# Distro Fix Database with Multi-Provider Ingestion

## Module
Concelier

## Status
IMPLEMENTED

## Description
Comprehensive vulnerability feed ingestion from distro (Alpine, Debian, RHEL, SUSE, Ubuntu) and vendor sources with normalization and merge.

## Implementation Details
- **Modules**: `src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/`, `src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.*/`, `src/Concelier/__Libraries/StellaOps.Concelier.Persistence/`
- **Key Classes**:
  - `FixIndexService` (`src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/FixIndexService.cs`) - indexed fix status database populated by distro connectors
  - `BackportStatusService` (`src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/BackportStatusService.cs`) - multi-distro backport status resolution
  - `PostgresAdvisoryStore` (`src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/Advisories/PostgresAdvisoryStore.cs`) - advisory persistence with multi-provider merge
  - `PostgresSourceStateAdapter` (`src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Postgres/SourceStateAdapter.cs`) - tracks ingestion state per source provider
  - **Distro Connectors**: `AlpineConnector`, `DebianConnector`, `RedHatConnector`, `SuseConnector`, `UbuntuConnector` (in `src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.*/`)
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Ingest the same CVE from multiple distro providers and verify the fix database contains entries from all providers
- [ ] Verify normalization: different distro-specific advisory formats are normalized to a common schema
- [ ] Verify merge: advisories from different providers for the same CVE are linked to the same canonical
- [ ] Verify `PostgresSourceStateAdapter` tracks per-provider ingestion cursors for incremental sync
- [ ] Verify `FixIndexService` is populated with fix entries after distro ingestion completes