stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

feat: Add new projects to solution and implement contract testing documentation

Browse Source 
- Added "StellaOps.Policy.Engine", "StellaOps.Cartographer", and "StellaOps.SbomService" projects to the StellaOps solution.
- Created AGENTS.md to outline the Contract Testing Guild Charter, detailing mission, scope, and definition of done.
- Established TASKS.md for the Contract Testing Task Board, outlining tasks for Sprint 62 and Sprint 63 related to mock servers and replay testing.
This commit is contained in:
master
2025-10-27 07:57:55 +02:00
parent 935ec9aa25
commit 2b7b88ca77
355 changed files with 17276 additions and 1160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/StellaOps.Orchestrator/AGENTS.md Normal file
View File

@@ -0,0 +1,18 @@
# StellaOps Orchestrator Service — Agent Charter
## Mission
Build and operate the Source & Job Orchestrator control plane described in Epic 9. Own scheduler, job state persistence, rate limiting, audit/provenance exports, and realtime streaming APIs while respecting the imposed rule: work of this type must be applied everywhere it belongs.
## Key Responsibilities
- Maintain deterministic Postgres schema/migrations for sources, runs, jobs, dag edges, artifacts, quotas, and schedules.
- Implement DAG planner, token-bucket rate limiting, watermark/backfill manager, dead-letter replay, and horizontal scale guards.
- Publish REST + WebSocket/SSE APIs powering Console/CLI, capture audit trails, and guard tenant isolation/RBAC scopes.
- Coordinate with Worker SDK, Concelier, Excititor, SBOM, Policy, VEX Lens, Findings Ledger, Authority, Console, CLI, DevOps, and Docs teams to keep integrations in sync.
## Module Layout
- `StellaOps.Orchestrator.Core/` — scheduler primitives, DAG models, rate limit policies.
- `StellaOps.Orchestrator.Infrastructure/` — Postgres DAL, queue integrations, telemetry shims.
- `StellaOps.Orchestrator.WebService/` — control-plane APIs (sources, runs, jobs, streams).
- `StellaOps.Orchestrator.Worker/` — execution coordinator / lease manager loops.
- `StellaOps.Orchestrator.Tests/` — unit tests for core/infrastructure concerns.
- `StellaOps.Orchestrator.sln` — solution bundling orchestrator components.

6
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Core/Class1.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace StellaOps.Orchestrator.Core;
public class Class1
{
}

18
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Core/StellaOps.Orchestrator.Core.csproj Normal file
View File

@@ -0,0 +1,18 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
</Project>

6
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Infrastructure/Class1.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace StellaOps.Orchestrator.Infrastructure;
public class Class1
{
}

28
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Infrastructure/StellaOps.Orchestrator.Infrastructure.csproj Normal file
View File

@@ -0,0 +1,28 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk">
<ItemGroup>
<ProjectReference Include="..\StellaOps.Orchestrator.Core\StellaOps.Orchestrator.Core.csproj"/>
</ItemGroup>
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
</Project>

135
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Tests/StellaOps.Orchestrator.Tests.csproj Normal file
View File

@@ -0,0 +1,135 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<IsPackable>false</IsPackable>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<UseConcelierTestInfra>false</UseConcelierTestInfra>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1"/>
<PackageReference Include="xunit.v3" Version="3.0.0"/>
<PackageReference Include="xunit.runner.visualstudio" Version="3.1.3"/>
</ItemGroup>
<ItemGroup>
<Content Include="xunit.runner.json" CopyToOutputDirectory="PreserveNewest"/>
</ItemGroup>
<ItemGroup>
<Using Include="Xunit"/>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\StellaOps.Orchestrator.Core\StellaOps.Orchestrator.Core.csproj"/>
<ProjectReference Include="..\StellaOps.Orchestrator.Infrastructure\StellaOps.Orchestrator.Infrastructure.csproj"/>
</ItemGroup>
</Project>

10
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Tests/UnitTest1.cs Normal file
View File

@@ -0,0 +1,10 @@
namespace StellaOps.Orchestrator.Tests;
public class UnitTest1
{
[Fact]
public void Test1()
{
}
}

3
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Tests/xunit.runner.json Normal file
View File

@@ -0,0 +1,3 @@
{
"$schema": "https://xunit.net/schema/current/xunit.runner.schema.json"
}

