chore: document MongoDB replSet config.

This also cleans up the Markdown formatting of the top-level
project README.md.

Signed-off-by: Andrew Lilley Brinker <abrinker@mitre.org>

Author: alilleybrinker

README.md

@@ -20,19 +20,24 @@
 
 ## The CVE Services Project
 
-This repository contains services that support the [CVE Program's mission](https://www.cve.org/About/Overview) to "identify, define, and catalog publicly disclosed cybersecurity vulnerabilities."
+This repository contains services that support the [CVE Program's
+mission][cve_mission] to "identify, define, and catalog publicly disclosed
+cybersecurity vulnerabilities."
 
 There are many ways one can assist:
 
 ### OSS Contributor
 
-Developers can contribute code directly. Getting started can be as fast as choosing an issue on our [board](https://github.com/CVEProject/cve-services/issues?q=is%3Aissue+is%3Aopen).
+Developers can contribute code directly. Getting started can be as fast as
+choosing an issue on our [board][cve_issue_tracker].
 
-Please read our [contributor's guide](https://github.com/CVEProject/cve-services/blob/dev/CONTRIBUTING.md) for more details. We welcome all contributions!
+Please read our [contributor's guide](./CONTRIBUTING.md) for more details. We
+welcome all contributions!
 
 ### Working Groups
 
-The CVE project operates as multiple focused working groups. Visit the CVE Website [working groups page](https://www.cve.org/ProgramOrganization/WorkingGroups) for more information.
+The CVE project operates as multiple focused working groups. Visit the CVE
+Website [working groups page](cve_wg) for more information.
 
 ### Security
 
@@ -41,34 +46,37 @@ The CVE project operates as multiple focused working groups. Visit the CVE Websi
 >**Warning**
 >Do not put vulnerability information in a GitHub issue.
 
-Please consult our [SECURITY.md](https://github.com/CVEProject/cve-services/blob/dev/SECURITY.md) for specific instructions on reporting a vulnerability that exists in the CVE Services.
+Please consult our [SECURITY.md](./SECURITY.md) for specific instructions on
+reporting a vulnerability that exists in the CVE Services.
 
 ## Development
 
 ### Technologies
 
 This project uses or depends on software from
 
-- [NodeJS](https://nodejs.org/)
-- [Express](https://github.com/expressjs)
-- [MongoDB for locally run instances](https://www.mongodb.com/)
-- [Mongoose.js](https://mongoosejs.com)
+- [NodeJS][nodejs]
+- [Express][express]
+- [MongoDB for locally run instances][mongodb]
+- [Mongoose.js][mongoose]
 
 ### Style Guidelines
 
-This project follows the [JavaScript Standard Style](https://github.com/standard/standard).
+This project follows the [JavaScript Standard Style][js_standard].
 
 ### Setup
 
 #### Docker
 
-See the Docker README found in the repo here: https://github.com/CVEProject/cve-services/blob/dev/docker/README.md
+See [the Docker README found in the repo](./docker/README.md).
 
 #### Local Development
 
->**Warning**
+> **Warning**
 >
->DO NOT use the dev configuration on a public network. The dev environment includes credentials to enable rapid development and is not secure for public deployment.
+> DO NOT use the dev configuration on a public network. The dev environment
+> includes credentials to enable rapid development and is not secure for public
+> deployment.
 
 1. Install required node modules
 
@@ -83,13 +91,18 @@ npm install
 
 Install MongoDB locally
 
-- https://docs.mongodb.com/manual/administration/install-community/
+- <https://docs.mongodb.com/manual/administration/install-community/>
 
 Download MongoDB Compass (MongoDB GUI)
 
-- https://www.mongodb.com/download-center/compass
+- <https://www.mongodb.com/download-center/compass>
+
+For transaction support, MongoDB needs to be configured with a replica set. You
+can do this by setting [`replication.replSetName`][mongodb_replset] in the
+`mongod.conf` file and restarting the MongoDB service.
 
-Create a `cve_dev` database in Compass. The collections will be automatically created when the API starts storing documents.
+Create a `cve_dev` database in Compass. The collections will be automatically
+created when the API starts storing documents.
 
