s.seedNodes()
 	gcCalled := false
-	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, req *mondooclient.DeleteAssetsRequest) error {
+	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, req *mondooclient.GarbageCollectAssetsRequest) error {
 		gcCalled = true
 		s.Contains(req.ManagedBy, "mondoo-operator-")
 		s.NotNil(req.DateFilter)
@@ -806,14 +806,14 @@ func (s *DeploymentHandlerSuite) TestGarbageCollection_RunsAfterSuccessfulScan()
 	s.NoError(err)
 	s.True(result.IsZero())
 
-	s.True(gcCalled, "DeleteAssets should have been called")
+	s.True(gcCalled, "GarbageCollectAssets should have been called")
 	s.NotNil(d.Mondoo.Status.LastNodeScanGarbageCollectionTime, "GC timestamp should be set in status")
 }
 
 func (s *DeploymentHandlerSuite) TestGarbageCollection_SkipsWhenAlreadyRun() {
 	s.seedNodes()
 	gcCalled := false
-	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, opts *mondooclient.DeleteAssetsRequest) error {
+	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, opts *mondooclient.GarbageCollectAssetsRequest) error {
 		gcCalled = true
 		return nil
 	})
@@ -846,12 +846,12 @@ func (s *DeploymentHandlerSuite) TestGarbageCollection_SkipsWhenAlreadyRun() {
 	s.NoError(err)
 	s.True(result.IsZero())
 
-	s.False(gcCalled, "DeleteAssets should NOT have been called")
+	s.False(gcCalled, "GarbageCollectAssets should NOT have been called")
 }
 
 func (s *DeploymentHandlerSuite) TestGarbageCollection_FailureStillUpdatesTimestamp() {
 	s.seedNodes()
-	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, opts *mondooclient.DeleteAssetsRequest) error {
+	d := s.createDeploymentHandlerWithGCMock(func(ctx context.Context, opts *mondooclient.GarbageCollectAssetsRequest) error {
 		return fmt.Errorf("API error")
 	})
 	s.NoError(d.KubeClient.Create(s.ctx, &s.auditConfig))
@@ -893,8 +893,8 @@ func (s *DeploymentHandlerSuite) createDeploymentHandler() DeploymentHandler {
 }
 
 // createDeploymentHandlerWithGCMock creates a DeploymentHandler with a mock MondooClientBuilder
-// that captures calls to DeleteAssets.
-func (s *DeploymentHandlerSuite) createDeploymentHandlerWithGCMock(gcFunc func(context.Context, *mondooclient.DeleteAssetsRequest) error) DeploymentHandler {
+// that captures calls to GarbageCollectAssets.
+func (s *DeploymentHandlerSuite) createDeploymentHandlerWithGCMock(gcFunc func(context.Context, *mondooclient.GarbageCollectAssetsRequest) error) DeploymentHandler {
 	// Create a mock credentials secret so GC can read it
 	key := generateTestPrivateKey(s.T())
 	mockSA := mondooclient.ServiceAccountCredentials{
@@ -929,14 +929,14 @@ func (s *DeploymentHandlerSuite) createDeploymentHandlerWithGCMock(gcFunc func(c
 // fakeMondooClient implements just enough of MondooClient to test GC
 type fakeMondooClient struct {
 	mondooclient.MondooClient
-	gcFunc func(context.Context, *mondooclient.DeleteAssetsRequest) error
+	gcFunc func(context.Context, *mondooclient.GarbageCollectAssetsRequest) error
 }
 
-func (f *fakeMondooClient) DeleteAssets(ctx context.Context, req *mondooclient.DeleteAssetsRequest) (*mondooclient.DeleteAssetsConfirmation, error) {
+func (f *fakeMondooClient) GarbageCollectAssets(ctx context.Context, req *mondooclient.GarbageCollectAssetsRequest) error {
 	if f.gcFunc != nil {
-		return &mondooclient.DeleteAssetsConfirmation{}, f.gcFunc(ctx, req)
+		return f.gcFunc(ctx, req)
 	}
-	return &mondooclient.DeleteAssetsConfirmation{}, nil
+	return nil
 }
 
 // generateTestPrivateKey generates an ECDSA private key and returns its PEM-encoded string.

