stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
55464f84984ae579eca18456874ba5ccac6ccf29
git.stella-ops.org/src/Concelier/__Libraries/StellaOps.Concelier.Merge/TASKS.md
Vladimir Moushkov 55464f8498
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
up
2025-10-29 19:24:20 +02:00

9.4 KiB
Raw Blame History

TASKS

Task Owner(s) Depends on Notes
Identity graph and alias resolver BE-Merge Models, Storage.Mongo DONE AdvisoryIdentityResolver builds alias-driven clusters with canonical key selection + unit coverage.
Precedence policy engine BE-Merge Architecture DONE precedence defaults enforced by AdvisoryPrecedenceMerger/AdvisoryPrecedenceDefaults with distro/PSIRT overriding registry feeds and CERT/KEV enrichers.
NEVRA comparer plus tests BE-Merge (Distro WG) Source.Distro fixtures DONE Added Nevra parser/comparer with tilde-aware rpm ordering and unit coverage.
Debian EVR comparer plus tests BE-Merge (Distro WG) Debian fixtures DONE DebianEvr comparer mirrors dpkg ordering with tilde/epoch handling and unit coverage.
SemVer range resolver plus tests BE-Merge (OSS WG) OSV/GHSA fixtures DONE SemanticVersionRangeResolver covers introduced/fixed/lastAffected semantics with SemVer ordering tests.
Canonical hash and merge_event writer BE-Merge Models, Storage.Mongo DONE Hash calculator + MergeEventWriter compute canonical SHA-256 digests and persist merge events.
Conflict detection and metrics BE-Merge Core DONE merge meters emit override/conflict counters and structured audits (AdvisoryPrecedenceMerger).
FEEDMERGE-ENGINE-04-001 GHSA/NVD/OSV conflict rules BE-Merge Core, Storage.Mongo DONE AdvisoryMergeService applies CanonicalMerger output before precedence merge, replacing source advisories with the canonical transcript. Coordination: connector fixture owners should surface canonical deltas to Merge QA before regression sign-off.
FEEDMERGE-ENGINE-04-002 Override metrics instrumentation BE-Merge Observability DONE merge events persist MergeFieldDecision records enabling analytics on precedence/freshness decisions. Next: hand off metrics schema to Ops for dashboard wiring.
FEEDMERGE-ENGINE-04-003 Reference & credit union pipeline BE-Merge Models DONE canonical merge preserves union semantics while respecting precedence, validated via updated credit union tests.
End-to-end determinism test QA Merge, key connectors DONE MergePrecedenceIntegrationTests.MergePipeline_IsDeterministicAcrossRuns guards determinism.
FEEDMERGE-QA-04-001 End-to-end conflict regression suite QA Merge DONE AdvisoryMergeServiceTests.MergeAsync_AppliesCanonicalRulesAndPersistsDecisions exercises GHSA/NVD/OSV conflict path and merge-event analytics. Reminder: QA to sync with connector teams once new fixture triples land.
Override audit logging BE-Merge Observability DONE override audits now emit structured logs plus bounded-tag metrics suitable for prod telemetry.
Configurable precedence table BE-Merge Architecture DONE precedence options bind via concelier:merge:precedence:ranks with docs/tests covering operator workflow.
Range primitives backlog BE-Merge Connector WGs DOING Coordinate remaining connectors (Acsc, Cccs, CertBund, CertCc, Cve, Ghsa, Ics.Cisa, Kisa, Ru.Bdu, Ru.Nkcki, Vndr.Apple, Vndr.Cisco, Vndr.Msrc) to emit canonical RangePrimitives with provenance tags; track progress/fixtures here.
2025-10-11: Storage alignment notes + sample normalized rule JSON now captured in RANGE_PRIMITIVES_COORDINATION.md (see “Storage alignment quick reference”).
2025-10-11 18:45Z: GHSA normalized rules landed; OSV connector picked up next for rollout.
2025-10-11 21:10Z: docs/dev/merge_semver_playbook.md Section 8 now documents the persisted Mongo projection (SemVer + NEVRA) for connector reviewers.
2025-10-11 21:30Z: Added docs/dev/normalized_versions_rollout.md dashboard to centralize connector status and upcoming milestones.
2025-10-11 21:55Z: Merge now emits concelier.merge.normalized_rules* counters and unions connector-provided normalized arrays; see new test coverage in AdvisoryPrecedenceMergerTests.Merge_RecordsNormalizedRuleMetrics.
2025-10-12 17:05Z: CVE + KEV normalized rule verification complete; OSV parity fixtures revalidated—downstream parity/monitoring tasks may proceed.
2025-10-19 14:35Z: Prerequisites reviewed (none outstanding); FEEDMERGE-COORD-02-900 remains in DOING with connector follow-ups unchanged.
2025-10-19 15:25Z: Refreshed RANGE_PRIMITIVES_COORDINATION.md matrix + added targeted follow-ups (Cccs, CertBund, ICS-CISA, Kisa, Vndr.Cisco) with delivery dates 2025-10-21 → 2025-10-25; monitoring merge counters for regression.
2025-10-29: Added merge-time warnings highlighting sources/package types when ranges emit without normalized rules to accelerate backlog triage.
Range primitives backlog BE-Merge Connector WGs DOING Coordinate remaining connectors (Acsc, Cccs, CertBund, CertCc, Cve, Ghsa, Ics.Cisa, Kisa, Ru.Bdu, Ru.Nkcki, Vndr.Apple, Vndr.Cisco, Vndr.Msrc) to emit canonical RangePrimitives with provenance tags; track progress/fixtures here.
2025-10-11: Storage alignment notes + sample normalized rule JSON now captured in RANGE_PRIMITIVES_COORDINATION.md (see “Storage alignment quick reference”).
2025-10-11 18:45Z: GHSA normalized rules landed; OSV connector picked up next for rollout.
2025-10-11 21:10Z: docs/dev/merge_semver_playbook.md Section 8 now documents the persisted Mongo projection (SemVer + NEVRA) for connector reviewers.
2025-10-11 21:30Z: Added docs/dev/normalized_versions_rollout.md dashboard to centralize connector status and upcoming milestones.
2025-10-11 21:55Z: Merge now emits concelier.merge.normalized_rules* counters and unions connector-provided normalized arrays; see new test coverage in AdvisoryPrecedenceMergerTests.Merge_RecordsNormalizedRuleMetrics.
2025-10-12 17:05Z: CVE + KEV normalized rule verification complete; OSV parity fixtures revalidated—downstream parity/monitoring tasks may proceed.
2025-10-19 14:35Z: Prerequisites reviewed (none outstanding); FEEDMERGE-COORD-02-900 remains in DOING with connector follow-ups unchanged.
2025-10-19 15:25Z: Refreshed RANGE_PRIMITIVES_COORDINATION.md matrix + added targeted follow-ups (Cccs, CertBund, ICS-CISA, Kisa, Vndr.Cisco) with delivery dates 2025-10-21 → 2025-10-25; monitoring merge counters for regression.
2025-10-20 19:30Z: Coordination matrix + rollout dashboard updated with current connector statuses and due dates; flagged Slack escalation plan if Cccs/Cisco miss 2025-10-21 and documented Acsc kickoff window for 2025-10-24.
Merge pipeline parity for new advisory fields BE-Merge Models, Core DONE (2025-10-15) merge service now surfaces description/CWE/canonical metric decisions with updated metrics/tests.
Connector coordination for new advisory fields Connector Leads, BE-Merge Models, Core DONE (2025-10-15) GHSA, NVD, and OSV connectors now emit advisory descriptions, CWE weaknesses, and canonical metric ids. Fixtures refreshed (GHSA connector regression suite, conflict-nvd.canonical.json, OSV parity snapshots) and completion recorded in coordination log.
FEEDMERGE-ENGINE-07-001 Conflict sets & explainers BE-Merge FEEDSTORAGE-DATA-07-001 DONE (2025-10-20) Merge surfaces conflict explainers with replay hashes via MergeConflictSummary; API exposes structured payloads and integration tests cover deterministic asOf hashes.

