stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
05da719048687f0d9e2f7e0677e98463dd7985d3
git.stella-ops.org/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Osv/TASKS.completed.md
master 15b4a1de6a feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries 
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys.
- Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations.
- Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
2025-10-31 14:37:45 +02:00

4.5 KiB
Raw Blame History

Completed Tasks

|Ecosystem fetchers (npm, pypi, maven, go, crates)|BE-Conn-OSV|Source.Common|DONE archive fetch loop iterates ecosystems with pagination + change gating.|

|OSV options & HttpClient configuration|BE-Conn-OSV|Source.Common|DONE OsvOptions + AddOsvConnector configure allowlisted HttpClient.|

|DTO validation + sanitizer|BE-Conn-OSV|Source.Common|DONE JSON deserialization sanitizes payloads before persistence; schema enforcement deferred.|

|Mapper to canonical SemVer ranges|BE-Conn-OSV|Models|DONE OsvMapper emits SemVer ranges with provenance metadata.
2025-10-11 research trail: ensure NormalizedVersions array uses payloads such as [{"scheme":"semver","type":"range","min":"<min>","minInclusive":true,"max":"<max>","maxInclusive":false,"notes":"osv:GHI-2025-0001"}] so storage merges align with GHSA parity tests.|

|Alias consolidation (GHSA/CVE)|BE-Merge|Merge|DONE OSV advisory records now emit GHSA/CVE aliases captured by alias graph tests.|

|Tests: snapshot per ecosystem|QA|Tests|DONE deterministic snapshots added for npm and PyPI advisories.|

|Cursor persistence and hash gating|BE-Conn-OSV|Storage.Mongo|DONE OsvCursor tracks per-ecosystem metadata and SHA gating.|

|Parity checks vs GHSA data|QA|Merge|DONE OsvGhsaParityRegressionTests keep OSV ↔ GHSA fixtures green; regeneration workflow documented in docs/19_TEST_SUITE_OVERVIEW.md.|

|Connector DI routine & job registration|BE-Conn-OSV|Core|DONE DI routine registers fetch/parse/map jobs with scheduler.|

|Implement OSV fetch/parse/map skeleton|BE-Conn-OSV|Source.Common|DONE connector now persists documents, DTOs, and canonical advisories.|

|FEEDCONN-OSV-02-004 OSV references & credits alignment|BE-Conn-OSV|Models FEEDMODELS-SCHEMA-01-002|DONE (2025-10-11) Mapper normalizes references with provenance masks, emits advisory credits, and regression fixtures/assertions cover the new fields.|

|FEEDCONN-OSV-02-005 Fixture updater workflow|BE-Conn-OSV, QA|Docs|DONE (2025-10-12) Canonical PURL derivation now covers Go + scoped npm advisories without upstream purl; legacy invalid npm names still fall back to ecosystem:name. OSV/GHSA/NVD suites and normalization/storage tests rerun clean.|

|FEEDCONN-OSV-02-003 Normalized versions rollout|BE-Conn-OSV|Models FEEDMODELS-SCHEMA-01-003, Normalization playbook|DONE (2025-10-11) OsvMapper now emits SemVer primitives + normalized rules with osv:{ecosystem}:{advisoryId}:{identifier} notes; npm/PyPI/Parity fixtures refreshed; merge coordination pinged (OSV handoff).|

|FEEDCONN-OSV-04-003 Parity fixture refresh|QA, BE-Conn-OSV|Normalized versions rollout, GHSA parity tests|DONE (2025-10-12) Parity fixtures include normalizedVersions notes (osv:<ecosystem>:<id>:<purl>); regression math rerun via dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv.Tests and docs flagged for workflow sync.|

|FEEDCONN-OSV-04-002 Conflict regression fixtures|BE-Conn-OSV, QA|Merge FEEDMERGE-ENGINE-04-001|DONE (2025-10-12) Added conflict-osv.canonical.json + regression asserting SemVer range + CVSS medium severity; dataset matches GHSA/NVD fixtures for merge tests. Validation: dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv.Tests/StellaOps.Concelier.Connector.Osv.Tests.csproj --filter OsvConflictFixtureTests.|

|FEEDCONN-OSV-04-004 Description/CWE/metric parity rollout|BE-Conn-OSV|Models, Core|DONE (2025-10-15) OSV mapper writes advisory descriptions, database_specific.cwe_ids weaknesses, and canonical CVSS metric id. Parity fixtures (osv-ghsa.*, osv-npm.snapshot.json, osv-pypi.snapshot.json) refreshed and status communicated to Merge coordination.|

|FEEDCONN-OSV-04-005 Canonical metric fallbacks & CWE notes|BE-Conn-OSV|Models, Merge|DONE (2025-10-16) Add fallback logic and metrics for advisories lacking CVSS vectors, enrich CWE provenance notes, and document merge/export expectations; refresh parity fixtures accordingly.
2025-10-16: Mapper now emits osv:severity/<level> canonical ids for severity-only advisories, weakness provenance carries database_specific.cwe_ids, diagnostics expose osv.map.canonical_metric_fallbacks, parity fixtures regenerated, and ops notes added in docs/modules/concelier/operations/connectors/osv.md. Tests: dotnet test src/Concelier/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Osv.Tests/StellaOps.Concelier.Connector.Osv.Tests.csproj.|