stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
c32fff8f86a4ecd5f88ad3c80f73871f7fd628e1
git.stella-ops.org/src/Concelier/__Libraries/StellaOps.Concelier.Connector.Distro.Ubuntu/AGENTS.md
master 90c244948a Update AGENTS.md files across multiple modules to standardize task status update instructions and introduce a new document for Secret Leak Detection operations. 
- Modified task status update instructions in AGENTS.md files to refer to corresponding sprint files as `/docs/implplan/SPRINT_*.md` instead of `docs/implplan/SPRINTS.md`.
- Added a comprehensive document for Secret Leak Detection operations detailing scope, prerequisites, rule bundle lifecycle, enabling the analyzer, policy patterns, observability, troubleshooting, and references.
2025-11-05 11:58:32 +02:00

1.8 KiB
Raw Blame History

Concelier Ubuntu Connector Charter

Mission

Implement and maintain the Ubuntu security advisory connector that ingests CVE/USN data into Concelier under the Aggregation-Only Contract (AOC). The connector must capture provenance, version semantics (NEVRA/EVR), and metadata required by downstream policy, export, and AI components while remaining deterministic and offline-friendly.

Scope

  • Connector fetchers/parsers within StellaOps.Concelier.Connector.Distro.Ubuntu.
  • Mirroring support for offline kits (bundle import/export).
  • Schema updates and fixtures ensuring AOC compliance.
  • Unit/integration tests validating deterministic ingestion.

Required Reading

  • docs/modules/concelier/architecture.md
  • docs/ingestion/aggregation-only-contract.md
  • docs/modules/concelier/operations/connectors/osv.md (reference style & guardrails)
  • docs/modules/concelier/operations/mirror.md (offline mirroring requirements)
  • Ubuntu advisory format references linked from sprint notes (tasks should include source URLs).

Working Agreement

  1. Status sync: switch task state to DOING/DONE in both corresponding sprint file docs/implplan/SPRINT_*.md and TASKS.md before/after work.
  2. AOC adherence: never derive severity or merge fields; store raw documents with provenance (source, upstream, content, linkset, supersedes).
  3. Deterministic parsing: normalise timestamps to UTC ISO-8601, sort arrays, stabilise JSON output.
  4. Offline readiness: ensure mirroring path works (no live network unless configured), document bundle usage.
  5. Testing: extend fixtures covering typical, superseding, and edge-case advisories; run connector integration suite.
  6. Documentation: update connector operations docs (add Ubuntu section under docs/modules/concelier/operations/connectors/) when formats or configuration change.