Initial commit (history squashed)

src/StellaOps.Feedser.Source.Ru.Nkcki/AGENTS.md

@@ -0,0 +1,38 @@
+# AGENTS
+## Role
+Implement the Russian NKTsKI (formerly NKCKI) advisories connector to ingest NKTsKI vulnerability bulletins for Feedser’s regional coverage.
+
+## Scope
+- Identify NKTsKI advisory feeds/APIs (HTML, RSS, CSV) and access/authentication requirements.
+- Implement fetch/cursor pipeline with dedupe and failure backoff tailored to the source format.
+- Parse advisories to extract summary, affected vendors/products, recommended mitigation, and CVE identifiers.
+- Map advisories into canonical `Advisory` records with aliases, references, affected packages, and range primitives.
+- Create deterministic fixtures and regression tests.
+
+## Participants
+- `Source.Common` (HTTP/fetch utilities, DTO storage).
+- `Storage.Mongo` (raw/document/DTO/advisory stores, source state).
+- `Feedser.Models` (canonical data structures).
+- `Feedser.Testing` (integration fixtures, snapshots).
+
+## Interfaces & Contracts
+- Job kinds: `nkcki:fetch`, `nkcki:parse`, `nkcki:map`.
+- Persist upstream modification metadata to support incremental updates.
+- Alias set should include NKTsKI advisory IDs and CVEs when present.
+
+## In/Out of scope
+In scope:
+- Core ingestion/mapping pipeline with range primitives.
+
+Out of scope:
+- Translation beyond canonical field normalisation.
+
+## Observability & Security Expectations
+- Log fetch/mapping activity; mark failures with backoff delays.
+- Handle Cyrillic text encoding and sanitise HTML safely.
+- Respect upstream rate limiting/politeness.
+
+## Tests
+- Add `StellaOps.Feedser.Source.Ru.Nkcki.Tests` for fetch/parse/map with canned fixtures.
+- Snapshot canonical advisories; support fixture regeneration via env flag.
+- Ensure deterministic ordering/time normalisation.

src/StellaOps.Feedser.Source.Ru.Nkcki/Class1.cs

@@ -0,0 +1,29 @@
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using StellaOps.Plugin;
+
+namespace StellaOps.Feedser.Source.Ru.Nkcki;
+
+public sealed class RuNkckiConnectorPlugin : IConnectorPlugin
+{
+    public string Name => "ru-nkcki";
+
+    public bool IsAvailable(IServiceProvider services) => true;
+
+    public IFeedConnector Create(IServiceProvider services) => new StubConnector(Name);
+
+    private sealed class StubConnector : IFeedConnector
+    {
+        public StubConnector(string sourceName) => SourceName = sourceName;
+
+        public string SourceName { get; }
+
+        public Task FetchAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
+
+        public Task ParseAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
+
+        public Task MapAsync(IServiceProvider services, CancellationToken cancellationToken) => Task.CompletedTask;
+    }
+}
+

src/StellaOps.Feedser.Source.Ru.Nkcki/StellaOps.Feedser.Source.Ru.Nkcki.csproj

@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="../StellaOps.Plugin/StellaOps.Plugin.csproj" />
+
+    <ProjectReference Include="../StellaOps.Feedser.Source.Common/StellaOps.Feedser.Source.Common.csproj" />
+    <ProjectReference Include="../StellaOps.Feedser.Models/StellaOps.Feedser.Models.csproj" />
+  </ItemGroup>
+</Project>
+

src/StellaOps.Feedser.Source.Ru.Nkcki/TASKS.md

@@ -0,0 +1,11 @@
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|FEEDCONN-NKCKI-02-001 Research NKTsKI advisory feeds|BE-Conn-Nkcki|Research|**DOING** – 2025-10-11: Located cert.gov.ru RSS landing page with paginated advisories; raw feed pulls currently blocked by TLS/403 so we still need to determine feed endpoints, auth requirements, and archive depth.|
+|FEEDCONN-NKCKI-02-002 Fetch pipeline & state persistence|BE-Conn-Nkcki|Source.Common, Storage.Mongo|**TODO** – Implement fetch job with retry/backoff, persist raw documents, update cursor metadata.|
+|FEEDCONN-NKCKI-02-003 DTO & parser implementation|BE-Conn-Nkcki|Source.Common|**TODO** – Build DTOs for NKTsKI advisories, sanitise HTML, extract vendors/products, CVEs, mitigation guidance.|
+|FEEDCONN-NKCKI-02-004 Canonical mapping & range primitives|BE-Conn-Nkcki|Models|**TODO** – Map advisories into canonical records with aliases, references, and vendor range primitives. Coordinate normalized outputs and provenance per `../StellaOps.Feedser.Merge/RANGE_PRIMITIVES_COORDINATION.md`.|
+|FEEDCONN-NKCKI-02-005 Deterministic fixtures & tests|QA|Testing|**TODO** – Add regression tests supporting `UPDATE_NKCKI_FIXTURES=1` for snapshot regeneration.|
+|FEEDCONN-NKCKI-02-006 Telemetry & documentation|DevEx|Docs|**TODO** – Add logging/metrics, document connector configuration, and close backlog entry after deliverable ships.|
+|FEEDCONN-NKCKI-02-007 Archive ingestion strategy|BE-Conn-Nkcki|Research|**TODO** – Document bulletin taxonomy (alerts vs recommendations), paging behaviour, and fallback scraping plan for legacy advisories.|
+|FEEDCONN-NKCKI-02-008 Access enablement plan|BE-Conn-Nkcki|Source.Common|**TODO** – Determine certificate/proxy requirements to fetch cert.gov.ru RSS feeds without 403/TLS failures and outline monitoring for future access policy shifts.|