mAi Advisor™ - Intelligent Guidance System
"Not just findings—Intelligent guidance for every role."
Introduction
What is mAi Advisor™?
mAi Advisor™ is an intelligent guidance system that automatically transforms HTTP audit findings into actionable, role-specific recommendations. Rather than providing generic security reports, the advisor generates tailored guidance for six different audiences within your organization.
Why mAi Advisor™ Exists
Traditional audit reports provide excellent data about security issues but lack actionable guidance tailored to specific roles.
| Traditional Report | With mAi Advisor™ |
|---|---|
| Finding: "Missing HSTS header" Severity: High Impact: Users vulnerable to protocol downgrade attacks What now? → Everyone figures it out on their own |
Developer: Gets Spring Boot code example DevOps: Gets Nginx configuration QA: Gets test cases to verify Security: Gets threat analysis PM: Gets sprint planning estimates Executive: Gets risk summary |
When to Use mAi Advisor™
- Automatic Activation - During HTTP audit execution via
TS_HttpAssessment_JUnit - Manual Invocation - Standalone recommendation generation for custom scenarios
- Audience-Specific Reports NEW v2.2.0 - Configure target audience via
FW_HttpReporter
Architecture Overview
mAi Advisor™ consists of 7 core components working together to deliver intelligent guidance.
Core Components
| Component | Purpose |
|---|---|
FW_Advisor.java | Static facade API for easy integration |
FW_AdvisorEngine.java | Core processing engine |
FW_AdvisorTemplateLoader.java | JSON template management |
FW_AdvisorAudience.java | Audience taxonomy enumeration |
FW_AdvisorRecommendation.java | Recommendation data model |
FW_AdvisorTemplate.java | Template data structure |
FW_AdvisorFinding.java | Finding classification model |
Component Relationships
graph TB
A[FW_Advisor
Static Facade] --> B[FW_AdvisorEngine
Core Engine]
B --> C[FW_AdvisorTemplateLoader
Template Manager]
C --> D[JSON Templates
16+ templates]
B --> E[FW_AdvisorAudience
6 audiences]
B --> F[FW_AdvisorRecommendation
Output model]
I[FW_HttpReporter] --> B
I --> E
style A fill:#4a90d9
style B fill:#4a90d9
style C fill:#50c878
style D fill:#50c878
style E fill:#f5a623
style I fill:#9b59b6
JSON Template System
Templates are stored in src/test/java/framework/advisor/templates/ organized by category:
templates/
├── security/ (8 templates)
│ ├── hsts-missing.json
│ ├── csp-missing.json
│ ├── ssl-expired.json
│ └── ...
├── performance/ (3 templates)
├── compliance/ (2 templates)
└── infrastructure/ (3 templates)Two-Tier Recommendation Model
mAi Advisor™ uses a two-tier system to deliver appropriate content to each audience.
| Tier | Audience | Content |
|---|---|---|
| Tier 1: UNDERSTANDING | All Audiences | What's wrong, why it matters, impact, risk assessment |
| Tier 2: ACTION | Implementers Only | Step-by-step instructions, code examples, configurations, testing procedures |
Implementers vs Coordinators
| Role Type | Audiences | Receives |
|---|---|---|
| Implementers | Developer, DevOps, QA | Understanding + Action tiers |
| Coordinators | Security, PM, Executive | Understanding tier only |
Six Audience Types
| Audience | Role | Focus | Action Tier |
|---|---|---|---|
| DEVELOPER | Software Engineer | Code examples, testing procedures | ✅ Yes |
| OPS_INFRASTRUCTURE | DevOps Engineer | Server configs, deployment steps | ✅ Yes |
| QA_TESTER | QA Engineer | Test cases, validation procedures | ✅ Yes |
| SECURITY_ENGINEER | Security Specialist | Threat analysis, compliance | ❌ No |
| PROJECT_MANAGER | Project Coordinator | Effort estimates, sprint planning | ❌ No |
| EXECUTIVE | Business Leader | Risk assessment, cost estimates | ❌ No |
Using mAi Advisor™
Automatic Integration (Recommended)
// HTTP audit automatically triggers advisor
@Test
@Tag("audit")
@DisplayName("TC - Audit - HttpReview - Production")
public void tc_audit_httpreview_production() {
FW_CustomAssertJU.autoPass(
FW_AuditManager.INSTANCE.getAuditHttpReview()
.runAuditHttpReview("https://api.production.com", true)
);
// Reports automatically include mAi Advisor™ recommendations
}Direct API Usage