41
src/StellaOps.Orchestrator/StellaOps.Orchestrator.WebService/Program.cs Normal file
View File

@@ -0,0 +1,41 @@
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
builder.Services.AddOpenApi();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.MapOpenApi();
}
app.UseHttpsRedirection();
var summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
app.MapGet("/weatherforecast", () =>
{
var forecast = Enumerable.Range(1, 5).Select(index =>
new WeatherForecast
(
DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
Random.Shared.Next(-20, 55),
summaries[Random.Shared.Next(summaries.Length)]
))
.ToArray();
return forecast;
})
.WithName("GetWeatherForecast");
app.Run();
record WeatherForecast(DateOnly Date, int TemperatureC, string? Summary)
{
public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
}

23
src/StellaOps.Orchestrator/StellaOps.Orchestrator.WebService/Properties/launchSettings.json Normal file
View File

@@ -0,0 +1,23 @@
{
"$schema": "https://json.schemastore.org/launchsettings.json",
"profiles": {
"http": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": false,
"applicationUrl": "http://localhost:5151",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"https": {
"commandName": "Project",
"dotnetRunMessages": true,
"launchBrowser": false,
"applicationUrl": "https://localhost:7228;http://localhost:5151",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}

41
src/StellaOps.Orchestrator/StellaOps.Orchestrator.WebService/StellaOps.Orchestrator.WebService.csproj Normal file
View File

@@ -0,0 +1,41 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.0-rc.1.25451.107"/>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\StellaOps.Orchestrator.Core\StellaOps.Orchestrator.Core.csproj"/>
<ProjectReference Include="..\StellaOps.Orchestrator.Infrastructure\StellaOps.Orchestrator.Infrastructure.csproj"/>
</ItemGroup>
</Project>

6
src/StellaOps.Orchestrator/StellaOps.Orchestrator.WebService/StellaOps.Orchestrator.WebService.http Normal file
View File

@@ -0,0 +1,6 @@
@StellaOps.Orchestrator.WebService_HostAddress = http://localhost:5151
GET {{StellaOps.Orchestrator.WebService_HostAddress}}/weatherforecast/
Accept: application/json
###

8
src/StellaOps.Orchestrator/StellaOps.Orchestrator.WebService/appsettings.Development.json Normal file
View File

@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
}
}

9
src/StellaOps.Orchestrator/StellaOps.Orchestrator.WebService/appsettings.json Normal file
View File

@@ -0,0 +1,9 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*"
}

7
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Worker/Program.cs Normal file
View File

@@ -0,0 +1,7 @@
using StellaOps.Orchestrator.Worker;
var builder = Host.CreateApplicationBuilder(args);
builder.Services.AddHostedService<Worker>();
var host = builder.Build();
host.Run();

12
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Worker/Properties/launchSettings.json Normal file
View File

@@ -0,0 +1,12 @@
{
"$schema": "https://json.schemastore.org/launchsettings.json",
"profiles": {
"StellaOps.Orchestrator.Worker": {
"commandName": "Project",
"dotnetRunMessages": true,
"environmentVariables": {
"DOTNET_ENVIRONMENT": "Development"
}
}
}
}

43
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Worker/StellaOps.Orchestrator.Worker.csproj Normal file
View File

@@ -0,0 +1,43 @@
<?xml version="1.0" ?>
<Project Sdk="Microsoft.NET.Sdk.Worker">
<PropertyGroup>
<UserSecretsId>dotnet-StellaOps.Orchestrator.Worker-6d276def-9e32-43e0-bca8-9699cd1ae20d</UserSecretsId>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>preview</LangVersion>
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.0-rc.1.25451.107"/>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\StellaOps.Orchestrator.Core\StellaOps.Orchestrator.Core.csproj"/>
<ProjectReference Include="..\StellaOps.Orchestrator.Infrastructure\StellaOps.Orchestrator.Infrastructure.csproj"/>
</ItemGroup>
</Project>

16
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Worker/Worker.cs Normal file
View File

@@ -0,0 +1,16 @@
namespace StellaOps.Orchestrator.Worker;
public class Worker(ILogger<Worker> logger) : BackgroundService
{
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
if (logger.IsEnabled(LogLevel.Information))
{
logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
}
await Task.Delay(1000, stoppingToken);
}
}
}

