semi implemented and features implemented save checkpoint

2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
--- a/docs/features/unchecked/taskrunner/pack-run-approval-gates.md
+++ b/docs/features/unchecked/taskrunner/pack-run-approval-gates.md
@@ -0,0 +1,29 @@
+# Pack Run Approval Gates
+
+## Module
+TaskRunner
+
+## Status
+IMPLEMENTED
+
+## Description
+Approval gate system for task packs with coordinator, decision service, state tracking, and gate state updating.
+
+## Implementation Details
+- **Approval coordinator**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunApprovalCoordinator.cs` -- orchestrates approval gate flow
+- **Approval state**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunApprovalState.cs` -- approval state tracking model
+- **Approval status**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunApprovalStatus.cs` -- approval status enum
+- **Approval store interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunApprovalStore.cs` -- approval persistence contract
+- **Gate state updater**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunGateStateUpdater.cs` -- updates gate states during execution
+- **Decision service**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/PackRunApprovalDecisionService.cs` -- processes approval decisions
+- **File-based store**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/FilePackRunApprovalStore.cs` -- file-backed approval persistence
+- **Postgres store**: `src/TaskRunner/__Libraries/StellaOps.TaskRunner.Persistence/Postgres/Repositories/PostgresPackRunApprovalStore.cs` -- PostgreSQL approval persistence
+- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunApprovalCoordinatorTests.cs`, `PackRunApprovalDecisionServiceTests.cs`, `PackRunGateStateUpdaterTests.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify approval gates block execution until approved
+- [ ] Test approval coordinator handles multi-approver gates
+- [ ] Verify gate state transitions (pending -> approved/rejected)
+- [ ] Test approval persistence survives service restart
+- [ ] Verify rejected gates prevent pack run continuation
--- a/docs/features/unchecked/taskrunner/pack-run-evidence-and-provenance.md
+++ b/docs/features/unchecked/taskrunner/pack-run-evidence-and-provenance.md
@@ -0,0 +1,32 @@
+# Pack Run Evidence and Provenance
+
+## Module
+TaskRunner
+
+## Status
+IMPLEMENTED
+
+## Description
+Evidence capture and provenance writing for pack runs, including attestation service for DSSE-signed provenance records.
+
+## Implementation Details
+- **Attestation service**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Attestation/IPackRunAttestationService.cs` -- DSSE-signed attestation contract
+- **Attestation model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Attestation/PackRunAttestation.cs` -- attestation record for pack runs
+- **Evidence snapshot service**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunEvidenceSnapshotService.cs` -- evidence snapshot capture
+- **Evidence snapshot model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/PackRunEvidenceSnapshot.cs` -- snapshot data model
+- **Evidence store**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunEvidenceStore.cs` -- evidence persistence contract
+- **Redaction guard**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunRedactionGuard.cs` -- sensitive data redaction
+- **Bundle import evidence**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/BundleImportEvidence.cs`, `IBundleImportEvidenceService.cs` -- air-gap bundle import evidence
+- **Provenance writer interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunProvenanceWriter.cs` -- provenance writing contract
+- **Provenance manifest factory**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/ProvenanceManifestFactory.cs` -- creates SLSA-compatible provenance manifests
+- **Filesystem provenance writer**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/FilesystemPackRunProvenanceWriter.cs`
+- **Postgres evidence store**: `src/TaskRunner/__Libraries/StellaOps.TaskRunner.Persistence/Postgres/Repositories/PostgresPackRunEvidenceStore.cs`
+- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunAttestationTests.cs`, `PackRunEvidenceSnapshotTests.cs`, `PackRunProvenanceWriterTests.cs`, `BundleImportEvidenceTests.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify DSSE-signed attestations are generated per pack run
+- [ ] Test evidence snapshot captures all execution artifacts
+- [ ] Verify provenance manifest includes SLSA-compatible metadata
+- [ ] Test redaction guard strips sensitive data from evidence
+- [ ] Verify bundle import evidence records air-gap import provenance
--- a/docs/features/unchecked/taskrunner/pack-run-execution-engine.md
+++ b/docs/features/unchecked/taskrunner/pack-run-execution-engine.md
@@ -0,0 +1,35 @@
+# Pack Run Execution Engine
+
+## Module
+TaskRunner
+
+## Status
+IMPLEMENTED
+
+## Description
+Full execution engine with graph-based execution planning, step state machine, and processor for running task packs.
