Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.

docs/modules/concelier/feeds/icscisa-kisa-provenance.md

@@ -0,0 +1,7 @@
+# ICSCISA / KISA Feed Provenance Notes (2025-11-19)
+
+- Expected signing: not provided by sources; set `signature=null` and `skip_reason="unsigned"`.
+- Hashing: sha256 of raw advisory payload before normalization.
+- Transport: HTTPS; mirror to internal cache; record `fetched_at` UTC and `source_url`.
+- Verification: compare hash vs previous run; emit delta report.
+- Staleness guard: alert if `fetched_at` >14 days.

docs/modules/concelier/feeds/icscisa-kisa.md

@@ -0,0 +1,46 @@
+# ICSCISA / KISA Feed Remediation Plan (v0.1 · 2025-11-19)
+
+## Purpose
+Define a minimal, actionable plan to refresh overdue ICSCISA and KISA connectors, restore provenance freshness, and publish normalized payload fields for downstream Advisory AI and Concelier consumers.
+
+## Owners
+- Feed owners: Concelier Feed Guild
+- Product advisory liaison: Product Advisory Guild
+- Backup: Docs Guild
+
+## Scope & cadence
+- Feeds: ICSCISA, KISA (security advisories)
+- Refresh cadence: weekly pull; publish hashlist and timestamps per run
+- Staleness budget: <14 days; alert if exceeded
+
+## Deliverables (for PREP-FEEDCONN-ICS-KISA-PLAN)
+1) **Provenance refresh SOP**
+   - Mirror source URLs to internal cache
+   - Record `source_url`, `fetched_at` (UTC), `sha256`, `signature` (if present)
+   - Store run log under `out/feeds/icscisa-kisa/<YYYYMMDD>/fetch.log`
+2) **Normalized payload fields**
+   - `advisory_id`, `title`, `summary`, `published`, `updated`, `severity` (pass-through), `cvss` (if provided), `cwe`, `affected_products` (list), `references` (list of URL strings), `signature` (object or null)
+   - Preserve source values; no inference or merging
+3) **Backlog cleanup**
+   - Reprocess last 60 days; compare hash to prior ingests; flag changed advisories
+   - Emit delta report (`out/feeds/icscisa-kisa/<YYYYMMDD>/delta.json`): added/updated/removed ids, counts
+4) **Provenance note**
+   - Publish `docs/modules/concelier/feeds/icscisa-kisa-provenance.md` with current signing keys/fingerprints, expected headers, and fallback when signatures missing
+5) **Next review date**
+   - Set to 2025-12-03 (two-week check) and capture SIG verification status
+
+## Actions & timeline
+- T0 (2025-11-19): adopt SOP + field map; create delta report template
+- T0+2d (2025-11-21): run backlog reprocess, publish artefacts + hashes
+- T0+14d (2025-12-03): review staleness, adjust cadence if needed
+
+## Artefact locations
+- Normalized advisories: `out/feeds/icscisa-kisa/<YYYYMMDD>/advisories.ndjson`
+- Fetch log + hashes: `out/feeds/icscisa-kisa/<YYYYMMDD>/fetch.log`, `hashes.sha256`
+- Delta report: `out/feeds/icscisa-kisa/<YYYYMMDD>/delta.json`
+- Provenance note: `docs/modules/concelier/feeds/icscisa-kisa-provenance.md`
+
+## Risks & mitigations
+- Source downtime → mirror last good snapshot; retry daily for 3 days.
+- Missing signatures → record `signature=null`, log `skip_reason` in provenance note; do not infer validity.
+- Schema drift → treat as new fields, store raw, add to field map after review (no drop).