FUll implementation plan (first draft)

2025-10-19 00:28:48 +03:00
parent 052da7a7d0
commit 8dc7273e27
125 changed files with 5438 additions and 166 deletions
--- a/ops/deployment/AGENTS.md
+++ b/ops/deployment/AGENTS.md
@@ -0,0 +1,4 @@
+# Deployment & Operations — Agent Charter
+
+## Mission
+Maintain deployment/upgrade/rollback workflows (Helm/Compose) per `docs/ARCHITECTURE_DEVOPS.md` including environment-specific configs.
--- a/ops/deployment/TASKS.md
+++ b/ops/deployment/TASKS.md
@@ -0,0 +1,5 @@
+# Deployment Task Board
+
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| DEVOPS-OPS-14-003 | TODO | Deployment Guild | DEVOPS-REL-14-001 | Document and script upgrade/rollback flows, channel management, and compatibility matrices per architecture. | Helm/Compose guides updated with digest pinning, automated checks committed, rollback drill recorded. |
--- a/ops/devops/AGENTS.md
+++ b/ops/devops/AGENTS.md
@@ -0,0 +1,11 @@
+# DevOps & Release — Agent Charter
+
+## Mission
+Execute deterministic build/release pipeline per `docs/ARCHITECTURE_DEVOPS.md`:
+- Reproducible builds with SBOM/provenance, cosign signing, transparency logging.
+- Channel manifests (LTS/Stable/Edge) with digests, Helm/Compose profiles.
+- Performance guard jobs ensuring budgets.
+
+## Expectations
+- Coordinate with Scanner/Scheduler/Notify teams for artifact availability.
+- Maintain CI reliability; update `TASKS.md` as states change.
--- a/ops/devops/TASKS.md
+++ b/ops/devops/TASKS.md
@@ -0,0 +1,9 @@
+# DevOps Task Board
+
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| DEVOPS-HELM-09-001 | TODO | DevOps Guild | SCANNER-WEB-09-101 | Create Helm/Compose environment profiles (dev, staging, airgap) with deterministic digests. | Profiles committed under `deploy/`; docs updated; CI smoke deploy passes. |
+| DEVOPS-PERF-10-001 | TODO | DevOps Guild | BENCH-SCANNER-10-001 | Add perf smoke job (SBOM compose <5 s target) to CI. | CI job runs sample build verifying <5 s; alerts configured. |
+| DEVOPS-REL-14-001 | TODO | DevOps Guild | SIGNER-API-11-101, ATTESTOR-API-11-201 | Deterministic build/release pipeline with SBOM/provenance, signing, manifest generation. | CI pipeline produces signed images + SBOM/attestations, manifests published with verified hashes, docs updated. |
+| DEVOPS-REL-17-002 | TODO | DevOps Guild | DEVOPS-REL-14-001, SCANNER-EMIT-17-701 | Persist stripped-debug artifacts organised by GNU build-id and bundle them into release/offline kits with checksum manifests. | CI job writes `.debug` files under `artifacts/debug/.build-id/`, manifest + checksums published, offline kit includes cache, smoke job proves symbol lookup via build-id. |
+| DEVOPS-MIRROR-08-001 | TODO | DevOps Guild | DEVOPS-REL-14-001 | Stand up managed mirror profiles for `*.stella-ops.org` (Concelier/Excititor), including Helm/Compose overlays, multi-tenant secrets, CDN caching, and sync documentation. | Infra overlays committed, CI smoke deploy hits mirror endpoints, runbooks published for downstream sync and quota management. |
--- a/ops/licensing/AGENTS.md
+++ b/ops/licensing/AGENTS.md
@@ -0,0 +1,4 @@
+# Licensing & Registry Access — Agent Charter
+
+## Mission
+Implement licensing token service and registry access workflows described in `docs/ARCHITECTURE_DEVOPS.md`.
--- a/ops/licensing/TASKS.md
+++ b/ops/licensing/TASKS.md
@@ -0,0 +1,5 @@
+# Licensing Task Board
+
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| DEVOPS-LIC-14-004 | TODO | Licensing Guild | AUTH-MTLS-11-002 | Implement registry token service tied to Authority (DPoP/mTLS), plan gating, revocation handling, and monitoring per architecture. | Token service issues scoped tokens, revocation tested, monitoring dashboards in place, docs updated. |
--- a/ops/offline-kit/AGENTS.md
+++ b/ops/offline-kit/AGENTS.md
@@ -0,0 +1,4 @@
+# Offline Kit — Agent Charter
+
+## Mission
+Package Offline Update Kit per `docs/ARCHITECTURE_DEVOPS.md` and `docs/24_OFFLINE_KIT.md` with deterministic digests and import tooling.
--- a/ops/offline-kit/TASKS.md
+++ b/ops/offline-kit/TASKS.md
@@ -0,0 +1,5 @@
+# Offline Kit Task Board
+
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| DEVOPS-OFFLINE-14-002 | TODO | Offline Kit Guild | DEVOPS-REL-14-001 | Build offline kit packaging workflow (artifact bundling, manifest generation, signature verification). | Offline tarball generated with manifest + checksums + signatures; import script verifies integrity; docs updated. |