git.stella-ops.org/docs/dev/fixtures.md

Feedser Fixture Maintenance

Feedser uses a handful of deterministic fixtures to keep connector regressions in check. This guide lists the fixture sets, where they live, and how to regenerate them safely.

---

GHSA ↔ OSV parity fixtures

• Location: src/StellaOps.Feedser.Source.Osv.Tests/Fixtures/osv-ghsa.*.json
• Purpose: Exercised by OsvGhsaParityRegressionTests to ensure OSV + GHSA outputs stay aligned on aliases, ranges, references, and credits.
• Regeneration: Either run the test harness with online regeneration (UPDATE_PARITY_FIXTURES=1 dotnet test src/StellaOps.Feedser.Source.Osv.Tests/StellaOps.Feedser.Source.Osv.Tests.csproj) or execute the fixture updater (dotnet run --project tools/FixtureUpdater/FixtureUpdater.csproj). Both paths normalise timestamps and canonical ordering.
• SemVer provenance: The regenerated fixtures should show normalizedVersions[].notes in the osv:{ecosystem}:{advisoryId}:{identifier} shape emitted by SemVerRangeRuleBuilder. Confirm the constraints and notes line up with GHSA/NVD composites before committing.
• Verification: Inspect the diff, then re-run dotnet test src/StellaOps.Feedser.Source.Osv.Tests/StellaOps.Feedser.Source.Osv.Tests.csproj to confirm parity.

GHSA credit parity fixtures

• Location: src/StellaOps.Feedser.Source.Ghsa.Tests/Fixtures/credit-parity.{ghsa,osv,nvd}.json
• Purpose: Exercised by GhsaCreditParityRegressionTests to guarantee GHSA/NVD/OSV acknowledgements remain in lockstep.
• Regeneration: dotnet run --project tools/FixtureUpdater/FixtureUpdater.csproj rewrites all three canonical snapshots.
• Verification: dotnet test src/StellaOps.Feedser.Source.Ghsa.Tests/StellaOps.Feedser.Source.Ghsa.Tests.csproj.

Always commit fixture changes together with the code that motivated them and reference the regression test that guards the behaviour.

Apple security update fixtures

• Location: src/StellaOps.Feedser.Source.Vndr.Apple.Tests/Apple/Fixtures/*.html and .expected.json.
• Purpose: Exercised by AppleLiveRegressionTests to guarantee the Apple HTML parser and mapper stay deterministic while covering Rapid Security Responses and multi-device advisories.
• Regeneration: Use the helper scripts (scripts/update-apple-fixtures.sh or scripts/update-apple-fixtures.ps1). They export UPDATE_APPLE_FIXTURES=1, propagate the flag through WSLENV, touch .update-apple-fixtures, and then run the Apple test project. This keeps WSL/VSCode test invocations in sync while the refresh workflow fetches live Apple support pages, sanitises them, and rewrites both the HTML and expected DTO snapshots with normalised ordering.
• Verification: Inspect the generated diffs and re-run dotnet test src/StellaOps.Feedser.Source.Vndr.Apple.Tests/StellaOps.Feedser.Source.Vndr.Apple.Tests.csproj without the env var to confirm determinism.

Tip for other connector owners: mirror the sentinel + WSLENV pattern (touch .update-<connector>-fixtures, append the env var via WSLENV) when you add fixture refresh scripts so contributors running under WSL inherit the regeneration flag automatically.

KISA advisory fixtures

• Location: src/StellaOps.Feedser.Source.Kisa.Tests/Fixtures/kisa-{feed,detail}.(xml|json)
• Purpose: Used by KisaConnectorTests to verify Hangul-aware fetch → parse → map flows and to assert telemetry counters stay wired.
• Regeneration: UPDATE_KISA_FIXTURES=1 dotnet test src/StellaOps.Feedser.Source.Kisa.Tests/StellaOps.Feedser.Source.Kisa.Tests.csproj
• Verification: Re-run the same test suite without the env var; confirm advisory content remains NFC-normalised and HTML is sanitised. Metrics assertions will fail if counters drift.
• Localisation note: RSS category values (e.g. 취약점정보) remain in Hangul—do not translate them in fixtures; they feed directly into metrics/log tags.