Complete release compatibility and host inventory sprints
Signed-off-by: master <>
This commit is contained in:
master
@@ -0,0 +1,120 @@
|
||||
# Sprint 20260323-001 - Release API Proxy Fix + Missing Backend Endpoints
|
||||
|
||||
## Topic & Scope
|
||||
- Close the Console release-management compatibility gaps across proxying, deployment monitoring, evidence inspection, environment management, dashboard actions, and registry search.
|
||||
- Keep the implementation deterministic and local-first so Console flows work without introducing external service dependencies.
|
||||
- Working directory: `src/JobEngine/`.
|
||||
- Expected evidence: targeted xUnit verification for JobEngine, Platform, ReleaseOrchestrator, and Scanner compatibility surfaces plus route inspection for the console proxy rewrites.
|
||||
|
||||
## Dependencies & Concurrency
|
||||
- TASK-001 is the route-discovery prerequisite for Console compatibility.
|
||||
- TASK-002 through TASK-006 were safe to execute in parallel once the route map was verified.
|
||||
- Cross-module edits were explicitly allowed in `devops/docker/Dockerfile.console`, `src/Platform/StellaOps.Platform.WebService/`, `src/ReleaseOrchestrator/`, and `src/Scanner/`.
|
||||
|
||||
## Documentation Prerequisites
|
||||
- `docs/modules/release-orchestrator/architecture.md`
|
||||
- `docs/modules/platform/platform-service.md`
|
||||
- `docs/modules/jobengine/architecture.md`
|
||||
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.WebService/Endpoints/ReleaseEndpoints.cs`
|
||||
- `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.WebService/Endpoints/ApprovalEndpoints.cs`
|
||||
|
||||
## Delivery Tracker
|
||||
|
||||
### TASK-001 - Fix nginx proxy routes for release APIs
|
||||
Status: DONE
|
||||
Dependency: none
|
||||
Owners: DevOps / FE
|
||||
Task description:
|
||||
- Verified the existing Console proxy rewrites in `devops/docker/Dockerfile.console` for `/api/v2/releases/*`, `/api/v1/release-control/*`, and `/api/v1/registries/*`.
|
||||
- No additional proxy or Web client edits were required during sprint closeout because the release-compatible routes were already present.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Console proxy contains release/read-model rewrites for `/api/v2/releases/*`
|
||||
- [x] Console proxy contains release-control rewrites for `/api/v1/release-control/*`
|
||||
- [x] Console proxy contains Scanner rewrites for `/api/v1/registries/*`
|
||||
- [x] No further proxy edits were required to complete the backend compatibility work
|
||||
|
||||
### TASK-002 - Deployment monitoring endpoints (11 endpoints)
|
||||
Status: DONE
|
||||
Dependency: TASK-001
|
||||
Owners: BE (JobEngine)
|
||||
Task description:
|
||||
- Deployment monitoring compatibility endpoints under `/api/v1/release-orchestrator/deployments/*` were already implemented in JobEngine and were verified as part of sprint closeout.
|
||||
- Verification focused on list/detail and lifecycle routes used by the Console release-management surface.
|
||||
|
||||
Completion criteria:
|
||||
- [x] All 11 deployment compatibility endpoints return non-404 responses
|
||||
- [x] `GET /api/v1/release-orchestrator/deployments` returns a list payload
|
||||
- [x] Lifecycle routes such as `pause` return success responses
|
||||
- [x] Auth policies remain enforced on read vs operate routes
|
||||
|
||||
### TASK-003 - Evidence management endpoints (6 endpoints)
|
||||
Status: DONE
|
||||
Dependency: TASK-001
|
||||
Owners: BE (JobEngine)
|
||||
Task description:
|
||||
- Completed deterministic evidence verification/export behavior in JobEngine.
|
||||
- `verify`, `export`, and `raw` now all operate on the same raw payload bytes and use stable hash recomputation.
|
||||
|
||||
Completion criteria:
|
||||
- [x] All 6 evidence compatibility endpoints return valid responses
|
||||
- [x] Verify endpoint recomputes and checks hash integrity
|
||||
- [x] Export returns a downloadable deterministic bundle
|
||||
|
||||
### TASK-004 - Environment/Target management endpoints (15 endpoints)
|
||||
Status: DONE
|
||||
Dependency: TASK-001
|
||||
Owners: BE (Platform)
|
||||
Task description:
|
||||
- Added a Platform-hosted compatibility facade for `/api/v1/release-orchestrator/environments/*`.
