1.9 KiB
1.9 KiB
TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
| Ecosystem fetchers (npm, pypi, maven, go, crates) | BE-Conn-OSV | Source.Common | DONE – archive fetch loop iterates ecosystems with pagination + change gating. |
| OSV options & HttpClient configuration | BE-Conn-OSV | Source.Common | DONE – OsvOptions + AddOsvConnector configure allowlisted HttpClient. |
| DTO validation + sanitizer | BE-Conn-OSV | Source.Common | DONE – JSON deserialization sanitizes payloads before persistence; schema enforcement deferred. |
| Mapper to canonical SemVer ranges | BE-Conn-OSV | Models | DONE – OsvMapper emits SemVer ranges with provenance metadata. |
| Alias consolidation (GHSA/CVE) | BE-Merge | Merge | DONE – OSV advisory records now emit GHSA/CVE aliases captured by alias graph tests. |
| Tests: snapshot per ecosystem | QA | Tests | DONE – deterministic snapshots added for npm and PyPI advisories. |
| Cursor persistence and hash gating | BE-Conn-OSV | Storage.Mongo | DONE – OsvCursor tracks per-ecosystem metadata and SHA gating. |
| Parity checks vs GHSA data | QA | Merge | DONE – OsvGhsaParityRegressionTests keep OSV ↔ GHSA fixtures green; regeneration workflow documented in docs/19_TEST_SUITE_OVERVIEW.md. |
| Connector DI routine & job registration | BE-Conn-OSV | Core | DONE – DI routine registers fetch/parse/map jobs with scheduler. |
| Implement OSV fetch/parse/map skeleton | BE-Conn-OSV | Source.Common | DONE – connector now persists documents, DTOs, and canonical advisories. |
| FEEDCONN-OSV-02-004 OSV references & credits alignment | BE-Conn-OSV | Models FEEDMODELS-SCHEMA-01-002 |
DONE (2025-10-11) – Mapper normalizes references with provenance masks, emits advisory credits, and regression fixtures/assertions cover the new fields. |
| FEEDCONN-OSV-02-005 Fixture updater workflow | BE-Conn-OSV, QA | Docs | TODO – Document tools/FixtureUpdater, add parity regression steps, and ensure future refreshes capture credit metadata consistently. |