stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
ae69b1a8a1da7e0d01298f2ad94e60c2d3a007ca
git.stella-ops.org/docs/advisory-ai/console.md
master 536f6249a6
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add SBOM, symbols, traces, and VEX files for CVE-2022-21661 SQLi case 
- Created CycloneDX and SPDX SBOM files for both reachable and unreachable images.
- Added symbols.json detailing function entry and sink points in the WordPress code.
- Included runtime traces for function calls in both reachable and unreachable scenarios.
- Developed OpenVEX files indicating vulnerability status and justification for both cases.
- Updated README for evaluator harness to guide integration with scanner output.
2025-11-08 20:53:45 +02:00

2.6 KiB
Raw Blame History

Advisory AI Console Workflows

Last updated: 2025-11-07

This guide documents the forthcoming Advisory AI console experience so that console, docs, and QA guilds share a single reference while the new endpoints finish landing.

1. Entry points & navigation

  • Dashboard tile: Advisory AI card on the console overview routes to /console/vuln/advisory-ai once CONSOLE-VULN-29-001 ships. The tile must include the current model build stamp and data freshness time.
  • Deep links: Copy-as-ticket payloads link back into the console using /console/vex/{statementId} (CONSOLE-VEX-30-001). Provide fallbacks that open the Evidence modal with a toast if the workspace is still loading.

2. Evidence surfacing

Workflow Required API Notes
Findings overview GET /console/vuln/findings Must include policy verdict badge, VEX justification summary, and last-seen timestamps.
Evidence drawer GET /console/vex/statements/{id} Stream SSE chunk descriptions so long-form provenance renders progressively.
Copy as ticket POST /console/vuln/tickets Returns signed payload + attachment list for JIRA/ServiceNow templates.

3. Accessibility & offline requirements

  • Console screens must pass WCAG 2.2 AA contrast and provide focus order that matches the keyboard shortcuts planned for Advisory AI (see docs/advisory-ai/overview.md).
  • All screenshots captured for this doc must come from sealed-mode bundles (no external fonts/CDNs). Store them under docs/assets/advisory-ai/console/ with hashed filenames.
  • Modal dialogs need aria-describedby attributes referencing the explanation text returned by the API; translation strings must live with existing locale packs.

4. Copy-as-ticket guidance

  1. Operators select one or more VEX-backed findings.
  2. Console renders the sanitized payload (JSON) plus context summary for the receiving system.
  3. Users can download the payload or send it via webhook; both flows must log console.ticket.export events for audit.

5. Open items before publication

  • Replace placeholder API responses with captures from the first merged build of CONSOLE-VULN-29-001 / CONSOLE-VEX-30-001.
  • Capture at least two screenshots (list view + evidence drawer) once UI polish is complete.
  • Verify copy-as-ticket instructions with Support to ensure the payload fields align with existing SOC runbooks.

Tracking: DOCS-AIAI-31-004 (Docs Guild, Console Guild)

Reference: API contracts and sample payloads live in docs/api/console/workspaces.md (see /console/vuln/* and /console/vex/* sections) plus the JSON fixtures under docs/api/console/samples/.