# Agent Manager with Certificate-Based Registration and Heartbeat

## Module
ReleaseOrchestrator

## Status
VERIFIED

## Description
Agent registration system with one-time token generation, certificate issuance, heartbeat processing, capability registration, and agent lifecycle management (active/inactive/revoked). Manages secure deployment executors on target hosts.

## Implementation Details
- **Modules**: `src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Agent/`
- **Key Classes**:
  - `AgentManager` (`src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Agent/Manager/AgentManager.cs`) - server-side agent lifecycle management (register, deactivate, revoke)
  - `HeartbeatProcessor` (`src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Agent/Heartbeat/HeartbeatProcessor.cs`) - processes agent heartbeats and updates status
  - `HeartbeatTimeoutMonitor` (`src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Agent/Heartbeat/HeartbeatTimeoutMonitor.cs`) - detects agents that miss heartbeat deadlines
  - `RegistrationTokenService` (`src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Agent/Registration/RegistrationTokenService.cs`) - generates one-time registration tokens
  - `StubAgentCertificateService` (`src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Agent/Certificate/StubAgentCertificateService.cs`) - certificate issuance for agent registration
  - `InMemoryAgentStore` (`src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Agent/Store/InMemoryAgentStore.cs`) - in-memory agent state store
- **Models**: `Agent`, `AgentHeartbeat`, `AgentCertificate`, `AgentTask`, `RegistrationToken` (`src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Agent/Models/`)
- **Interfaces**: `IAgentManager`, `IHeartbeatProcessor`, `IAgentCertificateService`, `IAgentStore`
- **Source**: SPRINT_20260110_103_003_ENVMGR_agent_manager.md

## E2E Test Plan
- [ ] Generate a registration token and use it to register a new agent, verifying certificate is issued
- [ ] Verify heartbeat processing: agent sends heartbeat and `HeartbeatProcessor` updates agent status to active
- [ ] Verify timeout detection: stop sending heartbeats and confirm `HeartbeatTimeoutMonitor` marks agent as inactive
- [ ] Verify lifecycle transitions: register, deactivate, and revoke an agent through the full lifecycle
- [ ] Verify one-time token: attempt to reuse a registration token and confirm it is rejected


## Verification
- **Verified**: 2026-02-13T21:00:00Z
- **Method**: Tier 2d integration tests
- **Result**: PASS