stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
108d1c64b323808d6085fca05818fc581c6b003a
git.stella-ops.org/docs/modules/concelier/advisory-ai-api.md
master 8355e2ff75
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Add initial implementation of Vulnerability Resolver Jobs 
- Created project for StellaOps.Scanner.Analyzers.Native.Tests with necessary dependencies.
- Documented roles and guidelines in AGENTS.md for Scheduler module.
- Implemented IResolverJobService interface and InMemoryResolverJobService for handling resolver jobs.
- Added ResolverBacklogNotifier and ResolverBacklogService for monitoring job metrics.
- Developed API endpoints for managing resolver jobs and retrieving metrics.
- Defined models for resolver job requests and responses.
- Integrated dependency injection for resolver job services.
- Implemented ImpactIndexSnapshot for persisting impact index data.
- Introduced SignalsScoringOptions for configurable scoring weights in reachability scoring.
- Added unit tests for ReachabilityScoringService and RuntimeFactsIngestionService.
- Created dotnet-filter.sh script to handle command-line arguments for dotnet.
- Established nuget-prime project for managing package downloads.
2025-11-18 07:52:15 +02:00

1.8 KiB
Raw Blame History

Advisory AI API (structured chunks)

Scope: /advisories/{advisoryKey}/chunks (Concelier WebService) · aligned with Sprint 0112 canonical model.

Response contract

{
  "advisoryKey": "CVE-2025-0001",
  "fingerprint": "<sha256 canonical advisory>",
  "total": 3,
  "truncated": false,
  "entries": [
    {
      "type": "workaround",                  // ordered by (type, observationPath, documentId)
      "chunkId": "c0ffee12",                // sha256(documentId|observationPath) first 8 bytes
      "content": { /* structured field payload */ },
      "provenance": {
        "documentId": "tenant-a:chunk:newest",   // Observation _id
        "observationPath": "/references/0",      // JSON Pointer into observation
        "source": "nvd",
        "kind": "workaround",
        "value": "tenant-a:chunk:newest",
        "recordedAt": "2025-01-07T00:00:00Z",
        "fieldMask": ["/references/0"]
      }
    }
  ]
}

Determinism & provenance

  • Sort entries by (type, observationPath, documentId) to keep cache keys stable across nodes.
  • Cache keys include the advisory fingerprint, chunk/observation limits, filters, and observation hashes.
  • Provenance anchors must always include both documentId and observationPath for Console/Attestor deep links and offline mirrors.

Query parameters

  • tenant (required): tenant id; must match authorization context.
  • limit, observations, minLength: bounded integers (see ConcelierOptions.AdvisoryChunks).
  • section, format: comma-separated filters (case-insensitive).

Compatibility notes

  • Mirrors and offline kits rely on fingerprint + chunkId to verify chunks without re-merging observations.
  • Field names mirror GHSA GraphQL and Cisco PSIRT openVuln payloads for downstream parity.