# VEX Claim Normalization (Multi-Format Ingestion)

## Module
Excititor

## Status
IMPLEMENTED

## Description
Normalization of VEX claims from OpenVEX, CycloneDX VEX, and CSAF formats into canonical internal representation with vendor-specific connectors (Ubuntu, Red Hat, Oracle, Microsoft, Cisco).

## Implementation Details
- **Modules**: `src/Excititor/__Libraries/StellaOps.Excititor.Core/`, `src/Excititor/__Libraries/StellaOps.Excititor.Connectors.*/`
- **Key Classes**:
  - `VexClaim` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/VexClaim.cs`) - canonical VEX claim model
  - `VexAdvisoryKeyCanonicalizer` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Canonicalization/VexAdvisoryKeyCanonicalizer.cs`) - canonicalizes advisory keys across formats
  - `VexProductKeyCanonicalizer` (`src/Excititor/__Libraries/StellaOps.Excititor.Core/Canonicalization/VexProductKeyCanonicalizer.cs`) - canonicalizes product keys across formats
  - `UbuntuCsafConnector` (`src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Ubuntu.CSAF/UbuntuCsafConnector.cs`) - Ubuntu CSAF ingestion
  - `RedHatCsafConnector` (`src/Excititor/__Libraries/StellaOps.Excititor.Connectors.RedHat.CSAF/RedHatCsafConnector.cs`) - Red Hat CSAF ingestion
  - `OracleCsafConnector` (`src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Oracle.CSAF/OracleCsafConnector.cs`) - Oracle CSAF ingestion
  - `MsrcCsafConnector` (`src/Excititor/__Libraries/StellaOps.Excititor.Connectors.MSRC.CSAF/MsrcCsafConnector.cs`) - Microsoft MSRC CSAF ingestion
  - `CiscoCsafConnector` (`src/Excititor/__Libraries/StellaOps.Excititor.Connectors.Cisco.CSAF/CiscoCsafConnector.cs`) - Cisco CSAF ingestion
  - `VexIngestOrchestrator` (`src/Excititor/StellaOps.Excititor.WebService/Services/VexIngestOrchestrator.cs`) - orchestrates multi-format ingestion
- **Interfaces**: `VexConnectorBase` (abstract base)
- **Source**: Feature matrix scan

## E2E Test Plan
- [ ] Ingest a CSAF advisory from each vendor connector (Ubuntu, Red Hat, Oracle, Microsoft, Cisco) and verify normalization into `VexClaim`
- [ ] Verify `VexAdvisoryKeyCanonicalizer` produces identical keys for the same advisory across different formats
- [ ] Verify `VexProductKeyCanonicalizer` produces identical product keys for the same product across formats
- [ ] Ingest the same vulnerability from multiple formats (OpenVEX, CSAF, CycloneDX) and verify they normalize to equivalent claims
- [ ] Verify `VexIngestOrchestrator` routes documents to the correct normalizer based on format detection
- [ ] Verify normalization handles vendor-specific fields (Red Hat errata, Microsoft KB articles, Cisco bug IDs)