+
+## Implementation Details
+- **Processor**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunProcessor.cs` -- main execution engine processor
+- **Processor result**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunProcessorResult.cs` -- execution result model
+- **Execution graph**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionGraph.cs` -- DAG-based execution planning
+- **Graph builder**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionGraphBuilder.cs` -- builds execution graphs from manifests
+- **Step state machine**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunStepStateMachine.cs` -- state transitions for individual steps
+- **Step executor interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunStepExecutor.cs` -- step execution contract
+- **Execution context**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionContext.cs` -- runtime context for execution
+- **State management**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunState.cs`, `PackRunStateFactory.cs` -- execution state tracking
+- **Job dispatcher**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunJobDispatcher.cs`, `IPackRunJobScheduler.cs` -- job scheduling and dispatch
+- **Simulation engine**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/Simulation/PackRunSimulationEngine.cs`, `PackRunSimulationModels.cs` -- dry-run simulation
+- **Telemetry**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/TaskRunnerTelemetry.cs` -- execution metrics
+- **Worker service**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Worker/Services/PackRunWorkerService.cs` -- background worker
+- **Infrastructure**: file-based and no-op step executors, dispatchers, artifact uploaders under `StellaOps.TaskRunner.Infrastructure/Execution/`
+- **Postgres state store**: `src/TaskRunner/__Libraries/StellaOps.TaskRunner.Persistence/Postgres/Repositories/PostgresPackRunStateStore.cs`, `PostgresPackRunLogStore.cs`
+- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunProcessorTests.cs`, `PackRunExecutionGraphBuilderTests.cs`, `PackRunStepStateMachineTests.cs`, `PackRunStateFactoryTests.cs`, `PackRunSimulationEngineTests.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify execution graph correctly orders steps based on dependencies
+- [ ] Test step state machine transitions (pending -> running -> completed/failed)
+- [ ] Verify processor handles step failures with configured retry/abort behavior
+- [ ] Test simulation engine produces accurate dry-run results
+- [ ] Verify execution state persists across service restarts
--- a/docs/features/unchecked/taskrunner/sealed-mode-install-enforcer.md
+++ b/docs/features/unchecked/taskrunner/sealed-mode-install-enforcer.md
@@ -0,0 +1,30 @@
+# Sealed-Mode Install Enforcer (Air-Gap Support)
+
+## Module
+TaskRunner
+
+## Status
+IMPLEMENTED
+
+## Description
+Enforcer for sealed/air-gap mode that ensures task pack installations comply with offline constraints and logs all install actions for audit.
+
+## Implementation Details
+- **Enforcer interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/ISealedInstallEnforcer.cs` -- sealed mode enforcement contract
+- **Enforcer implementation**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedInstallEnforcer.cs` -- validates installations comply with offline constraints
+- **Enforcement result**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedInstallEnforcementResult.cs` -- result model for enforcement checks
+- **Sealed mode status**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedModeStatus.cs` -- current sealed mode state
+- **Sealed requirements**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedRequirements.cs` -- requirements for sealed mode compliance
+- **Audit logger**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/ISealedInstallAuditLogger.cs` -- audit logging for install actions
+- **Air-gap status provider**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/IAirGapStatusProvider.cs` -- checks if system is in air-gap mode
+- **HTTP status provider**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/AirGap/HttpAirGapStatusProvider.cs` -- HTTP-based air-gap status check
+- **Bundle ingestion executor**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/BundleIngestionStepExecutor.cs` -- air-gap bundle ingestion step
+- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/SealedInstallEnforcerTests.cs`, `BundleIngestionStepExecutorTests.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify enforcer blocks network-dependent installations in sealed mode
+- [ ] Test sealed mode status detection via HTTP provider
+- [ ] Verify audit logger records all install actions in sealed mode
+- [ ] Test bundle ingestion step works in offline environment
+- [ ] Verify enforcement result reports compliance violations
--- a/docs/features/unchecked/taskrunner/taskpack-manifest-and-planning.md
+++ b/docs/features/unchecked/taskrunner/taskpack-manifest-and-planning.md
@@ -0,0 +1,30 @@
+# TaskPack Manifest and Planning
+
+## Module
+TaskRunner
+
+## Status
+IMPLEMENTED
+
+## Description
+Full task pack manifest system with loading, validation, planning, and plan hashing for deterministic execution verification.
