Add unit tests and logging infrastructure for InMemory and RabbitMQ transports

- Implemented RecordingLogger and RecordingLoggerFactory for capturing log entries in tests.
- Added unit tests for InMemoryChannel, covering constructor behavior, property assignments, channel communication, and disposal.
- Created InMemoryTransportOptionsTests to validate default values and customizable options for InMemory transport.
- Developed RabbitMqFrameProtocolTests to ensure correct parsing and property creation for RabbitMQ frames.
- Added RabbitMqTransportOptionsTests to verify default settings and customization options for RabbitMQ transport.
- Updated project files for testing libraries and dependencies.

docs/task-packs/packs-offline-bundle.schema.json

@@ -0,0 +1,125 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "title": "StellaOps Task Pack Offline Bundle",
+  "description": "Canonical offline bundle manifest for Task Packs; used by verify_offline_bundle.py and TaskRunner evidence checks.",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "schemaVersion",
+    "pack",
+    "plan",
+    "evidence",
+    "security",
+    "hashes",
+    "slo",
+    "tenant",
+    "environment",
+    "created"
+  ],
+  "properties": {
+    "schemaVersion": {
+      "type": "string",
+      "const": "stellaops.pack.offline-bundle.v1"
+    },
+    "pack": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["name", "version", "bundle", "digest", "sbom"],
+      "properties": {
+        "name": { "type": "string", "minLength": 1 },
+        "version": { "type": "string", "minLength": 1 },
+        "bundle": { "type": "string", "description": "Relative path to the pack bundle tarball or OCI layout." },
+        "digest": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
+        "registry": { "type": "string", "description": "Logical registry identifier or OCI reference." },
+        "sbom": { "type": "string", "description": "Relative path to CycloneDX/SBOM document for the pack bundle." }
+      }
+    },
+    "plan": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["hashAlgorithm", "hash", "canonicalPlanPath", "inputsLock"],
+      "properties": {
+        "hashAlgorithm": { "type": "string", "enum": ["sha256"] },
+        "hash": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
+        "canonicalPlanPath": { "type": "string", "description": "Normalized JSON plan used to compute plan hash." },
+        "inputsLock": { "type": "string", "description": "Deterministic lock of resolved inputs/secrets (hashed, redacted)." },
+        "rngSeed": { "type": "string", "description": "Seed derived from plan hash for deterministic RNG." },
+        "timestampSource": { "type": "string", "enum": ["utc-iso8601"], "description": "Time source requirement." }
+      }
+    },
+    "evidence": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["attestation", "approvalsLedger"],
+      "properties": {
+        "attestation": { "type": "string", "description": "DSSE payload binding run to plan hash." },
+        "approvalsLedger": { "type": "string", "description": "DSSE-signed approvals ledger with Authority claims." },
+        "timeline": { "type": "string", "description": "Optional timeline NDJSON for steps/policy events." }
+      }
+    },
+    "security": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["sandbox", "revocations", "signatures", "secretsRedactionPolicy"],
+      "properties": {
+        "sandbox": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["mode", "egressAllowlist", "cpuLimitMillicores", "memoryLimitMiB"],
+          "properties": {
+            "mode": { "type": "string", "enum": ["sealed", "restricted"] },
+            "egressAllowlist": {
+              "type": "array",
+              "items": { "type": "string" }
+            },
+            "cpuLimitMillicores": { "type": "integer", "minimum": 1 },
+            "memoryLimitMiB": { "type": "integer", "minimum": 1 },
+            "quotaSeconds": { "type": "integer", "minimum": 1 }
+          }
+        },
+        "revocations": { "type": "string", "description": "Revocation list for pack versions/digests." },
+        "signatures": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": ["bundleDsse", "attestationDsse"],
+          "properties": {
+            "bundleDsse": { "type": "string" },
+            "attestationDsse": { "type": "string" },
+            "registryCertChain": { "type": "string" }
+          }
+        },
+        "secretsRedactionPolicy": { "type": "string", "description": "Policy document describing hashing/redaction of secrets." }
+      }
+    },
+    "hashes": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "required": ["path", "algorithm", "digest"],
+        "properties": {
+          "path": { "type": "string" },
+          "algorithm": { "type": "string", "enum": ["sha256"] },
+          "digest": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" }
+        }
+      }
+    },
+    "slo": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["runP95Seconds", "approvalP95Seconds", "maxQueueDepth"],
+      "properties": {
+        "runP95Seconds": { "type": "integer", "minimum": 1 },
+        "approvalP95Seconds": { "type": "integer", "minimum": 1 },
+        "maxQueueDepth": { "type": "integer", "minimum": 1 },
+        "alertRules": { "type": "string", "description": "Path to alert rule definitions." }
+      }
+    },
+    "tenant": { "type": "string", "minLength": 1 },
+    "environment": { "type": "string", "minLength": 1 },
+    "created": { "type": "string", "format": "date-time" },
+    "expires": { "type": "string", "format": "date-time" },
+    "verifyScriptVersion": { "type": "string", "description": "Version of verify_offline_bundle.py used to validate this bundle." }
+  }
+}

docs/task-packs/registry.md

@@ -168,7 +168,16 @@ Extensions must be deterministic and derived from signed bundle data.
 - [ ] Operations guidance covers backups, rotation, disaster recovery.  
 - [ ] Imposed rule reminder included at top of document.
 
