Rename Vexer to Excititor

2025-10-18 20:00:46 +03:00
parent fbd1826ef3
commit 7e1b10d3b2
263 changed files with 848 additions and 848 deletions
--- a/src/StellaOps.Cli/TASKS.md
+++ b/src/StellaOps.Cli/TASKS.md
@@ -1,4 +1,4 @@
-If you are working on this file you need to read docs/ARCHITECTURE_VEXER.md and ./AGENTS.md).
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
 # TASKS
 | Task | Owner(s) | Depends on | Notes |
 |---|---|---|---|
@@ -14,6 +14,6 @@ If you are working on this file you need to read docs/ARCHITECTURE_VEXER.md and
 |Expose auth client resilience settings|DevEx/CLI|Auth libraries LIB5|**DONE (2025-10-10)** – CLI options now bind resilience knobs, `AddStellaOpsAuthClient` honours them, and tests cover env overrides.|
 |Document advanced Authority tuning|Docs/CLI|Expose auth client resilience settings|**DONE (2025-10-10)** – docs/09 and docs/10 describe retry/offline settings with env examples and point to the integration guide.|
 |Surface password policy diagnostics in CLI output|DevEx/CLI, Security Guild|AUTHSEC-CRYPTO-02-004|**DONE (2025-10-15)** – CLI startup runs the Authority plug-in analyzer, logs weakened password policy warnings with manifest paths, added unit tests (`dotnet test src/StellaOps.Cli.Tests`) and updated docs/09 with remediation guidance.|
-|VEXER-CLI-01-001 – Add `vexer` command group|DevEx/CLI|VEXER-WEB-01-001|TODO – Introduce `vexer` verb hierarchy (init/pull/resume/list-providers/export/verify/reconcile) forwarding to WebService with token auth and consistent exit codes.|
-|VEXER-CLI-01-002 – Export download & attestation UX|DevEx/CLI|VEXER-CLI-01-001, VEXER-EXPORT-01-001|TODO – Display export metadata (sha256, size, Rekor link), support optional artifact download path, and handle cache hits gracefully.|
-|VEXER-CLI-01-003 – CLI docs & examples for Vexer|Docs/CLI|VEXER-CLI-01-001|TODO – Update docs/09_API_CLI_REFERENCE.md and quickstart snippets to cover Vexer verbs, offline guidance, and attestation verification workflow.|
+|EXCITITOR-CLI-01-001 – Add `excititor` command group|DevEx/CLI|EXCITITOR-WEB-01-001|TODO – Introduce `excititor` verb hierarchy (init/pull/resume/list-providers/export/verify/reconcile) forwarding to WebService with token auth and consistent exit codes.|
+|EXCITITOR-CLI-01-002 – Export download & attestation UX|DevEx/CLI|EXCITITOR-CLI-01-001, EXCITITOR-EXPORT-01-001|TODO – Display export metadata (sha256, size, Rekor link), support optional artifact download path, and handle cache hits gracefully.|
+|EXCITITOR-CLI-01-003 – CLI docs & examples for Excititor|Docs/CLI|EXCITITOR-CLI-01-001|TODO – Update docs/09_API_CLI_REFERENCE.md and quickstart snippets to cover Excititor verbs, offline guidance, and attestation verification workflow.|
--- a/src/StellaOps.Excititor.ArtifactStores.S3.Tests/S3ArtifactClientTests.cs
+++ b/src/StellaOps.Excititor.ArtifactStores.S3.Tests/S3ArtifactClientTests.cs
@@ -1,10 +1,10 @@
 using Amazon.S3;
 using Amazon.S3.Model;
 using Moq;
-using StellaOps.Vexer.ArtifactStores.S3;
-using StellaOps.Vexer.Export;
+using StellaOps.Excititor.ArtifactStores.S3;
+using StellaOps.Excititor.Export;

-namespace StellaOps.Vexer.ArtifactStores.S3.Tests;
+namespace StellaOps.Excititor.ArtifactStores.S3.Tests;

 public sealed class S3ArtifactClientTests
 {
--- a/src/StellaOps.Excititor.ArtifactStores.S3.Tests/StellaOps.Excititor.ArtifactStores.S3.Tests.csproj
+++ b/src/StellaOps.Excititor.ArtifactStores.S3.Tests/StellaOps.Excititor.ArtifactStores.S3.Tests.csproj
@@ -10,6 +10,6 @@
    <PackageReference Include="Moq" Version="4.20.70" />
  </ItemGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.ArtifactStores.S3\StellaOps.Vexer.ArtifactStores.S3.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.ArtifactStores.S3\StellaOps.Excititor.ArtifactStores.S3.csproj" />
  </ItemGroup>
 </Project>
--- a/src/StellaOps.Excititor.ArtifactStores.S3/Extensions/ServiceCollectionExtensions.cs
+++ b/src/StellaOps.Excititor.ArtifactStores.S3/Extensions/ServiceCollectionExtensions.cs
@@ -3,9 +3,9 @@ using Amazon.Runtime;
 using Amazon.S3;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Export;
+using StellaOps.Excititor.Export;

-namespace StellaOps.Vexer.ArtifactStores.S3.Extensions;
+namespace StellaOps.Excititor.ArtifactStores.S3.Extensions;

 public static class ServiceCollectionExtensions
 {
--- a/src/StellaOps.Excititor.ArtifactStores.S3/S3ArtifactClient.cs
+++ b/src/StellaOps.Excititor.ArtifactStores.S3/S3ArtifactClient.cs
@@ -2,9 +2,9 @@ using Amazon.S3;
 using Amazon.S3.Model;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Export;
+using StellaOps.Excititor.Export;

-namespace StellaOps.Vexer.ArtifactStores.S3;
+namespace StellaOps.Excititor.ArtifactStores.S3;

 public sealed class S3ArtifactClientOptions
 {
--- a/src/StellaOps.Excititor.ArtifactStores.S3/StellaOps.Excititor.ArtifactStores.S3.csproj
+++ b/src/StellaOps.Excititor.ArtifactStores.S3/StellaOps.Excititor.ArtifactStores.S3.csproj
@@ -12,6 +12,6 @@
    <PackageReference Include="Microsoft.Extensions.Options" Version="8.0.0" />
  </ItemGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Export\StellaOps.Vexer.Export.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Export\StellaOps.Excititor.Export.csproj" />
  </ItemGroup>
 </Project>
--- a/src/StellaOps.Excititor.Attestation.Tests/StellaOps.Excititor.Attestation.Tests.csproj
+++ b/src/StellaOps.Excititor.Attestation.Tests/StellaOps.Excititor.Attestation.Tests.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Attestation\StellaOps.Vexer.Attestation.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Attestation\StellaOps.Excititor.Attestation.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
  </ItemGroup>
 </Project>
--- a/src/StellaOps.Excititor.Attestation.Tests/VexAttestationClientTests.cs
+++ b/src/StellaOps.Excititor.Attestation.Tests/VexAttestationClientTests.cs
@@ -1,12 +1,12 @@
 using System.Collections.Immutable;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Attestation.Dsse;
-using StellaOps.Vexer.Attestation.Signing;
-using StellaOps.Vexer.Attestation.Transparency;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Signing;
+using StellaOps.Excititor.Attestation.Transparency;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Attestation.Tests;
+namespace StellaOps.Excititor.Attestation.Tests;

 public sealed class VexAttestationClientTests
 {
--- a/src/StellaOps.Excititor.Attestation.Tests/VexDsseBuilderTests.cs
+++ b/src/StellaOps.Excititor.Attestation.Tests/VexDsseBuilderTests.cs
@@ -1,11 +1,11 @@
 using System.Collections.Immutable;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Attestation.Dsse;
-using StellaOps.Vexer.Attestation.Models;
-using StellaOps.Vexer.Attestation.Signing;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Models;
+using StellaOps.Excititor.Attestation.Signing;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Attestation.Tests;
+namespace StellaOps.Excititor.Attestation.Tests;

 public sealed class VexDsseBuilderTests
 {
--- a/src/StellaOps.Excititor.Attestation/AGENTS.md
+++ b/src/StellaOps.Excititor.Attestation/AGENTS.md
@@ -1,6 +1,6 @@
 # AGENTS
 ## Role
-Builds and verifies in-toto/DSSE attestations for Vexer exports and integrates with Rekor v2 transparency logs.
+Builds and verifies in-toto/DSSE attestations for Excititor exports and integrates with Rekor v2 transparency logs.
 ## Scope
 - Attestation envelope builders, signing workflows (keyless/keyed), and predicate model definitions.
 - Rekor v2 client implementation (submit, verify, poll inclusion) with retry/backoff policies.
@@ -9,7 +9,7 @@ Builds and verifies in-toto/DSSE attestations for Vexer exports and integrates w
 ## Participants
 - Export module calls into this layer to generate attestations after export artifacts are produced.
 - WebService and Worker consume verification helpers to ensure stored envelopes remain valid.
- CLI `vexer verify` leverages verification services through WebService endpoints.
+- CLI `excititor verify` leverages verification services through WebService endpoints.
 ## Interfaces & contracts
 - `IExportAttestor`, `ITransparencyLogClient`, predicate DTOs, and verification result records.
 - Extension methods to register attestation services in DI across WebService/Worker.
@@ -20,4 +20,4 @@ Out: export artifact generation, storage persistence, CLI interaction layers.
 - Structured logs for signing/verification with envelope digest, Rekor URI, and latency; never log private keys.
 - Metrics for attestation successes/failures and Rekor submission durations.
 ## Tests
- Unit tests and integration stubs (with fake Rekor) will live in `../StellaOps.Vexer.Attestation.Tests`.
+- Unit tests and integration stubs (with fake Rekor) will live in `../StellaOps.Excititor.Attestation.Tests`.
--- a/src/StellaOps.Excititor.Attestation/Dsse/DsseEnvelope.cs
+++ b/src/StellaOps.Excititor.Attestation/Dsse/DsseEnvelope.cs
@@ -1,7 +1,7 @@
 using System.Collections.Generic;
 using System.Text.Json.Serialization;

