save checkpoint
This commit is contained in:
master
29
docs/features/checked/taskrunner/pack-run-approval-gates.md
Normal file
29
docs/features/checked/taskrunner/pack-run-approval-gates.md
Normal file
@@ -0,0 +1,29 @@
|
||||
# Pack Run Approval Gates
|
||||
|
||||
## Module
|
||||
TaskRunner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Approval gate system for task packs with coordinator, decision service, state tracking, and gate state updating.
|
||||
|
||||
## Implementation Details
|
||||
- **Approval coordinator**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunApprovalCoordinator.cs` -- orchestrates approval gate flow
|
||||
- **Approval state**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunApprovalState.cs` -- approval state tracking model
|
||||
- **Approval status**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunApprovalStatus.cs` -- approval status enum
|
||||
- **Approval store interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunApprovalStore.cs` -- approval persistence contract
|
||||
- **Gate state updater**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunGateStateUpdater.cs` -- updates gate states during execution
|
||||
- **Decision service**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/PackRunApprovalDecisionService.cs` -- processes approval decisions
|
||||
- **File-based store**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/FilePackRunApprovalStore.cs` -- file-backed approval persistence
|
||||
- **Postgres store**: `src/TaskRunner/__Libraries/StellaOps.TaskRunner.Persistence/Postgres/Repositories/PostgresPackRunApprovalStore.cs` -- PostgreSQL approval persistence
|
||||
- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunApprovalCoordinatorTests.cs`, `PackRunApprovalDecisionServiceTests.cs`, `PackRunGateStateUpdaterTests.cs`
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify approval gates block execution until approved
|
||||
- [ ] Test approval coordinator handles multi-approver gates
|
||||
- [ ] Verify gate state transitions (pending -> approved/rejected)
|
||||
- [ ] Test approval persistence survives service restart
|
||||
- [ ] Verify rejected gates prevent pack run continuation
|
||||
@@ -0,0 +1,32 @@
|
||||
# Pack Run Evidence and Provenance
|
||||
|
||||
## Module
|
||||
TaskRunner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Evidence capture and provenance writing for pack runs, including attestation service for DSSE-signed provenance records.
|
||||
|
||||
## Implementation Details
|
||||
- **Attestation service**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Attestation/IPackRunAttestationService.cs` -- DSSE-signed attestation contract
|
||||
- **Attestation model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Attestation/PackRunAttestation.cs` -- attestation record for pack runs
|
||||
- **Evidence snapshot service**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunEvidenceSnapshotService.cs` -- evidence snapshot capture
|
||||
- **Evidence snapshot model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/PackRunEvidenceSnapshot.cs` -- snapshot data model
|
||||
- **Evidence store**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunEvidenceStore.cs` -- evidence persistence contract
|
||||
- **Redaction guard**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/IPackRunRedactionGuard.cs` -- sensitive data redaction
|
||||
- **Bundle import evidence**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Evidence/BundleImportEvidence.cs`, `IBundleImportEvidenceService.cs` -- air-gap bundle import evidence
|
||||
- **Provenance writer interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunProvenanceWriter.cs` -- provenance writing contract
|
||||
- **Provenance manifest factory**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/ProvenanceManifestFactory.cs` -- creates SLSA-compatible provenance manifests
|
||||
- **Filesystem provenance writer**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/FilesystemPackRunProvenanceWriter.cs`
|
||||
- **Postgres evidence store**: `src/TaskRunner/__Libraries/StellaOps.TaskRunner.Persistence/Postgres/Repositories/PostgresPackRunEvidenceStore.cs`
|
||||
- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunAttestationTests.cs`, `PackRunEvidenceSnapshotTests.cs`, `PackRunProvenanceWriterTests.cs`, `BundleImportEvidenceTests.cs`
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify DSSE-signed attestations are generated per pack run
|
||||
- [ ] Test evidence snapshot captures all execution artifacts
|
||||
- [ ] Verify provenance manifest includes SLSA-compatible metadata
|
||||
- [ ] Test redaction guard strips sensitive data from evidence
|
||||
- [ ] Verify bundle import evidence records air-gap import provenance
|
||||
@@ -0,0 +1,35 @@
|
||||
# Pack Run Execution Engine
|
||||
|
||||
## Module
|
||||
TaskRunner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Full execution engine with graph-based execution planning, step state machine, and processor for running task packs.
