# Remediation Planner

## Module
Attestor

## Status
VERIFIED

## Description
Frontend has remediation plan preview, remediation panel, and AI-assisted remediation. Backend has structured remediation step models with risk assessment and verification status.

## Implementation Details
- **AI Remediation Plan Statement**: `src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Statements/AI/AIRemediationPlanStatement.cs` -- in-toto statement wrapping an AI-generated remediation plan.
- **Remediation Step**: `Predicates/AI/RemediationStep.cs` -- individual remediation step with action, target component, and expected outcome.
- **Remediation Action Type**: `Predicates/AI/RemediationActionType.cs` -- enum of action types (Upgrade, Patch, Configure, Mitigate, Accept).
- **Remediation Step Status**: `Predicates/AI/RemediationStepStatus.cs` -- enum tracking step execution status (Pending, InProgress, Completed, Failed, Skipped).
- **Remediation Risk Assessment**: `Predicates/AI/RemediationRiskAssessment.cs` -- risk assessment for a remediation action (breaking change risk, compatibility impact, rollback plan).
- **Remediation Verification Status**: `Predicates/AI/RemediationVerificationStatus.cs` -- verification of whether the remediation was successful.
- **AI Authority Classifier**: `Predicates/AI/AIAuthorityClassifier.cs` (with `.Remediation`, `.RemediationScore`) -- classifies AI-generated remediation plans by authority level.
- **AI Model Identifier**: `Predicates/AI/AIModelIdentifier.cs` -- identifies the AI model that generated the plan.
- **DSSE Signing**: `Signing/ProofChainSigner.cs` -- signs remediation plan attestations.
- **Tests**: `__Tests/StellaOps.Attestor.ProofChain.Tests/AIRemediationPlanTests.cs`

## E2E Test Plan
- [ ] Create an `AIRemediationPlanStatement` with 3 `RemediationStep` entries (Upgrade openssl, Patch libcurl, Configure nginx) and verify the statement structure
- [ ] Verify each step has a `RemediationActionType` and appropriate target component
- [ ] Create a `RemediationRiskAssessment` for an upgrade step and verify breaking change risk and rollback plan are captured
- [ ] Track step execution via `RemediationStepStatus`: move a step from Pending -> InProgress -> Completed and verify status transitions
- [ ] Verify `RemediationVerificationStatus` confirms whether the remediation was successful (e.g., CVE no longer detected after upgrade)
- [ ] Classify the remediation plan via `AIAuthorityClassifier.Remediation` and verify authority level based on evidence quality
- [ ] Sign the remediation plan into a DSSE envelope and verify the signature
- [ ] Create plans with different `RemediationActionType` values and verify type-specific metadata

## Verification

| Check | Result |
|-------|--------|
| Tier 0 - Source Verification | PASS |
| Tier 1 - Build + Code Review | PASS |
| Tier 2 - Behavioral Verification | PASS |
| Verified Date | 2026-02-13 |
| Run ID | run-001 |