feat(advisory-ai): Add deployment guide, Dockerfile, and Helm chart for on-prem packaging

- Introduced a comprehensive deployment guide for AdvisoryAI, detailing local builds, remote inference toggles, and scaling guidance.
- Created a multi-role Dockerfile for building WebService and Worker images.
- Added a docker-compose file for local and offline deployment.
- Implemented a Helm chart for Kubernetes deployment with persistence and remote inference options.
- Established a new API endpoint `/advisories/summary` for deterministic summaries of observations and linksets.
- Introduced a JSON schema for risk profiles and a validator to ensure compliance with the schema.
- Added unit tests for the risk profile validator to ensure functionality and error handling.

src/Policy/__Tests/StellaOps.Policy.RiskProfile.Tests/RiskProfileValidatorTests.cs

@@ -0,0 +1,64 @@
+using System.Text.Json;
+using StellaOps.Policy.RiskProfile.Validation;
+using Xunit;
+
+namespace StellaOps.Policy.RiskProfile.Tests;
+
+public class RiskProfileValidatorTests
+{
+    private readonly RiskProfileValidator _validator = new();
+
+    [Fact]
+    public void Valid_profile_passes_schema()
+    {
+        var profile = """
+        {
+          "id": "default-risk",
+          "version": "1.0.0",
+          "description": "Baseline risk profile",
+          "signals": [
+            { "name": "reachability", "source": "signals", "type": "boolean", "path": "/reachability/exploitable" },
+            { "name": "kev", "source": "cisa", "type": "boolean" }
+          ],
+          "weights": {
+            "reachability": 0.6,
+            "kev": 0.4
+          },
+          "overrides": {
+            "severity": [
+              { "when": { "kev": true }, "set": "critical" }
+            ],
+            "decisions": [
+              { "when": { "reachability": false }, "action": "review", "reason": "Not reachable" }
+            ]
+          },
+          "metadata": {
+            "owner": "risk-team"
+          }
+        }
+        """;
+
+        var result = _validator.Validate(profile);
+
+        Assert.True(result.IsValid, string.Join(" | ", result.Errors ?? Array.Empty<string>()));
+    }
+
+    [Fact]
+    public void Missing_required_fields_fails_schema()
+    {
+        var invalidProfile = """
+        { "id": "missing-fields" }
+        """;
+
+        var result = _validator.Validate(invalidProfile);
+
+        Assert.False(result.IsValid);
+        Assert.NotEmpty(result.Errors);
+    }
+
+    [Fact]
+    public void Empty_payload_throws()
+    {
+        Assert.Throws<ArgumentException>(() => _validator.Validate("  "));
+    }
+}

src/Policy/__Tests/StellaOps.Policy.RiskProfile.Tests/StellaOps.Policy.RiskProfile.Tests.csproj

@@ -0,0 +1,18 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <LangVersion>preview</LangVersion>
+    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="../../StellaOps.Policy.RiskProfile/StellaOps.Policy.RiskProfile.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="xunit" Version="2.9.2" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" />
+  </ItemGroup>
+</Project>