 You can populate the database with test data using:
 
@@ -108,34 +121,48 @@ npm run start:dev
 
 ### API Documentation
 
-API documentation is generated using [swagger-autogen](https://github.com/davibaltar/swagger-autogen) which ensures that we keep the API specification up to date with any major changes to API routes. Extra information for each API route is defined as a comment in the `index.js` files under the respective controller and all request and response schemas are stored under the `schemas` folder served up by `schemas.controller`.
+API documentation is generated using [swagger-autogen][swagger_autogen] which
+ensures that we keep the API specification up to date with any major changes to
+API routes. Extra information for each API route is defined as a comment in the
+`index.js` files under the respective controller and all request and response
+schemas are stored under the `schemas` folder served up by
+`schemas.controller`.
 
-To ensure you are using the correct API specification the following endpoints can be used:
-- [Test Instance](https://cveawg-test.mitre.org/api-docs/)
-- [Production](https://cveawg.mitre.org/api-docs/)
+To ensure you are using the correct API specification the following endpoints
+can be used:
 
-Note: The specification file stored in GitHub will only be correct for that branch; there could be differences between branches and production.
+- [Test Instance][cve_instance_test]
+- [Production][cve_instance_prod]
 
-If you are developer and want to test changes to the API specification you can generate a specification in one of two ways:
+Note: The specification file stored in GitHub will only be correct for that
+branch; there could be differences between branches and production.
+
+If you are developer and want to test changes to the API specification you can
+generate a specification in one of two ways:
 
 1. Preferred
 
-When you start your local development server using `npm run start:dev` the specification file will be generated. Subsequent changes require reloading the server.
+When you start your local development server using `npm run start:dev` the
+specification file will be generated. Subsequent changes require reloading the
+server.
 
 2. Manual
 
 You can use `npm run swagger-autogen` to generate a new specification file.
 
 ### CVE Record Submission Validation Rules
 
-As part of the submission processing, CVE Services "validates" that specific requirements are met prior to accepting the submission and  posting the CVE Record to the CVE List.  Validation rules for CVE Record Submission are noted [here](https://github.com/CVEProject/automation-working-group/blob/master/meeting-notes/files/CVERules.md).
+As part of the submission processing, CVE Services "validates" that specific
+requirements are met prior to accepting the submission and  posting the CVE
+Record to the CVE List. Validation rules for CVE Record Submission are noted
+[here][cve_validation_rules].
 
 ### Unit Testing
 
 This project uses the following for unit testing
 
-- https://mochajs.org/
-- https://www.chaijs.com/
+- <https://mochajs.org/>
+- <https://www.chaijs.com/>
 
 In order to run the unit tests:
 
@@ -145,31 +172,73 @@ npm run start:test
 
 ### User Registry
 
-The CVE Automation Working Group (on behalf of the CVE Program)  is currently working on a new automation capability: the User Registry.  The objective of the User Registry is to modernize how CVE Program Organizations (e.g., CNAs, Roots, Top level Roots, the Secretariat) manage/update their organizational properties and user pools.   The new capability will ultimately allow CNAs, Roots, Top Level Roots to better manage their own data/user pools with more robust information.  It is targeted to be implemented in a series of incremental deployments to CVE Services in the Fall/2025 through Summer/2026.   
+The CVE Automation Working Group (on behalf of the CVE Program) is currently
+working on a new automation capability: the User Registry. The objective of the
+User Registry is to modernize how CVE Program Organizations (e.g., CNAs, Roots,
+Top level Roots, the Secretariat) manage/update their organizational properties
+and user pools.   The new capability will ultimately allow CNAs, Roots,
+Top Level Roots to better manage their own data/user pools with more robust
+information.  It is targeted to be implemented in a series of incremental
+deployments to CVE Services in the Fall/2025 through Summer/2026.   
 
 #### Current Status:  
 
-The release candidate for the first User Registry increment (termed the User Registry MVP) is now available for testing/review in the CVE Program Testing Environment. (Note that this release IS NOT a PRODUCTION Release and will not be visible in the CVE Program PRODUCTION environment).
-This release candidate establishes a new, more robust User/Organizations databases (and associated APIs) while maintaining full backwards compatibility with the current User/Organizational management functions (meaning that current CVE Services clients will not be required to be modified with the deployment of this candidate).  It was discussed at the [6/10/2025 CVE Program AWG meeting](https://github.com/CVEProject/automation-working-group/blob/master/meeting-notes/2025-06-10.md).  
+The release candidate for the first User Registry increment (termed the User
+Registry MVP) is now available for testing/review in the CVE Program Testing
+Environment. (Note that this release IS NOT a PRODUCTION Release and will not
+be visible in the CVE Program PRODUCTION environment).
 
