# AGENTS
## Role
Implement the CERT/CC (Carnegie Mellon CERT Coordination Center) advisory connector so Concelier can ingest US CERT coordination bulletins.

## Scope
- Identify CERT/CC advisory publication format (VU#, blog, RSS, JSON) and define fetch cadence/windowing.
- Implement fetch, parse, and mapping jobs with cursor persistence and dedupe.
- Normalise advisory content (summary, impacted vendors, products, recommended mitigations, CVEs).
- Produce canonical `Advisory` objects including aliases, references, affected packages, and range primitive metadata.
- Supply fixtures and deterministic regression tests.

## Participants
- `Source.Common` (HTTP/fetch utilities, DTO storage).
- `Storage.Mongo` (raw/document/DTO/advisory stores and state).
- `Concelier.Models` (canonical structures).
- `Concelier.Testing` (integration tests and snapshots).

## Interfaces & Contracts
- Job kinds: `certcc:fetch`, `certcc:parse`, `certcc:map`.
- Persist upstream caching metadata (ETag/Last-Modified) when available.
- Aliases should capture CERT/CC VU IDs and referenced CVEs.

## In/Out of scope
In scope:
- End-to-end connector with range primitive instrumentation and telemetry.

Out of scope:
- ICS-CERT alerts (handled by dedicated connector) or blog posts unrelated to advisories.

## Observability & Security Expectations
- Log fetch and mapping statistics; surface failures with backoff.
- Sanitise HTML sources before persistence.
- Respect upstream throttling via retry/backoff.

## Tests
- Add `StellaOps.Concelier.Connector.CertCc.Tests` to cover fetch/parse/map with canned fixtures.
- Snapshot canonical advisories and support UPDATE flag for regeneration.
- Ensure deterministic ordering and timestamp normalisation.