save progress

src/Concelier/__Libraries/StellaOps.Concelier.Core/Linksets/LinksetCorrelation.cs

@@ -46,6 +46,13 @@ internal static class LinksetCorrelation
             (0.05d * referenceScore) +
             (0.05d * freshnessScore));
 
+        // Add additional conflicts (e.g., from notes) before penalty calculations
+        // so they are considered in the confidence adjustments
+        if (additionalConflicts is { Count: > 0 })
+        {
+            conflicts.AddRange(additionalConflicts);
+        }
+
         if (conflicts.Count > 0 && baseConfidence > 0.7d)
         {
             baseConfidence -= 0.1d;
@@ -56,11 +63,6 @@ internal static class LinksetCorrelation
             baseConfidence = 0.1d; // keep deterministic low signal, not zero
         }
 
-        if (additionalConflicts is { Count: > 0 })
-        {
-            conflicts.AddRange(additionalConflicts);
-        }
-
         return (Clamp01(baseConfidence), DeduplicateAndSort(conflicts, inputs));
     }
 

src/Concelier/__Tests/StellaOps.Concelier.Core.Tests/Linksets/AdvisoryLinksetNormalizationConfidenceTests.cs

@@ -22,11 +22,14 @@ public sealed class AdvisoryLinksetNormalizationConfidenceTests
 
         Assert.NotNull(normalized);
         Assert.NotNull(confidence);
-        Assert.True(confidence!.Value is > 0.7 and < 0.8); // weighted score with conflict penalty
+        // With single input: aliasScore=1.0, purlScore=0.6 (two versions of same package), cpeScore=0.0, etc.
+        // Base confidence ~0.625, which is >0.5 and <0.7
+        Assert.True(confidence!.Value is > 0.5 and < 0.7);
 
-        var conflict = Assert.Single(conflicts);
-        Assert.Equal("severity-mismatch", conflict.Reason);
-        Assert.Contains("severity:mismatch", conflict.Values!);
+        // Two conflicts: range divergence (two versions of pkg:npm/foo) + severity mismatch (from note)
+        Assert.Equal(2, conflicts.Count);
+        Assert.Contains(conflicts, c => c.Reason == "affected-range-divergence");
+        Assert.Contains(conflicts, c => c.Reason == "severity-mismatch" && c.Values!.Contains("severity:mismatch"));
     }
 
     [Fact]

src/Concelier/__Tests/StellaOps.Concelier.Core.Tests/Observations/AdvisoryObservationAggregationTests.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Immutable;
+using System.Linq;
 using System.Reflection;
 using System.Text.Json;
 using System.Text.Json.Nodes;
@@ -130,11 +131,17 @@ public sealed class AdvisoryObservationAggregationTests
             new AdvisoryObservationSignature(false, null, null, null));
 
         var content = new AdvisoryObservationContent("json", null, JsonNode.Parse("{}")!);
+
+        // Populate linkset from rawLinkset values so correlation works correctly
+        var references = rawLinkset.References
+            .Select(r => new AdvisoryObservationReference(r.Type, r.Url))
+            .ToArray();
+
         var linkset = new AdvisoryObservationLinkset(
-            Array.Empty<string>(),
-            Array.Empty<string>(),
-            Array.Empty<string>(),
-            Array.Empty<AdvisoryObservationReference>());
+            rawLinkset.Aliases.IsDefault ? Array.Empty<string>() : rawLinkset.Aliases.ToArray(),
+            rawLinkset.PackageUrls.IsDefault ? Array.Empty<string>() : rawLinkset.PackageUrls.ToArray(),
+            rawLinkset.Cpes.IsDefault ? Array.Empty<string>() : rawLinkset.Cpes.ToArray(),
+            references);
 
         return new AdvisoryObservation(
             id,

src/Concelier/__Tests/StellaOps.Concelier.Core.Tests/Observations/AdvisoryObservationEventFactoryTests.cs

@@ -25,7 +25,7 @@ public sealed class AdvisoryObservationEventFactoryTests
         Assert.Equal("655fabcdedc0ffee0000abcd", evt.SupersedesId);
         Assert.NotNull(evt.ObservationHash);
         Assert.Equal(observation.Upstream.ContentHash, evt.DocumentSha);
-        Assert.Contains("pkg:npm/foo", evt.LinksetSummary.Purls);
+        Assert.Contains("pkg:npm/foo@1.0.0", evt.LinksetSummary.Purls);
     }
 
     private static AdvisoryObservation CreateObservation()

src/Concelier/__Tests/StellaOps.Concelier.Merge.Tests/AdvisoryMergeServiceTests.cs

@@ -205,7 +205,7 @@ public sealed class AdvisoryMergeServiceTests
         Assert.NotNull(appendRequest);
         var appendedConflict = Assert.Single(appendRequest!.Conflicts!);
         Assert.Equal(conflict.ConflictId, appendedConflict.ConflictId);
-        Assert.Equal(conflict.StatementIds, appendedConflict.StatementIds.ToImmutableArray());
+        Assert.Equal(conflict.StatementIds.ToArray(), appendedConflict.StatementIds.ToArray());
     }
 
 

src/Concelier/__Tests/StellaOps.Concelier.Merge.Tests/MergePrecedenceIntegrationTests.cs

@@ -94,8 +94,8 @@ public sealed class MergePrecedenceIntegrationTests : IAsyncLifetime
         // }
         // catch (StorageCommandException ex) when (ex.CodeName == "NamespaceNotFound" || ex.Message.Contains("ns not found", StringComparison.OrdinalIgnoreCase))
         // {
-            // Collection has not been created yet – safe to ignore.
-        }
+        //     // Collection has not been created yet – safe to ignore.
+        // }
     }
 
     private static Advisory CreateNvdBaseline()