# AGENTS
## Role
ANSSI CERT-FR advisories connector (avis/alertes) providing national enrichment: advisory metadata, CVE links, mitigation notes, and references.
## Scope
- Harvest CERT-FR items via RSS and/or list pages; follow item pages for detail; window by publish/update date.
- Validate HTML or JSON payloads; extract structured fields; map to canonical aliases, references, severity text.
- Maintain watermarks and de-duplication by content hash; idempotent processing.
## Participants
- Source.Common (HTTP, HTML parsing helpers, validators).
- Storage.Postgres (document, dto, advisory, reference, source_state).
- Models (canonical).
- Core/WebService (jobs: source:certfr:fetch|parse|map).
- Merge engine (later) to enrich only.
## Interfaces & contracts
- Treat CERT-FR as enrichment; never override distro or PSIRT version ranges absent concrete evidence.
- References must include primary bulletin URL and vendor links; tag kind=bulletin/vendor/mitigation appropriately.
- Provenance records cite "cert-fr" with method=parser and source URL.
## In/Out of scope
In: advisory metadata extraction, references, severity text, watermarking.
Out: OVAL or package-level authority.
## Observability & security expectations
- Metrics: SourceDiagnostics emits shared `concelier.source.http.*` counters/histograms tagged `concelier.source=certfr`, covering fetch counts, parse failures, and map activity.
- Logs: feed URL(s), item ids/urls, extraction durations; no PII; allowlist hostnames.
## Tests
- Author and review coverage in `../StellaOps.Concelier.Connector.CertFr.Tests`.
- Shared fixtures (e.g., `PostgresIntegrationFixture`, `ConnectorTestHarness`) live in `../StellaOps.Concelier.Testing`.
- Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.

## Required Reading
- `docs/modules/concelier/architecture.md`
- `docs/modules/platform/architecture-overview.md`

## Working Agreement
- 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
- 2. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
- 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
- 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
- 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.