stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
66cb6c4b8af58a33efa1521b7953dda834431497
git.stella-ops.org/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Ics.Kaspersky/AGENTS.md
master 66cb6c4b8a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Add guild charters and task boards for various components 
- Introduced guild charters for Scanner Deno, PHP, Ruby, Native, WebService, Java, Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, UI, Zastava Observer, Zastava Webhook, Zastava Core, and Plugin Platform.
- Each charter outlines the mission, scope, required reading, and working agreements for the respective guilds.
- Created task boards for Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, and Zastava components to track progress and dependencies.
- Ensured all documents emphasize determinism, offline readiness, security, and integration with shared Surface libraries.
2025-11-01 02:21:46 +02:00

2.7 KiB
Raw Blame History

AGENTS

Role

Kaspersky ICS-CERT connector; authoritative for OT/ICS vendor advisories covered by Kaspersky ICS-CERT; maps affected products as ICS domain entities with platform tags.

Scope

  • Discover/fetch advisories list; window by publish date or slug; fetch detail pages; handle pagination.
  • Validate HTML or JSON; extract CVEs, affected OT vendors/models/families, mitigations; normalize product taxonomy; map fixed versions if present.
  • Persist raw docs with sha256; maintain source_state; idempotent mapping.

Participants

  • Source.Common (HTTP, HTML helpers, validators).
  • Storage.Mongo (document, dto, advisory, alias, affected, reference, source_state).
  • Models (canonical; affected.platform="ics-vendor", tags for device families).
  • Core/WebService (jobs: source:ics-kaspersky:fetch|parse|map).
  • Merge engine respects ICS vendor authority for OT impact.

Interfaces & contracts

  • Aliases: CVE ids; if stable ICS-CERT advisory id exists, store scheme "ICS-KASP".
  • Affected: Type=vendor; Vendor/Product populated; platforms/tags for device family or firmware line; versions with fixedBy when explicit.
  • References: advisory, vendor pages, mitigation guides; typed; deduped.
  • Provenance: method=parser; value=advisory slug.

In/Out of scope

In: ICS advisory mapping, affected vendor products, mitigation references. Out: firmware downloads; reverse-engineering artifacts.

Observability & security expectations

  • Metrics: SourceDiagnostics publishes concelier.source.http.* counters/histograms with concelier.source=ics-kaspersky to track fetch totals, parse failures, and mapped affected counts.
  • Logs: slugs, vendor/product counts, timing; allowlist host.

Tests

  • Author and review coverage in ../StellaOps.Concelier.Connector.Ics.Kaspersky.Tests.
  • Shared fixtures (e.g., MongoIntegrationFixture, ConnectorTestHarness) live in ../StellaOps.Concelier.Testing.
  • Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.

Required Reading

  • docs/modules/concelier/architecture.md
  • docs/modules/platform/architecture-overview.md

Working Agreement

    1. Update task status to DOING/DONE in both docs/implplan/SPRINTS.md and the local TASKS.md when you start or finish work.
    1. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
    1. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
    1. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
    1. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.