audit work

src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Debian/AGENTS.md

@@ -0,0 +1,25 @@
+# Concelier Debian Connector Charter
+
+## Mission
+Implement and maintain the Debian security tracker connector that ingests Debian advisory data into Concelier under the Aggregation-Only Contract (AOC). Preserve Debian EVR semantics and provenance while keeping ingestion deterministic and offline-ready.
+
+## Scope
+- Connector fetch/parse/map logic in `StellaOps.Concelier.Connector.Distro.Debian`.
+- DSA list parsing and advisory HTML parsing.
+- Source cursor/fetch caching and deterministic mapping.
+- Unit/integration tests and fixtures for list/detail parsing and mapping.
+
+## Required Reading
+- `docs/modules/concelier/architecture.md`
+- `docs/modules/platform/architecture-overview.md`
+- `docs/ingestion/aggregation-only-contract.md`
+- `docs/modules/concelier/operations/mirror.md`
+- `docs/product-advisories/archived/22-Dec-2025 - Getting Distro Backport Logic Right.md`
+
+## Working Agreement
+1. **Status sync**: update task state to `DOING`/`DONE` in the sprint file and local `TASKS.md` before/after work.
+2. **AOC adherence**: do not derive severity or merge fields; persist upstream data with provenance.
+3. **Determinism**: sort advisory IDs, CVE lists, packages, and version keys; normalize timestamps to UTC ISO-8601.
+4. **Offline readiness**: only fetch from allowlisted Debian tracker hosts; document bundle usage for air-gapped runs.
+5. **Testing**: add fixtures for list/detail parsing and mapping; keep integration tests deterministic and opt-in.
+6. **Documentation**: update connector ops docs when configuration or mapping changes.