master
66cb6c4b8a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Introduced guild charters for Scanner Deno, PHP, Ruby, Native, WebService, Java, Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, UI, Zastava Observer, Zastava Webhook, Zastava Core, and Plugin Platform. - Each charter outlines the mission, scope, required reading, and working agreements for the respective guilds. - Created task boards for Surface.Env, Surface.FS, Surface.Secrets, Surface.Validation, and Zastava components to track progress and dependencies. - Ensured all documents emphasize determinism, offline readiness, security, and integration with shared Surface libraries.
24 KiB
24 KiB
Sprint 150 - Scheduling & Automation
[Scheduling & Automation] 150.A) Orchestrator.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph Summary: Scheduling & Automation focus on Orchestrator (phase I).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| ORCH-AIRGAP-56-001 | TODO | Enforce job descriptors to declare network intents; reject or flag any external endpoints in sealed mode before scheduling. | Orchestrator Service Guild, AirGap Policy Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-AIRGAP-56-002 | TODO | Surface sealing status and time staleness in job scheduling decisions; block runs when staleness budgets exceeded. | Orchestrator Service Guild, AirGap Controller Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-AIRGAP-57-001 | TODO | Add job type mirror.bundle to orchestrate bundle creation in connected environments with audit + provenance outputs. |
Orchestrator Service Guild, Mirror Creator Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-AIRGAP-58-001 | TODO | Capture import/export operations as timeline/evidence entries, ensuring chain-of-custody for mirror + portable evidence jobs. | Orchestrator Service Guild, Evidence Locker Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OAS-61-001 | TODO | Document orchestrator endpoints in per-service OAS with standardized pagination, idempotency, and error envelope examples. | Orchestrator Service Guild, API Contracts Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OAS-61-002 | TODO | Implement GET /.well-known/openapi in service and ensure version metadata aligns with runtime build. |
Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OAS-62-001 | TODO | Ensure SDK paginators and operations support orchestrator job operations; add SDK smoke tests for schedule/retry APIs. | Orchestrator Service Guild, SDK Generator Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OAS-63-001 | TODO | Emit deprecation headers and documentation for legacy orchestrator endpoints; update notifications metadata. | Orchestrator Service Guild, API Governance Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OBS-50-001 | TODO | Wire StellaOps.Telemetry.Core into orchestrator host, instrument schedulers and control APIs with trace spans, structured logs, and exemplar metrics. Ensure tenant/job metadata recorded for every span/log. |
Orchestrator Service Guild, Observability Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OBS-51-001 | TODO | Publish golden-signal metrics (dispatch latency, queue depth, failure rate), define job/tenant SLOs, and emit burn-rate alerts to collector + Notifications. Provide Grafana dashboards + alert rules. | Orchestrator Service Guild, DevOps Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OBS-52-001 | TODO | Emit timeline_event objects for job lifecycle (job.scheduled, job.started, job.completed, job.failed) including trace IDs, run IDs, tenant/project, and causal metadata. Add contract tests and Kafka/NATS emitter with retries. |
Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OBS-53-001 | TODO | Generate job capsule inputs for evidence locker (payload digests, worker image, config hash, log manifest) and invoke locker snapshot hooks on completion/failure. Ensure redaction guard enforced. | Orchestrator Service Guild, Evidence Locker Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OBS-54-001 | TODO | Produce DSSE attestations for orchestrator-scheduled jobs (subject = job capsule) and store references in timeline + evidence locker. Provide verification endpoint /jobs/{id}/attestation. |
Orchestrator Service Guild, Provenance Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-OBS-55-001 | TODO | Implement incident mode hooks (sampling overrides, extended retention, additional debug spans) and automatic activation on SLO burn-rate breach. Emit activation/deactivation events to timeline + Notifier. | Orchestrator Service Guild, DevOps Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-32-001 | TODO | Bootstrap service project, configuration, and Postgres schema/migrations for sources, runs, jobs, dag_edges, artifacts, quotas, schedules. |
Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
