stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/advisoryai/ai-remedy-autopilot-with-multi-scm-pull-request-generation.md

3.4 KiB
Raw Blame History

AI Remedy Autopilot with Multi-SCM Pull Request Generation

Module

AdvisoryAI

Status

IMPLEMENTED

Description

AI-powered remediation service that generates fix plans (dependency bumps, base image upgrades, config changes, backport guidance), then creates PRs automatically across GitHub, GitLab, Azure DevOps, and Gitea via a unified SCM connector plugin architecture. Includes build verification, SBOM delta computation, signed delta verdicts, and fallback to "suggestion-only" when build/tests fail.

Implementation Details

  • Modules: src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/, src/AdvisoryAi/StellaOps.AdvisoryAI.Scm.Plugin.Unified/
  • Key Classes:
    • AiRemediationPlanner (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/AiRemediationPlanner.cs) - AI-driven remediation plan generation
    • RemediationDeltaService (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/RemediationDeltaService.cs) - computes SBOM delta for remediation impact
    • PrTemplateBuilder (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/PrTemplateBuilder.cs) - builds PR descriptions with evidence and delta info
    • GitHubPullRequestGenerator (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/GitHubPullRequestGenerator.cs) - generates PRs on GitHub
    • GitLabMergeRequestGenerator (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/GitLabMergeRequestGenerator.cs) - generates MRs on GitLab
    • AzureDevOpsPullRequestGenerator (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/AzureDevOpsPullRequestGenerator.cs) - generates PRs on Azure DevOps
    • GiteaScmConnector (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/ScmConnector/GiteaScmConnector.cs) - Gitea SCM integration
    • GitHubScmConnector (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/ScmConnector/GitHubScmConnector.cs) - GitHub SCM integration
    • GitLabScmConnector (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/ScmConnector/GitLabScmConnector.cs) - GitLab SCM integration
    • AzureDevOpsScmConnector (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/ScmConnector/AzureDevOpsScmConnector.cs) - Azure DevOps SCM integration
    • ScmConnectorCatalog (src/AdvisoryAi/StellaOps.AdvisoryAI/Remediation/ScmConnector/ScmConnectorCatalog.cs) - catalog of available SCM connectors
    • ScmPluginAdapter (src/AdvisoryAi/StellaOps.AdvisoryAI.Scm.Plugin.Unified/ScmPluginAdapter.cs) - unified plugin adapter for SCM operations
    • ScmPluginAdapterFactory (src/AdvisoryAi/StellaOps.AdvisoryAI.Scm.Plugin.Unified/ScmPluginAdapterFactory.cs) - factory for creating SCM plugin adapters
  • Interfaces: IRemediationPlanner, IPullRequestGenerator, IScmConnector, IPackageVersionResolver
  • Source: SPRINT_20251226_016_AI_remedy_autopilot.md

E2E Test Plan

  • Generate a remediation plan via AiRemediationPlanner for a known CVE and verify it includes dependency bump steps
  • Create a PR via GitHubPullRequestGenerator and verify PrTemplateBuilder populates the description with evidence
  • Verify RemediationDeltaService computes SBOM delta showing before/after dependency changes
  • Verify ScmConnectorCatalog resolves the correct connector (GitHub, GitLab, AzureDevOps, Gitea) based on repository URL
  • Verify ScmPluginAdapter creates branches, commits changes, and opens PRs through the unified plugin interface
  • Verify fallback to "suggestion-only" mode when build verification fails after applying the fix