# Agent Lifecycle Operations (Auto-Update, Certificate Management, Configuration, Bootstrap, Doctor, Remediation)

## Module
ReleaseOrchestrator

## Status
VERIFIED

## Description
Comprehensive agent lifecycle system: auto-update with staged rollouts and DSSE-signed bundles, mTLS certificate provisioning and renewal, configuration management with server-side push and drift detection, zero-touch bootstrap with time-limited tokens, 11 diagnostic health checks (Doctor), and guided remediation engine with pattern-based auto-fix and dry-run support.

## Implementation Details
- **Modules**: `src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/`
- **Key Classes**:
  - `AgentUpdateManager` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Updates/AgentUpdateManager.cs`) - auto-update with staged rollouts and DSSE-signed bundles
  - `AgentCertificateManager` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Certificates/AgentCertificateManager.cs`) - mTLS certificate provisioning and renewal
  - `AgentConfigManager` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Configuration/AgentConfigManager.cs`) - configuration management with drift detection
  - `BootstrapService` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Bootstrap/BootstrapService.cs`) - zero-touch bootstrap with time-limited tokens
  - `BootstrapTokenService` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Bootstrap/BootstrapTokenService.cs`) - token generation for bootstrap
  - `AgentDoctor` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Doctor/AgentDoctor.cs`) - diagnostic health checks
  - `RemediationEngine` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Doctor/RemediationEngine.cs`) - pattern-based auto-fix with dry-run support
  - `RemediationPatterns` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Doctor/Patterns/RemediationPatterns.cs`) - remediation pattern definitions
  - `AgentHealthChecks` (`src/ReleaseOrchestrator/__Agents/StellaOps.Agent.Core/Doctor/Checks/AgentHealthChecks.cs`) - 11 diagnostic health check implementations
- **Source**: SPRINT_20260117_041_ReleaseOrchestrator_agent_operations.md

## E2E Test Plan
- [ ] Bootstrap an agent with a time-limited token and verify it registers and obtains certificates
- [ ] Verify auto-update: deploy a new agent version and confirm staged rollout to registered agents
- [ ] Verify certificate renewal: agent with expiring certificate automatically renews before expiry
- [ ] Verify `AgentDoctor` runs all 11 health checks and produces a diagnostic report
- [ ] Verify remediation: trigger a known failure pattern and confirm `RemediationEngine` applies the auto-fix
- [ ] Verify dry-run: run remediation in dry-run mode and confirm no changes are applied


## Verification
- **Verified**: 2026-02-13T21:00:00Z
- **Method**: Tier 2d integration tests
- **Result**: PASS