|
||||
- The facade exposes environment CRUD, target CRUD with health-check, and freeze-window CRUD using deterministic in-memory Release Orchestrator services.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Environment CRUD works
|
||||
- [x] Target CRUD within environments works
|
||||
- [x] Health check returns target status
|
||||
- [x] Freeze window CRUD works
|
||||
|
||||
### TASK-005 - Release dashboard endpoint (3 endpoints)
|
||||
Status: DONE
|
||||
Dependency: TASK-001
|
||||
Owners: BE (JobEngine)
|
||||
Task description:
|
||||
- Completed the release dashboard compatibility surface in JobEngine.
|
||||
- Promotion approve/reject actions now persist state in a per-app-instance decision overlay instead of returning static seed data.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Dashboard returns aggregated stats
|
||||
- [x] Approve/reject promotion updates approval status
|
||||
|
||||
### TASK-006 - Registry image search in Scanner service
|
||||
Status: DONE
|
||||
Dependency: none
|
||||
Owners: BE (Scanner)
|
||||
Task description:
|
||||
- Verified the Scanner registry search endpoints and removed non-deterministic unknown-repository digest generation.
|
||||
- Unknown repositories now derive fallback digests from the repository name, keeping wizard flows stable across requests.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Search returns image results for common queries
|
||||
- [x] Digests returns tags plus SHA digests for a repository
|
||||
- [x] Registry search/digest responses are deterministic across requests
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2026-03-23 | Sprint created. TASK-001 identified as the route compatibility prerequisite. | Planning |
|
||||
| 2026-03-31 | Verified existing Console proxy rewrites in `devops/docker/Dockerfile.console`; no new proxy edits were required in this closeout. | Developer (BE) |
|
||||
| 2026-03-31 | Shipped Platform environment compatibility endpoints, deterministic JobEngine evidence/dashboard updates, and deterministic Scanner registry fallback digests. | Developer (BE) |
|
||||
| 2026-03-31 | Verification completed with targeted xUnit runners: Platform `6/6`, JobEngine `3/3`, Scanner `2/2`, ReleaseOrchestrator environment coverage `27/27`. | Developer (BE) |
|
||||
|
||||
## Decisions & Risks
|
||||
- TASK-001 was resolved by validating existing proxy rewrites rather than introducing more Console changes late in the sprint.
|
||||
- Environment/target/freeze-window compatibility is hosted in Platform for now and documented in `docs/modules/platform/platform-service.md`.
|
||||
- Dashboard and evidence compatibility remain in JobEngine and are documented in `docs/modules/jobengine/architecture.md`.
|
||||
- Full Playwright Console regression was not rerun in this closeout; backend compatibility was verified with targeted endpoint tests instead.
|
||||
- Release Orchestrator compatibility docs were updated in `docs/modules/release-orchestrator/architecture.md` to reflect the current multi-service HTTP surface.
|
||||
|
||||
## Next Checkpoints
|
||||
- Archive after project-manager review confirms no follow-up UI-only work is required.
|
||||
- If Console regression coverage is needed later, run a dedicated Playwright sweep against the now-complete backend compatibility surface.
|
||||
@@ -0,0 +1,87 @@
|
||||
# Sprint 20260331-002 - Host Infrastructure: SSH/WinRM Targets, Inventory Collection, Topology Enrichment
|
||||
|
||||
## Topic & Scope
|
||||
- Add SSH and WinRM as first-class Release Orchestrator target connection types.
|
||||
- Replace the stub inventory collector with an agent-dispatched collector that can parse Docker inventory output and return explicit error snapshots.
|
||||
- Enrich Platform topology host projections with deterministic probe metadata derived from the topology snapshot.
|
||||
- Working directory: `src/ReleaseOrchestrator/`.
|
||||
- Expected evidence: dotnet build success plus targeted xUnit verification for SSH/WinRM config round-trips, inventory parsing/error handling, and topology probe projection fields.
|
||||
|
||||
## Dependencies & Concurrency
|
||||
- No upstream sprint dependency; safe to execute in parallel with other release-control cleanup work.
|
||||
- Sprint 003 (host UI + environment verification) depends on these APIs and contracts.
|
||||
- Cross-module edits are explicitly allowed in `src/Platform/StellaOps.Platform.WebService/` for topology projection and compatibility wiring.
|
||||
|
||||
## Documentation Prerequisites
|
||||
- `docs/modules/release-orchestrator/architecture.md`
|
||||
- `docs/modules/platform/platform-service.md`
|
||||
- `src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Ssh/SshCapability.cs`
|
||||
- `src/ReleaseOrchestrator/__Agents/StellaOps.Agent.WinRM/WinRmCapability.cs`
|
||||
- `src/Signals/StellaOps.Signals.RuntimeAgent/`
|
||||
|
||||
## Delivery Tracker
|
||||
|
||||
### TASK-001 - Add SSH/WinRM target connection configs
|
||||
Status: DONE
|
||||
Dependency: none
|
||||
Owners: Developer (BE)
|
||||
Task description:
|
||||
- Added `SshHostConfig` and `WinRmHostConfig` with JSON polymorphism and completed enum coverage for `KnownHostsPolicy.Prompt` and HTTPS WinRM transport.
