Table of Contents generated with DocToc
<Project Name> — CVE title normalisationThe CVE record's title field is scoped to the product by the CNA container (e.g. Apache <Project>, Apache <Project> <Component> Provider), so the title pasted into the CVE-tool allocation form should be the bare description — no project prefix, no redundant version suffix, no reporter-added tag like [ Security Report ].
The allocate-cve skill reads this file for the exact strip cascade to apply to the tracker title before pasting it into the allocation form.
If this project's titles are already normalised (reporters don't prepend <Project>: or add bracketed tags), you can leave this file with a note to that effect and the skill will skip the stripping step. Otherwise, list the regex cascade below.
TODO: one rule per bullet, applied in order. Typical patterns:
^[ \t]*\[ ?Security (Report|Issue|Vulnerability|Bug) ?\][ \t:|\-–—]*^[ \t]*Security (Report|Issue|Vulnerability|Bug)[ \t:|\-–—]+<Project Name> (optional version, optional separator) — TODOSecurity Issue | tag.in <Project Name> — TODO[ \t]*\(GHSA-[\w-]+\)\.?[ \t]*$[ \t]*\([^)]*split from #\d+[^)]*\)\.?[ \t]*$., collapse internal whitespace.TODO: keep the transform inline in the skill, do not create a separate Python project. A typical cascade looks like:
[ Security Report ] or similar harness prefix.<vendor>: <product>: (e.g. the project's own “Apache Foo:” prefix that the CVE tool re-applies).(<= 1.2.3).Re: if the original report came in by email and was retitled with the reply prefix.The result is the bare vulnerability description that goes into the CVE record's title field. Document the cascade your project uses in this file once you settle on it.
Show the stripped title and the original title side by side in the allocate-cve proposal so the user can spot any over-stripping before pasting into the CVE tool. If the strip collapses the title to fewer than 3 words, surface that as a warning and propose a manual override — over-stripping is worse than leaving one redundant word in.