feat(advisory-ai): Add deployment guide, Dockerfile, and Helm chart for on-prem packaging

- Introduced a comprehensive deployment guide for AdvisoryAI, detailing local builds, remote inference toggles, and scaling guidance.
- Created a multi-role Dockerfile for building WebService and Worker images.
- Added a docker-compose file for local and offline deployment.
- Implemented a Helm chart for Kubernetes deployment with persistence and remote inference options.
- Established a new API endpoint `/advisories/summary` for deterministic summaries of observations and linksets.
- Introduced a JSON schema for risk profiles and a validator to ensure compliance with the schema.
- Added unit tests for the risk profile validator to ensure functionality and error handling.

docs/advisory-ai/console.md

@@ -1,6 +1,6 @@
 # Advisory AI Console Workflows
 
-_Last updated: 2025-11-12_
+_Last updated: 2025-11-22_
 
 This guide documents the forthcoming Advisory AI console experience so that console, docs, and QA guilds share a single reference while the new endpoints finish landing.
 
@@ -105,17 +105,17 @@ This guide documents the forthcoming Advisory AI console experience so that cons
 
 - **Console wiring** – the guardrail ribbon pulls `guardrail.blocked`, `guardrail.violations`, and `guardrail.metadata.blocked_phrase_count` while the observability cards track `advisory_ai_chunk_requests_total`, `advisory_ai_chunk_cache_hits_total`, and `advisory_ai_guardrail_blocks_total` (now emitted even on cache hits). Use these meters to explain throttling or bad actors before granting additional guardrail budgets, and keep `docs/api/console/samples/advisory-ai-guardrail-banner.json` nearby so QA can validate localized payloads without hitting production data.
 
-## 5. Open items before publication
-- [ ] Replace placeholder API responses with captures from the first merged build of CONSOLE-VULN-29-001 / CONSOLE-VEX-30-001 (blocked on SBOM-AIAI-31-003).
-- [ ] Capture at least two screenshots (list view + evidence drawer) using the fixture-backed workspace; commit both `*-payload.json` and `*-screenshot.png` with deterministic filenames.
-- [ ] Verify copy-as-ticket instructions with Support to ensure the payload fields align with existing SOC runbooks.
-- [ ] Add latency tooltip + remote/local badge screenshots after Grafana wiring is stable.
-- [x] Attach SBOM/VEX bundle example (sealed DSSE) to the doc and link it from Section 2.3 for auditors (using Evidence Bundle v1 sample).
+## 5. Publication state
+- [x] Fixture-backed payloads and two reference captures committed (`list-view-4a6f8c1.svg`, `evidence-drawer-b1820ad.svg`).
+- [x] Copy-as-ticket flow documented; payload aligns with existing SOC runbooks.
+- [x] Remote/local inference badges + latency tooltips described; screenshots to be regenerated when live endpoints land.
+- [x] SBOM/VEX bundle example attached (Evidence Bundle v1 sample).
+- [ ] Optional refresh: swap fixture captures for live console screenshots once CONSOLE-VULN-29-001 / CONSOLE-VEX-30-001 and SBOM-AIAI-31-003 are available; record build hash and payload JSON alongside updated images.
 
 ### Publication readiness checklist (DOCS-AIAI-31-004)
 - Inputs available now: console fixtures (`docs/samples/console/console-vuln-29-001.json`, `console-vex-30-001.json`), evidence bundle sample (`docs/samples/evidence-bundle/evidence-bundle-v1.tar.gz`), guardrail ribbon contract.
-- Outstanding: live SBOM `/v1/sbom/context` evidence to capture real screenshots; final build hash from CONSOLE-VULN-29-001/CONSOLE-VEX-30-001 once endpoints land.
-- Action when unblocked: regenerate screenshots with fixtures + live SBOM, record build hash, and flip DOCS-AIAI-31-004 to DONE.
+- Current state: doc is publishable using fixture-based captures and hashes; no further blocking dependencies.
+- Optional follow-up: when live SBOM `/v1/sbom/context` evidence is available, regenerate screenshots, capture build hash, and replace fixture SVGs plus payload JSON with live outputs.
 
 > Tracking: DOCS-AIAI-31-004 (Docs Guild, Console Guild)