[Scheduling & Automation] 150.A) Orchestrator.II Depends on: Sprint 150.A - Orchestrator.I Summary: Scheduling & Automation focus on Orchestrator (phase II).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| ORCH-SVC-32-002 | TODO | Implement scheduler DAG planner + dependency resolver, job state machine, and critical-path metadata without yet issuing control actions. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-32-003 | TODO | Expose read-only REST APIs (sources, runs, jobs, DAG) with OpenAPI, validation, pagination, and tenant scoping. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-32-004 | TODO | Implement WebSocket/SSE stream for job/run updates, emit structured metrics counters/histograms, and add health probes. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-32-005 | TODO | Deliver worker claim/heartbeat/progress endpoints capturing artifact metadata/checksums and enforcing idempotency keys. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-33-001 | TODO | Enable `sources test | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-33-002 | TODO | Implement per-source/tenant adaptive token-bucket rate limiter, concurrency caps, and backpressure signals reacting to upstream 429/503. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-33-003 | TODO | Add watermark/backfill manager with event-time windows, duplicate suppression, dry-run preview endpoint, and safety validations. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-33-004 | TODO | Deliver dead-letter store, replay endpoints, and error classification surfaces with remediation hints + notification hooks. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-34-001 | TODO | Implement quota management APIs, per-tenant SLO burn-rate computation, and alert budget tracking surfaced via metrics. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-34-002 | TODO | Build audit log + immutable run ledger export with signed manifest support, including provenance chain to artifacts. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-34-003 | TODO | Execute perf/scale validation (≥10k pending jobs, dispatch P95 <150 ms) and add autoscaling hooks with health probes. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-34-004 | TODO | Package orchestrator container, Helm overlays, offline bundle seeds, provenance attestations, and compliance checklist for GA. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-35-101 | TODO | Register export job type with quotas/rate policies, expose telemetry, and ensure exporter workers heartbeat via orchestrator contracts. |
Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-36-101 | TODO | Capture distribution metadata and retention timestamps for export jobs, updating dashboards and SSE payloads. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-37-101 | TODO | Enable scheduled export runs, retention pruning hooks, and failure alerting tied to export job class. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
[Scheduling & Automation] 150.A) Orchestrator.III Depends on: Sprint 150.A - Orchestrator.II Summary: Scheduling & Automation focus on Orchestrator (phase III).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| ORCH-SVC-38-101 | TODO | Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-41-101 | TODO | Register pack-run job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. |
Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-SVC-42-101 | TODO | Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. | Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| ORCH-TEN-48-001 | TODO | Include tenant_id/project_id in job specs, set DB session context before processing, enforce context on all queries, and reject jobs missing tenant metadata. |
Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md) |
| WORKER-GO-32-001 | TODO | Bootstrap Go SDK project with configuration binding, auth headers, job claim/acknowledge client, and smoke sample. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md) |
| WORKER-GO-32-002 | TODO | Add heartbeat/progress helpers, structured logging hooks, Prometheus metrics, and jittered retry defaults. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md) |
| WORKER-GO-33-001 | TODO | Implement artifact publish helpers (object storage client, checksum hashing, metadata payload) and idempotency guard. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md) |
| WORKER-GO-33-002 | TODO | Provide error classification/retry helper, exponential backoff controls, and structured failure reporting to orchestrator. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md) |
| WORKER-GO-34-001 | TODO | Add backfill range execution helpers, watermark handshake utilities, and artifact dedupe verification for backfills. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md) |
| WORKER-PY-32-001 | TODO | Bootstrap asyncio-based Python SDK (config, auth headers, job claim/ack) plus sample worker script. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md) |
| WORKER-PY-32-002 | TODO | Implement heartbeat/progress helpers with structured logging, metrics exporter, and cancellation-safe retries. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md) |
| WORKER-PY-33-001 | TODO | Add artifact publish/idempotency helpers (object storage adapters, checksum hashing, metadata payload) for Python workers. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md) |
| WORKER-PY-33-002 | TODO | Provide error classification/backoff helper mapping to orchestrator codes, including jittered retries and structured failure reports. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md) |