-namespace StellaOps.Vexer.Attestation.Dsse;
+namespace StellaOps.Excititor.Attestation.Dsse;

 public sealed record DsseEnvelope(
    [property: JsonPropertyName("payload")] string Payload,
--- a/src/StellaOps.Excititor.Attestation/Dsse/VexDsseBuilder.cs
+++ b/src/StellaOps.Excititor.Attestation/Dsse/VexDsseBuilder.cs
@@ -8,11 +8,11 @@ using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Attestation.Models;
-using StellaOps.Vexer.Attestation.Signing;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Models;
+using StellaOps.Excititor.Attestation.Signing;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Attestation.Dsse;
+namespace StellaOps.Excititor.Attestation.Dsse;

 public sealed class VexDsseBuilder
 {
--- a/src/StellaOps.Excititor.Attestation/Extensions/ServiceCollectionExtensions.cs
+++ b/src/StellaOps.Excititor.Attestation/Extensions/ServiceCollectionExtensions.cs
@@ -1,9 +1,9 @@
 using Microsoft.Extensions.DependencyInjection;
-using StellaOps.Vexer.Attestation.Dsse;
-using StellaOps.Vexer.Attestation.Transparency;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Transparency;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Attestation.Extensions;
+namespace StellaOps.Excititor.Attestation.Extensions;

 public static class VexAttestationServiceCollectionExtensions
 {
--- a/src/StellaOps.Excititor.Attestation/Models/VexAttestationPredicate.cs
+++ b/src/StellaOps.Excititor.Attestation/Models/VexAttestationPredicate.cs
@@ -2,9 +2,9 @@ using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Text.Json.Serialization;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Attestation.Models;
+namespace StellaOps.Excititor.Attestation.Models;

 public sealed record VexAttestationPredicate(
    string ExportId,
--- a/src/StellaOps.Excititor.Attestation/Signing/IVexSigner.cs
+++ b/src/StellaOps.Excititor.Attestation/Signing/IVexSigner.cs
@@ -2,7 +2,7 @@ using System;
 using System.Threading;
 using System.Threading.Tasks;

-namespace StellaOps.Vexer.Attestation.Signing;
+namespace StellaOps.Excititor.Attestation.Signing;

 public sealed record VexSignedPayload(string Signature, string? KeyId);

--- a/src/StellaOps.Excititor.Attestation/StellaOps.Excititor.Attestation.csproj
+++ b/src/StellaOps.Excititor.Attestation/StellaOps.Excititor.Attestation.csproj
@@ -12,6 +12,6 @@
    <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.0" />
  </ItemGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
  </ItemGroup>
 </Project>
--- a/src/StellaOps.Excititor.Attestation/TASKS.md
+++ b/src/StellaOps.Excititor.Attestation/TASKS.md
@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-ATTEST-01-001 – In-toto predicate & DSSE builder|Team Excititor Attestation|EXCITITOR-CORE-01-001|**DONE (2025-10-16)** – Added deterministic in-toto predicate/statement models, DSSE envelope builder wired to signer abstraction, and attestation client producing metadata + diagnostics.|
+|EXCITITOR-ATTEST-01-002 – Rekor v2 client integration|Team Excititor Attestation|EXCITITOR-ATTEST-01-001|**DONE (2025-10-16)** – Implemented Rekor HTTP client with retry/backoff, transparency log abstraction, DI helpers, and attestation client integration capturing Rekor metadata + diagnostics.|
+|EXCITITOR-ATTEST-01-003 – Verification suite & observability|Team Excititor Attestation|EXCITITOR-ATTEST-01-002|TODO – Add verification helpers for Worker/WebService, metrics/logging hooks, and negative-path regression tests.|
--- a/src/StellaOps.Excititor.Attestation/Transparency/ITransparencyLogClient.cs
+++ b/src/StellaOps.Excititor.Attestation/Transparency/ITransparencyLogClient.cs
@@ -1,8 +1,8 @@
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Vexer.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Dsse;

-namespace StellaOps.Vexer.Attestation.Transparency;
+namespace StellaOps.Excititor.Attestation.Transparency;

 public sealed record TransparencyLogEntry(string Id, string Location, string? LogIndex, string? InclusionProofUrl);

--- a/src/StellaOps.Excititor.Attestation/Transparency/RekorHttpClient.cs
+++ b/src/StellaOps.Excititor.Attestation/Transparency/RekorHttpClient.cs
@@ -2,9 +2,9 @@ using System.Net.Http.Json;
 using System.Text.Json;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Dsse;

-namespace StellaOps.Vexer.Attestation.Transparency;
+namespace StellaOps.Excititor.Attestation.Transparency;

 internal sealed class RekorHttpClient : ITransparencyLogClient
 {
--- a/src/StellaOps.Excititor.Attestation/Transparency/RekorHttpClientOptions.cs
+++ b/src/StellaOps.Excititor.Attestation/Transparency/RekorHttpClientOptions.cs
@@ -1,4 +1,4 @@
-namespace StellaOps.Vexer.Attestation.Transparency;
+namespace StellaOps.Excititor.Attestation.Transparency;

 public sealed class RekorHttpClientOptions
 {
--- a/src/StellaOps.Excititor.Attestation/VexAttestationClient.cs
+++ b/src/StellaOps.Excititor.Attestation/VexAttestationClient.cs
@@ -6,13 +6,13 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Attestation.Dsse;
-using StellaOps.Vexer.Attestation.Models;
-using StellaOps.Vexer.Attestation.Signing;
-using StellaOps.Vexer.Attestation.Transparency;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Attestation.Dsse;
+using StellaOps.Excititor.Attestation.Models;
+using StellaOps.Excititor.Attestation.Signing;
+using StellaOps.Excititor.Attestation.Transparency;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Attestation;
+namespace StellaOps.Excititor.Attestation;

 public sealed class VexAttestationClientOptions
 {
@@ -84,7 +84,7 @@ public sealed class VexAttestationClient : IVexAttestationClient

    public ValueTask<VexAttestationVerification> VerifyAsync(VexAttestationRequest request, CancellationToken cancellationToken)
    {
-        // Placeholder until verification flow is implemented in VEXER-ATTEST-01-003.
+        // Placeholder until verification flow is implemented in EXCITITOR-ATTEST-01-003.
        return ValueTask.FromResult(new VexAttestationVerification(true, ImmutableDictionary<string, string>.Empty));
    }

--- a/src/StellaOps.Excititor.Connectors.Abstractions/AGENTS.md
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/AGENTS.md
@@ -1,13 +1,13 @@
 # AGENTS
 ## Role
-Defines shared connector infrastructure for Vexer, including base contexts, result contracts, configuration binding, and helper utilities reused by all connector plug-ins.
+Defines shared connector infrastructure for Excititor, including base contexts, result contracts, configuration binding, and helper utilities reused by all connector plug-ins.
 ## Scope
 - `IVexConnector` context implementation, raw store helpers, verification hooks, and telemetry utilities.
 - Configuration primitives (YAML parsing, secrets handling guidelines) and options validation.
 - Connector lifecycle helpers for retries, paging, `.well-known` discovery, and resume markers.
- Documentation for connector packaging, plugin manifest metadata, and DI registration (see `docs/dev/30_VEXER_CONNECTOR_GUIDE.md` and `docs/dev/templates/vexer-connector/`).
+- Documentation for connector packaging, plugin manifest metadata, and DI registration (see `docs/dev/30_EXCITITOR_CONNECTOR_GUIDE.md` and `docs/dev/templates/excititor-connector/`).
 ## Participants
- All Vexer connector projects reference this module to obtain base classes and context services.
+- All Excititor connector projects reference this module to obtain base classes and context services.
 - WebService/Worker instantiate connectors via plugin loader leveraging abstractions defined here.
 ## Interfaces & contracts
 - Connector context, result, and telemetry interfaces; `VexConnectorDescriptor`, `VexConnectorBase`, options binder/validators, authentication helpers.
@@ -19,4 +19,4 @@ Out: provider-specific logic (implemented in individual connector modules), stor
 - Provide structured logging helpers, correlation IDs, and metrics instrumentation toggles for connectors.
 - Enforce redaction of secrets in logs and config dumps.
 ## Tests
- Abstraction/unit tests will live in `../StellaOps.Vexer.Connectors.Abstractions.Tests`, covering default behaviors and sample harness.
+- Abstraction/unit tests will live in `../StellaOps.Excititor.Connectors.Abstractions.Tests`, covering default behaviors and sample harness.
--- a/src/StellaOps.Excititor.Connectors.Abstractions/IVexConnectorOptionsValidator.cs
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/IVexConnectorOptionsValidator.cs
@@ -1,6 +1,6 @@
 using System.Collections.Generic;