-#### HowTo:  
+This release candidate establishes a new, more robust User/Organizations
+databases (and associated APIs) while maintaining full backwards compatibility
+with the current User/Organizational management functions (meaning that current
+CVE Services clients will not be required to be modified with the deployment of
+this candidate).  It was discussed at the [6/10/2025 CVE Program AWG
+meeting][cve_awg_meeting].  
 
-Credentialed users of CVE Services Test Environment will be able to use the new capabilities via the API endpoints which are described [here](https://cveawg-test.mitre.org/api-docs/) (Be sure to scroll down to the bottom of the page to review the new User Registry interfaces).  
+#### How To:  
 
-Credentialed users can access the APIs by
+Credentialed users of CVE Services Test Environment will be able to use the new
+capabilities via the API endpoints which are described
+[here][cve_instance_test] (Be sure to scroll down to the bottom of the page to
+review the new User Registry interfaces).  
 
-- installing/using common web application API testing tools such as [curl](https://curl.se/) or [postman](https://www.postman.com/) OR
+Credentialed users can access the APIs by
 
-- installing/using the [User Registry Client](https://github.com/CVEProject/cve-user-registry-client) which provides a GUI interface to exercise the basic functions of the User Registry.
+- installing/using common web application API testing tools such as [curl] or
+  [postman] OR
+- installing/using the [User Registry Client][cve_ur_client] which provides a
+  GUI interface to exercise the basic functions of the User Registry.
 
-  Note that there is no support for these new endpoints in many currently available CVE Services “client” tools (e.g, Vulnogram) and hence they should not be relied upon to examine/test these interfaces.    
+  Note that there is no support for these new endpoints in many currently
+  available CVE Services “client” tools (e.g, Vulnogram) and hence they should
+  not be relied upon to examine/test these interfaces.    
 
 #### Next Steps:  
 
-The AWG is taking comments/questions on this release candidate.   You can provide feedback in three ways:
-
-- Send  comments/questions to AWG+owner@CVE-CWE-Programs.groups.io,
-
-- Post Issues/Questions to the CVE Services Issue Board (please attach a “user registry” label to your post).   
-
-- Attend (virtually) an AWG meeting which meets every week on Tuesday at 4:00 PM Eastern US Time. Send a request for the link to AWG+owner@CVE-CWE-Programs.groups.io.
+The AWG is taking comments/questions on this release candidate. You can provide
+feedback in three ways:
+
+- Send  comments/questions to `AWG+owner@CVE-CWE-Programs.groups.io`,
+- Post Issues/Questions to the CVE Services Issue Board (please attach a “user
+  registry” label to your post).   
+- Attend (virtually) an AWG meeting which meets every week on Tuesday at 4:00
+  PM Eastern US Time. Send a request for the link to
+  `AWG+owner@CVE-CWE-Programs.groups.io`.
+
+[curl]: https://curl.se/
+[cve_awg_meeting]: https://github.com/CVEProject/automation-working-group/blob/master/meeting-notes/2025-06-10.md
+[cve_instance_prod]: https://cveawg.mitre.org/api-docs/
+[cve_instance_test]: https://cveawg-test.mitre.org/api-docs/
+[cve_issue_tracker]: https://github.com/CVEProject/cve-services/issues?q=is%3Aissue+is%3Aopen
+[cve_mission]: https://www.cve.org/About/Overview
+[cve_ur_client]: https://github.com/CVEProject/cve-user-registry-client
+[cve_validation_rules]: https://github.com/CVEProject/automation-working-group/blob/master/meeting-notes/files/CVERules.md
+[cve_wg]: https://www.cve.org/ProgramOrganization/WorkingGroups
+[express]: https://github.com/expressjs
+[js_standard]: https://github.com/standard/standard
+[mongodb]: https://www.mongodb.com/
+[mongodb_replset]: https://www.mongodb.com/docs/manual/reference/configuration-options/#mongodb-setting-replication.replSetName
+[mongoose]: https://mongoosejs.com
+[nodejs]: https://nodejs.org/
+[postman]: https://www.postman.com/
+[swagger_autogen]: https://github.com/davibaltar/swagger-autogen