8
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Worker/appsettings.Development.json Normal file
View File

@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}

8
src/StellaOps.Orchestrator/StellaOps.Orchestrator.Worker/appsettings.json Normal file
View File

@@ -0,0 +1,8 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}

90
src/StellaOps.Orchestrator/StellaOps.Orchestrator.sln Normal file
View File

@@ -0,0 +1,90 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.0.31903.59
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.Orchestrator.Core", "StellaOps.Orchestrator.Core\StellaOps.Orchestrator.Core.csproj", "{463C8A77-52BB-4282-BCED-F8D62BAE0528}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.Orchestrator.Infrastructure", "StellaOps.Orchestrator.Infrastructure\StellaOps.Orchestrator.Infrastructure.csproj", "{C0DE4E60-7554-406A-8119-7F5714A604E3}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.Orchestrator.WebService", "StellaOps.Orchestrator.WebService\StellaOps.Orchestrator.WebService.csproj", "{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.Orchestrator.Worker", "StellaOps.Orchestrator.Worker\StellaOps.Orchestrator.Worker.csproj", "{38BC487F-11C6-4397-9654-D54AE7EE08DD}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "StellaOps.Orchestrator.Tests", "StellaOps.Orchestrator.Tests\StellaOps.Orchestrator.Tests.csproj", "{8F0989E8-8666-4D37-8E50-E84602237A83}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Debug|Any CPU.Build.0 = Debug|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Debug|x64.ActiveCfg = Debug|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Debug|x64.Build.0 = Debug|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Debug|x86.ActiveCfg = Debug|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Debug|x86.Build.0 = Debug|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Release|Any CPU.ActiveCfg = Release|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Release|Any CPU.Build.0 = Release|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Release|x64.ActiveCfg = Release|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Release|x64.Build.0 = Release|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Release|x86.ActiveCfg = Release|Any CPU
{463C8A77-52BB-4282-BCED-F8D62BAE0528}.Release|x86.Build.0 = Release|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Debug|x64.ActiveCfg = Debug|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Debug|x64.Build.0 = Debug|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Debug|x86.ActiveCfg = Debug|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Debug|x86.Build.0 = Debug|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Release|Any CPU.Build.0 = Release|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Release|x64.ActiveCfg = Release|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Release|x64.Build.0 = Release|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Release|x86.ActiveCfg = Release|Any CPU
{C0DE4E60-7554-406A-8119-7F5714A604E3}.Release|x86.Build.0 = Release|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Debug|Any CPU.Build.0 = Debug|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Debug|x64.ActiveCfg = Debug|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Debug|x64.Build.0 = Debug|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Debug|x86.ActiveCfg = Debug|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Debug|x86.Build.0 = Debug|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Release|Any CPU.ActiveCfg = Release|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Release|Any CPU.Build.0 = Release|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Release|x64.ActiveCfg = Release|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Release|x64.Build.0 = Release|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Release|x86.ActiveCfg = Release|Any CPU
{A9D6DF47-5CAF-4E07-BC44-19ABE7D8CDD9}.Release|x86.Build.0 = Release|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Debug|Any CPU.Build.0 = Debug|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Debug|x64.ActiveCfg = Debug|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Debug|x64.Build.0 = Debug|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Debug|x86.ActiveCfg = Debug|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Debug|x86.Build.0 = Debug|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Release|Any CPU.ActiveCfg = Release|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Release|Any CPU.Build.0 = Release|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Release|x64.ActiveCfg = Release|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Release|x64.Build.0 = Release|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Release|x86.ActiveCfg = Release|Any CPU
{38BC487F-11C6-4397-9654-D54AE7EE08DD}.Release|x86.Build.0 = Release|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Debug|x64.ActiveCfg = Debug|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Debug|x64.Build.0 = Debug|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Debug|x86.ActiveCfg = Debug|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Debug|x86.Build.0 = Debug|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Release|Any CPU.Build.0 = Release|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Release|x64.ActiveCfg = Release|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Release|x64.Build.0 = Release|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Release|x86.ActiveCfg = Release|Any CPU
{8F0989E8-8666-4D37-8E50-E84602237A83}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