-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;

 /// <summary>
 /// Custom validator hook executed after connector options are bound.
--- a/src/StellaOps.Excititor.Connectors.Abstractions/StellaOps.Excititor.Connectors.Abstractions.csproj
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/StellaOps.Excititor.Connectors.Abstractions.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
--- a/src/StellaOps.Excititor.Connectors.Abstractions/TASKS.md
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/TASKS.md
@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-ABS-01-001 – Connector context & base classes|Team Excititor Connectors|EXCITITOR-CORE-01-003|**DONE (2025-10-17)** – Added `StellaOps.Excititor.Connectors.Abstractions` project with `VexConnectorBase`, deterministic logging scopes, metadata builder helpers, and connector descriptors; docs updated to highlight the shared abstractions.|
+|EXCITITOR-CONN-ABS-01-002 – YAML options & validation|Team Excititor Connectors|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Delivered `VexConnectorOptionsBinder` + binder options/validators, environment-variable expansion, data-annotation checks, and custom validation hooks with documentation updates covering the workflow.|
+|EXCITITOR-CONN-ABS-01-003 – Plugin packaging & docs|Team Excititor Connectors|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Authored `docs/dev/30_EXCITITOR_CONNECTOR_GUIDE.md`, added quick-start template under `docs/dev/templates/excititor-connector/`, and updated module docs to reference the packaging workflow.|
--- a/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorBase.cs
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorBase.cs
@@ -1,9 +1,9 @@
 using System.Collections.Immutable;
 using System.Security.Cryptography;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;

 /// <summary>
 /// Convenience base class for implementing <see cref="IVexConnector" />.
--- a/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorDescriptor.cs
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorDescriptor.cs
@@ -1,10 +1,10 @@
 using System.Collections.Immutable;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;

 /// <summary>
-/// Static descriptor for a Vexer connector plug-in.
+/// Static descriptor for a Excititor connector plug-in.
 /// </summary>
 public sealed record VexConnectorDescriptor
 {
--- a/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorLogScope.cs
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorLogScope.cs
@@ -1,8 +1,8 @@
 using System.Linq;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;

 /// <summary>
 /// Helper to establish deterministic logging scopes for connector operations.
--- a/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorMetadataBuilder.cs
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorMetadataBuilder.cs
@@ -1,6 +1,6 @@
 using System.Collections.Immutable;

-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;

 /// <summary>
 /// Builds deterministic metadata dictionaries for raw documents and logging scopes.
--- a/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsBinder.cs
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsBinder.cs
@@ -2,9 +2,9 @@ using System.Collections.Immutable;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using Microsoft.Extensions.Configuration;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;

 /// <summary>
 /// Provides strongly typed binding and validation for connector options.
--- a/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsBinderOptions.cs
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsBinderOptions.cs
@@ -1,4 +1,4 @@
-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;

 /// <summary>
 /// Customisation options for connector options binding.
--- a/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsValidationException.cs
+++ b/src/StellaOps.Excititor.Connectors.Abstractions/VexConnectorOptionsValidationException.cs
@@ -1,6 +1,6 @@
 using System.Collections.Immutable;

-namespace StellaOps.Vexer.Connectors.Abstractions;
+namespace StellaOps.Excititor.Connectors.Abstractions;

 public sealed class VexConnectorOptionsValidationException : Exception
 {
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/Connectors/CiscoCsafConnectorTests.cs
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/Connectors/CiscoCsafConnectorTests.cs
@@ -7,18 +7,18 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.DependencyInjection;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Cisco.CSAF;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Cisco.CSAF;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;
 using System.Collections.Immutable;
 using System.IO.Abstractions.TestingHelpers;
 using Xunit;
 using System.Threading;

-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Tests.Connectors;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Tests.Connectors;

 public sealed class CiscoCsafConnectorTests
 {
@@ -33,7 +33,7 @@ public sealed class CiscoCsafConnectorTests
                    "publisher": {
                      "name": "Cisco",
                      "category": "vendor",
-                      "contact_details": { "id": "vexer:cisco" }
+                      "contact_details": { "id": "excititor:cisco" }
                    }
                  },
                  "distributions": {
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/Metadata/CiscoProviderMetadataLoaderTests.cs
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/Metadata/CiscoProviderMetadataLoaderTests.cs
@@ -5,12 +5,12 @@ using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions.TestingHelpers;

-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Tests.Metadata;

 public sealed class CiscoProviderMetadataLoaderTests
 {
@@ -24,7 +24,7 @@ public sealed class CiscoProviderMetadataLoaderTests
              "name": "Cisco CSAF",
              "category": "vendor",
              "contact_details": {
-                "id": "vexer:cisco"
+                "id": "excititor:cisco"
              }
            }
          },
@@ -72,7 +72,7 @@ public sealed class CiscoProviderMetadataLoaderTests

        var result = await loader.LoadAsync(CancellationToken.None);

-        result.Provider.Id.Should().Be("vexer:cisco");
+        result.Provider.Id.Should().Be("excititor:cisco");
        result.Provider.BaseUris.Should().ContainSingle(uri => uri.ToString() == "https://api.security.cisco.com/csaf/v2/advisories/");
        result.Provider.Discovery.RolIeService.Should().Be(new Uri("https://api.security.cisco.com/csaf/rolie/feed"));
        result.ServedFromCache.Should().BeFalse();
@@ -91,7 +91,7 @@ public sealed class CiscoProviderMetadataLoaderTests
              "name": "Cisco CSAF",
              "category": "vendor",
              "contact_details": {
-                "id": "vexer:cisco"
+                "id": "excititor:cisco"
              }
            }
          }
@@ -117,7 +117,7 @@ public sealed class CiscoProviderMetadataLoaderTests
        var result = await loader.LoadAsync(CancellationToken.None);

        result.FromOfflineSnapshot.Should().BeTrue();
-        result.Provider.Id.Should().Be("vexer:cisco");
+        result.Provider.Id.Should().Be("excititor:cisco");
    }

    private sealed class SingleHttpClientFactory : IHttpClientFactory
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests.csproj
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests/StellaOps.Excititor.Connectors.Cisco.CSAF.Tests.csproj
@@ -11,6 +11,6 @@
    <PackageReference Include="System.IO.Abstractions.TestingHelpers" Version="20.0.28" />
  </ItemGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Cisco.CSAF\StellaOps.Vexer.Connectors.Cisco.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Cisco.CSAF\StellaOps.Excititor.Connectors.Cisco.CSAF.csproj" />
  </ItemGroup>
 </Project>
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF/AGENTS.md
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF/AGENTS.md
@@ -20,4 +20,4 @@ Out: normalization/export, attestation, Mongo wiring (handled in other modules).
 - Log fetch batches with document counts/durations; mask credentials.
 - Emit metrics for rate-limit hits, retries, and quarantine events.
 ## Tests
- Unit tests plus HTTP harness fixtures will live in `../StellaOps.Vexer.Connectors.Cisco.CSAF.Tests`.
+- Unit tests plus HTTP harness fixtures will live in `../StellaOps.Excititor.Connectors.Cisco.CSAF.Tests`.
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF/CiscoCsafConnector.cs
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF/CiscoCsafConnector.cs
@@ -5,18 +5,18 @@ using System.Net.Http;
 using System.Runtime.CompilerServices;
 using System.Text.Json;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;

-namespace StellaOps.Vexer.Connectors.Cisco.CSAF;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF;

 public sealed class CiscoCsafConnector : VexConnectorBase
 {
    private static readonly VexConnectorDescriptor DescriptorInstance = new(
-        id: "vexer:cisco",
+        id: "excititor:cisco",
        kind: VexProviderKind.Vendor,
        displayName: "Cisco CSAF")
    {
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF/Configuration/CiscoConnectorOptions.cs
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF/Configuration/CiscoConnectorOptions.cs
@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;

