stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
bf6ab6ba6fdb2125f87e8d0d4f82196b79c7a6fe
git.stella-ops.org/docs/modules/concelier/advisory-ai-api.md
master 8355e2ff75
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Add initial implementation of Vulnerability Resolver Jobs 
- Created project for StellaOps.Scanner.Analyzers.Native.Tests with necessary dependencies.
- Documented roles and guidelines in AGENTS.md for Scheduler module.
- Implemented IResolverJobService interface and InMemoryResolverJobService for handling resolver jobs.
- Added ResolverBacklogNotifier and ResolverBacklogService for monitoring job metrics.
- Developed API endpoints for managing resolver jobs and retrieving metrics.
- Defined models for resolver job requests and responses.
- Integrated dependency injection for resolver job services.
- Implemented ImpactIndexSnapshot for persisting impact index data.
- Introduced SignalsScoringOptions for configurable scoring weights in reachability scoring.
- Added unit tests for ReachabilityScoringService and RuntimeFactsIngestionService.
- Created dotnet-filter.sh script to handle command-line arguments for dotnet.
- Established nuget-prime project for managing package downloads.
2025-11-18 07:52:15 +02:00

48 lines
1.8 KiB
Markdown
Raw Blame History

# Advisory AI API (structured chunks)
**Scope:** `/advisories/{advisoryKey}/chunks` (Concelier WebService) · aligned with Sprint 0112 canonical model.
## Response contract
```jsonc
{
"advisoryKey": "CVE-2025-0001",
"fingerprint": "<sha256 canonical advisory>",
"total": 3,
"truncated": false,
"entries": [
{
"type": "workaround", // ordered by (type, observationPath, documentId)
"chunkId": "c0ffee12", // sha256(documentId|observationPath) first 8 bytes
"content": { /* structured field payload */ },
"provenance": {
"documentId": "tenant-a:chunk:newest", // Observation _id
"observationPath": "/references/0", // JSON Pointer into observation
"source": "nvd",
"kind": "workaround",
"value": "tenant-a:chunk:newest",
"recordedAt": "2025-01-07T00:00:00Z",
"fieldMask": ["/references/0"]
}
}
]
}
```
### Determinism & provenance
- Sort entries by `(type, observationPath, documentId)` to keep cache keys stable across nodes.
- Cache keys include the advisory `fingerprint`, chunk/observation limits, filters, and observation hashes.
- Provenance anchors must always include both `documentId` and `observationPath` for Console/Attestor deep links and offline mirrors.
### Query parameters
- `tenant` (required): tenant id; must match authorization context.
- `limit`, `observations`, `minLength`: bounded integers (see `ConcelierOptions.AdvisoryChunks`).
- `section`, `format`: comma-separated filters (case-insensitive).
### Compatibility notes
- Mirrors and offline kits rely on `fingerprint` + `chunkId` to verify chunks without re-merging observations.
- Field names mirror GHSA GraphQL and Cisco PSIRT openVuln payloads for downstream parity.
Reference in New Issue View Git Blame Copy Permalink