git.stella-ops.org/docs/implplan/SPRINT_111_advisoryai.md

Sprint 111 - Ingestion & Evidence · 110.A) AdvisoryAI

Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).

[Ingestion & Evidence] 110.A) AdvisoryAI Depends on: Sprint 100.A - Attestor Summary: Ingestion & Evidence focus on AdvisoryAI.

Task ID	State	Task description	Owners (Source)
DOCS-AIAI-31-006	DONE (2025-11-13)	/docs/policy/assistant-parameters.md now documents inference modes, guardrail phrases, budgets, and cache/queue knobs (POLICY-ENGINE-31-001 inputs captured via AdvisoryAiServiceOptions).	Docs Guild, Policy Guild (docs)

2025-11-13: Published docs/policy/assistant-parameters.md, added env-var mapping tables, and linked the page from Advisory AI architecture so guild owners can trace DOCS-AIAI-31-006 to Sprint 111. DOCS-AIAI-31-008 | BLOCKED (2025-11-03) | Publish /docs/sbom/remediation-heuristics.md (feasibility scoring, blast radius). Dependencies: SBOM-AIAI-31-001. | Docs Guild, SBOM Service Guild (docs) DOCS-AIAI-31-009 | BLOCKED (2025-11-03) | Create /docs/runbooks/assistant-ops.md for warmup, cache priming, model outages, scaling. Dependencies: DEVOPS-AIAI-31-001. | Docs Guild, DevOps Guild (docs) SBOM-AIAI-31-003 | BLOCKED (2025-11-16) | Publish the Advisory AI hand-off kit for /v1/sbom/context, share base URL/API key + tenant header contract, and run a joint end-to-end retrieval smoke test with Advisory AI. Dependencies: SBOM-AIAI-31-001 (not yet delivered). | SBOM Service Guild, Advisory AI Guild (src/SbomService/StellaOps.SbomService) AIAI-31-008 | BLOCKED (2025-11-16) | Package inference on-prem container, remote inference toggle, Helm/Compose manifests, scaling guidance, offline kit instructions. Dependencies: AIAI-31-006..007 (done) plus DEVOPS-AIAI-31-001 runbook. | Advisory AI Guild, DevOps Guild (src/AdvisoryAI/StellaOps.AdvisoryAI) AIAI-31-009 | DONE (2025-11-12) | Develop unit/golden/property/perf tests, injection harness, and regression suite; ensure determinism with seeded caches. Dependencies: AIAI-31-001..006. | Advisory AI Guild, QA Guild (src/AdvisoryAI/StellaOps.AdvisoryAI) |