-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;

 public sealed class CiscoConnectorOptions : IValidatableObject
 {
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF/Configuration/CiscoConnectorOptionsValidator.cs
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF/Configuration/CiscoConnectorOptionsValidator.cs
@@ -1,9 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
-using StellaOps.Vexer.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Abstractions;

-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;

 public sealed class CiscoConnectorOptionsValidator : IVexConnectorOptionsValidator<CiscoConnectorOptions>
 {
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF/DependencyInjection/CiscoConnectorServiceCollectionExtensions.cs
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF/DependencyInjection/CiscoConnectorServiceCollectionExtensions.cs
@@ -4,13 +4,13 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.DependencyInjection;

 public static class CiscoConnectorServiceCollectionExtensions
 {
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF/Metadata/CiscoProviderMetadataLoader.cs
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF/Metadata/CiscoProviderMetadataLoader.cs
@@ -5,15 +5,15 @@ using System.Text.Json;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Cisco.CSAF.Configuration;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Cisco.CSAF.Configuration;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata;
+namespace StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata;

 public sealed class CiscoProviderMetadataLoader
 {
-    public const string CacheKey = "StellaOps.Vexer.Connectors.Cisco.CSAF.Metadata";
+    public const string CacheKey = "StellaOps.Excititor.Connectors.Cisco.CSAF.Metadata";

    private readonly IHttpClientFactory _httpClientFactory;
    private readonly IMemoryCache _memoryCache;
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF/StellaOps.Excititor.Connectors.Cisco.CSAF.csproj
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF/StellaOps.Excititor.Connectors.Cisco.CSAF.csproj
@@ -7,9 +7,9 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />
--- a/src/StellaOps.Excititor.Connectors.Cisco.CSAF/TASKS.md
+++ b/src/StellaOps.Excititor.Connectors.Cisco.CSAF/TASKS.md
@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-CISCO-01-001 – Endpoint discovery & auth plumbing|Team Excititor Connectors – Cisco|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Added `CiscoProviderMetadataLoader` with bearer token support, offline snapshot fallback, DI helpers, and tests covering network/offline discovery to unblock subsequent fetch work.|
+|EXCITITOR-CONN-CISCO-01-002 – CSAF pull loop & pagination|Team Excititor Connectors – Cisco|EXCITITOR-CONN-CISCO-01-001, EXCITITOR-STORAGE-01-003|**DONE (2025-10-17)** – Implemented paginated advisory fetch using provider directories, raw document persistence with dedupe/state tracking, offline resiliency, and unit coverage.|
+|EXCITITOR-CONN-CISCO-01-003 – Provider trust metadata|Team Excititor Connectors – Cisco|EXCITITOR-CONN-CISCO-01-002, EXCITITOR-POLICY-01-001|TODO – Emit cosign/PGP trust metadata and advisory provenance hints for policy weighting.|
--- a/src/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests/Authentication/MsrcTokenProviderTests.cs
+++ b/src/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests/Authentication/MsrcTokenProviderTests.cs
@@ -6,12 +6,12 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 using NSubstitute;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Authentication;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Authentication;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Configuration;
 using System.IO.Abstractions.TestingHelpers;
 using Xunit;

-namespace StellaOps.Vexer.Connectors.MSRC.CSAF.Tests.Authentication;
+namespace StellaOps.Excititor.Connectors.MSRC.CSAF.Tests.Authentication;

 public sealed class MsrcTokenProviderTests
 {
--- a/src/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests.csproj
+++ b/src/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests/StellaOps.Excititor.Connectors.MSRC.CSAF.Tests.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.MSRC.CSAF\StellaOps.Vexer.Connectors.MSRC.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.MSRC.CSAF\StellaOps.Excititor.Connectors.MSRC.CSAF.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="FluentAssertions" Version="6.12.0" />
--- a/src/StellaOps.Excititor.Connectors.MSRC.CSAF/AGENTS.md
+++ b/src/StellaOps.Excititor.Connectors.MSRC.CSAF/AGENTS.md
@@ -20,4 +20,4 @@ Out: normalization/export, attestation, storage implementations (handled elsewhe
 - Log request batches, rate-limit responses, and token refresh events without leaking secrets.
 - Track metrics for documents fetched, retries, and failure categories.
 ## Tests
- Connector tests with mocked MSRC endpoints and AAD token flow will live in `../StellaOps.Vexer.Connectors.MSRC.CSAF.Tests`.
+- Connector tests with mocked MSRC endpoints and AAD token flow will live in `../StellaOps.Excititor.Connectors.MSRC.CSAF.Tests`.
--- a/src/StellaOps.Excititor.Connectors.MSRC.CSAF/Authentication/MsrcTokenProvider.cs
+++ b/src/StellaOps.Excititor.Connectors.MSRC.CSAF/Authentication/MsrcTokenProvider.cs
@@ -9,9 +9,9 @@ using System.Threading.Tasks;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Configuration;

-namespace StellaOps.Vexer.Connectors.MSRC.CSAF.Authentication;
+namespace StellaOps.Excititor.Connectors.MSRC.CSAF.Authentication;

 public interface IMsrcTokenProvider
 {
@@ -20,7 +20,7 @@ public interface IMsrcTokenProvider

 public sealed class MsrcTokenProvider : IMsrcTokenProvider, IDisposable
 {
-    private const string CachePrefix = "StellaOps.Vexer.Connectors.MSRC.CSAF.Token";
+    private const string CachePrefix = "StellaOps.Excititor.Connectors.MSRC.CSAF.Token";

    private readonly IHttpClientFactory _httpClientFactory;
    private readonly IMemoryCache _cache;
--- a/src/StellaOps.Excititor.Connectors.MSRC.CSAF/Configuration/MsrcConnectorOptions.cs
+++ b/src/StellaOps.Excititor.Connectors.MSRC.CSAF/Configuration/MsrcConnectorOptions.cs
@@ -2,11 +2,11 @@ using System;
 using System.IO;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.MSRC.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.MSRC.CSAF.Configuration;

 public sealed class MsrcConnectorOptions
 {
-    public const string TokenClientName = "vexer.connector.msrc.token";
+    public const string TokenClientName = "excititor.connector.msrc.token";
    public const string DefaultScope = "https://api.msrc.microsoft.com/.default";

    /// <summary>
--- a/src/StellaOps.Excititor.Connectors.MSRC.CSAF/DependencyInjection/MsrcConnectorServiceCollectionExtensions.cs
+++ b/src/StellaOps.Excititor.Connectors.MSRC.CSAF/DependencyInjection/MsrcConnectorServiceCollectionExtensions.cs
@@ -4,11 +4,11 @@ using System.Net.Http;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Authentication;
-using StellaOps.Vexer.Connectors.MSRC.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Authentication;
+using StellaOps.Excititor.Connectors.MSRC.CSAF.Configuration;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.MSRC.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.MSRC.CSAF.DependencyInjection;

 public static class MsrcConnectorServiceCollectionExtensions
 {
@@ -25,7 +25,7 @@ public static class MsrcConnectorServiceCollectionExtensions
        services.AddHttpClient(MsrcConnectorOptions.TokenClientName, client =>
            {
                client.Timeout = TimeSpan.FromSeconds(30);
-                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Vexer.Connectors.MSRC.CSAF/1.0");
+                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Excititor.Connectors.MSRC.CSAF/1.0");
                client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
            })
            .ConfigurePrimaryHttpMessageHandler(static () => new HttpClientHandler
--- a/src/StellaOps.Excititor.Connectors.MSRC.CSAF/StellaOps.Excititor.Connectors.MSRC.CSAF.csproj
+++ b/src/StellaOps.Excititor.Connectors.MSRC.CSAF/StellaOps.Excititor.Connectors.MSRC.CSAF.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />
--- a/src/StellaOps.Excititor.Connectors.MSRC.CSAF/TASKS.md
+++ b/src/StellaOps.Excititor.Connectors.MSRC.CSAF/TASKS.md
@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-MS-01-001 – AAD onboarding & token cache|Team Excititor Connectors – MSRC|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Added MSRC connector project with configurable AAD options, token provider (offline/online modes), DI wiring, and unit tests covering caching and fallback scenarios.|
+|EXCITITOR-CONN-MS-01-002 – CSAF download pipeline|Team Excititor Connectors – MSRC|EXCITITOR-CONN-MS-01-001, EXCITITOR-STORAGE-01-003|TODO – Fetch CSAF packages with retry/backoff, checksum verification, and raw document persistence plus quarantine for schema failures.|
+|EXCITITOR-CONN-MS-01-003 – Trust metadata & provenance hints|Team Excititor Connectors – MSRC|EXCITITOR-CONN-MS-01-002, EXCITITOR-POLICY-01-001|TODO – Emit cosign/AAD issuer metadata, attach provenance details, and document policy integration.|
--- a/src/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/AGENTS.md
+++ b/src/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/AGENTS.md
@@ -20,4 +20,4 @@ Out: normalization/export, policy evaluation, storage implementation.
 - Log image references, attestation counts, verification outcomes; redact credentials.
 - Emit metrics for attestation reuse ratio, verification duration, and failures.
 ## Tests
- Connector tests with mock OCI registry/attestation responses will live in `../StellaOps.Vexer.Connectors.OCI.OpenVEX.Attest.Tests`.
+- Connector tests with mock OCI registry/attestation responses will live in `../StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest.Tests`.
--- a/src/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/TASKS.md
+++ b/src/StellaOps.Excititor.Connectors.OCI.OpenVEX.Attest/TASKS.md
@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-OCI-01-001 – OCI discovery & auth plumbing|Team Excititor Connectors – OCI|EXCITITOR-CONN-ABS-01-001|TODO – Resolve OCI references, configure cosign auth (keyless/keyed), and support offline attestation bundles.|
+|EXCITITOR-CONN-OCI-01-002 – Attestation fetch & verify loop|Team Excititor Connectors – OCI|EXCITITOR-CONN-OCI-01-001, EXCITITOR-ATTEST-01-002|TODO – Download DSSE attestations, trigger verification, handle retries/backoff, and persist raw statements with metadata.|
+|EXCITITOR-CONN-OCI-01-003 – Provenance metadata & policy hooks|Team Excititor Connectors – OCI|EXCITITOR-CONN-OCI-01-002, EXCITITOR-POLICY-01-001|TODO – Emit provenance hints (image, subject digest, issuer) and trust metadata for policy weighting/logging.|
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests/Metadata/OracleCatalogLoaderTests.cs
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests/Metadata/OracleCatalogLoaderTests.cs
@@ -5,13 +5,13 @@ using System.Text;
 using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Metadata;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Metadata;
 using System.IO.Abstractions.TestingHelpers;
 using Xunit;
 using System.Threading;

