417ef83202
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
- Implemented comprehensive unit tests for VexCandidateEmitter to validate candidate emission logic based on various scenarios including absent and present APIs, confidence thresholds, and rate limiting. - Added integration tests for SmartDiff PostgreSQL repositories, covering snapshot storage and retrieval, candidate storage, and material risk change handling. - Ensured tests validate correct behavior for storing, retrieving, and querying snapshots and candidates, including edge cases and expected outcomes.
2.5 KiB
2.5 KiB
AGENTS
Role
ANSSI CERT-FR advisories connector (avis/alertes) providing national enrichment: advisory metadata, CVE links, mitigation notes, and references.
Scope
- Harvest CERT-FR items via RSS and/or list pages; follow item pages for detail; window by publish/update date.
- Validate HTML or JSON payloads; extract structured fields; map to canonical aliases, references, severity text.
- Maintain watermarks and de-duplication by content hash; idempotent processing.
Participants
- Source.Common (HTTP, HTML parsing helpers, validators).
- Storage.Postgres (document, dto, advisory, reference, source_state).
- Models (canonical).
- Core/WebService (jobs: source:certfr:fetch|parse|map).
- Merge engine (later) to enrich only.
Interfaces & contracts
- Treat CERT-FR as enrichment; never override distro or PSIRT version ranges absent concrete evidence.
- References must include primary bulletin URL and vendor links; tag kind=bulletin/vendor/mitigation appropriately.
- Provenance records cite "cert-fr" with method=parser and source URL.
In/Out of scope
In: advisory metadata extraction, references, severity text, watermarking. Out: OVAL or package-level authority.
Observability & security expectations
- Metrics: SourceDiagnostics emits shared
concelier.source.http.*counters/histograms taggedconcelier.source=certfr, covering fetch counts, parse failures, and map activity. - Logs: feed URL(s), item ids/urls, extraction durations; no PII; allowlist hostnames.
Tests
- Author and review coverage in
../StellaOps.Concelier.Connector.CertFr.Tests. - Shared fixtures (e.g.,
PostgresIntegrationFixture,ConnectorTestHarness) live in../StellaOps.Concelier.Testing. - Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.
Required Reading
docs/modules/concelier/architecture.mddocs/modules/platform/architecture-overview.md
Working Agreement
-
- Update task status to
DOING/DONEin both correspoding sprint file/docs/implplan/SPRINT_*.mdand the localTASKS.mdwhen you start or finish work.
- Update task status to
-
- Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
-
- Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
-
- Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
-
- Revert to
TODOif you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
- Revert to