2025-11-03: WebService/Worker scaffolds created with in-memory cache/queue, minimal APIs (/api/v1/advisory/plan, /api/v1/advisory/queue), metrics counters, and plan cache instrumentation; worker processes queue using orchestrator. 2025-11-16: SBOM-AIAI-31-003 marked BLOCKED pending SBOM-AIAI-31-001 projection kit + smoke plan. 2025-11-16: AIAI-31-008 marked BLOCKED pending DEVOPS-AIAI-31-001 runbook for on-prem/remote packaging. 2025-11-04: SBOM base address now flows via SbomContextClientOptions.BaseAddress, worker emits queue/plan metrics, and orchestrator cache keys expanded to cover SBOM hash inputs. DOCS-AIAI-31-004 | BLOCKED (2025-11-16) | Create /docs/advisory-ai/console.md with screenshots, a11y notes, copy-as-ticket instructions. Dependencies: CONSOLE-VULN-29-001, CONSOLE-VEX-30-001, EXCITITOR-CONSOLE-23-001 (not yet delivered). | Docs Guild, Console Guild (docs) 2025-11-07: Draft doc committed (docs/advisory-ai/console.md) with workflow outline; screenshots will be added once CONSOLE-VULN-29-001 / CONSOLE-VEX-30-001 ship. 2025-11-16: DOCS-AIAI-31-004 marked BLOCKED; console widgets and Excititor feed endpoints still pending, cannot capture final screenshots/flows. 2025-11-08: Console endpoints are staffed (CONSOLE-VULN-29-001 / CONSOLE-VEX-30-001 DOING); still waiting on EXCITITOR-CONSOLE-23-001 feeds before capturing screenshots/tests. 2025-11-09: Guardrail/inference sections and offline playbooks documented; screenshot placeholders remain open. DOCS-AIAI-31-005 | BLOCKED (2025-11-03) | Publish /docs/advisory-ai/cli.md covering commands, exit codes, scripting patterns. Dependencies: CLI-VULN-29-001, CLI-VEX-30-001, AIAI-31-004C. | Docs Guild, DevEx/CLI Guild (docs) 2025-11-03: DOCS-AIAI-31-003 moved to DOING – drafting Advisory AI API reference (endpoints, rate limits, error model) for sprint 110. 2025-11-04: AIAI-31-005 DONE – guardrail pipeline redacts secrets, enforces citation/injection policies, emits block counters, and tests (AdvisoryGuardrailPipelineTests) cover redaction + citation validation. 2025-11-03: DOCS-AIAI-31-003 marked DONE – docs/advisory-ai/api.md published with scopes, request/response schemas, rate limits, and error catalogue (Docs Guild). 2025-11-03: DOCS-AIAI-31-001 marked DONE – docs/advisory-ai/overview.md published with value, personas, guardrails, observability, and roadmap checklists (Docs Guild). 2025-11-03: DOCS-AIAI-31-002 marked DONE – docs/advisory-ai/architecture.md published describing pipeline, deterministic tooling, caching, and profile governance (Docs Guild). 2025-11-03: DOCS-AIAI-31-004 marked BLOCKED – Console widgets/endpoints (CONSOLE-VULN-29-001, CONSOLE-VEX-30-001, EXCITITOR-CONSOLE-23-001) still pending; cannot document UI flows yet. 2025-11-03: DOCS-AIAI-31-005 marked BLOCKED – CLI implementation (stella advise run, CLI-VULN-29-001, CLI-VEX-30-001) plus AIAI-31-004C not shipped; doc blocked until commands exist. 2025-11-03: DOCS-AIAI-31-006 initially blocked (POLICY-ENGINE-31-001 pending); resolved 2025-11-13 once the guardrail/inference bindings shipped and the parameter doc landed. 2025-11-07: DOCS-AIAI-31-007 marked DONE – /docs/security/assistant-guardrails.md now documents redaction rules, blocked phrases, telemetry, and alert procedures. 2025-11-03: DOCS-AIAI-31-008 marked BLOCKED – Waiting on SBOM heuristics delivery (SBOM-AIAI-31-001). 2025-11-03: DOCS-AIAI-31-009 marked BLOCKED – DevOps runbook inputs (DEVOPS-AIAI-31-001) outstanding. 2025-11-03: Shipped /api/v1/advisory/{task} execution and /api/v1/advisory/outputs/{cacheKey} retrieval endpoints with guardrail integration, provenance hashes, and metrics (RBAC & rate limiting still pending Authority scope delivery). 2025-11-06: AIAI-31-007 completed – Advisory AI WebService/Worker emit latency histograms, guardrail/validation counters, citation coverage ratios, and OTEL spans; Grafana dashboard + burn-rate alerts refreshed.

2025-11-09: Guardrail harness converted to JSON fixtures + legacy payloads, property-style plan cache load tests added, and file-system cache/output suites cover seeded/offline scenarios. 2025-11-12: Guardrail/perf suite now enforces sub-400 ms budgets and binds AdvisoryAI:Guardrails configuration (prompt length, citation toggle, blocked phrase files) so Console surfaces can reflect ops-tuned budgets. 2025-11-02: AIAI-31-004 kicked off orchestration pipeline design – establishing deterministic task sequence (summary/conflict/remediation) and cache key strategy. 2025-11-02: AIAI-31-004 orchestration prerequisites documented in docs/modules/advisory-ai/orchestration-pipeline.md (tasks 004A/004B/004C). 2025-11-02: AIAI-31-003 moved to DOING – beginning deterministic tooling (comparators, dependency analysis) while awaiting SBOM context client. Semantic & EVR comparators shipped; toolset interface published for orchestrator adoption. 2025-11-04: AIAI-31-004 DONE – orchestrator composes evidence (structured/vector/SBOM) with stable cache keys, metadata, and hashing; tests keep determinism enforced. 2025-11-02: Structured + vector retrievers landed with deterministic CSAF/OSV/Markdown chunkers, deterministic hash embeddings, and unit coverage for sample advisories. 2025-11-02: SBOM context request/result models finalized; retriever tests now validate environment-flag toggles and dependency-path dedupe. SBOM guild to wire real context service client. 2025-11-04: AIAI-31-002 completed – AddSbomContext typed client registered in WebService/Worker, BaseAddress/tenant headers sourced from configuration, and retriever HTTP-mapping tests extended. 2025-11-04: AIAI-31-003 completed – deterministic toolset integrated with orchestrator cache, property/range tests broadened, and dependency analysis outputs now hashed for replay. 2025-11-04: AIAI-31-004A ongoing – WebService/Worker queue wiring emits initial metrics, SBOM context hashing feeds cache keys, and replay docs updated ahead of guardrail implementation.