75
src/StellaOps.Orchestrator/TASKS.md Normal file
View File

@@ -0,0 +1,75 @@
# Orchestrator Service Task Board — Epic 9: Source & Job Orchestrator Dashboard
## Sprint 32 Foundations (Read-Only)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-32-001 | TODO | Orchestrator Service Guild | DEVOPS-ORCH-32-001 | Bootstrap service project, configuration, and Postgres schema/migrations for `sources`, `runs`, `jobs`, `dag_edges`, `artifacts`, `quotas`, `schedules`. | Service builds/tests; migrations generated with repeatable scripts; baseline integration test seeds schema; compliance checklist recorded. |
| ORCH-SVC-32-002 | TODO | Orchestrator Service Guild | ORCH-SVC-32-001 | Implement scheduler DAG planner + dependency resolver, job state machine, and critical-path metadata without yet issuing control actions. | DAG builder passes unit/property tests; job states transition per spec; deterministic hashes recorded; docs updated in code comments. |
| ORCH-SVC-32-003 | TODO | Orchestrator Service Guild | ORCH-SVC-32-001 | Expose read-only REST APIs (sources, runs, jobs, DAG) with OpenAPI, validation, pagination, and tenant scoping. | Endpoints return deterministic responses; OpenAPI published; contract tests cover filters/pagination; lint passes. |
| ORCH-SVC-32-004 | TODO | Orchestrator Service Guild | ORCH-SVC-32-002, ORCH-SVC-32-003 | Implement WebSocket/SSE stream for job/run updates, emit structured metrics counters/histograms, and add health probes. | SSE stream proven with integration test; metrics registered in Prometheus exporter; health endpoints wired; docstrings reference event schema. |
| ORCH-SVC-32-005 | TODO | Orchestrator Service Guild | ORCH-SVC-32-001, WORKER-GO-32-001, WORKER-PY-32-001 | Deliver worker claim/heartbeat/progress endpoints capturing artifact metadata/checksums and enforcing idempotency keys. | Claim/heartbeat/progress endpoints pass integration tests with Go/Python sample workers; artifact metadata persisted; idempotency violations rejected with `ERR_ORCH_4xx`; docs note imposed rule. |
## Sprint 33 Controls & Recovery
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-33-001 | TODO | Orchestrator Service Guild | ORCH-SVC-32-003, AUTH-ORCH-33-001 | Enable `sources test|pause|resume|sync-now` and `jobs retry|cancel|prioritize` actions with audit logging, RBAC enforcement, and optimistic concurrency. | Actions mutate state deterministically; audit entries include operator, reason, ticket; integration tests cover happy/error paths; CLI/Console smoke pass. |
| ORCH-SVC-33-002 | TODO | Orchestrator Service Guild | ORCH-SVC-32-002, DEVOPS-ORCH-33-001 | Implement per-source/tenant adaptive token-bucket rate limiter, concurrency caps, and backpressure signals reacting to upstream 429/503. | Rate limiter configurable via API; metrics expose tokens available; simulated 429 storm reduces issuance ≥80%; tests exercise cooldown logic. |
| ORCH-SVC-33-003 | TODO | Orchestrator Service Guild | ORCH-SVC-32-002, WORKER-GO-33-001, WORKER-PY-33-001 | Add watermark/backfill manager with event-time windows, duplicate suppression, dry-run preview endpoint, and safety validations. | Backfill preview API returns window coverage; executed backfills avoid duplicate artifacts (hash equality); tests cover skew/overlap; docs updated. |
| ORCH-SVC-33-004 | TODO | Orchestrator Service Guild | ORCH-SVC-32-004 | Deliver dead-letter store, replay endpoints, and error classification surfaces with remediation hints + notification hooks. | Dead-letter entries persisted with error class + payload refs; replay moves jobs to queues; metrics/logs emitted; documentation references remediation guide. |
## Sprint 34 Backfills, Quotas & GA
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-34-001 | TODO | Orchestrator Service Guild | ORCH-SVC-33-001, ORCH-SVC-33-002 | Implement quota management APIs, per-tenant SLO burn-rate computation, and alert budget tracking surfaced via metrics. | Quotas CRUD endpoints live with RBAC; burn-rate metrics published; alerts hooked (DEVOPS-ORCH-34-001); unit/integration tests cover overage scenarios. |