diff --git a/pkg/client/mondooclient/client.go b/pkg/client/mondooclient/client.go
@@ -19,7 +19,7 @@ const (
 	IntegrationRegisterEndpoint       = "/IntegrationsManager/Register"
 	IntegrationCheckInEndpoint        = "/IntegrationsManager/CheckIn"
 	IntegrationReportStatusEndpoint   = "/IntegrationsManager/ReportStatus"
-	DeleteAssetsEndpoint              = "/AssetStore/DeleteAssets"
+	GarbageCollectAssetsEndpoint      = "/PolicyResolver/PurgeAssets"
 )
 
 type MondooClientOptions struct {
@@ -150,23 +150,18 @@ func (s *mondooClient) IntegrationReportStatus(ctx context.Context, in *ReportSt
 	return nil
 }
 
-func (s *mondooClient) DeleteAssets(ctx context.Context, req *DeleteAssetsRequest) (*DeleteAssetsConfirmation, error) {
-	url := s.ApiEndpoint + DeleteAssetsEndpoint
+func (s *mondooClient) GarbageCollectAssets(ctx context.Context, req *GarbageCollectAssetsRequest) error {
+	url := s.ApiEndpoint + GarbageCollectAssetsEndpoint
 
 	reqBodyBytes, err := json.Marshal(req)
 	if err != nil {
-		return nil, fmt.Errorf("failed to marshal request: %v", err)
+		return fmt.Errorf("failed to marshal request: %v", err)
 	}
 
-	respBodyBytes, err := common.Request(ctx, s.httpClient, url, s.Token, reqBodyBytes)
+	_, err = common.Request(ctx, s.httpClient, url, s.Token, reqBodyBytes)
 	if err != nil {
-		return nil, fmt.Errorf("failed to make delete assets request: %v", err)
-	}
-
-	out := &DeleteAssetsConfirmation{}
-	if err = json.Unmarshal(respBodyBytes, out); err != nil {
-		return nil, fmt.Errorf("failed to unmarshal response: %v", err)
+		return fmt.Errorf("failed to make garbage collect assets request: %v", err)
 	}
 
-	return out, nil
+	return nil
 }
diff --git a/pkg/client/mondooclient/mock/client_generated.go b/pkg/client/mondooclient/mock/client_generated.go
diff --git a/pkg/client/mondooclient/types.go b/pkg/client/mondooclient/types.go
@@ -19,7 +19,7 @@ type MondooClient interface {
 	IntegrationCheckIn(context.Context, *IntegrationCheckInInput) (*IntegrationCheckInOutput, error)
 	IntegrationReportStatus(context.Context, *ReportStatusRequest) error
 
-	DeleteAssets(context.Context, *DeleteAssetsRequest) (*DeleteAssetsConfirmation, error)
+	GarbageCollectAssets(context.Context, *GarbageCollectAssetsRequest) error
 }
 
 // ExchangeRegistrationTokenInput is used for converting a JWT to a Mondoo serivce account
@@ -116,14 +116,14 @@ const (
 	MessageStatus_MESSAGE_INFO    MessageStatus = 3
 )
 
-// DeleteAssetsRequest matches the server-side DeleteAssetsRequest proto.
-type DeleteAssetsRequest struct {
-	SpaceMrn        string      `json:"spaceMrn,omitempty"`
-	AssetMrns       []string    `json:"asset_mrns,omitempty"`
-	DeleteAll       bool        `json:"delete_all,omitempty"`
-	DateFilter      *DateFilter `json:"date_filter,omitempty"`
-	ManagedBy       string      `json:"managed_by,omitempty"`
-	PlatformRuntime string      `json:"platform_runtime,omitempty"`
+// GarbageCollectAssetsRequest matches the server-side PurgeAssetsRequest proto
+// on the PolicyResolver service (/PolicyResolver/PurgeAssets).
+type GarbageCollectAssetsRequest struct {
+	SpaceMrn        string            `json:"spaceMrn,omitempty"`
+	DateFilter      *DateFilter       `json:"date_filter,omitempty"`
+	ManagedBy       string            `json:"managed_by,omitempty"`
+	PlatformRuntime string            `json:"platform_runtime,omitempty"` // optional filter (k8s-cluster, docker-image, etc.)
+	Labels          map[string]string `json:"labels,omitempty"`
 }
 
 type DateFilter struct {
@@ -145,9 +145,3 @@ const (
 	DateFilterField_FILTER_LAST_UPDATED DateFilterField = 0
 	DateFilterField_FILTER_CREATED      DateFilterField = 1
 )
-
-// DeleteAssetsConfirmation is the response from the DeleteAssets API.
-type DeleteAssetsConfirmation struct {
-	AssetMrns []string          `json:"asset_mrns,omitempty"`
-	Errors    map[string]string `json:"errors,omitempty"`
-}