Backport FixIndex Service with O(1) Distro Patch Lookups

Module

Concelier

Status

IMPLEMENTED

Description

Indexed distro patch lookup service providing O(1) performance for determining whether a specific package version contains a backported fix for a given CVE across multiple distributions.

Implementation Details

Modules: src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/
Key Classes:
- FixIndexService (src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/FixIndexService.cs) - O(1) indexed lookup for distro patch status
- BackportStatusService (src/Concelier/__Libraries/StellaOps.Concelier.BackportProof/Services/BackportStatusService.cs) - backport status resolution with version comparison
- BackportEvidenceResolver (src/Concelier/__Libraries/StellaOps.Concelier.Merge/Backport/BackportEvidenceResolver.cs) - multi-tier evidence resolution consuming fix index data
Interfaces: IFixIndexService, IBackportStatusService
Source: SPRINT_20251229_004_002_BE_backport_status_service.md

E2E Test Plan

Query FixIndexService for a known CVE+distro+package combination and verify it returns patch status in O(1)
Verify BackportStatusService correctly compares package versions to determine if a backport fix is present
Verify cross-distro lookups: query the same CVE for Alpine, Debian, and RedHat and verify correct fix status for each
Verify index population: ingest distro connector data and verify the fix index is populated
Verify negative case: query for a CVE with no known backport fix and verify "unknown" or "not fixed" status

1.6 KiB Raw Blame History