Restructure solution layout by module

src/Concelier/__Libraries/StellaOps.Concelier.Connector.Osv/AGENTS.md

@@ -0,0 +1,26 @@
+# AGENTS
+## Role
+Connector for OSV.dev across ecosystems; authoritative SemVer/PURL ranges for OSS packages.
+## Scope
+- Fetch by ecosystem or time range; handle pagination and changed-since cursors.
+- Parse OSV JSON; validate schema; capture introduced/fixed events, database_specific where relevant.
+- Map to Advisory with AffectedPackage(type=semver, Identifier=PURL); preserve SemVer constraints and introduced/fixed chronology.
+- Maintain per-ecosystem cursors and deduplicate runs via payload hashes to keep reruns idempotent.
+## Participants
+- Source.Common supplies HTTP clients, pagination helpers, and validators.
+- Storage.Mongo persists documents, DTOs, advisories, and source_state cursors.
+- Merge engine resolves OSV vs GHSA consistency; prefers SemVer data for libraries; distro OVAL still overrides OS packages.
+- Exporters serialize per-ecosystem ranges untouched.
+## Interfaces & contracts
+- Job kinds: osv:fetch, osv:parse, osv:map (naming consistent with other connectors).
+- Aliases include CVE/GHSA/OSV IDs; references include advisory/patch/release URLs.
+- Provenance records method=parser and source=osv.
+## In/Out of scope
+In: SemVer+PURL accuracy for OSS ecosystems.
+Out: vendor PSIRT and distro OVAL specifics.
+## Observability & security expectations
+- Metrics: SourceDiagnostics exposes the shared `concelier.source.http.*` counters/histograms tagged `concelier.source=osv`; observability dashboards slice on the tag to monitor item volume, schema failures, range counts, and ecosystem coverage. Logs include ecosystem and cursor values.
+## Tests
+- Author and review coverage in `../StellaOps.Concelier.Connector.Osv.Tests`.
+- Shared fixtures (e.g., `MongoIntegrationFixture`, `ConnectorTestHarness`) live in `../StellaOps.Concelier.Testing`.
+- Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.