stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c11d87d2522efe734fead57b7842e3b8982fe0de
git.stella-ops.org/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Vndr.Vmware/AGENTS.md
master 90c244948a Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations. 
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`.
- Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
2025-11-05 11:58:32 +02:00

2.7 KiB
Raw Blame History

AGENTS

Role

VMware/Broadcom PSIRT connector ingesting VMSA advisories; authoritative for VMware products; maps affected versions/builds and emits psirt_flags.

Scope

  • Discover/fetch VMSA index and detail pages via Broadcom portal; window by advisory ID/date; follow updates/revisions.
  • Validate HTML or JSON; extract CVEs, affected product versions/builds, workarounds, fixed versions; normalize product naming.
  • Persist raw docs with sha256; manage source_state; idempotent mapping.

Participants

  • Source.Common (HTTP, cookies/session handling if needed, validators).
  • Storage.Mongo (document, dto, advisory, alias, affected, reference, psirt_flags, source_state).
  • Models (canonical).
  • Core/WebService (jobs: source:vmware:fetch|parse|map).
  • Merge engine (later) to prefer PSIRT ranges for VMware products.

Interfaces & contracts

  • Aliases: VMSA-YYYY-NNNN plus CVEs.
  • Affected entries include Vendor=VMware, Product plus component; Versions carry fixed/fixedBy; tags may include build numbers or ESXi/VC levels.
  • References: advisory URL, KBs, workaround pages; typed; deduped.
  • Provenance: method=parser; value=VMSA id.

In/Out of scope

In: PSIRT precedence mapping, affected/fixedBy extraction, advisory references. Out: customer portal authentication flows beyond public advisories; downloading patches.

Observability & security expectations

  • Metrics: SourceDiagnostics emits shared concelier.source.http.* counters/histograms tagged concelier.source=vmware, allowing dashboards to measure fetch volume, parse failures, and map affected counts without bespoke metric names.
  • Logs: vmsa ids, product counts, extraction timings; handle portal rate limits politely.

Tests

  • Author and review coverage in ../StellaOps.Concelier.Connector.Vndr.Vmware.Tests.
  • Shared fixtures (e.g., MongoIntegrationFixture, ConnectorTestHarness) live in ../StellaOps.Concelier.Testing.
  • Keep fixtures deterministic; match new cases to real-world advisories or regression scenarios.

Required Reading

  • docs/modules/concelier/architecture.md
  • docs/modules/platform/architecture-overview.md

Working Agreement

    1. Update task status to DOING/DONE in both correspoding sprint file /docs/implplan/SPRINT_*.md and the local TASKS.md when you start or finish work.
    1. Review this charter and the Required Reading documents before coding; confirm prerequisites are met.
    1. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
    1. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
    1. Revert to TODO if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.