stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 14 Releases Wiki Activity
Files
ba4c935182406c64d22111f005ecd9528bc27250
git.stella-ops.org/src/AdvisoryAI/StellaOps.AdvisoryAI/TASKS.md
master ba4c935182 feat: Enhance Authority Identity Provider Registry with Bootstrap Capability 
- Added support for bootstrap providers in AuthorityIdentityProviderRegistry.
- Introduced a new property for bootstrap providers and updated AggregateCapabilities.
- Updated relevant methods to handle bootstrap capabilities during provider registration.

feat: Introduce Sealed Mode Status in OpenIddict Handlers

- Added SealedModeStatusProperty to AuthorityOpenIddictConstants.
- Enhanced ValidateClientCredentialsHandler, ValidatePasswordGrantHandler, and ValidateRefreshTokenGrantHandler to validate sealed mode evidence.
- Implemented logic to handle airgap seal confirmation requirements.

feat: Update Program Configuration for Sealed Mode

- Registered IAuthoritySealedModeEvidenceValidator in Program.cs.
- Added logging for bootstrap capabilities in identity provider plugins.
- Implemented checks for bootstrap support in API endpoints.

chore: Update Tasks and Documentation

- Marked AUTH-MTLS-11-002 as DONE in TASKS.md.
- Updated documentation to reflect changes in sealed mode and bootstrap capabilities.

fix: Improve CLI Command Handlers Output

- Enhanced output formatting for command responses and prompts in CommandHandlers.cs.

feat: Extend Advisory AI Models

- Added Response property to AdvisoryPipelineOutputModel for better output handling.

fix: Adjust Concelier Web Service Authentication

- Improved JWT token handling in Concelier Web Service to ensure proper token extraction and logging.

test: Enhance Web Service Endpoints Tests

- Added detailed logging for authentication failures in WebServiceEndpointsTests.
- Enabled PII logging for better debugging of authentication issues.

feat: Introduce Air-Gap Configuration Options

- Added AuthorityAirGapOptions and AuthoritySealedModeOptions to StellaOpsAuthorityOptions.
- Implemented validation logic for air-gap configurations to ensure proper setup.
2025-11-09 12:18:14 +02:00

7.3 KiB
Raw Blame History

Advisory AI Task Board — Epic 8

ID Status Owner(s) Depends on Description Exit Criteria
AIAI-31-001 DONE (2025-11-02) Advisory AI Guild CONCELIER-VULN-29-001, EXCITITOR-VULN-29-001 Implement structured and vector retrievers for advisories/VEX with paragraph anchors and citation metadata. Retrievers return deterministic chunks with source IDs/sections; unit tests cover CSAF/OSV/vendor formats.
AIAI-31-002 DONE (2025-11-04) Advisory AI Guild, SBOM Service Guild SBOM-VULN-29-001 Build SBOM context retriever (purl version timelines, dependency paths, env flags, blast radius estimator). Retriever returns paths/metrics under SLA; tests cover ecosystems.
AIAI-31-003 DONE (2025-11-04) Advisory AI Guild AIAI-31-001..002 Implement deterministic toolset (version comparators, range checks, dependency analysis, policy lookup) exposed via orchestrator. Tools validated with property tests; outputs cached; docs updated.
AIAI-31-004 DONE (2025-11-04) Advisory AI Guild AIAI-31-001..003, AUTH-VULN-29-001 Build orchestration pipeline for Summary/Conflict/Remediation tasks (prompt templates, tool calls, token budgets, caching). Pipeline executes tasks deterministically; caches keyed by tuple+policy; integration tests cover tasks.
AIAI-31-004A DONE (2025-11-04) Advisory AI Guild, Platform Guild AIAI-31-004, AIAI-31-002 Wire AdvisoryPipelineOrchestrator into WebService/Worker, expose API/queue contracts, emit metrics, and stand up cache stub. API returns plan metadata; worker executes queue message; metrics recorded; doc updated.
AIAI-31-004B DONE (2025-11-06) Advisory AI Guild, Security Guild AIAI-31-004A, DOCS-AIAI-31-003, AUTH-AIAI-31-004 Implement prompt assembler, guardrail plumbing, cache persistence, DSSE provenance; add golden outputs. Deterministic outputs cached; guardrails enforced; tests cover prompt assembly + caching.
AIAI-31-004C DONE (2025-11-06) Advisory AI Guild, CLI Guild, Docs Guild AIAI-31-004B, CLI-AIAI-31-003 Deliver CLI stella advise run <task> command, renderers, documentation updates, and CLI golden tests. CLI command produces deterministic output; docs published; smoke run recorded.
AIAI-31-005 DONE (2025-11-04) Advisory AI Guild, Security Guild AIAI-31-004 Implement guardrails (redaction, injection defense, output validation, citation enforcement) and fail-safe handling. Guardrails block adversarial inputs; output validator enforces schemas; security tests pass.
AIAI-31-006 DONE (2025-11-04) Advisory AI Guild AIAI-31-004..005 Expose REST API endpoints (/advisory/ai/*) with RBAC, rate limits, OpenAPI schemas, and batching support. Endpoints deployed with schema validation; rate limits enforced; integration tests cover error codes.
AIAI-31-007 DONE (2025-11-06) Advisory AI Guild, Observability Guild AIAI-31-004..006 Instrument metrics (advisory_ai_latency, guardrail_blocks, validation_failures, citation_coverage), logs, and traces; publish dashboards/alerts. Telemetry live; dashboards approved; alerts configured.
AIAI-31-008 DOING (2025-11-08) Advisory AI Guild, DevOps Guild AIAI-31-006..007 Package inference on-prem container, remote inference toggle, Helm/Compose manifests, scaling guidance, offline kit instructions. Deployment docs merged; smoke deploy executed; offline kit updated; feature flags documented.
AIAI-31-010 DONE (2025-11-02) Advisory AI Guild CONCELIER-VULN-29-001, EXCITITOR-VULN-29-001 Implement Concelier advisory raw document provider mapping CSAF/OSV payloads into structured chunks for retrieval. Provider resolves content format, preserves metadata, and passes unit tests covering CSAF/OSV cases.
AIAI-31-011 DONE (2025-11-02) Advisory AI Guild EXCITITOR-LNM-21-201, EXCITITOR-CORE-AOC-19-002 Implement Excititor VEX document provider to surface structured VEX statements for vector retrieval. Provider returns conflict-aware VEX chunks with deterministic metadata and tests for representative statements.
AIAI-31-009 DONE (2025-11-08) Advisory AI Guild, QA Guild AIAI-31-001..006 Develop unit/golden/property/perf tests, injection harness, and regression suite; ensure determinism with seeded caches. Test suite green; golden outputs stored; injection tests pass; perf targets documented.