Blockers & dependencies (2025-11-13)

Blocked item	Dependency	Owner(s)	Notes
DOCS-AIAI-31-004 (/docs/advisory-ai/console.md)	CONSOLE-VULN-29-001 · CONSOLE-VEX-30-001 · EXCITITOR-CONSOLE-23-001	Docs Guild · Console Guild	Screenshots + a11y copy cannot be captured until Console widgets + Excititor feeds ship.
DOCS-AIAI-31-005 (/docs/advisory-ai/cli.md)	CLI-VULN-29-001 · CLI-VEX-30-001 · AIAI-31-004C	Docs Guild · CLI Guild	CLI verbs + outputs not available; doc work paused.
DOCS-AIAI-31-008 (/docs/sbom/remediation-heuristics.md)	SBOM-AIAI-31-001	Docs Guild · SBOM Service Guild	Needs heuristics kit + API contract.
DOCS-AIAI-31-009 (/docs/runbooks/assistant-ops.md)	DEVOPS-AIAI-31-001	Docs Guild · DevOps Guild	Runbook automation steps pending DevOps guidance.
SBOM-AIAI-31-003 (/v1/sbom/context hand-off kit)	SBOM-AIAI-31-001	SBOM Service Guild · Advisory AI Guild	Requires base /v1/sbom/context projection + smoke test plan.
AIAI-31-008 (on-prem/remote inference packaging)	AIAI-31-006..007 (guardrail knobs, security guidance)	Advisory AI Guild · DevOps Guild	Needs finalized guardrail knob doc (done) plus DevOps runbooks before shipping containers/manifests.

Next actions (target: 2025-11-15)

Owner(s)	Action	Status
Docs Guild · Console Guild	Capture screenshot checklist + copy snippets for DOCS-AIAI-31-004 once Console widgets land; pre-draft alt text now.	Pending widgets
SBOM Service Guild	Publish SBOM-AIAI-31-001 projection doc + ETA for hand-off kit; unblock SBOM-AIAI-31-003 and remediation heuristics doc.	Pending
CLI Guild	Share outline of stella advise verbs (CLI-VULN/CLI-VEX) so docs can prep structure before GA.	Pending
DevOps Guild	Provide first draft of DEVOPS-AIAI-31-001 runbook so DOCS-AIAI-31-009 can start.	Pending
Advisory AI Guild	Scope packaging work for AIAI-31-008 (container manifests, Helm/Compose) now that guardrail knobs doc (DOCS-AIAI-31-006) is live.	In planning

Dependency watchlist

Dependency	Latest update	Impact
CONSOLE-VULN-29-001 / CONSOLE-VEX-30-001	DOING as of 2025-11-08; telemetry not yet exposed to docs.	Blocks DOCS-AIAI-31-004 screenshots + instructions.
EXCITITOR-CONSOLE-23-001	Not started (per Console backlog).	Required for console doc data feed references.
SBOM-AIAI-31-001	ETA requested during Sprint 110 follow-up (2025-11-14).	Gate for SBOM-AIAI-31-003 & DOCS-AIAI-31-008.
DEVOPS-AIAI-31-001	Awaiting runbook draft.	Gate for DOCS-AIAI-31-009 + AIAI-31-008 packaging guidance.

Standup prompts

1. Are Console owners on track to deliver widget screenshots/data before 2025-11-15 so DOCS-AIAI-31-004 can close?
2. Has SBOM-AIAI-31-001 published a projection kit and smoke-test plan to unlock SBOM-AIAI-31-003/DOCS-AIAI-31-008?
3. When will CLI-VULN-29-001 / CLI-VEX-30-001 expose a beta so DOCS-AIAI-31-005 can resume?
4. Does DevOps have a draft for DEVOPS-AIAI-31-001 (needed for DOCS-AIAI-31-009) and the packaging work in AIAI-31-008?

Risks (snapshot 2025-11-13)

Risk	Impact	Mitigation / owner
Console dependencies miss 2025-11-15	DOCS-AIAI-31-004 misses sprint goal, delaying Advisory AI UI documentation.	Escalate via Console stand-up; consider temporary mock screenshots if needed.
SBOM-AIAI-31-001 slips again	SBOM hand-off kit + remediation heuristics doc stay blocked, delaying customer enablement.	SBOM Guild to commit date during Sprint 110 follow-up; escalate if no date.
CLI backlog deprioritized	DOCS-AIAI-31-005 + CLI enablement slide.	Request interim CLI output samples; coordinate with CLI guild for priority.
DevOps runbook not ready	DOCS-AIAI-31-009 + packaging work (AIAI-31-008) suspended.	DevOps to share outline even if final automation pending; iterate doc in parallel.