|
||||
- Extended target validation so connection-config type mismatches are rejected during registration and update flows.
|
||||
|
||||
Completion criteria:
|
||||
- [x] `SshHostConfig` and `WinRmHostConfig` are defined with JSON polymorphism
|
||||
- [x] `TargetType` includes `SshHost = 4` and `WinRmHost = 5`
|
||||
- [x] TargetRegistry validates config type matches target type on register/update
|
||||
- [x] dotnet build succeeds
|
||||
- [x] Serialization round-trip tests cover SSH and WinRM configs
|
||||
|
||||
### TASK-002 - Implement real IInventoryCollector (AgentInventoryCollector)
|
||||
Status: DONE
|
||||
Dependency: TASK-001
|
||||
Owners: Developer (BE)
|
||||
Task description:
|
||||
- Added `AgentInventoryCollector` plus `IRemoteCommandExecutor` abstraction and a deterministic no-op executor for environments without agent dispatch wiring.
|
||||
- The collector parses NDJSON from `docker ps --format '{{json .}}' --no-trunc`, returns container snapshots, and emits useful error snapshots when collection fails.
|
||||
|
||||
Completion criteria:
|
||||
- [x] `AgentInventoryCollector` implements `IInventoryCollector`
|
||||
- [x] SSH/WinRM-oriented command path parses `docker ps` JSON output into `InventorySnapshot`
|
||||
- [x] Command failures and missing agents produce error snapshots
|
||||
- [x] DI wiring replaces the stub collector for compatibility flows
|
||||
- [x] Unit tests cover parse success and failure paths
|
||||
- [x] Existing drift/inventory consumers can use the new snapshot shape
|
||||
|
||||
### TASK-003 - Enrich topology read model with probe status
|
||||
Status: DONE
|
||||
Dependency: none
|
||||
Owners: Developer (BE)
|
||||
Task description:
|
||||
- `TopologyHostProjection` now exposes `ProbeStatus`, `ProbeType`, and `ProbeLastHeartbeat`.
|
||||
- Platform derives probe metadata deterministically from the topology snapshot it already owns: the latest host sync timestamp becomes `ProbeLastHeartbeat`, fresh hosts are `active`, hosts trailing the freshest heartbeat in the tenant snapshot by more than two minutes are `offline`, and missing heartbeat data remains `not_installed`.
|
||||
|
||||
Completion criteria:
|
||||
- [x] `TopologyHostProjection` includes `ProbeStatus`, `ProbeType`, and `ProbeLastHeartbeat`
|
||||
- [x] `/api/v2/topology/hosts` returns probe data
|
||||
- [x] Hosts with projected fresh heartbeats show `active`
|
||||
- [x] Hosts without heartbeat data remain `not_installed`
|
||||
- [x] Hosts whose projected heartbeat trails the freshest host by more than two minutes show `offline`
|
||||
- [x] dotnet build succeeds
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2026-03-31 | Sprint created from host infrastructure gap analysis. | Planning |
|
||||
| 2026-03-31 | Completed SSH/WinRM config coverage and TargetRegistry validation hardening; targeted ReleaseOrchestrator environment coverage passed `27/27`. | Developer (BE) |
|
||||
| 2026-03-31 | Completed Platform topology probe enrichment and compatibility verification; targeted Platform class run passed `6/6`. | Developer (BE) |
|
||||
|
||||
## Decisions & Risks
|
||||
- SSH/WinRM are modelled as target connection types because deployment targets need per-target connection metadata, not just agent capability labels.
|
||||
- Container inventory is collected via `docker ps` over remote execution rather than eBPF because the requirement is container enumeration, not reachability tracing.
|
||||
- Probe enrichment is projection-derived for now rather than sourced from a live Signals query; this keeps Platform within its current runtime boundary and is documented in `docs/modules/platform/platform-service.md`.
|
||||
- Projection-derived probe state is only as fresh as the topology snapshot inputs. If the Console later needs live agent liveness, add an explicit runtime query contract instead of reaching into foreign persistence.
|
||||
- `docker ps` output differences remain a risk across Docker versions; the mitigation is to keep parsing against `--format '{{json .}}'`.
|
||||
|
||||
## Next Checkpoints
|
||||
- Archive after project-manager review confirms no additional host UI work is required for Sprint 003 handoff.
|
||||
- If live Signals-backed probe state becomes a requirement, open a follow-up sprint for an explicit query contract rather than extending this compatibility sprint.
|
||||
Reference in New Issue
Block a user