| ORCH-SVC-34-002 | TODO | Orchestrator Service Guild | ORCH-SVC-33-004, LEDGER-34-101 | Build audit log + immutable run ledger export with signed manifest support, including provenance chain to artifacts. | Ledger export produces signed manifest; hash chain verified; integration test links to Findings Ledger; docs cross-link to run-ledger doc. |
| ORCH-SVC-34-003 | TODO | Orchestrator Service Guild | ORCH-SVC-32-004, ORCH-SVC-33-002 | Execute perf/scale validation (≥10k pending jobs, dispatch P95 <150ms) and add autoscaling hooks with health probes. | Load test report committed; autoscale recommendations documented; health probes wired; perf regression guard added to CI. |
| ORCH-SVC-34-004 | TODO | Orchestrator Service Guild | ORCH-SVC-34-001..003, DEPLOY-ORCH-34-001 | Package orchestrator container, Helm overlays, offline bundle seeds, provenance attestations, and compliance checklist for GA. | Container built with SBOM/attestation; Helm/Compose overlays committed; offline bundle instructions validated; launch readiness checklist signed. |
## Export Center Integration
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-35-101 | TODO | Orchestrator Service Guild | EXPORT-SVC-35-001 | Register `export` job type with quotas/rate policies, expose telemetry, and ensure exporter workers heartbeat via orchestrator contracts. | Job type available; metrics emitted; integration test with exporter worker passes. |
| ORCH-SVC-36-101 | TODO | Orchestrator Service Guild | ORCH-SVC-35-101, EXPORT-SVC-36-003 | Capture distribution metadata and retention timestamps for export jobs, updating dashboards and SSE payloads. | Distribution state persisted; SSE includes distribution progress; dashboards updated. |
| ORCH-SVC-37-101 | TODO | Orchestrator Service Guild | ORCH-SVC-36-101, EXPORT-SVC-37-003 | Enable scheduled export runs, retention pruning hooks, and failure alerting tied to export job class. | Schedules trigger exports; retention API operational; alerts configured; tests cover failure alerting. |
## Notifications Studio Integration
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-38-101 | TODO | Orchestrator Service Guild | | Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. | Event schema documented; idempotency keys enforced; notifier integration tests consume events; metrics updated. |
## CLI Parity & Task Packs Integration
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-41-101 | TODO | Orchestrator Service Guild | AUTH-PACKS-41-001 | Register `pack-run` job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. | Pack job type available; logs/artifacts stored; API documented; CLI E2E test passes. |
| ORCH-SVC-42-101 | TODO | Orchestrator Service Guild | ORCH-SVC-41-101, TASKRUN-41-001 | Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. | Log stream operational; manifests accessible; quotas enforced; events published; tests cover flows. |
## Authority-Backed Scopes & Tenancy (Epic 14)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-TEN-48-001 | TODO | Orchestrator Service Guild | WEB-TEN-47-001 | Include `tenant_id`/`project_id` in job specs, set DB session context before processing, enforce context on all queries, and reject jobs missing tenant metadata. | Jobs stamped with tenant/project; RLS respected; tests cover missing context rejection. |
## Observability & Forensics (Epic 15)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-OBS-50-001 | TODO | Orchestrator Service Guild, Observability Guild | TELEMETRY-OBS-50-001, TELEMETRY-OBS-50-002 | Wire `StellaOps.Telemetry.Core` into orchestrator host, instrument schedulers and control APIs with trace spans, structured logs, and exemplar metrics. Ensure tenant/job metadata recorded for every span/log. | Telemetry emitted on happy/error paths; integration tests assert trace propagation to worker payloads; log field contract validated. |
| ORCH-OBS-51-001 | TODO | Orchestrator Service Guild, DevOps Guild | ORCH-OBS-50-001, TELEMETRY-OBS-51-001 | Publish golden-signal metrics (dispatch latency, queue depth, failure rate), define job/tenant SLOs, and emit burn-rate alerts to collector + Notifications. Provide Grafana dashboards + alert rules. | Metrics visible in dashboards; burn-rate alerts trigger in staging; documentation updated with thresholds and runbooks. |