+
+## Implementation Details
+- **Manifest model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/TaskPacks/TaskPackManifest.cs` -- task pack manifest schema
+- **Manifest loader**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/TaskPacks/TaskPackManifestLoader.cs` -- loads manifests from filesystem/storage
+- **Manifest validator**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/TaskPacks/TaskPackManifestValidator.cs` -- validates manifest structure and constraints
+- **Planner**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Planning/TaskPackPlanner.cs` -- creates execution plans from manifests
+- **Plan model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Planning/TaskPackPlan.cs` -- execution plan data model
+- **Plan hasher**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Planning/TaskPackPlanHasher.cs` -- deterministic plan hashing for verification
+- **Plan insights**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Planning/TaskPackPlanInsights.cs` -- planning insights and analysis
+- **Expressions**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Expressions/TaskPackExpressions.cs` -- expression evaluation for manifest conditions
+- **Canonical JSON**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Serialization/CanonicalJson.cs` -- deterministic JSON serialization for plan hashing
+- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/TaskPackPlannerTests.cs`, `TestManifests.cs`, `TestManifests.Egress.cs`
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- [ ] Verify manifest loading from filesystem
+- [ ] Test manifest validation catches invalid structures
+- [ ] Verify planner creates correct execution plans from manifests
+- [ ] Test deterministic plan hashing produces consistent hashes
+- [ ] Verify expression evaluation in manifest conditions
--- a/docs/features/unchecked/taskrunner/taskrunner-loop-and-conditional-step-kinds.md
+++ b/docs/features/unchecked/taskrunner/taskrunner-loop-and-conditional-step-kinds.md
@@ -0,0 +1,27 @@
+# TaskRunner Loop and Conditional Step Kinds
+
+## Module
+TaskRunner
+
+## Status
+IMPLEMENTED
+
+## Description
+Extended TaskRunner execution engine with loop and conditional step types, enabling iterative and branching task execution patterns beyond simple sequential flows.
+
+## Implementation Details
+- **Step state machine**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunStepStateMachine.cs` -- manages step state transitions including loop and conditional steps
+- **Execution graph**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionGraph.cs` -- DAG supports loop and conditional edges
+- **Graph builder**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionGraphBuilder.cs` -- builds graphs with loop/conditional nodes
+- **Expressions**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Expressions/TaskPackExpressions.cs` -- expression evaluation for conditional branching
+- **Manifest model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/TaskPacks/TaskPackManifest.cs` -- manifest supports loop and conditional step kind definitions
+- **Processor**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunProcessor.cs` -- processes loop iterations and conditional branches
+- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunStepStateMachineTests.cs`, `PackRunExecutionGraphBuilderTests.cs`, `PackRunProcessorTests.cs`
+- **Source**: SPRINT_0157_0001_0001_taskrunner_i.md
+
+## E2E Test Plan
+- [ ] Verify loop steps iterate the configured number of times
+- [ ] Test conditional steps branch based on expression evaluation
+- [ ] Verify loop step supports early exit on condition
+- [ ] Test nested loops and conditionals execute correctly
+- [ ] Verify execution graph handles loop back-edges without cycles
--- a/docs/features/unchecked/taskrunner/taskrunner-sdk-client-with-openapi.md
+++ b/docs/features/unchecked/taskrunner/taskrunner-sdk-client-with-openapi.md
@@ -0,0 +1,32 @@
+# TaskRunner SDK Client with OpenAPI
+
+## Module
+TaskRunner
+
+## Status
+IMPLEMENTED
+
+## Description
+Auto-generated SDK client for TaskRunner APIs with OpenAPI spec, deprecation middleware, and versioned endpoint support for external integrators.
+
+## Implementation Details
+- **Client interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/ITaskRunnerClient.cs` -- SDK client contract
+- **Client implementation**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/TaskRunnerClient.cs` -- HTTP client for TaskRunner APIs
+- **Client options**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/TaskRunnerClientOptions.cs` -- configurable client options
+- **DI extensions**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Extensions/TaskRunnerClientServiceCollectionExtensions.cs` -- DI registration
+- **Pack run models**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Models/PackRunModels.cs` -- client-side pack run models
+- **Lifecycle helper**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Lifecycle/PackRunLifecycleHelper.cs` -- pack run lifecycle management
+- **Pagination**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Pagination/Paginator.cs` -- paginated API result handling
+- **Streaming log reader**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Streaming/StreamingLogReader.cs` -- real-time log streaming
+- **OpenAPI metadata**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.WebService/OpenApiMetadataFactory.cs` -- OpenAPI spec generation
+- **Deprecation middleware**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.WebService/Deprecation/ApiDeprecationMiddleware.cs`, `ApiDeprecationOptions.cs`, `IDeprecationNotificationService.cs` -- API versioning and deprecation support
+- **WebService program**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.WebService/Program.cs` -- API host with OpenAPI endpoints
+- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/TaskRunnerClientTests.cs`, `OpenApiMetadataFactoryTests.cs`, `ApiDeprecationTests.cs`
+- **Source**: SPRINT_0157_0001_0001_taskrunner_i.md
+
+## E2E Test Plan
+- [ ] Verify SDK client can list, create, and manage pack runs
+- [ ] Test streaming log reader receives real-time execution logs
+- [ ] Verify OpenAPI spec is generated and accessible at /swagger endpoint
+- [ ] Test deprecation middleware returns correct headers for deprecated endpoints
+- [ ] Verify pagination handles large result sets correctly