39 lines
1.7 KiB
Markdown
39 lines
1.7 KiB
Markdown
# AGENTS
|
|
## Role
|
|
Implement the CERT/CC (Carnegie Mellon CERT Coordination Center) advisory connector so Concelier can ingest US CERT coordination bulletins.
|
|
|
|
## Scope
|
|
- Identify CERT/CC advisory publication format (VU#, blog, RSS, JSON) and define fetch cadence/windowing.
|
|
- Implement fetch, parse, and mapping jobs with cursor persistence and dedupe.
|
|
- Normalise advisory content (summary, impacted vendors, products, recommended mitigations, CVEs).
|
|
- Produce canonical `Advisory` objects including aliases, references, affected packages, and range primitive metadata.
|
|
- Supply fixtures and deterministic regression tests.
|
|
|
|
## Participants
|
|
- `Source.Common` (HTTP/fetch utilities, DTO storage).
|
|
- `Storage.Mongo` (raw/document/DTO/advisory stores and state).
|
|
- `Concelier.Models` (canonical structures).
|
|
- `Concelier.Testing` (integration tests and snapshots).
|
|
|
|
## Interfaces & Contracts
|
|
- Job kinds: `certcc:fetch`, `certcc:parse`, `certcc:map`.
|
|
- Persist upstream caching metadata (ETag/Last-Modified) when available.
|
|
- Aliases should capture CERT/CC VU IDs and referenced CVEs.
|
|
|
|
## In/Out of scope
|
|
In scope:
|
|
- End-to-end connector with range primitive instrumentation and telemetry.
|
|
|
|
Out of scope:
|
|
- ICS-CERT alerts (handled by dedicated connector) or blog posts unrelated to advisories.
|
|
|
|
## Observability & Security Expectations
|
|
- Log fetch and mapping statistics; surface failures with backoff.
|
|
- Sanitise HTML sources before persistence.
|
|
- Respect upstream throttling via retry/backoff.
|
|
|
|
## Tests
|
|
- Add `StellaOps.Concelier.Connector.CertCc.Tests` to cover fetch/parse/map with canned fixtures.
|
|
- Snapshot canonical advisories and support UPDATE flag for regeneration.
|
|
- Ensure deterministic ordering and timestamp normalisation.
|