26 lines
1.8 KiB
Markdown
26 lines
1.8 KiB
Markdown
# AGENTS
|
|
## Role
|
|
Connector for Red Hat CSAF VEX feeds, fetching provider metadata, CSAF documents, and projecting them into raw storage for normalization.
|
|
## Scope
|
|
- Discovery via `/.well-known/csaf/provider-metadata.json`, scheduling windows, and ETag-aware HTTP fetches.
|
|
- `RedHatProviderMetadataLoader` handles `.well-known` metadata with caching, schema validation, and offline snapshots.
|
|
- `RedHatCsafConnector` consumes ROLIE feeds to fetch incremental CSAF documents, honours `context.Since`, and streams raw advisories to storage.
|
|
- Mapping Red Hat CSAF specifics (product tree aliases, RHSA identifiers, revision history) into raw documents.
|
|
- Emitting structured telemetry and resume markers for incremental pulls.
|
|
- Supplying Red Hat-specific trust overrides and provenance hints to normalization.
|
|
## Participants
|
|
- Worker schedules pulls using this connector; WebService triggers ad-hoc runs.
|
|
- CSAF normalizer consumes fetched documents to produce claims.
|
|
- Policy/consensus rely on Red Hat trust metadata captured here.
|
|
## Interfaces & contracts
|
|
- Implements `IVexConnector` with Red Hat-specific options (parallelism, token auth if configured).
|
|
- Uses abstractions from `StellaOps.Excititor.Connectors.Abstractions` for HTTP/resume helpers.
|
|
## In/Out of scope
|
|
In: data acquisition, HTTP retries, raw document persistence, provider metadata population.
|
|
Out: normalization, storage internals, attestation, general connector abstractions (covered elsewhere).
|
|
## Observability & security expectations
|
|
- Log provider metadata URL, revision ids, fetch durations; redact tokens.
|
|
- Emit counters for documents fetched, skipped (304), quarantined.
|
|
## Tests
|
|
- Connector harness tests (mock HTTP) and resume regression cases will live in `../StellaOps.Excititor.Connectors.RedHat.CSAF.Tests`.
|