-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.Tests.Metadata;

 public sealed class OracleCatalogLoaderTests
 {
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests.csproj
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests/StellaOps.Excititor.Connectors.Oracle.CSAF.Tests.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Oracle.CSAF\StellaOps.Vexer.Connectors.Oracle.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Oracle.CSAF\StellaOps.Excititor.Connectors.Oracle.CSAF.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="FluentAssertions" Version="6.12.0" />
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF/AGENTS.md
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF/AGENTS.md
@@ -20,4 +20,4 @@ Out: normalization, storage internals, export/attestation flows.
 - Log CPU release windows, document counts, and fetch durations; redact any secrets.
 - Emit metrics for deduped vs new documents and quarantine rates.
 ## Tests
- Harness tests with mocked Oracle catalogues will live in `../StellaOps.Vexer.Connectors.Oracle.CSAF.Tests`.
+- Harness tests with mocked Oracle catalogues will live in `../StellaOps.Excititor.Connectors.Oracle.CSAF.Tests`.
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF/Configuration/OracleConnectorOptions.cs
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF/Configuration/OracleConnectorOptions.cs
@@ -2,11 +2,11 @@ using System;
 using System.IO;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;

 public sealed class OracleConnectorOptions
 {
-    public const string HttpClientName = "vexer.connector.oracle.catalog";
+    public const string HttpClientName = "excititor.connector.oracle.catalog";

    /// <summary>
    /// Oracle CSAF catalog endpoint hosting advisory metadata.
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF/Configuration/OracleConnectorOptionsValidator.cs
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF/Configuration/OracleConnectorOptionsValidator.cs
@@ -1,9 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.IO.Abstractions;
-using StellaOps.Vexer.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Abstractions;

-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;

 public sealed class OracleConnectorOptionsValidator : IVexConnectorOptionsValidator<OracleConnectorOptions>
 {
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF/DependencyInjection/OracleConnectorServiceCollectionExtensions.cs
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF/DependencyInjection/OracleConnectorServiceCollectionExtensions.cs
@@ -4,13 +4,13 @@ using System.Net.Http;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Metadata;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.DependencyInjection;

 public static class OracleConnectorServiceCollectionExtensions
 {
@@ -29,7 +29,7 @@ public static class OracleConnectorServiceCollectionExtensions
        services.AddHttpClient(OracleConnectorOptions.HttpClientName, client =>
            {
                client.Timeout = TimeSpan.FromSeconds(60);
-                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Vexer.Connectors.Oracle.CSAF/1.0");
+                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Excititor.Connectors.Oracle.CSAF/1.0");
                client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
            })
            .ConfigurePrimaryHttpMessageHandler(static () => new HttpClientHandler
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF/Metadata/OracleCatalogLoader.cs
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF/Metadata/OracleCatalogLoader.cs
@@ -9,13 +9,13 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;

-namespace StellaOps.Vexer.Connectors.Oracle.CSAF.Metadata;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF.Metadata;

 public sealed class OracleCatalogLoader
 {
-    public const string CachePrefix = "StellaOps.Vexer.Connectors.Oracle.CSAF.Catalog";
+    public const string CachePrefix = "StellaOps.Excititor.Connectors.Oracle.CSAF.Catalog";

    private readonly IHttpClientFactory _httpClientFactory;
    private readonly IMemoryCache _memoryCache;
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF/OracleCsafConnector.cs
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF/OracleCsafConnector.cs
@@ -2,17 +2,17 @@ using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Runtime.CompilerServices;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Oracle.CSAF.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Oracle.CSAF.Metadata;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Connectors.Oracle.CSAF;
+namespace StellaOps.Excititor.Connectors.Oracle.CSAF;

 public sealed class OracleCsafConnector : VexConnectorBase
 {
    private static readonly VexConnectorDescriptor DescriptorInstance = new(
-        id: "vexer:oracle",
+        id: "excititor:oracle",
        kind: VexProviderKind.Vendor,
        displayName: "Oracle CSAF")
    {
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF/StellaOps.Excititor.Connectors.Oracle.CSAF.csproj
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF/StellaOps.Excititor.Connectors.Oracle.CSAF.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />
--- a/src/StellaOps.Excititor.Connectors.Oracle.CSAF/TASKS.md
+++ b/src/StellaOps.Excititor.Connectors.Oracle.CSAF/TASKS.md
@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-ORACLE-01-001 – Oracle CSAF catalogue discovery|Team Excititor Connectors – Oracle|EXCITITOR-CONN-ABS-01-001|DOING (2025-10-17) – Implement catalogue discovery, CPU calendar awareness, and offline snapshot import for Oracle CSAF feeds.|
+|EXCITITOR-CONN-ORACLE-01-002 – CSAF download & dedupe pipeline|Team Excititor Connectors – Oracle|EXCITITOR-CONN-ORACLE-01-001, EXCITITOR-STORAGE-01-003|TODO – Fetch CSAF documents with retry/backoff, checksum validation, revision deduplication, and raw persistence.|
+|EXCITITOR-CONN-ORACLE-01-003 – Trust metadata + provenance|Team Excititor Connectors – Oracle|EXCITITOR-CONN-ORACLE-01-002, EXCITITOR-POLICY-01-001|TODO – Emit Oracle signing metadata (PGP/cosign) and provenance hints for consensus weighting.|
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF.Tests/Connectors/RedHatCsafConnectorTests.cs
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF.Tests/Connectors/RedHatCsafConnectorTests.cs
@@ -8,17 +8,17 @@ using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;

-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.Tests.Connectors;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.Tests.Connectors;

 public sealed class RedHatCsafConnectorTests
 {
-    private static readonly VexConnectorDescriptor Descriptor = new("vexer:redhat", VexProviderKind.Distro, "Red Hat CSAF");
+    private static readonly VexConnectorDescriptor Descriptor = new("excititor:redhat", VexProviderKind.Distro, "Red Hat CSAF");

    [Fact]
    public async Task FetchAsync_EmitsDocumentsAfterSince()
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF.Tests/Metadata/RedHatProviderMetadataLoaderTests.cs
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF.Tests/Metadata/RedHatProviderMetadataLoaderTests.cs
@@ -6,11 +6,11 @@ using System.Text;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
 using System.IO.Abstractions.TestingHelpers;