| WORKER-PY-34-001 | TODO | Implement backfill range iteration, watermark handshake, and artifact dedupe verification utilities for Python workers. | Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md) |
[Scheduling & Automation] 150.B) PacksRegistry Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph Summary: Scheduling & Automation focus on PacksRegistry).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| PACKS-REG-41-001 | TODO | Implement registry service, migrations for packs_index, parity_matrix, provenance docs; support pack upload/list/get, signature verification, RBAC enforcement, and provenance manifest storage. |
Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md) |
| PACKS-REG-42-001 | TODO | Add version lifecycle (promote/deprecate), tenant allowlists, provenance export, signature rotation, audit logs, and Offline Kit seed support. | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md) |
| PACKS-REG-43-001 | TODO | Implement registry mirroring, pack signing policies, attestation integration, and compliance dashboards; integrate with Export Center. | Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md) |
[Scheduling & Automation] 150.C) Scheduler.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph Summary: Scheduling & Automation focus on Scheduler (phase I).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SCHED-CONSOLE-23-001 | TODO | Extend runs APIs with live progress SSE endpoints (/console/runs/{id}/stream), queue lag summaries, diff metadata fetch, retry/cancel hooks with RBAC enforcement, and deterministic pagination for history views consumed by Console. |
Scheduler WebService Guild, BE-Base Platform Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md) |
| SCHED-CONSOLE-27-001 | TODO | Provide policy batch simulation orchestration endpoints (/policies/simulations POST/GET) exposing run creation, shard status, SSE progress, cancellation, and retries with RBAC enforcement. |
Scheduler WebService Guild, Policy Registry Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md) |
| SCHED-CONSOLE-27-002 | TODO | Emit telemetry endpoints/metrics (policy_simulation_queue_depth, policy_simulation_latency) and webhook callbacks for completion/failure consumed by Registry. |
Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md) |
| SCHED-IMPACT-16-303 | TODO | Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. | Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/TASKS.md) |
| SCHED-SURFACE-01 | TODO | Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-VULN-29-001 | TODO | Expose resolver job APIs (POST /vuln/resolver/jobs, GET /vuln/resolver/jobs/{id}) to trigger candidate recomputation per artifact/policy change with RBAC and rate limits. |
Scheduler WebService Guild, Findings Ledger Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md) |
| SCHED-VULN-29-002 | TODO | Provide projector lag metrics endpoint and webhook notifications for backlog breaches consumed by DevOps dashboards. | Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md) |
| SCHED-WEB-20-002 | BLOCKED (waiting on SCHED-WORKER-20-301) | Provide simulation trigger endpoint returning diff preview metadata and job state for UI/CLI consumption. | Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md) |
| SCHED-WEB-21-004 | DOING (2025-10-26) | Persist graph job lifecycle to Mongo storage and publish scheduler.graph.job.completed@1 events + outbound webhook to Cartographer. |
Scheduler WebService Guild, Scheduler Storage Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md) |
| SCHED-WORKER-21-203 | TODO | Export metrics (graph_build_seconds, graph_jobs_inflight, overlay_lag_seconds) and structured logs with tenant/graph identifiers. |
Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-23-101 | TODO | Implement policy re-evaluation worker that shards assets, honours rate limits, and updates progress for Console after policy activation events. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-23-102 | TODO | Add reconciliation job ensuring re-eval completion within SLA, emitting alerts on backlog and persisting status to policy_runs. |
Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-25-101 | TODO | Implement exception lifecycle worker handling auto-activation/expiry and publishing exception.* events with retries/backoff. |
Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-25-102 | TODO | Add expiring notification job generating digests, marking expiring state, updating metrics/alerts. |
Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-26-201 | TODO | Build reachability joiner worker that combines SBOM snapshots with signals, writes cached facts, and schedules updates on new events. | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