Remark (2025-10-20): AdvisoryMergeService now returns conflict summaries with deterministic hashes; WebService replay endpoint emits typed explainers verified by new tests. |FEEDMERGE-COORD-02-901 Connector deadline check-ins|BE-Merge|FEEDMERGE-COORD-02-900|TODO (due 2025-10-21) Confirm Cccs/Cisco normalized-rule branches land, capture concelier.merge.normalized_rules* counter screenshots, and update coordination docs with the results.
2025-10-29: Merge now emits Normalized version rules missing... warnings (see docs/dev/normalized-rule-recipes.md §4); include zero-warning excerpt plus Grafana counter snapshot when closing this task.| |FEEDMERGE-COORD-02-902 ICS-CISA normalized-rule decision support|BE-Merge, Models|FEEDMERGE-COORD-02-900|TODO (due 2025-10-23) Review ICS-CISA sample advisories, confirm SemVer reuse vs new firmware scheme, pre-stage Models ticket template, and document outcome in coordination docs + tracker files.
2025-10-29: Recipes doc (§2§3) outlines SemVer promotion + fallback logging—attach decision summary + log sample when handing off to Models.| |FEEDMERGE-COORD-02-903 KISA firmware scheme review|BE-Merge, Models|FEEDMERGE-COORD-02-900|TODO (due 2025-10-24) Pair with KISA team on proposed firmware scheme (kisa.build or variant), ensure builder alignment, open Models ticket if required, and log decision in coordination docs + tracker files.|

Link-Not-Merge v1 Transition

Task Owner(s) Depends on Notes
MERGE-LNM-21-001 Migration plan authoring BE-Merge, Architecture Guild CONCELIER-LNM-21-101 Draft no-merge migration playbook, documenting backfill strategy, feature flag rollout, and rollback steps for legacy merge pipeline deprecation.
MERGE-LNM-21-002 Merge service deprecation BE-Merge MERGE-LNM-21-001 Refactor or retire AdvisoryMergeService and related pipelines, ensuring callers transition to observation/linkset APIs; add compile-time analyzer preventing merge service usage.
MERGE-LNM-21-003 Determinism/test updates QA Guild, BE-Merge MERGE-LNM-21-002 Replace merge determinism suites with observation/linkset regression tests verifying no data mutation and conflicts remain visible.