// Get recommendations for specific audience
List<FW_AdvisorRecommendation> recommendations = FW_Advisor
.getRecommendations(httpTransaction, FW_AdvisorAudience.DEVELOPER);
// Get recommendations for all audiences
Map<FW_AdvisorAudience, List<FW_AdvisorRecommendation>> allRecs = FW_Advisor
.getRecommendationsForAllAudiences(httpTransaction);
// Get executive summary
String summary = FW_Advisor.getExecutiveSummary(httpTransaction);Configuring Report Audience NEW v2.2.0
FW_Http http = FW_AuditManager.INSTANCE.performHttpAudit(url, false);
FW_HttpReporter reporter = new FW_HttpReporter();
// Configure for security team
reporter.setTargetAudience(FW_AdvisorAudience.SECURITY_ENGINEER);
reporter.setReportDepth(ReportDepth.STANDARD);
String securityReport = reporter.generateReport(http);
// Configure for executive briefing
reporter.setTargetAudience(FW_AdvisorAudience.EXECUTIVE);
reporter.setReportDepth(ReportDepth.EXECUTIVE);
String execReport = reporter.generateReport(http);Best Practices
Audience Selection Guide
| Purpose | Recommended Audience | Depth Level |
|---|---|---|
| Daily development work | DEVELOPER | STANDARD |
| Code review | DEVELOPER | COMPREHENSIVE |
| Security audit | SECURITY_ENGINEER | STANDARD |
| Executive briefing | EXECUTIVE | EXECUTIVE |
| Sprint planning | PROJECT_MANAGER | STANDARD |
| Deployment guide | OPS_INFRASTRUCTURE | STANDARD |
| Test planning | QA_TESTER | STANDARD |
Best Practices by Role
- Framework Maintainers - Keep templates updated quarterly, test code examples compile
- Test Writers - Use automatic mode, configure reports with
setTargetAudience() - Security Teams - Understand "0 recommendations" is expected for coordinator audiences
- Development Teams - Use DEVELOPER audience for framework-specific code examples
Troubleshooting
⚠️ Templates Not Loading
Verify template path: src/test/java/framework/advisor/templates/. Check file naming: [finding-type].json. Validate JSON syntax.
⚠️ Recommendations Not Generating
Verify advisorEnabled=true in properties. Check audit findings detected issues. Review logs for template errors.
ℹ️ "0 Recommendations" Appearing
This is often CORRECT behavior! Coordinator audiences (SECURITY, PM, EXECUTIVE) don't get action-tier recommendations. Templates target implementers (DEVELOPER, OPS, QA). Report still includes findings and understanding tier.
⚠️ Code Examples Don't Compile
Check framework version compatibility. Verify all required imports. Review framework documentation. Report template issues.
API Reference
FW_Advisor Static Methods
// Get recommendations for specific audience
List<FW_AdvisorRecommendation> getRecommendations(FW_Http http, FW_AdvisorAudience audience)
// Get recommendations for all audiences
Map<FW_AdvisorAudience, List<FW_AdvisorRecommendation>> getRecommendationsForAllAudiences(FW_Http http)
// Get executive summary
String getExecutiveSummary(FW_Http http)
// Check if advisor is enabled
boolean isEnabled()
// Get all available audiences
FW_AdvisorAudience[] getAllAudiences()
// Get implementer audiences only
FW_AdvisorAudience[] getImplementerAudiences()
// Get coordinator audiences only
FW_AdvisorAudience[] getCoordinatorAudiences()FW_HttpReporter Methods NEW v2.2.0
// Configure target audience
void setTargetAudience(FW_AdvisorAudience audience)
// Get current audience
FW_AdvisorAudience getTargetAudience()
// Configure report depth
void setReportDepth(ReportDepth depth)
// Get current depth
ReportDepth getReportDepth()
// Generate report
String generateReport(FW_Http transaction)Related Documentation
| Document | Description |
|---|---|
| HTTP Security Assessment | HTTP audit details and audience configuration |
| Network Diagnostics | Network testing |
| Test Development Guide | Using advisor in tests |
| Architecture Diagram | Layer 7 details |
| Advisor Flow Diagram | Visual workflow |
What's New in v1.1.0
- Audience Configuration in HTTP Reports - Integration with
FW_HttpReporter - "0 Recommendations" Documentation - Explanation of expected behavior
- Enhanced Usage Examples - Multi-audience batch generation
- Troubleshooting Guide Updates - Report size verification