5.6 KiB
5.6 KiB
Normalized Versions Rollout Dashboard (Sprint 2 – Concelier)
Status date: 2025-10-12 17:05 UTC
This dashboard tracks connector readiness for emitting AffectedPackage.NormalizedVersions arrays and highlights upcoming coordination checkpoints. Use it alongside:
src/StellaOps.Concelier.Merge/RANGE_PRIMITIVES_COORDINATION.mdfor detailed guidance and timelines.- Concelier SemVer Merge Playbook §8 for persisted Mongo document shapes.
- Normalized Versions Query Guide for index/query validation steps.
Key milestones
- 2025-10-12 – Normalization finalized
SemVerRangeRuleBuilderAPI contract (multi-segment comparators + notes), connector review opens. - 2025-10-17 – Connector owners to post fixture PRs showing
NormalizedVersionsarrays (even if feature-flagged). - 2025-10-18 – Merge cross-connector review to validate consistent field usage before enabling union logic.
Connector readiness matrix
| Connector | Owner team | Normalized versions status | Last update | Next action / link |
|---|---|---|---|---|
| Acsc | BE-Conn-ACSC | ❌ Not started – mapper pending | 2025-10-11 | Design DTOs + mapper with normalized rule array; see src/StellaOps.Concelier.Source.Acsc/TASKS.md. |
| Cccs | BE-Conn-CCCS | ❌ Not started – mapper pending | 2025-10-11 | Add normalized SemVer array in canonical mapper; coordinate fixtures per TASKS.md. |
| CertBund | BE-Conn-CERTBUND | ✅ Canonical mapper emitting vendor ranges | 2025-10-14 | Normalized vendor range payloads landed alongside telemetry/docs updates; see src/StellaOps.Concelier.Source.CertBund/TASKS.md. |
| CertCc | BE-Conn-CERTCC | ⚠️ In progress – fetch pipeline DOING | 2025-10-11 | Implement VINCE mapper with SemVer/NEVRA rules; unblock snapshot regeneration; src/StellaOps.Concelier.Source.CertCc/TASKS.md. |
| Kev | BE-Conn-KEV | ✅ Normalized catalog/due-date rules verified | 2025-10-12 | Fixtures reconfirmed via dotnet test src/StellaOps.Concelier.Source.Kev.Tests; src/StellaOps.Concelier.Source.Kev/TASKS.md. |
| Cve | BE-Conn-CVE | ✅ Normalized SemVer rules verified | 2025-10-12 | Snapshot parity green (dotnet test src/StellaOps.Concelier.Source.Cve.Tests); src/StellaOps.Concelier.Source.Cve/TASKS.md. |
| Ghsa | BE-Conn-GHSA | ⚠️ DOING – normalized rollout task active | 2025-10-11 18:45 UTC | Wire SemVerRangeRuleBuilder + refresh fixtures; src/StellaOps.Concelier.Source.Ghsa/TASKS.md. |
| Osv | BE-Conn-OSV | ✅ SemVer mapper & parity fixtures verified | 2025-10-12 | GHSA parity regression passing (dotnet test src/StellaOps.Concelier.Source.Osv.Tests); src/StellaOps.Concelier.Source.Osv/TASKS.md. |
| Ics.Cisa | BE-Conn-ICS-CISA | ❌ Not started – mapper TODO | 2025-10-11 | Plan SemVer/firmware scheme selection; src/StellaOps.Concelier.Source.Ics.Cisa/TASKS.md. |
| Kisa | BE-Conn-KISA | ✅ Landed 2025-10-14 (mapper + telemetry) | 2025-10-11 | Hangul-aware mapper emits normalized rules; see docs/dev/kisa_connector_notes.md for localisation/metric details. |
| Ru.Bdu | BE-Conn-BDU | ✅ Raw scheme emitted | 2025-10-14 | Mapper now writes ru-bdu.raw normalized rules with provenance + telemetry; src/StellaOps.Concelier.Source.Ru.Bdu/TASKS.md. |
| Ru.Nkcki | BE-Conn-Nkcki | ❌ Not started – mapper TODO | 2025-10-11 | Similar to BDU; ensure Cyrillic provenance preserved; src/StellaOps.Concelier.Source.Ru.Nkcki/TASKS.md. |
| Vndr.Apple | BE-Conn-Apple | ✅ Shipped – emitting normalized arrays | 2025-10-11 | Continue fixture/tooling work; src/StellaOps.Concelier.Source.Vndr.Apple/TASKS.md. |
| Vndr.Cisco | BE-Conn-Cisco | ✅ SemVer + vendor extensions emitted | 2025-10-14 | Connector outputs SemVer primitives with cisco.productId notes; see CiscoMapper and fixtures for coverage. |
| Vndr.Msrc | BE-Conn-MSRC | ✅ Map + normalized build rules landed | 2025-10-15 | MsrcMapper emits msrc.build normalized rules with CVRF references; see src/StellaOps.Concelier.Source.Vndr.Msrc/TASKS.md. |
| Nvd | BE-Conn-NVD | ⚠️ Needs follow-up – mapper complete but normalized array MR pending | 2025-10-11 | Align CVE notes + normalized payload flag; src/StellaOps.Concelier.Source.Nvd/TASKS.md. |
Legend: ✅ complete, ⚠️ in progress/partial, ❌ not started.
Monitoring
- Merge now emits
concelier.merge.normalized_rules(tags:package_type,scheme) andconcelier.merge.normalized_rules_missing(tags:package_type). Track these counters to confirm normalized arrays land as connectors roll out. - Expect
normalized_rules_missingto trend toward zero as each connector flips on normalized output. Investigate any sustained counts by checking the corresponding moduleTASKS.md.
Implementation tips
- When a connector only needs to populate
AffectedPackage.NormalizedVersions(without reusing range primitives), callSemVerRangeRuleBuilder.BuildNormalizedRules(rawRange, patchedVersion, note)to project the normalized rule list directly. This avoids re-wrappingSemVerRangeBuildResultinstances and keeps provenance notes consistent with the shared builder.
How to use this dashboard
- Before opening a connector PR, update the module
TASKS.mdentry and drop a short bullet here (status + timestamp). - When a connector lands normalized outputs, flip the status to ✅ and note any rollout toggles (feature flags, fixture regenerations).
- If a dependency or blocker emerges, add it both in the module
TASKS.mdand in this matrix so merge/storage can escalate quickly.