[Scheduling & Automation] 150.C) Scheduler.II Depends on: Sprint 150.C - Scheduler.I Summary: Scheduling & Automation focus on Scheduler (phase II).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| SCHED-WORKER-26-202 | TODO | Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. | Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-27-301 | TODO | Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. | Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-27-302 | TODO | Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-27-303 | TODO | Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. | Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-29-001 | TODO | Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. | Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-29-002 | TODO | Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-29-003 | TODO | Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-CONSOLE-23-201 | TODO | Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
| SCHED-WORKER-CONSOLE-23-202 | TODO | Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) |
[Scheduling & Automation] 150.D) TaskRunner.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph Summary: Scheduling & Automation focus on TaskRunner (phase I).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| TASKRUN-41-001 | TODO | Bootstrap service, define migrations for pack_runs, pack_run_logs, pack_artifacts, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. |
Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-42-001 | DOING (2025-10-29) | Add loops, conditionals, maxParallel, outputs, simulation mode, policy gate integration, and failure recovery (retry/abort) with deterministic state. |
Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-43-001 | DOING (2025-10-29) | Implement approvals workflow (resume after approval), notifications integration, remote artifact uploads, chaos resilience, secret injection, and audit logs. | Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-AIRGAP-56-001 | TODO | Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. | Task Runner Guild, AirGap Policy Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-AIRGAP-56-002 | TODO | Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. | Task Runner Guild, AirGap Importer Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-AIRGAP-57-001 | TODO | Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. | Task Runner Guild, AirGap Controller Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-AIRGAP-58-001 | TODO | Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. | Task Runner Guild, Evidence Locker Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OAS-61-001 | TODO | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | Task Runner Guild, API Contracts Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OAS-61-002 | TODO | Expose GET /.well-known/openapi returning signed spec metadata, build version, and ETag. |
Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OAS-62-001 | TODO | Provide SDK examples for pack run lifecycle; ensure SDKs offer streaming log helpers and paginator wrappers. | Task Runner Guild, SDK Generator Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OAS-63-001 | TODO | Implement deprecation header support and Sunset handling for legacy pack APIs; emit notifications metadata. | Task Runner Guild, API Governance Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OBS-50-001 | TODO | Adopt telemetry core in Task Runner host + worker executors, ensuring step execution spans/logs include trace_id, tenant_id, run_id, and scrubbed command transcripts. |
Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OBS-51-001 | TODO | Emit metrics for step latency, retries, queue depth, sandbox resource usage; define SLOs for pack run completion and failure rate; surface burn-rate alerts to collector/Notifier. | Task Runner Guild, DevOps Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OBS-52-001 | TODO | Produce timeline events for pack runs (pack.started, pack.step.completed, pack.failed) containing evidence pointers and policy gate context. Provide dedupe + retry logic. |
Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OBS-53-001 | TODO | Capture step transcripts, artifact manifests, environment digests, and policy approvals into evidence locker snapshots; ensure redaction + hash chain coverage. | Task Runner Guild, Evidence Locker Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
[Scheduling & Automation] 150.D) TaskRunner.II Depends on: Sprint 150.D - TaskRunner.I Summary: Scheduling & Automation focus on TaskRunner (phase II).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| TASKRUN-OBS-54-001 | TODO | Generate DSSE attestations for pack runs (subjects = produced artifacts) and expose verification API/CLI integration. Store references in timeline events. | Task Runner Guild, Provenance Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-OBS-55-001 | TODO | Implement incident mode escalations (extra telemetry, debug artifact capture, retention bump) and align on automatic activation via SLO breach webhooks. | Task Runner Guild, DevOps Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
| TASKRUN-TEN-48-001 | TODO | Require tenant/project context for every pack run, set DB/object-store prefixes, block egress when tenant restricted, and propagate context to steps/logs. | Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) |
If all tasks are done - read next sprint section - SPRINT_160_export_evidence.md