[codex] Add local-first vulnerability research#93
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR makes vulnerability assessment research “local-first” by introducing a local vulnerability intel provider (PatchHound/NVD/threat context) and refactoring PatchHound-managed external web research into a dedicated provider, with TenantAiResearchService orchestrating both.
Changes:
- Added
LocalVulnerabilityIntelResearchProviderand updated the assessment worker to include local intel context by default (and add external web search only when enabled). - Extracted the previous r.jina-based research logic into
ExternalWebSearchResearchProviderwith configurable search provider defaults viaAiResearchOptions. - Updated frontend copy + schema to reflect local-first behavior and introduced a new
TenantAiWebResearchMode.LocalVulnerabilityIntelenum value.
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/PatchHound.Tests/Infrastructure/TenantAiResearchServiceTests.cs | Extends tests to cover local intel bundling, provider selection, and options-driven search provider behavior. |
| src/PatchHound.Worker/VulnerabilityAssessmentWorker.cs | Injects vulnerability ID into research requests and composes local + optional external context for assessments. |
| src/PatchHound.Worker/appsettings.json | Adds default AiResearch:JinaSearchProvider. |
| src/PatchHound.Worker/appsettings.Development.json | Adds default AiResearch:JinaSearchProvider for development. |
| src/PatchHound.Infrastructure/Services/TenantAiResearchService.cs | Refactors into an orchestrator over local + external research providers. |
| src/PatchHound.Infrastructure/Services/LocalVulnerabilityIntelResearchProvider.cs | New provider that assembles local vulnerability intel context and sources from the DB/NVD cache. |
| src/PatchHound.Infrastructure/Services/ExternalWebSearchResearchProvider.cs | New provider containing r.jina-based search + page-fetch enrichment and URL filtering. |
| src/PatchHound.Infrastructure/Options/AiResearchOptions.cs | Adds options model and section name for research configuration. |
| src/PatchHound.Infrastructure/DependencyInjection.cs | Registers providers, options, and typed HttpClient for external research provider. |
| src/PatchHound.Core/Models/AiWebResearchRequest.cs | Extends request model with optional vulnerability IDs and provider selection. |
| src/PatchHound.Core/Enums/TenantAiWebResearchMode.cs | Adds LocalVulnerabilityIntel enum value. |
| src/PatchHound.Core/Enums/AiResearchProviderKind.cs | Introduces provider-kind enum for orchestrated research. |
| src/PatchHound.Api/appsettings.json | Adds default AiResearch:JinaSearchProvider. |
| src/PatchHound.Api/appsettings.Development.json | Adds default AiResearch:JinaSearchProvider for development. |
| frontend/src/components/features/settings/TenantAiSettingsPage.tsx | Updates UI copy and adds explanatory warning for PatchHound-managed external research. |
| frontend/src/api/ai-settings.schemas.ts | Expands Zod enum to include LocalVulnerabilityIntel. |
| CLAUDE.md | Updates GitNexus index stats. |
| AGENTS.md | Updates GitNexus index stats. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Behavior
Validation
dotnet test --filter "FullyQualifiedName~PatchHound.Tests.Infrastructure.TenantAiResearchServiceTests|FullyQualifiedName~PatchHound.Tests.Worker.IngestionWorkerTests"dotnet test PatchHound.slnx -v minimalnpm run typechecknpm run lintgit diff --checkdetect_changes(scope: staged)reported low risk and no affected execution flows