-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.Tests.Metadata;

 public sealed class RedHatProviderMetadataLoaderTests
 {
--- a/src/StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests/StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests.csproj
+++ b/src/StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests/StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests.csproj
@@ -7,8 +7,8 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.SUSE.RancherVEXHub\StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.RedHat.CSAF\StellaOps.Excititor.Connectors.RedHat.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="FluentAssertions" Version="6.12.0" />
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF/AGENTS.md
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF/AGENTS.md
@@ -14,7 +14,7 @@ Connector for Red Hat CSAF VEX feeds, fetching provider metadata, CSAF documents
 - Policy/consensus rely on Red Hat trust metadata captured here.
 ## Interfaces & contracts
 - Implements `IVexConnector` with Red Hat-specific options (parallelism, token auth if configured).
- Uses abstractions from `StellaOps.Vexer.Connectors.Abstractions` for HTTP/resume helpers.
+- Uses abstractions from `StellaOps.Excititor.Connectors.Abstractions` for HTTP/resume helpers.
 ## In/Out of scope
 In: data acquisition, HTTP retries, raw document persistence, provider metadata population.
 Out: normalization, storage internals, attestation, general connector abstractions (covered elsewhere).
@@ -22,4 +22,4 @@ Out: normalization, storage internals, attestation, general connector abstractio
 - Log provider metadata URL, revision ids, fetch durations; redact tokens.
 - Emit counters for documents fetched, skipped (304), quarantined.
 ## Tests
- Connector harness tests (mock HTTP) and resume regression cases will live in `../StellaOps.Vexer.Connectors.RedHat.CSAF.Tests`.
+- Connector harness tests (mock HTTP) and resume regression cases will live in `../StellaOps.Excititor.Connectors.RedHat.CSAF.Tests`.
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF/Configuration/RedHatConnectorOptions.cs
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF/Configuration/RedHatConnectorOptions.cs
@@ -1,7 +1,7 @@
 using System.Collections.Generic;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;

 public sealed class RedHatConnectorOptions
 {
@@ -10,7 +10,7 @@ public sealed class RedHatConnectorOptions
    /// <summary>
    /// HTTP client name registered for the connector.
    /// </summary>
-    public const string HttpClientName = "vexer.connector.redhat";
+    public const string HttpClientName = "excititor.connector.redhat";

    /// <summary>
    /// URI of the CSAF provider metadata document.
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF/DependencyInjection/RedHatConnectorServiceCollectionExtensions.cs
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF/DependencyInjection/RedHatConnectorServiceCollectionExtensions.cs
@@ -2,13 +2,13 @@ using System.Net;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.DependencyInjection;

 public static class RedHatConnectorServiceCollectionExtensions
 {
@@ -29,7 +29,7 @@ public static class RedHatConnectorServiceCollectionExtensions
        services.AddHttpClient(RedHatConnectorOptions.HttpClientName, client =>
            {
                client.Timeout = TimeSpan.FromSeconds(30);
-                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Vexer.Connectors.RedHat/1.0");
+                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Excititor.Connectors.RedHat/1.0");
                client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
            })
            .ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF/Metadata/RedHatProviderMetadataLoader.cs
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF/Metadata/RedHatProviderMetadataLoader.cs
@@ -8,15 +8,15 @@ using System.Text.Json.Serialization;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;

 public sealed class RedHatProviderMetadataLoader
 {
-    public const string CacheKey = "StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata";
+    public const string CacheKey = "StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata";

    private readonly IHttpClientFactory _httpClientFactory;
    private readonly IMemoryCache _cache;
@@ -242,7 +242,7 @@ public sealed class RedHatProviderMetadataLoader

        var trust = BuildTrust();
        return new VexProvider(
-            id: "vexer:redhat",
+            id: "excititor:redhat",
            displayName: document.Metadata.Provider.Name,
            kind: VexProviderKind.Distro,
            baseUris: distributions,
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF/RedHatCsafConnector.cs
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF/RedHatCsafConnector.cs
@@ -7,13 +7,13 @@ using System.Text.Json;
 using System.Xml.Linq;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.RedHat.CSAF.Metadata;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Storage.Mongo;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.RedHat.CSAF.Metadata;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Storage.Mongo;

-namespace StellaOps.Vexer.Connectors.RedHat.CSAF;
+namespace StellaOps.Excititor.Connectors.RedHat.CSAF;

 public sealed class RedHatCsafConnector : VexConnectorBase
 {
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF/StellaOps.Excititor.Connectors.RedHat.CSAF.csproj
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF/StellaOps.Excititor.Connectors.RedHat.CSAF.csproj
@@ -7,8 +7,8 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />
--- a/src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md
+++ b/src/StellaOps.Excititor.Connectors.RedHat.CSAF/TASKS.md
@@ -0,0 +1,10 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-RH-01-001 – Provider metadata discovery|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Added `RedHatProviderMetadataLoader` with HTTP/ETag caching, offline snapshot handling, and validation; exposed DI helper + tests covering live, cached, and offline scenarios.|
+|EXCITITOR-CONN-RH-01-002 – Incremental CSAF pulls|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-001, EXCITITOR-STORAGE-01-003|**DONE (2025-10-17)** – Implemented `RedHatCsafConnector` with ROLIE feed parsing, incremental filtering via `context.Since`, CSAF document download + metadata capture, and persistence through `IVexRawDocumentSink`; tests cover live fetch/cache/offline scenarios with ETag handling.|
+|EXCITITOR-CONN-RH-01-003 – Trust metadata emission|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-002, EXCITITOR-POLICY-01-001|**DONE (2025-10-17)** – Provider metadata loader now emits trust overrides (weight, cosign issuer/pattern, PGP fingerprints) and the connector surfaces provenance hints for policy/consensus layers.|
+|EXCITITOR-CONN-RH-01-004 – Resume state persistence|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-002, EXCITITOR-STORAGE-01-003|**DONE (2025-10-17)** – Connector now loads/saves resume state via `IVexConnectorStateRepository`, tracking last update timestamp and recent document digests to avoid duplicate CSAF ingestion; regression covers state persistence and duplicate skips.|
+|EXCITITOR-CONN-RH-01-005 – Worker/WebService integration|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-002|**DONE (2025-10-17)** – Worker/WebService now call `AddRedHatCsafConnector`, register the connector + state repo, and default worker scheduling adds the `excititor:redhat` provider so background jobs and orchestration can activate the connector without extra wiring.|
+|EXCITITOR-CONN-RH-01-006 – CSAF normalization parity tests|Team Excititor Connectors – Red Hat|EXCITITOR-CONN-RH-01-002, EXCITITOR-FMT-CSAF-01-001|**DONE (2025-10-17)** – Added RHSA fixture-driven regression verifying CSAF normalizer retains Red Hat product metadata, tracking fields, and timestamps (`rhsa-sample.json` + `CsafNormalizerTests.NormalizeAsync_PreservesRedHatSpecificMetadata`).|
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/Authentication/RancherHubTokenProviderTests.cs
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/Authentication/RancherHubTokenProviderTests.cs
@@ -6,11 +6,11 @@ using System.Threading;
 using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Authentication;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Authentication;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;
 using Xunit;

-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests.Authentication;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests.Authentication;

 public sealed class RancherHubTokenProviderTests
 {
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/Metadata/RancherHubMetadataLoaderTests.cs
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/Metadata/RancherHubMetadataLoaderTests.cs
@@ -7,20 +7,20 @@ using System.Text;
 using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Authentication;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Metadata;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Authentication;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Metadata;
 using System.IO.Abstractions.TestingHelpers;
 using System.Threading;
 using Xunit;

-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests.Metadata;

 public sealed class RancherHubMetadataLoaderTests
 {
    private const string SampleDiscovery = """
        {
-          "hubId": "vexer:suse.rancher",
+          "hubId": "excititor:suse.rancher",
          "title": "SUSE Rancher VEX Hub",
          "subscription": {
            "eventsUri": "https://vexhub.suse.com/api/v1/events",
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests.csproj
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests.csproj
@@ -7,8 +7,8 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.RedHat.CSAF\StellaOps.Vexer.Connectors.RedHat.CSAF.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.SUSE.RancherVEXHub\StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="FluentAssertions" Version="6.12.0" />
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/AGENTS.md
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/AGENTS.md
@@ -20,4 +20,4 @@ Out: normalization/export tasks, storage layer implementation, attestation.
 - Log subscription IDs, batch sizes, and checkpoint updates while redacting secrets.
 - Emit metrics for messages processed, lag, and retries.
 ## Tests
- Connector harness tests with simulated hub responses will live in `../StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Tests`.
+- Connector harness tests with simulated hub responses will live in `../StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Tests`.
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/Authentication/RancherHubTokenProvider.cs
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/Authentication/RancherHubTokenProvider.cs
@@ -8,13 +8,13 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;

-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Authentication;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Authentication;

 public sealed class RancherHubTokenProvider
 {
-    private const string CachePrefix = "StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Token";
+    private const string CachePrefix = "StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Token";

    private readonly IHttpClientFactory _httpClientFactory;
    private readonly IMemoryCache _cache;
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/Configuration/RancherHubConnectorOptions.cs
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/Configuration/RancherHubConnectorOptions.cs
@@ -3,7 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;

 public sealed class RancherHubConnectorOptions
 {
@@ -12,7 +12,7 @@ public sealed class RancherHubConnectorOptions
    /// <summary>
    /// HTTP client name registered for the connector.
    /// </summary>
-    public const string HttpClientName = "vexer.connector.suse.rancherhub";
+    public const string HttpClientName = "excititor.connector.suse.rancherhub";

