stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/concelier/link-not-merge-advisory-architecture.md

2.2 KiB
Raw Blame History

Link-Not-Merge Advisory Architecture

Module

Concelier

Status

IMPLEMENTED

Description

Advisory confirmed that existing Link-Not-Merge model is architecturally superior to proposed Unified Advisory Schema (UAS). Preserves conflict evidence and 3-component trust vector.

Implementation Details

  • Modules: src/Concelier/__Libraries/StellaOps.Concelier.Core/Linksets/, src/Concelier/__Libraries/StellaOps.Concelier.Core/Tenancy/, src/Concelier/__Libraries/StellaOps.Concelier.Merge/
  • Key Classes:
    • LinksetCorrelationService (src/Concelier/__Libraries/StellaOps.Concelier.Core/Linksets/LinksetCorrelationService.cs) - correlates advisory linksets preserving source identity
    • LinksetCorrelationV2 (src/Concelier/__Libraries/StellaOps.Concelier.Core/Linksets/LinksetCorrelationV2.cs) - V2 correlation algorithm with improved accuracy
    • LinksetCorrelation (src/Concelier/__Libraries/StellaOps.Concelier.Core/Linksets/LinksetCorrelation.cs) - V1 correlation logic
    • LinkNotMergeTenantCapabilitiesProvider (src/Concelier/__Libraries/StellaOps.Concelier.Core/Tenancy/TenantCapabilitiesEndpoint.cs) - tenant capabilities for LNM feature
    • MergeHashCalculator (src/Concelier/__Libraries/StellaOps.Concelier.Merge/Identity/MergeHashCalculator.cs) - merge hash for linking semantically equivalent advisories
    • CanonicalAdvisoryService (src/Concelier/__Libraries/StellaOps.Concelier.Core/Canonical/CanonicalAdvisoryService.cs) - canonical advisory with linked source edges
  • Interfaces: ILinksetCorrelationService, ITenantCapabilitiesProvider
  • Source: Feature matrix scan

E2E Test Plan

  • Ingest two advisories from different sources for the same CVE and verify they are linked (not merged) with separate source identities preserved
  • Verify conflict evidence: ingest conflicting advisories (different CVSS scores for same CVE) and confirm both values are preserved in the linkset
  • Verify 3-component trust vector: query a linked advisory and confirm trust scores from each source are available
  • Verify LinksetCorrelationService returns all linked sources for a given canonical advisory
  • Verify tenant capabilities: confirm LNM feature is reported as available via the capabilities endpoint