stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

feat: Add guild charters and task boards for various components
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Introduced guild charters for Scanner Deno, PHP, Ruby, Native, WebService, Java, Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, UI, Zastava Observer, Zastava Webhook, Zastava Core, and Plugin Platform.
- Each charter outlines the mission, scope, required reading, and working agreements for the respective guilds.
- Created task boards for Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, and Zastava components to track progress and dependencies.
- Ensured all documents emphasize determinism, offline readiness, security, and integration with shared Surface libraries.
This commit is contained in:
master
2025-11-01 02:21:46 +02:00
parent e5629454cf
commit 66cb6c4b8a
227 changed files with 9913 additions and 6210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Oracle/AGENTS.md
View File

@@ -1,27 +1,38 @@
# AGENTS
## Role
Oracle PSIRT connector for Critical Patch Updates (CPU) and Security Alerts; authoritative vendor ranges and severities for Oracle products; establishes PSIRT precedence over registry or distro where applicable.
## Scope
- Harvest CPU calendar pages and per-advisory content; window by CPU cycle (Jan/Apr/Jul/Oct) and last modified timestamps.
- Validate HTML or JSON; extract CVE lists, affected products, components, versions, fixed patch levels; map to canonical with aliases and psirt_flags.
- Persist raw documents; maintain source_state across cycles; idempotent mapping.
## Participants
- Source.Common (HTTP, validators).
- Storage.Mongo (document, dto, advisory, alias, affected, reference, psirt_flags, source_state).
- Models (canonical; affected ranges for vendor products).
- Core/WebService (jobs: source:oracle:fetch|parse|map).
- Merge engine (later) to prefer PSIRT ranges over NVD for Oracle products.
## Interfaces & contracts
- Alias scheme includes CPU:YYYY-QQ plus individual advisory ids when present; include CVE mappings.
- Affected entries capture product/component and fixedBy patch version; references include product notes and patch docs; kind=advisory or patch.
- Provenance.method=parser; value includes CPU cycle and advisory slug.
## In/Out of scope
In: PSIRT authoritative mapping, cycles handling, precedence signaling.
Out: signing or patch artifact downloads.
## Observability & security expectations
- Metrics: SourceDiagnostics emits `concelier.source.http.*` counters/histograms tagged `concelier.source=oracle`, so observability dashboards slice on that tag to monitor fetch pages, CPU cycle coverage, parse failures, and map affected counts.
- Logs: cycle tags, advisory ids, extraction timings; redact nothing sensitive.
## Tests
- Author and review coverage in `../StellaOps.Concelier.Connector.Vndr.Oracle.Tests`.
- Shared fixtures (e.g., `MongoIntegrationFixture`, `ConnectorTestHarness`) live in `../StellaOps.Concelier.Testing`.
- Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.
# AGENTS
## Role
Oracle PSIRT connector for Critical Patch Updates (CPU) and Security Alerts; authoritative vendor ranges and severities for Oracle products; establishes PSIRT precedence over registry or distro where applicable.
## Scope
- Harvest CPU calendar pages and per-advisory content; window by CPU cycle (Jan/Apr/Jul/Oct) and last modified timestamps.
- Validate HTML or JSON; extract CVE lists, affected products, components, versions, fixed patch levels; map to canonical with aliases and psirt_flags.
- Persist raw documents; maintain source_state across cycles; idempotent mapping.
## Participants
- Source.Common (HTTP, validators).
- Storage.Mongo (document, dto, advisory, alias, affected, reference, psirt_flags, source_state).
- Models (canonical; affected ranges for vendor products).
- Core/WebService (jobs: source:oracle:fetch|parse|map).
- Merge engine (later) to prefer PSIRT ranges over NVD for Oracle products.
## Interfaces & contracts
- Alias scheme includes CPU:YYYY-QQ plus individual advisory ids when present; include CVE mappings.
- Affected entries capture product/component and fixedBy patch version; references include product notes and patch docs; kind=advisory or patch.
- Provenance.method=parser; value includes CPU cycle and advisory slug.
## In/Out of scope
In: PSIRT authoritative mapping, cycles handling, precedence signaling.
Out: signing or patch artifact downloads.
## Observability & security expectations
- Metrics: SourceDiagnostics emits `concelier.source.http.*` counters/histograms tagged `concelier.source=oracle`, so observability dashboards slice on that tag to monitor fetch pages, CPU cycle coverage, parse failures, and map affected counts.
- Logs: cycle tags, advisory ids, extraction timings; redact nothing sensitive.
## Tests
- Author and review coverage in `../StellaOps.Concelier.Connector.Vndr.Oracle.Tests`.
- Shared fixtures (e.g., `MongoIntegrationFixture`, `ConnectorTestHarness`) live in `../StellaOps.Concelier.Testing`.
- Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.
## Required Reading
- `docs/modules/concelier/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both `docs/implplan/SPRINTS.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.