|
||||
|
||||
## Implementation Details
|
||||
- **Processor**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunProcessor.cs` -- main execution engine processor
|
||||
- **Processor result**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunProcessorResult.cs` -- execution result model
|
||||
- **Execution graph**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionGraph.cs` -- DAG-based execution planning
|
||||
- **Graph builder**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionGraphBuilder.cs` -- builds execution graphs from manifests
|
||||
- **Step state machine**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunStepStateMachine.cs` -- state transitions for individual steps
|
||||
- **Step executor interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunStepExecutor.cs` -- step execution contract
|
||||
- **Execution context**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionContext.cs` -- runtime context for execution
|
||||
- **State management**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunState.cs`, `PackRunStateFactory.cs` -- execution state tracking
|
||||
- **Job dispatcher**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/IPackRunJobDispatcher.cs`, `IPackRunJobScheduler.cs` -- job scheduling and dispatch
|
||||
- **Simulation engine**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/Simulation/PackRunSimulationEngine.cs`, `PackRunSimulationModels.cs` -- dry-run simulation
|
||||
- **Telemetry**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/TaskRunnerTelemetry.cs` -- execution metrics
|
||||
- **Worker service**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Worker/Services/PackRunWorkerService.cs` -- background worker
|
||||
- **Infrastructure**: file-based and no-op step executors, dispatchers, artifact uploaders under `StellaOps.TaskRunner.Infrastructure/Execution/`
|
||||
- **Postgres state store**: `src/TaskRunner/__Libraries/StellaOps.TaskRunner.Persistence/Postgres/Repositories/PostgresPackRunStateStore.cs`, `PostgresPackRunLogStore.cs`
|
||||
- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunProcessorTests.cs`, `PackRunExecutionGraphBuilderTests.cs`, `PackRunStepStateMachineTests.cs`, `PackRunStateFactoryTests.cs`, `PackRunSimulationEngineTests.cs`
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify execution graph correctly orders steps based on dependencies
|
||||
- [ ] Test step state machine transitions (pending -> running -> completed/failed)
|
||||
- [ ] Verify processor handles step failures with configured retry/abort behavior
|
||||
- [ ] Test simulation engine produces accurate dry-run results
|
||||
- [ ] Verify execution state persists across service restarts
|
||||
@@ -0,0 +1,30 @@
|
||||
# Sealed-Mode Install Enforcer (Air-Gap Support)
|
||||
|
||||
## Module
|
||||
TaskRunner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Enforcer for sealed/air-gap mode that ensures task pack installations comply with offline constraints and logs all install actions for audit.
|
||||
|
||||
## Implementation Details
|
||||
- **Enforcer interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/ISealedInstallEnforcer.cs` -- sealed mode enforcement contract
|
||||
- **Enforcer implementation**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedInstallEnforcer.cs` -- validates installations comply with offline constraints
|
||||
- **Enforcement result**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedInstallEnforcementResult.cs` -- result model for enforcement checks
|
||||
- **Sealed mode status**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedModeStatus.cs` -- current sealed mode state
|
||||
- **Sealed requirements**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/SealedRequirements.cs` -- requirements for sealed mode compliance
|
||||
- **Audit logger**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/ISealedInstallAuditLogger.cs` -- audit logging for install actions
|
||||
- **Air-gap status provider**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/AirGap/IAirGapStatusProvider.cs` -- checks if system is in air-gap mode
|
||||
- **HTTP status provider**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/AirGap/HttpAirGapStatusProvider.cs` -- HTTP-based air-gap status check
|
||||
- **Bundle ingestion executor**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Infrastructure/Execution/BundleIngestionStepExecutor.cs` -- air-gap bundle ingestion step
|
||||
- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/SealedInstallEnforcerTests.cs`, `BundleIngestionStepExecutorTests.cs`
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify enforcer blocks network-dependent installations in sealed mode
|
||||
- [ ] Test sealed mode status detection via HTTP provider
|
||||
- [ ] Verify audit logger records all install actions in sealed mode
|
||||
- [ ] Test bundle ingestion step works in offline environment
|
||||
- [ ] Verify enforcement result reports compliance violations
|
||||
@@ -0,0 +1,30 @@
|
||||
# TaskPack Manifest and Planning
|
||||
|
||||
## Module
|
||||
TaskRunner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Full task pack manifest system with loading, validation, planning, and plan hashing for deterministic execution verification.
