Files

master 15b4a1de6a feat: Document completed tasks for KMS, Cryptography, and Plugin Libraries

- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys.
- Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations.
- Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.

2025-10-31 14:37:45 +02:00

3.8 KiB

Raw Blame History

Completed Tasks

|Identity graph and alias resolver|BE-Merge|Models, Storage.Mongo|DONE – AdvisoryIdentityResolver builds alias-driven clusters with canonical key selection + unit coverage.|

|Precedence policy engine|BE-Merge|Architecture|DONE – precedence defaults enforced by AdvisoryPrecedenceMerger/AdvisoryPrecedenceDefaults with distro/PSIRT overriding registry feeds and CERT/KEV enrichers.|

|SemVer range resolver plus tests|BE-Merge (OSS WG)|OSV/GHSA fixtures|DONE – SemanticVersionRangeResolver covers introduced/fixed/lastAffected semantics with SemVer ordering tests.|

|Canonical hash and merge_event writer|BE-Merge|Models, Storage.Mongo|DONE – Hash calculator + MergeEventWriter compute canonical SHA-256 digests and persist merge events.|

|FEEDMERGE-ENGINE-04-001 GHSA/NVD/OSV conflict rules|BE-Merge|Core, Storage.Mongo|DONE – AdvisoryMergeService applies CanonicalMerger output before precedence merge, replacing source advisories with the canonical transcript. Coordination: connector fixture owners should surface canonical deltas to Merge QA before regression sign-off.|

|FEEDMERGE-ENGINE-04-002 Override metrics instrumentation|BE-Merge|Observability|DONE – merge events persist MergeFieldDecision records enabling analytics on precedence/freshness decisions. Next: hand off metrics schema to Ops for dashboard wiring.|

|FEEDMERGE-ENGINE-04-003 Reference & credit union pipeline|BE-Merge|Models|DONE – canonical merge preserves union semantics while respecting precedence, validated via updated credit union tests.|

|FEEDMERGE-QA-04-001 End-to-end conflict regression suite|QA|Merge|DONE – AdvisoryMergeServiceTests.MergeAsync_AppliesCanonicalRulesAndPersistsDecisions exercises GHSA/NVD/OSV conflict path and merge-event analytics. Reminder: QA to sync with connector teams once new fixture triples land.|

|Merge pipeline parity for new advisory fields|BE-Merge|Models, Core|DONE (2025-10-15) – merge service now surfaces description/CWE/canonical metric decisions with updated metrics/tests.|

|Connector coordination for new advisory fields|Connector Leads, BE-Merge|Models, Core|DONE (2025-10-15) – GHSA, NVD, and OSV connectors now emit advisory descriptions, CWE weaknesses, and canonical metric ids. Fixtures refreshed (GHSA connector regression suite, conflict-nvd.canonical.json, OSV parity snapshots) and completion recorded in coordination log.|

|FEEDMERGE-ENGINE-07-001 Conflict sets & explainers|BE-Merge|FEEDSTORAGE-DATA-07-001|DONE (2025-10-20) – Merge surfaces conflict explainers with replay hashes via MergeConflictSummary; API exposes structured payloads and integration tests cover deterministic asOf hashes.|

Remark (2025-10-20): AdvisoryMergeService now returns conflict summaries with deterministic hashes; WebService replay endpoint emits typed explainers verified by new tests.

3.8 KiB Raw Blame History Unescape Escape

Completed Tasks

3.8 KiB

Raw Blame History