2025-11-02: AIAI-31-002 SBOM context domain models finalized with limiter guards; retriever tests now cover flag toggles and path dedupe. Service client integration still pending with SBOM guild. 2025-11-04: AIAI-31-002 Introduced SbomContextHttpClient, DI helper (AddSbomContext), and HTTP-mapping tests; retriever wired to typed client with tenant header support and deterministic query construction.

2025-11-02: AIAI-31-003 moved to DOING starting deterministic tooling surface (version comparators & dependency analysis). Added semantic-version + EVR comparators and published toolset interface; awaiting downstream wiring. 2025-11-04: AIAI-31-003 completed toolset wired via DI/orchestrator, SBOM context client available, and unit coverage for compare/range/dependency analysis extended.

2025-11-02: AIAI-31-004 started orchestration pipeline work begin designing summary/conflict/remediation workflow (deterministic sequence + cache keys). 2025-11-04: AIAI-31-004 DONE orchestrator composes structured/vector/SBOM context with stable cache keys and metadata (env flags, blast radius, dependency metrics); unit coverage via AdvisoryPipelineOrchestratorTests keeps determinism enforced.

2025-11-02: AIAI-31-004 orchestration prerequisites documented in docs/modules/advisory-ai/orchestration-pipeline.md (task breakdown 004A/004B/004C). 2025-11-04: AIAI-31-004A DONE WebService /v1/advisory-ai/pipeline/* + batch endpoints enqueue plans with rate limiting & scope headers, Worker drains filesystem queue, metrics/logging added, docs updated. Tests: dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --no-restore.

2025-11-04: AIAI-31-005 DONE guardrail pipeline redacts secrets, enforces citation/injection policies, emits block counters, and tests (AdvisoryGuardrailPipelineTests) cover redaction + citation validation.

2025-11-04: AIAI-31-006 DONE REST endpoints enforce header scopes, apply token bucket rate limiting, sanitize prompts via guardrails, and queue execution with cached metadata. Tests executed via dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --no-restore. 2025-11-06: AIAI-31-004B/C Resuming prompt/cache hardening and CLI integration; first focus on backend client wiring and deterministic CLI outputs before full suite. 2025-11-06: AIAI-31-004B/C DONE Advisory AI Mongo integration validated, backend client + CLI advise run wired, deterministic console renderer with provenance/guardrail display added, docs refreshed, and targeted CLI tests executed. 2025-11-08: AIAI-31-009 DONE Added prompt-injection harness, dual golden prompts (summary/conflict), cache determinism/property tests, partial citation telemetry coverage, and plan-cache expiry refresh validation; dotnet test src/AdvisoryAI/__Tests/StellaOps.AdvisoryAI.Tests/StellaOps.AdvisoryAI.Tests.csproj --no-build passes.