    /// <summary>
    /// URI for the Rancher VEX hub discovery document.
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/Configuration/RancherHubConnectorOptionsValidator.cs
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/Configuration/RancherHubConnectorOptionsValidator.cs
@@ -1,9 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.IO.Abstractions;
-using StellaOps.Vexer.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Abstractions;

-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;

 public sealed class RancherHubConnectorOptionsValidator : IVexConnectorOptionsValidator<RancherHubConnectorOptions>
 {
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/DependencyInjection/RancherHubConnectorServiceCollectionExtensions.cs
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/DependencyInjection/RancherHubConnectorServiceCollectionExtensions.cs
@@ -4,14 +4,14 @@ using System.Net.Http;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Authentication;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Authentication;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Metadata;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.DependencyInjection;

 public static class RancherHubConnectorServiceCollectionExtensions
 {
@@ -36,7 +36,7 @@ public static class RancherHubConnectorServiceCollectionExtensions
        services.AddHttpClient(RancherHubConnectorOptions.HttpClientName, client =>
            {
                client.Timeout = TimeSpan.FromSeconds(30);
-                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Vexer.Connectors.SUSE.RancherVEXHub/1.0");
+                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/1.0");
                client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
            })
            .ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/Metadata/RancherHubMetadataLoader.cs
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/Metadata/RancherHubMetadataLoader.cs
@@ -10,15 +10,15 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Authentication;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Authentication;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Metadata;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Metadata;

 public sealed class RancherHubMetadataLoader
 {
-    public const string CachePrefix = "StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Metadata";
+    public const string CachePrefix = "StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Metadata";

    private readonly IHttpClientFactory _httpClientFactory;
    private readonly IMemoryCache _memoryCache;
@@ -226,7 +226,7 @@ public sealed class RancherHubMetadataLoader
            using var document = JsonDocument.Parse(payload, _documentOptions);
            var root = document.RootElement;

-            var hubId = ReadString(root, "hubId") ?? "vexer:suse:rancher";
+            var hubId = ReadString(root, "hubId") ?? "excititor:suse:rancher";
            var title = ReadString(root, "title") ?? ReadString(root, "displayName") ?? "SUSE Rancher VEX Hub";
            var baseUri = ReadUri(root, "baseUri");

--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/RancherHubConnector.cs
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/RancherHubConnector.cs
@@ -3,17 +3,17 @@ using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Runtime.CompilerServices;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Configuration;
-using StellaOps.Vexer.Connectors.SUSE.RancherVEXHub.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Configuration;
+using StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.Metadata;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Connectors.SUSE.RancherVEXHub;
+namespace StellaOps.Excititor.Connectors.SUSE.RancherVEXHub;

 public sealed class RancherHubConnector : VexConnectorBase
 {
    private static readonly VexConnectorDescriptor StaticDescriptor = new(
-            id: "vexer:suse.rancher",
+            id: "excititor:suse.rancher",
            kind: VexProviderKind.Hub,
            displayName: "SUSE Rancher VEX Hub")
        {
@@ -69,7 +69,7 @@ public sealed class RancherHubConnector : VexConnectorBase
            _metadata = await _metadataLoader.LoadAsync(_options, cancellationToken).ConfigureAwait(false);
        }

-        LogConnectorEvent(LogLevel.Debug, "fetch", "Rancher hub connector discovery ready; event ingestion will be implemented in VEXER-CONN-SUSE-01-002.", new Dictionary<string, object?>
+        LogConnectorEvent(LogLevel.Debug, "fetch", "Rancher hub connector discovery ready; event ingestion will be implemented in EXCITITOR-CONN-SUSE-01-002.", new Dictionary<string, object?>
        {
            ["since"] = context.Since?.ToString("O"),
            ["subscriptionUri"] = _metadata.Metadata.Subscription.EventsUri.ToString(),
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.csproj
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub.csproj
@@ -7,8 +7,8 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Storage.Mongo\StellaOps.Vexer.Storage.Mongo.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Storage.Mongo\StellaOps.Excititor.Storage.Mongo.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />
--- a/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/TASKS.md
+++ b/src/StellaOps.Excititor.Connectors.SUSE.RancherVEXHub/TASKS.md
@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-SUSE-01-001 – Rancher hub discovery & auth|Team Excititor Connectors – SUSE|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Added Rancher hub options/token provider, discovery metadata loader with offline snapshots + caching, connector shell, DI wiring, and unit tests covering network/offline paths.|
+|EXCITITOR-CONN-SUSE-01-002 – Checkpointed event ingestion|Team Excititor Connectors – SUSE|EXCITITOR-CONN-SUSE-01-001, EXCITITOR-STORAGE-01-003|TODO – Process hub events with resume checkpoints, deduplication, and quarantine path for malformed payloads.|
+|EXCITITOR-CONN-SUSE-01-003 – Trust metadata & policy hints|Team Excititor Connectors – SUSE|EXCITITOR-CONN-SUSE-01-002, EXCITITOR-POLICY-01-001|TODO – Emit provider trust configuration (signers, weight overrides) and attach provenance hints for consensus engine.|
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF.Tests/Metadata/UbuntuCatalogLoaderTests.cs
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF.Tests/Metadata/UbuntuCatalogLoaderTests.cs
@@ -5,13 +5,13 @@ using System.Text;
 using FluentAssertions;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging.Abstractions;
-using StellaOps.Vexer.Connectors.Ubuntu.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Ubuntu.CSAF.Metadata;
+using StellaOps.Excititor.Connectors.Ubuntu.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Ubuntu.CSAF.Metadata;
 using System.IO.Abstractions.TestingHelpers;
 using Xunit;
 using System.Threading;

-namespace StellaOps.Vexer.Connectors.Ubuntu.CSAF.Tests.Metadata;
+namespace StellaOps.Excititor.Connectors.Ubuntu.CSAF.Tests.Metadata;

 public sealed class UbuntuCatalogLoaderTests
 {
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF.Tests/StellaOps.Excititor.Connectors.Ubuntu.CSAF.Tests.csproj
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF.Tests/StellaOps.Excititor.Connectors.Ubuntu.CSAF.Tests.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Ubuntu.CSAF\StellaOps.Vexer.Connectors.Ubuntu.CSAF.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Ubuntu.CSAF\StellaOps.Excititor.Connectors.Ubuntu.CSAF.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="FluentAssertions" Version="6.12.0" />
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/AGENTS.md
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/AGENTS.md
@@ -20,4 +20,4 @@ Out: normalization/export, storage internals, attestation.
 - Log release window fetch metrics, rate limits, and deduplication stats; mask secrets.
 - Emit counters for newly ingested vs unchanged USNs and quota usage.
 ## Tests
- Connector tests with mocked Ubuntu CSAF endpoints will live in `../StellaOps.Vexer.Connectors.Ubuntu.CSAF.Tests`.
+- Connector tests with mocked Ubuntu CSAF endpoints will live in `../StellaOps.Excititor.Connectors.Ubuntu.CSAF.Tests`.
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/Configuration/UbuntuConnectorOptions.cs
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/Configuration/UbuntuConnectorOptions.cs
@@ -3,11 +3,11 @@ using System.Collections.Generic;
 using System.IO;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.Ubuntu.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Ubuntu.CSAF.Configuration;

 public sealed class UbuntuConnectorOptions
 {
-    public const string HttpClientName = "vexer.connector.ubuntu.catalog";
+    public const string HttpClientName = "excititor.connector.ubuntu.catalog";

    /// <summary>
    /// Root index that lists Ubuntu CSAF channels.
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/Configuration/UbuntuConnectorOptionsValidator.cs
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/Configuration/UbuntuConnectorOptionsValidator.cs
@@ -1,9 +1,9 @@
 using System;
 using System.Collections.Generic;
 using System.IO.Abstractions;
-using StellaOps.Vexer.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Abstractions;

-namespace StellaOps.Vexer.Connectors.Ubuntu.CSAF.Configuration;
+namespace StellaOps.Excititor.Connectors.Ubuntu.CSAF.Configuration;

 public sealed class UbuntuConnectorOptionsValidator : IVexConnectorOptionsValidator<UbuntuConnectorOptions>
 {
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/DependencyInjection/UbuntuConnectorServiceCollectionExtensions.cs
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/DependencyInjection/UbuntuConnectorServiceCollectionExtensions.cs
@@ -4,13 +4,13 @@ using System.Net.Http;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Ubuntu.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Ubuntu.CSAF.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Ubuntu.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Ubuntu.CSAF.Metadata;
+using StellaOps.Excititor.Core;
 using System.IO.Abstractions;

