Refactor code structure for improved readability and maintainability; optimize performance in key functions.

src/VexHub/AGENTS.md

@@ -0,0 +1,33 @@
+# VexHub Module Charter
+
+## Mission
+Deliver the VexHub aggregation service that normalizes, validates, and distributes VEX statements with deterministic outputs suitable for online and air-gapped deployments.
+
+## Scope
+- Service code under `src/VexHub/**` (web service, background workers, shared libraries).
+- Aggregation scheduler and ingestion pipeline for upstream VEX sources.
+- Validation pipeline (schema + signature checks) with provenance capture.
+- PostgreSQL storage for normalized statements, conflicts, and provenance.
+- Distribution API for CVE/PURL/source queries and bulk export feeds.
+
+## Roles
+- **Backend engineer**: .NET 10 service, ingestion pipeline, storage layer, and APIs.
+- **QA engineer**: deterministic tests for ingestion, validation, and API responses.
+- **Docs steward**: keep module architecture and API reference in sync with behavior.
+
+## Required Reading
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/platform/architecture-overview.md`
+- `docs/modules/excititor/architecture.md`
+- `docs/modules/vex-lens/architecture.md`
+- `docs/modules/vexhub/architecture.md`
+
+## Working Agreement
+- Update task status in `/docs/implplan/SPRINT_*.md` and `src/VexHub/TASKS.md` when work starts or completes.
+- Keep outputs deterministic (stable ordering, UTC timestamps, canonical JSON where applicable).
+- Honor offline/air-gap constraints; only allow upstream fetches via configured connectors.
+- Document contract changes in module docs and sprint Decisions & Risks.
+
+## Testing Expectations
+- Add unit and integration tests for pipelines and APIs with deterministic fixtures.
+- Prefer Postgres-backed tests via Testcontainers; no external network usage.

src/VexHub/TASKS.md

@@ -0,0 +1,29 @@
+# VexHub Local Tasks
+
+| Task ID | Status | Sprint | Dependency | Notes |
+| --- | --- | --- | --- | --- |
+| HUB-001 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | - | Create `StellaOps.VexHub` module structure. |
+| HUB-002 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-001 | Define VexHub domain models. |
+| HUB-003 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-001 | Create PostgreSQL schema for VEX aggregation. |
+| HUB-004 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-001 | Set up web service skeleton. |
+| HUB-005 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-004 | Create VexIngestionScheduler. |
+| HUB-006 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-005 | Implement source polling orchestration. |
+| HUB-007 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-005 | Create VexNormalizationPipeline. |
+| HUB-008 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-007 | Implement deduplication logic. |
+| HUB-009 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-008 | Detect and flag conflicting statements. |
+| HUB-010 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-008 | Store normalized VEX with provenance. |
+| HUB-011 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-004 | Implement signature verification for signed VEX. |
+| HUB-012 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-011 | Add schema validation (OpenVEX, CycloneDX, CSAF). |
+| HUB-013 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-010 | Track and store provenance metadata. |
+| HUB-014 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-011 | Flag unverified/untrusted statements. |
+| HUB-015 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-004 | Implement GET /api/v1/vex/cve/{cve-id}. |
+| HUB-016 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-015 | Implement GET /api/v1/vex/package/{purl}. |
+| HUB-017 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-015 | Implement GET /api/v1/vex/source/{source-id}. |
+| HUB-018 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-015 | Add pagination and filtering. |
+| HUB-019 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-015 | Implement subscription/webhook for updates. |
+| HUB-020 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-015 | Add rate limiting and authentication. |
+| HUB-021 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-015 | Implement OpenVEX bulk export. |
+| HUB-022 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-021 | Create index manifest (vex-index.json). |
+| HUB-023 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-021 | Test with Trivy --vex-url. |
+| HUB-024 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-021 | Test with Grype VEX support. |
+| HUB-025 | TODO | SPRINT_4500_0001_0001_vex_hub_aggregation | HUB-021 | Document integration instructions. |

src/VexHub/__Libraries/StellaOps.VexHub.Core/StellaOps.VexHub.Core.csproj

@@ -0,0 +1,16 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <LangVersion>preview</LangVersion>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+    <RootNamespace>StellaOps.VexHub.Core</RootNamespace>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\\..\\..\\Excititor\\__Libraries\\StellaOps.Excititor.Core\\StellaOps.Excititor.Core.csproj" />
+  </ItemGroup>
+</Project>