+## 11 · TP Gap Remediation (2025-12)
+
+- **Signed registry record (TP7):** Every pack version stores DSSE envelopes for bundle + attestation, SBOM path, and revocation list reference. Imports fail-closed when signatures or revocation proofs are missing.
+- **Offline bundle schema (TP8):** Registry exports offline artefacts that must satisfy `docs/task-packs/packs-offline-bundle.schema.json`; publish pipeline invokes `scripts/packs/verify_offline_bundle.py --require-dsse` before promotion.
+- **Hash ledger (TP1/TP2):** Publish step writes `hashes[]` (sha256) for manifest, canonical plan, `inputs.lock`, approvals ledger, SBOM, and revocations; digests surface in audit events and `digestmap.json`.
+- **Sandbox + quotas (TP6):** Registry metadata carries `sandbox.mode`, explicit egress allowlists, CPU/memory limits, and quota seconds; Task Runner refuses packs missing these fields.
+- **SLO + alerting (TP9):** Pack metadata includes SLOs (`runP95Seconds`, `approvalP95Seconds`, `maxQueueDepth`); registry emits metrics/alerts when declared SLOs are exceeded during publish/import flows.
+- **Fail-closed imports (TP10):** Import/mirror paths abort when DSSE, hash entries, or revocation files are absent or stale, returning actionable error codes for CLI/Task Runner.
+
 ---
 
-*Last updated: 2025-10-27 (Sprint 43).* 
+*Last updated: 2025-12-05 (Sprint 0157-0001-0001 TaskRunner I).* 
 

docs/task-packs/spec.md

@@ -167,6 +167,18 @@ pack.yaml ──▶ schema validation ──▶ expression audit ──▶ deter
 
 Packs must pass CLI validation before publishing.
 
+### 6.1 · TP Gap Remediation (2025-12)
+- **Canonical plan hash (TP1):** Compute `plan.hash` as `sha256` over canonical JSON (`plan.canonicalPlanPath`) with sorted keys and normalized numbers/booleans. The canonical plan file ships in offline bundles.
+- **Inputs lock (TP2):** CLI emits `inputs.lock` capturing resolved inputs and redacted secret placeholders; hashed via `hashes[]` and included in evidence bundles.
+- **Approval ledger DSSE (TP3):** Approval responses are DSSE-signed ledgers embedding `runId`, `gateId`, `planHash`, and tenant context; Task Runner rejects approvals without matching plan hash.
+- **Secret redaction (TP4):** `security.secretsRedactionPolicy` defines hashing/redaction for secrets and PII; transcripts/evidence must reference this policy.
+- **Deterministic RNG/time (TP5):** RNG seed is derived from `plan.hash`; timestamps use UTC ISO-8601; log ordering is monotonic.
+- **Sandbox + egress quotas (TP6):** Packs declare `sandbox.mode`, explicit `egressAllowlist`, CPU/memory limits, and optional `quotaSeconds`; missing fields cause fail-closed refusal.
+- **Registry signing + revocation (TP7):** Bundles carry SBOM + DSSE envelopes and reference a revocation list enforced during registry import.
+- **Offline bundle schema + verifier (TP8):** Offline exports must satisfy `docs/task-packs/packs-offline-bundle.schema.json` and pass `scripts/packs/verify_offline_bundle.py --require-dsse`.
+- **SLO + alerting (TP9):** Manifests declare `slo.runP95Seconds`, `slo.approvalP95Seconds`, `slo.maxQueueDepth`, and optional `slo.alertRules`; telemetry enforces and alerts on breaches.
+- **Fail-closed gates (TP10):** Approval/policy/timeline gates fail closed when DSSE, hash entries, or quotas are missing/expired; CLI surfaces remediation hints.
+
 ---
 
 ## 7 · Signatures & Provenance
@@ -245,4 +257,4 @@ CLI enforces compatibility: running pack with unsupported features yields `ERR_P
 
 ---
 
-*Last updated: 2025-10-27 (Sprint 43).* 
+*Last updated: 2025-12-05 (Sprint 0157-0001-0001 TaskRunner I).*