stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Add Vexer connector suite, format normalizers, and tooling

Browse Source
This commit is contained in:
master
2025-10-17 19:17:27 +03:00
parent 71d5a43bdb
commit 7bf40b8589
115 changed files with 9659 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/StellaOps.Vexer.Connectors.RedHat.CSAF/TASKS.md
View File

@@ -2,6 +2,9 @@ If you are working on this file you need to read docs/ARCHITECTURE_VEXER.md and
# TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
|VEXER-CONN-RH-01-001 Provider metadata discovery|Team Vexer Connectors Red Hat|VEXER-CONN-ABS-01-001|TODO Implement `.well-known` metadata loader with caching, schema validation, and offline snapshot support.|
|VEXER-CONN-RH-01-002 Incremental CSAF pulls|Team Vexer Connectors Red Hat|VEXER-CONN-RH-01-001, VEXER-STORAGE-01-003|TODO Fetch CSAF windows with ETag handling, resume tokens, quarantine on schema errors, and persist raw docs.|
|VEXER-CONN-RH-01-003 Trust metadata emission|Team Vexer Connectors Red Hat|VEXER-CONN-RH-01-002, VEXER-POLICY-01-001|TODO Populate provider trust overrides (cosign issuer, identity regex) and provenance hints for policy evaluation/logging.|
|VEXER-CONN-RH-01-001 Provider metadata discovery|Team Vexer Connectors Red Hat|VEXER-CONN-ABS-01-001|**DONE (2025-10-17)** Added `RedHatProviderMetadataLoader` with HTTP/ETag caching, offline snapshot handling, and validation; exposed DI helper + tests covering live, cached, and offline scenarios.|
|VEXER-CONN-RH-01-002 Incremental CSAF pulls|Team Vexer Connectors Red Hat|VEXER-CONN-RH-01-001, VEXER-STORAGE-01-003|**DONE (2025-10-17)** Implemented `RedHatCsafConnector` with ROLIE feed parsing, incremental filtering via `context.Since`, CSAF document download + metadata capture, and persistence through `IVexRawDocumentSink`; tests cover live fetch/cache/offline scenarios with ETag handling.|
|VEXER-CONN-RH-01-003 Trust metadata emission|Team Vexer Connectors Red Hat|VEXER-CONN-RH-01-002, VEXER-POLICY-01-001|**DONE (2025-10-17)** Provider metadata loader now emits trust overrides (weight, cosign issuer/pattern, PGP fingerprints) and the connector surfaces provenance hints for policy/consensus layers.|
|VEXER-CONN-RH-01-004 Resume state persistence|Team Vexer Connectors Red Hat|VEXER-CONN-RH-01-002, VEXER-STORAGE-01-003|**DONE (2025-10-17)** Connector now loads/saves resume state via `IVexConnectorStateRepository`, tracking last update timestamp and recent document digests to avoid duplicate CSAF ingestion; regression covers state persistence and duplicate skips.|
|VEXER-CONN-RH-01-005 Worker/WebService integration|Team Vexer Connectors Red Hat|VEXER-CONN-RH-01-002|**DONE (2025-10-17)** Worker/WebService now call `AddRedHatCsafConnector`, register the connector + state repo, and default worker scheduling adds the `vexer:redhat` provider so background jobs and orchestration can activate the connector without extra wiring.|
|VEXER-CONN-RH-01-006 CSAF normalization parity tests|Team Vexer Connectors Red Hat|VEXER-CONN-RH-01-002, VEXER-FMT-CSAF-01-001|**DONE (2025-10-17)** Added RHSA fixture-driven regression verifying CSAF normalizer retains Red Hat product metadata, tracking fields, and timestamps (`rhsa-sample.json` + `CsafNormalizerTests.NormalizeAsync_PreservesRedHatSpecificMetadata`).|