-namespace StellaOps.Vexer.Connectors.Ubuntu.CSAF.DependencyInjection;
+namespace StellaOps.Excititor.Connectors.Ubuntu.CSAF.DependencyInjection;

 public static class UbuntuConnectorServiceCollectionExtensions
 {
@@ -29,7 +29,7 @@ public static class UbuntuConnectorServiceCollectionExtensions
        services.AddHttpClient(UbuntuConnectorOptions.HttpClientName, client =>
            {
                client.Timeout = TimeSpan.FromSeconds(60);
-                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Vexer.Connectors.Ubuntu.CSAF/1.0");
+                client.DefaultRequestHeaders.UserAgent.ParseAdd("StellaOps.Excititor.Connectors.Ubuntu.CSAF/1.0");
                client.DefaultRequestHeaders.Accept.ParseAdd("application/json");
            })
            .ConfigurePrimaryHttpMessageHandler(static () => new HttpClientHandler
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/Metadata/UbuntuCatalogLoader.cs
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/Metadata/UbuntuCatalogLoader.cs
@@ -9,13 +9,13 @@ using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Ubuntu.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Ubuntu.CSAF.Configuration;

-namespace StellaOps.Vexer.Connectors.Ubuntu.CSAF.Metadata;
+namespace StellaOps.Excititor.Connectors.Ubuntu.CSAF.Metadata;

 public sealed class UbuntuCatalogLoader
 {
-    public const string CachePrefix = "StellaOps.Vexer.Connectors.Ubuntu.CSAF.Index";
+    public const string CachePrefix = "StellaOps.Excititor.Connectors.Ubuntu.CSAF.Index";

    private readonly IHttpClientFactory _httpClientFactory;
    private readonly IMemoryCache _memoryCache;
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/StellaOps.Excititor.Connectors.Ubuntu.CSAF.csproj
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/StellaOps.Excititor.Connectors.Ubuntu.CSAF.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Connectors.Abstractions\StellaOps.Vexer.Connectors.Abstractions.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Connectors.Abstractions\StellaOps.Excititor.Connectors.Abstractions.csproj" />
  </ItemGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.0" />
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/TASKS.md
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/TASKS.md
@@ -0,0 +1,7 @@
+If you are working on this file you need to read docs/ARCHITECTURE_EXCITITOR.md and ./AGENTS.md).
+# TASKS
+| Task | Owner(s) | Depends on | Notes |
+|---|---|---|---|
+|EXCITITOR-CONN-UBUNTU-01-001 – Ubuntu CSAF discovery & channels|Team Excititor Connectors – Ubuntu|EXCITITOR-CONN-ABS-01-001|**DONE (2025-10-17)** – Added Ubuntu connector project with configurable channel options, catalog loader (network/offline), DI wiring, and discovery unit tests.|
+|EXCITITOR-CONN-UBUNTU-01-002 – Incremental fetch & deduplication|Team Excititor Connectors – Ubuntu|EXCITITOR-CONN-UBUNTU-01-001, EXCITITOR-STORAGE-01-003|TODO – Fetch CSAF bundles with ETag handling, checksum validation, deduplication, and raw persistence.|
+|EXCITITOR-CONN-UBUNTU-01-003 – Trust metadata & provenance|Team Excititor Connectors – Ubuntu|EXCITITOR-CONN-UBUNTU-01-002, EXCITITOR-POLICY-01-001|TODO – Emit Ubuntu signing metadata (GPG fingerprints) plus provenance hints for policy weighting and diagnostics.|
--- a/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/UbuntuCsafConnector.cs
+++ b/src/StellaOps.Excititor.Connectors.Ubuntu.CSAF/UbuntuCsafConnector.cs
@@ -2,17 +2,17 @@ using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Runtime.CompilerServices;
 using Microsoft.Extensions.Logging;
-using StellaOps.Vexer.Connectors.Abstractions;
-using StellaOps.Vexer.Connectors.Ubuntu.CSAF.Configuration;
-using StellaOps.Vexer.Connectors.Ubuntu.CSAF.Metadata;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Connectors.Abstractions;
+using StellaOps.Excititor.Connectors.Ubuntu.CSAF.Configuration;
+using StellaOps.Excititor.Connectors.Ubuntu.CSAF.Metadata;
+using StellaOps.Excititor.Core;

-namespace StellaOps.Vexer.Connectors.Ubuntu.CSAF;
+namespace StellaOps.Excititor.Connectors.Ubuntu.CSAF;

 public sealed class UbuntuCsafConnector : VexConnectorBase
 {
    private static readonly VexConnectorDescriptor DescriptorInstance = new(
-        id: "vexer:ubuntu",
+        id: "excititor:ubuntu",
        kind: VexProviderKind.Distro,
        displayName: "Ubuntu CSAF")
    {
--- a/src/StellaOps.Excititor.Core.Tests/StellaOps.Excititor.Core.Tests.csproj
+++ b/src/StellaOps.Excititor.Core.Tests/StellaOps.Excititor.Core.Tests.csproj
@@ -7,7 +7,7 @@
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
  </PropertyGroup>
  <ItemGroup>
-    <ProjectReference Include="..\StellaOps.Vexer.Core\StellaOps.Vexer.Core.csproj" />
-    <ProjectReference Include="..\StellaOps.Vexer.Policy\StellaOps.Vexer.Policy.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Core\StellaOps.Excititor.Core.csproj" />
+    <ProjectReference Include="..\StellaOps.Excititor.Policy\StellaOps.Excititor.Policy.csproj" />
  </ItemGroup>
 </Project>
--- a/src/StellaOps.Excititor.Core.Tests/VexCanonicalJsonSerializerTests.cs
+++ b/src/StellaOps.Excititor.Core.Tests/VexCanonicalJsonSerializerTests.cs
@@ -1,9 +1,9 @@
 using System.Collections.Generic;
 using System.Collections.Immutable;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;
 using Xunit;

-namespace StellaOps.Vexer.Core.Tests;
+namespace StellaOps.Excititor.Core.Tests;

 public sealed class VexCanonicalJsonSerializerTests
 {
--- a/src/StellaOps.Excititor.Core.Tests/VexConsensusResolverTests.cs
+++ b/src/StellaOps.Excititor.Core.Tests/VexConsensusResolverTests.cs
@@ -2,10 +2,10 @@ using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Linq;
-using StellaOps.Vexer.Core;
+using StellaOps.Excititor.Core;
 using Xunit;

-namespace StellaOps.Vexer.Core.Tests;
+namespace StellaOps.Excititor.Core.Tests;

 public sealed class VexConsensusResolverTests
 {
--- a/src/StellaOps.Excititor.Core.Tests/VexPolicyBinderTests.cs
+++ b/src/StellaOps.Excititor.Core.Tests/VexPolicyBinderTests.cs
@@ -1,9 +1,9 @@
 using System;
 using System.IO;
 using System.Text;
-using StellaOps.Vexer.Policy;
+using StellaOps.Excititor.Policy;

-namespace StellaOps.Vexer.Core.Tests;
+namespace StellaOps.Excititor.Core.Tests;

 public sealed class VexPolicyBinderTests
 {
--- a/src/StellaOps.Excititor.Core.Tests/VexPolicyDiagnosticsTests.cs
+++ b/src/StellaOps.Excititor.Core.Tests/VexPolicyDiagnosticsTests.cs
@@ -5,11 +5,11 @@ using System.Linq;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Time.Testing;
-using StellaOps.Vexer.Core;
-using StellaOps.Vexer.Policy;
+using StellaOps.Excititor.Core;
+using StellaOps.Excititor.Policy;
 using System.Diagnostics.Metrics;

-namespace StellaOps.Vexer.Core.Tests;
+namespace StellaOps.Excititor.Core.Tests;

 public class VexPolicyDiagnosticsTests
 {
@@ -52,7 +52,7 @@ public class VexPolicyDiagnosticsTests
        Assert.Equal(new[] { "provider-a", "provider-b" }, report.ActiveOverrides.Keys.OrderBy(static key => key, StringComparer.Ordinal));
        Assert.Contains(report.Recommendations, message => message.Contains("Resolve policy errors", StringComparison.OrdinalIgnoreCase));
        Assert.Contains(report.Recommendations, message => message.Contains("provider-a", StringComparison.OrdinalIgnoreCase));
-        Assert.Contains(report.Recommendations, message => message.Contains("docs/ARCHITECTURE_VEXER.md", StringComparison.OrdinalIgnoreCase));
+        Assert.Contains(report.Recommendations, message => message.Contains("docs/ARCHITECTURE_EXCITITOR.md", StringComparison.OrdinalIgnoreCase));
    }

    [Fact]
@@ -78,7 +78,7 @@ public class VexPolicyDiagnosticsTests
        string? lastRevision = null;
        listener.InstrumentPublished += (instrument, _) =>
        {
-            if (instrument.Meter.Name == "StellaOps.Vexer.Policy" &&
+            if (instrument.Meter.Name == "StellaOps.Excititor.Policy" &&
                instrument.Name == "vex.policy.reloads")
            {
                listener.EnableMeasurementEvents(instrument);
--- a/Show More
+++ b/Show More