feat: Enhance Authority Identity Provider Registry with Bootstrap Capability

- Added support for bootstrap providers in AuthorityIdentityProviderRegistry.
- Introduced a new property for bootstrap providers and updated AggregateCapabilities.
- Updated relevant methods to handle bootstrap capabilities during provider registration.

feat: Introduce Sealed Mode Status in OpenIddict Handlers

- Added SealedModeStatusProperty to AuthorityOpenIddictConstants.
- Enhanced ValidateClientCredentialsHandler, ValidatePasswordGrantHandler, and ValidateRefreshTokenGrantHandler to validate sealed mode evidence.
- Implemented logic to handle airgap seal confirmation requirements.

feat: Update Program Configuration for Sealed Mode

- Registered IAuthoritySealedModeEvidenceValidator in Program.cs.
- Added logging for bootstrap capabilities in identity provider plugins.
- Implemented checks for bootstrap support in API endpoints.

chore: Update Tasks and Documentation

- Marked AUTH-MTLS-11-002 as DONE in TASKS.md.
- Updated documentation to reflect changes in sealed mode and bootstrap capabilities.

fix: Improve CLI Command Handlers Output

- Enhanced output formatting for command responses and prompts in CommandHandlers.cs.

feat: Extend Advisory AI Models

- Added Response property to AdvisoryPipelineOutputModel for better output handling.

fix: Adjust Concelier Web Service Authentication

- Improved JWT token handling in Concelier Web Service to ensure proper token extraction and logging.

test: Enhance Web Service Endpoints Tests

- Added detailed logging for authentication failures in WebServiceEndpointsTests.
- Enabled PII logging for better debugging of authentication issues.

feat: Introduce Air-Gap Configuration Options

- Added AuthorityAirGapOptions and AuthoritySealedModeOptions to StellaOpsAuthorityOptions.
- Implemented validation logic for air-gap configurations to ensure proper setup.

src/AdvisoryAI/StellaOps.AdvisoryAI.Hosting/ServiceCollectionExtensions.cs

@@ -1,35 +1,38 @@
-using System;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.DependencyInjection.Extensions;
-using Microsoft.Extensions.Options;
+using System;
+using System.Net.Http.Headers;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Options;
 using StellaOps.AdvisoryAI.Caching;
 using StellaOps.AdvisoryAI.DependencyInjection;
+using StellaOps.AdvisoryAI.Inference;
+using StellaOps.AdvisoryAI.Metrics;
+using StellaOps.AdvisoryAI.Outputs;
 using StellaOps.AdvisoryAI.Providers;
 using StellaOps.AdvisoryAI.Queue;
-using StellaOps.AdvisoryAI.Outputs;
 
 namespace StellaOps.AdvisoryAI.Hosting;
 
 public static class ServiceCollectionExtensions
 {
-    public static IServiceCollection AddAdvisoryAiCore(
-        this IServiceCollection services,
-        IConfiguration configuration,
-        Action<AdvisoryAiServiceOptions>? configure = null)
-    {
-        ArgumentNullException.ThrowIfNull(services);
-        ArgumentNullException.ThrowIfNull(configuration);
-
-        services.AddOptions<AdvisoryAiServiceOptions>()
-            .Bind(configuration.GetSection("AdvisoryAI"))
+    public static IServiceCollection AddAdvisoryAiCore(
+        this IServiceCollection services,
+        IConfiguration configuration,
+        Action<AdvisoryAiServiceOptions>? configure = null)
+    {
+        ArgumentNullException.ThrowIfNull(services);
+        ArgumentNullException.ThrowIfNull(configuration);
+
+        services.AddOptions<AdvisoryAiServiceOptions>()
+            .Bind(configuration.GetSection("AdvisoryAI"))
             .PostConfigure(options =>
             {
                 configure?.Invoke(options);
                 AdvisoryAiServiceOptionsValidator.Validate(options);
             })
             .ValidateOnStart();
-
+
         services.AddOptions<SbomContextClientOptions>()
             .Configure<IOptions<AdvisoryAiServiceOptions>>((target, source) =>
             {
@@ -40,6 +43,45 @@ public static class ServiceCollectionExtensions
             })
             .Validate(opt => opt.BaseAddress is null || opt.BaseAddress.IsAbsoluteUri, "SBOM base address must be absolute when provided.");
 
+        services.AddOptions<AdvisoryAiInferenceOptions>()
+            .Configure<IOptions<AdvisoryAiServiceOptions>>((target, source) =>
+            {
+                var inference = source.Value.Inference ?? new AdvisoryAiInferenceOptions();
+                target.Mode = inference.Mode;
+                target.Remote = inference.Remote ?? new AdvisoryAiRemoteInferenceOptions();
+            });
+
+        services.AddHttpClient<RemoteAdvisoryInferenceClient>((provider, client) =>
+        {
+            var inference = provider.GetRequiredService<IOptions<AdvisoryAiInferenceOptions>>().Value ?? new AdvisoryAiInferenceOptions();
+            var remote = inference.Remote ?? new AdvisoryAiRemoteInferenceOptions();
+
+            if (remote.BaseAddress is not null)
+            {
+                client.BaseAddress = remote.BaseAddress;
+            }
+
+            if (remote.Timeout > TimeSpan.Zero)
+            {
+                client.Timeout = remote.Timeout;
+            }
+
+            if (!string.IsNullOrWhiteSpace(remote.ApiKey))
+            {
+                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", remote.ApiKey);
+            }
+        });
+
+        services.TryAddSingleton<LocalAdvisoryInferenceClient>();
+        services.TryAddSingleton<RemoteAdvisoryInferenceClient>();
+        services.AddSingleton<IAdvisoryInferenceClient>(provider =>
+        {
+            var inference = provider.GetRequiredService<IOptions<AdvisoryAiInferenceOptions>>().Value ?? new AdvisoryAiInferenceOptions();
+            return inference.Mode == AdvisoryAiInferenceMode.Remote
+                ? provider.GetRequiredService<RemoteAdvisoryInferenceClient>()
+                : provider.GetRequiredService<LocalAdvisoryInferenceClient>();
+        });
+
         services.AddSbomContext();
         services.AddAdvisoryPipeline();
         services.AddAdvisoryPipelineInfrastructure();