4.0 KiB
4.0 KiB
TASKS
| Task | Owner(s) | Depends on | Notes |
|---|---|---|---|
| Identity graph and alias resolver | BE-Merge | Models, Storage.Mongo | DONE – AdvisoryIdentityResolver builds alias-driven clusters with canonical key selection + unit coverage. |
| Precedence policy engine | BE-Merge | Architecture | DONE – precedence defaults enforced by AdvisoryPrecedenceMerger/AdvisoryPrecedenceDefaults with distro/PSIRT overriding registry feeds and CERT/KEV enrichers. |
| NEVRA comparer plus tests | BE-Merge (Distro WG) | Source.Distro fixtures | DONE – Added Nevra parser/comparer with tilde-aware rpm ordering and unit coverage. |
| Debian EVR comparer plus tests | BE-Merge (Distro WG) | Debian fixtures | DONE – DebianEvr comparer mirrors dpkg ordering with tilde/epoch handling and unit coverage. |
| SemVer range resolver plus tests | BE-Merge (OSS WG) | OSV/GHSA fixtures | DONE – SemanticVersionRangeResolver covers introduced/fixed/lastAffected semantics with SemVer ordering tests. |
| Canonical hash and merge_event writer | BE-Merge | Models, Storage.Mongo | DONE – Hash calculator + MergeEventWriter compute canonical SHA-256 digests and persist merge events. |
| Conflict detection and metrics | BE-Merge | Core | DONE – merge meters emit override/conflict counters and structured audits (AdvisoryPrecedenceMerger). |
| FEEDMERGE-ENGINE-04-001 GHSA/NVD/OSV conflict rules | BE-Merge | Core, Storage.Mongo | DONE – AdvisoryMergeService applies CanonicalMerger output before precedence merge, replacing source advisories with the canonical transcript. Coordination: connector fixture owners should surface canonical deltas to Merge QA before regression sign-off. |
| FEEDMERGE-ENGINE-04-002 Override metrics instrumentation | BE-Merge | Observability | DONE – merge events persist MergeFieldDecision records enabling analytics on precedence/freshness decisions. Next: hand off metrics schema to Ops for dashboard wiring. |
| FEEDMERGE-ENGINE-04-003 Reference & credit union pipeline | BE-Merge | Models | DONE – canonical merge preserves union semantics while respecting precedence, validated via updated credit union tests. |
| End-to-end determinism test | QA | Merge, key connectors | DONE – MergePrecedenceIntegrationTests.MergePipeline_IsDeterministicAcrossRuns guards determinism. |
| FEEDMERGE-QA-04-001 End-to-end conflict regression suite | QA | Merge | DONE – AdvisoryMergeServiceTests.MergeAsync_AppliesCanonicalRulesAndPersistsDecisions exercises GHSA/NVD/OSV conflict path and merge-event analytics. Reminder: QA to sync with connector teams once new fixture triples land. |
| Override audit logging | BE-Merge | Observability | DONE – override audits now emit structured logs plus bounded-tag metrics suitable for prod telemetry. |
| Configurable precedence table | BE-Merge | Architecture | DONE – precedence options bind via feedser:merge:precedence:ranks with docs/tests covering operator workflow. |
| Range primitives backlog | BE-Merge | Connector WGs | DOING – Coordinate remaining connectors (Acsc, Cccs, CertBund, CertCc, Cve, Ghsa, Ics.Cisa, Kisa, Ru.Bdu, Ru.Nkcki, Vndr.Apple, Vndr.Cisco, Vndr.Msrc) to emit canonical RangePrimitives with provenance tags; track progress/fixtures here.2025-10-11: Storage alignment notes + sample normalized rule JSON now captured in RANGE_PRIMITIVES_COORDINATION.md (see “Storage alignment quick reference”).2025-10-11 18:45Z: GHSA normalized rules landed; OSV connector picked up next for rollout. 2025-10-11 21:10Z: docs/dev/merge_semver_playbook.md Section 8 now documents the persisted Mongo projection (SemVer + NEVRA) for connector reviewers.2025-10-11 21:30Z: Added docs/dev/normalized_versions_rollout.md dashboard to centralize connector status and upcoming milestones.2025-10-11 21:55Z: Merge now emits feedser.merge.normalized_rules* counters and unions connector-provided normalized arrays; see new test coverage in AdvisoryPrecedenceMergerTests.Merge_RecordsNormalizedRuleMetrics.2025-10-12 17:05Z: CVE + KEV normalized rule verification complete; OSV parity fixtures revalidated—downstream parity/monitoring tasks may proceed. |