|
||||
|
||||
## Implementation Details
|
||||
- **Manifest model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/TaskPacks/TaskPackManifest.cs` -- task pack manifest schema
|
||||
- **Manifest loader**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/TaskPacks/TaskPackManifestLoader.cs` -- loads manifests from filesystem/storage
|
||||
- **Manifest validator**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/TaskPacks/TaskPackManifestValidator.cs` -- validates manifest structure and constraints
|
||||
- **Planner**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Planning/TaskPackPlanner.cs` -- creates execution plans from manifests
|
||||
- **Plan model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Planning/TaskPackPlan.cs` -- execution plan data model
|
||||
- **Plan hasher**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Planning/TaskPackPlanHasher.cs` -- deterministic plan hashing for verification
|
||||
- **Plan insights**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Planning/TaskPackPlanInsights.cs` -- planning insights and analysis
|
||||
- **Expressions**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Expressions/TaskPackExpressions.cs` -- expression evaluation for manifest conditions
|
||||
- **Canonical JSON**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Serialization/CanonicalJson.cs` -- deterministic JSON serialization for plan hashing
|
||||
- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/TaskPackPlannerTests.cs`, `TestManifests.cs`, `TestManifests.Egress.cs`
|
||||
- **Source**: Feature matrix scan
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify manifest loading from filesystem
|
||||
- [ ] Test manifest validation catches invalid structures
|
||||
- [ ] Verify planner creates correct execution plans from manifests
|
||||
- [ ] Test deterministic plan hashing produces consistent hashes
|
||||
- [ ] Verify expression evaluation in manifest conditions
|
||||
@@ -0,0 +1,27 @@
|
||||
# TaskRunner Loop and Conditional Step Kinds
|
||||
|
||||
## Module
|
||||
TaskRunner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Extended TaskRunner execution engine with loop and conditional step types, enabling iterative and branching task execution patterns beyond simple sequential flows.
|
||||
|
||||
## Implementation Details
|
||||
- **Step state machine**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunStepStateMachine.cs` -- manages step state transitions including loop and conditional steps
|
||||
- **Execution graph**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionGraph.cs` -- DAG supports loop and conditional edges
|
||||
- **Graph builder**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunExecutionGraphBuilder.cs` -- builds graphs with loop/conditional nodes
|
||||
- **Expressions**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Expressions/TaskPackExpressions.cs` -- expression evaluation for conditional branching
|
||||
- **Manifest model**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/TaskPacks/TaskPackManifest.cs` -- manifest supports loop and conditional step kind definitions
|
||||
- **Processor**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Core/Execution/PackRunProcessor.cs` -- processes loop iterations and conditional branches
|
||||
- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/PackRunStepStateMachineTests.cs`, `PackRunExecutionGraphBuilderTests.cs`, `PackRunProcessorTests.cs`
|
||||
- **Source**: SPRINT_0157_0001_0001_taskrunner_i.md
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify loop steps iterate the configured number of times
|
||||
- [ ] Test conditional steps branch based on expression evaluation
|
||||
- [ ] Verify loop step supports early exit on condition
|
||||
- [ ] Test nested loops and conditionals execute correctly
|
||||
- [ ] Verify execution graph handles loop back-edges without cycles
|
||||
@@ -0,0 +1,32 @@
|
||||
# TaskRunner SDK Client with OpenAPI
|
||||
|
||||
## Module
|
||||
TaskRunner
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
Auto-generated SDK client for TaskRunner APIs with OpenAPI spec, deprecation middleware, and versioned endpoint support for external integrators.
|
||||
|
||||
## Implementation Details
|
||||
- **Client interface**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/ITaskRunnerClient.cs` -- SDK client contract
|
||||
- **Client implementation**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/TaskRunnerClient.cs` -- HTTP client for TaskRunner APIs
|
||||
- **Client options**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/TaskRunnerClientOptions.cs` -- configurable client options
|
||||
- **DI extensions**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Extensions/TaskRunnerClientServiceCollectionExtensions.cs` -- DI registration
|
||||
- **Pack run models**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Models/PackRunModels.cs` -- client-side pack run models
|
||||
- **Lifecycle helper**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Lifecycle/PackRunLifecycleHelper.cs` -- pack run lifecycle management
|
||||
- **Pagination**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Pagination/Paginator.cs` -- paginated API result handling
|
||||
- **Streaming log reader**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Client/Streaming/StreamingLogReader.cs` -- real-time log streaming
|
||||
- **OpenAPI metadata**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.WebService/OpenApiMetadataFactory.cs` -- OpenAPI spec generation
|
||||
- **Deprecation middleware**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.WebService/Deprecation/ApiDeprecationMiddleware.cs`, `ApiDeprecationOptions.cs`, `IDeprecationNotificationService.cs` -- API versioning and deprecation support
|
||||
- **WebService program**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.WebService/Program.cs` -- API host with OpenAPI endpoints
|
||||
- **Tests**: `src/TaskRunner/StellaOps.TaskRunner/StellaOps.TaskRunner.Tests/TaskRunnerClientTests.cs`, `OpenApiMetadataFactoryTests.cs`, `ApiDeprecationTests.cs`
|
||||
- **Source**: SPRINT_0157_0001_0001_taskrunner_i.md
|
||||
|
||||
## E2E Test Plan
|
||||
- [ ] Verify SDK client can list, create, and manage pack runs
|
||||
- [ ] Test streaming log reader receives real-time execution logs
|
||||
- [ ] Verify OpenAPI spec is generated and accessible at /swagger endpoint
|
||||
- [ ] Test deprecation middleware returns correct headers for deprecated endpoints
|
||||
- [ ] Verify pagination handles large result sets correctly
|
||||
Reference in New Issue
Block a user