# Advisory AI Packaging & SBOM Bundle (AIAI-PACKAGING-31-002) _Updated: 2025-11-22 · Owner: Advisory AI Release · Status: Draft_ Defines the artefacts and provenance required to ship Advisory AI in Sprint 0111, covering offline kits and on-prem deployments. ## 1) Bundle contents | Artefact | Purpose | Provenance | | --- | --- | --- | | `advisory-ai-web` image | API surface + plan cache | SBOM: `SBOM-AIAI-31-001:web`; DSSE attestation signed by Release key | | `advisory-ai-worker` image | Queue + inference executor | SBOM: `SBOM-AIAI-31-001:worker`; DSSE attestation | | Prompt + guardrail pack | Deterministic prompts, redaction lists, validation rules | DSSE sealed; hash recorded in `prompts.manifest` | | Profile catalog | `default`, `fips-local`, `gost-local`, `cloud-openai` (disabled) | Versioned JSON, hashed; tenant consent flags captured | | Policy bundle | `policyVersion` digest for baseline evaluation; Authority importable | DSSE + provenance to Policy Engine digests | | LNM evidence export (optional) | Concelier `advisory_linksets` + `advisory_observations` for air-gap replay | Hash list aligned to `provenanceHash` in RAG bundles | | SBOM context client config | Example `AddSbomContextHttpClient` settings (`BaseAddress`, `Endpoint`, `ApiKey`) | Signed `sbom-context.example.json` | ## 2) Directory layout (Offline Kit) ``` /offline-kit/advisory-ai/ images/ advisory-ai-web.tar.zst advisory-ai-worker.tar.zst sboms/ SBOM-AIAI-31-001-web.json SBOM-AIAI-31-001-worker.json provenance/ advisory-ai-web.intoto.jsonl advisory-ai-worker.intoto.jsonl prompts.manifest.dsse profiles.catalog.json policy-bundle.intoto.jsonl config/ advisoryai.appsettings.example.json sbom-context.example.json evidence/ lnm-linksets.ndjson # optional; aligns to linkset hashes in RAG bundles lnm-observations.ndjson # optional; immutable raw docs ``` - All files hashed into `SHA256SUMS` with DSSE signature (`SHA256SUMS.dsse`). - Profiles catalog and prompt pack hashes must be propagated into `AdvisoryAI:Provenance` settings for runtime verification. ## 3) SBOM & provenance rules - SBOMs must follow SPDX 3.0.1; embed image digest (`sha256:<...>`) and build args. - Attestations use DSSE + SPDX predicate; signer key matches Release guild key referenced in `DEVOPS-AIAI-31-001`. - For air-gapped installs, operators verify: `slsa-verifier verify-attestation --source=stellaops/advisory-ai-web --bundle advisory-ai-web.intoto.jsonl --digest `. ## 4) Deployment checklist - [ ] Import `advisory-ai-web` and `advisory-ai-worker` images to registry. - [ ] Apply `profiles.catalog.json`; ensure remote profiles disabled unless Authority consent granted. - [ ] Load prompt pack and set `AdvisoryAI:Prompts:ManifestHash` to `prompts.manifest`. - [ ] Configure SBOM client (or keep `NullSbomContextClient` default). - [ ] If shipping LNM evidence, seed `advisory_linksets` and `advisory_observations` collections before enabling inference. - [ ] Record hashes in deployment log; surface in Authority audit via `advisory_ai.output.generated` events. ## 5) Update obligations - Any change to prompts, guardrails, or profiles → bump manifest hash and regenerate DSSE. - SBOM updates follow the same `SBOM-AIAI-31-001` idempotent contract; replace files, update `SHA256SUMS`, resign. - Link all changes into the sprint Execution Log and Decisions & Risks sections. - CLI/Policy artefacts must be present before enabling `cloud-openai` or `default` profiles for tenants; if missing, keep profiles disabled and record the reason in `Decisions & Risks`.