stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/advisoryai/evidence-first-ai-outputs.md

3.1 KiB
Raw Blame History

Evidence-First AI Outputs (Citations, Evidence Packs)

Module

AdvisoryAI

Status

IMPLEMENTED

Description

Evidence bundle assembly with schema-validated JSON, data providers for citations, and evidence pack integration in chat responses is implemented.

Implementation Details

  • Modules: src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/
  • Key Classes:
    • EvidenceBundleAssembler (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/EvidenceBundleAssembler.cs) - assembles evidence bundles from multiple data providers
    • EvidencePackChatIntegration (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/EvidencePackChatIntegration.cs) - integrates evidence packs into chat responses
    • AttestationIntegration (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/AttestationIntegration.cs) - links evidence packs to attestation framework
    • SbomDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/SbomDataProvider.cs) - provides SBOM data for evidence bundles
    • VexDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/VexDataProvider.cs) - provides VEX data for evidence bundles
    • ReachabilityDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/ReachabilityDataProvider.cs) - provides reachability scoring data
    • PolicyDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/PolicyDataProvider.cs) - provides policy evaluation data
    • ProvenanceDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/ProvenanceDataProvider.cs) - provides provenance/SLSA data
    • FixDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/FixDataProvider.cs) - provides fix availability data
    • BinaryPatchDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/BinaryPatchDataProvider.cs) - provides binary patch analysis data
    • ContextDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/ContextDataProvider.cs) - provides contextual data
    • OpsMemoryDataProvider (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Assembly/Providers/OpsMemoryDataProvider.cs) - provides OpsMemory historical decision data
    • EvidencePackEndpoints (src/AdvisoryAi/StellaOps.AdvisoryAI.WebService/Endpoints/EvidencePackEndpoints.cs) - REST endpoints for evidence pack access
  • Interfaces: IEvidenceBundleAssembler
  • Source: Feature matrix scan

E2E Test Plan

  • Assemble an evidence bundle via EvidenceBundleAssembler and verify all data providers contribute relevant sections
  • Verify SbomDataProvider includes component version and license data in the evidence bundle
  • Verify VexDataProvider includes VEX status (affected/not_affected/fixed) for referenced CVEs
  • Verify ReachabilityDataProvider includes reachability scores and call-path evidence
  • Verify EvidencePackChatIntegration attaches evidence pack references to chat responses
  • Verify AttestationIntegration signs evidence packs with attestation metadata
  • Access evidence packs via EvidencePackEndpoints and verify schema-validated JSON output