| ORCH-OBS-52-001 | TODO | Orchestrator Service Guild | ORCH-OBS-50-001, TIMELINE-OBS-52-002 | Emit `timeline_event` objects for job lifecycle (`job.scheduled`, `job.started`, `job.completed`, `job.failed`) including trace IDs, run IDs, tenant/project, and causal metadata. Add contract tests and Kafka/NATS emitter with retries. | Timeline events verified against fixtures; duplicates suppressed; failure retries logged; docs reference schema. |
| ORCH-OBS-53-001 | TODO | Orchestrator Service Guild, Evidence Locker Guild | ORCH-OBS-52-001, EVID-OBS-53-002 | Generate job capsule inputs for evidence locker (payload digests, worker image, config hash, log manifest) and invoke locker snapshot hooks on completion/failure. Ensure redaction guard enforced. | Evidence snapshots created for sample jobs; manifests deterministic; secret redaction tests pass; documentation updated. |
| ORCH-OBS-54-001 | TODO | Orchestrator Service Guild, Provenance Guild | ORCH-OBS-53-001, PROV-OBS-53-002 | Produce DSSE attestations for orchestrator-scheduled jobs (subject = job capsule) and store references in timeline + evidence locker. Provide verification endpoint `/jobs/{id}/attestation`. | Attestations generated and verified in integration tests; timeline links added; docs updated. |
| ORCH-OBS-55-001 | TODO | Orchestrator Service Guild, DevOps Guild | ORCH-OBS-51-001, TELEMETRY-OBS-55-001, DEVOPS-OBS-55-001 | Implement incident mode hooks (sampling overrides, extended retention, additional debug spans) and automatic activation on SLO burn-rate breach. Emit activation/deactivation events to timeline + Notifier. | Incident mode triggers automatically in staging; manual override API documented; events observed in timeline and notifications. |
## Air-Gapped Mode (Epic 16)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-AIRGAP-56-001 | TODO | Orchestrator Service Guild, AirGap Policy Guild | AIRGAP-POL-56-001, TASKRUN-OBS-50-001 | Enforce job descriptors to declare network intents; reject or flag any external endpoints in sealed mode before scheduling. | Validator prevents forbidden jobs; errors return remediation guidance; tests cover allow/deny cases. |
| ORCH-AIRGAP-56-002 | TODO | Orchestrator Service Guild, AirGap Controller Guild | ORCH-AIRGAP-56-001, AIRGAP-CTL-56-002 | Surface sealing status and time staleness in job scheduling decisions; block runs when staleness budgets exceeded. | Scheduler checks status API; blocked runs emit timeline + notification; tests cover stale vs fresh. |
| ORCH-AIRGAP-57-001 | TODO | Orchestrator Service Guild, Mirror Creator Guild | ORCH-AIRGAP-56-001, MIRROR-CRT-58-002 | Add job type `mirror.bundle` to orchestrate bundle creation in connected environments with audit + provenance outputs. | Job type defined; export center integration validated; timeline events emitted. |
| ORCH-AIRGAP-58-001 | TODO | Orchestrator Service Guild, Evidence Locker Guild | ORCH-OBS-53-001, EVID-OBS-55-001 | Capture import/export operations as timeline/evidence entries, ensuring chain-of-custody for mirror + portable evidence jobs. | Evidence snapshots created; timeline references bundle/job IDs; integration tests pass. |
## SDKs & OpenAPI (Epic 17)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-OAS-61-001 | TODO | Orchestrator Service Guild, API Contracts Guild | OAS-61-001 | Document orchestrator endpoints in per-service OAS with standardized pagination, idempotency, and error envelope examples. | Spec covers all orchestrator endpoints; lint passes; examples validated. |
| ORCH-OAS-61-002 | TODO | Orchestrator Service Guild | ORCH-OAS-61-001 | Implement `GET /.well-known/openapi` in service and ensure version metadata aligns with runtime build. | Discovery endpoint live; integration test verifies schema + headers. |
| ORCH-OAS-62-001 | TODO | Orchestrator Service Guild, SDK Generator Guild | ORCH-OAS-61-001, SDKGEN-63-001 | Ensure SDK paginators and operations support orchestrator job operations; add SDK smoke tests for schedule/retry APIs. | SDK integration tests cover orchestrator flows; CLI reuses SDK methods. |
| ORCH-OAS-63-001 | TODO | Orchestrator Service Guild, API Governance Guild | APIGOV-63-001 | Emit deprecation headers and documentation for legacy orchestrator endpoints; update notifications metadata. | Deprecated endpoints include headers + docs; Notifications triggered in staging. |