stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
3bd095520218c6cba7adf09eb98b8f5c81d011b4
git.stella-ops.org/docs/implplan/SPRINT_150_scheduling_automation.md
master 3bd0955202
Some checks are pending
Docs CI / lint-and-preview (push) Waiting to run
Details
feat: Enhance Task Runner with simulation and failure policy support 
- Added tests for output projection and failure policy population in TaskPackPlanner.
- Introduced new failure policy manifest in TestManifests.
- Implemented simulation endpoints in the web service for task execution.
- Created TaskRunnerServiceOptions for configuration management.
- Updated appsettings.json to include TaskRunner configuration.
- Enhanced PackRunWorkerService to handle execution graphs and state management.
- Added support for parallel execution and conditional steps in the worker service.
- Updated documentation to reflect new features and changes in execution flow.
2025-11-04 19:05:56 +02:00

28 KiB
Raw Blame History

Sprint 150 - Scheduling & Automation

[Scheduling & Automation] 150.A) Orchestrator.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph Summary: Scheduling & Automation focus on Orchestrator (phase I).

Task ID State Task description Owners (Source)
ORCH-AIRGAP-56-001 TODO Enforce job descriptors to declare network intents; reject or flag any external endpoints in sealed mode before scheduling. Orchestrator Service Guild, AirGap Policy Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-AIRGAP-56-002 TODO Surface sealing status and time staleness in job scheduling decisions; block runs when staleness budgets exceeded. Dependencies: ORCH-AIRGAP-56-001. Orchestrator Service Guild, AirGap Controller Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-AIRGAP-57-001 TODO Add job type mirror.bundle to orchestrate bundle creation in connected environments with audit + provenance outputs. Dependencies: ORCH-AIRGAP-56-002. Orchestrator Service Guild, Mirror Creator Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-AIRGAP-58-001 TODO Capture import/export operations as timeline/evidence entries, ensuring chain-of-custody for mirror + portable evidence jobs. Dependencies: ORCH-AIRGAP-57-001. Orchestrator Service Guild, Evidence Locker Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OAS-61-001 TODO Document orchestrator endpoints in per-service OAS with standardized pagination, idempotency, and error envelope examples. Orchestrator Service Guild, API Contracts Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OAS-61-002 TODO Implement GET /.well-known/openapi in service and ensure version metadata aligns with runtime build. Dependencies: ORCH-OAS-61-001. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OAS-62-001 TODO Ensure SDK paginators and operations support orchestrator job operations; add SDK smoke tests for schedule/retry APIs. Dependencies: ORCH-OAS-61-002. Orchestrator Service Guild, SDK Generator Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OAS-63-001 TODO Emit deprecation headers and documentation for legacy orchestrator endpoints; update notifications metadata. Dependencies: ORCH-OAS-62-001. Orchestrator Service Guild, API Governance Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OBS-50-001 TODO Wire StellaOps.Telemetry.Core into orchestrator host, instrument schedulers and control APIs with trace spans, structured logs, and exemplar metrics. Ensure tenant/job metadata recorded for every span/log. Orchestrator Service Guild, Observability Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OBS-51-001 TODO Publish golden-signal metrics (dispatch latency, queue depth, failure rate), define job/tenant SLOs, and emit burn-rate alerts to collector + Notifications. Provide Grafana dashboards + alert rules. Dependencies: ORCH-OBS-50-001. Orchestrator Service Guild, DevOps Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OBS-52-001 TODO Emit timeline_event objects for job lifecycle (job.scheduled, job.started, job.completed, job.failed) including trace IDs, run IDs, tenant/project, and causal metadata. Add contract tests and Kafka/NATS emitter with retries. Dependencies: ORCH-OBS-51-001. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OBS-53-001 TODO Generate job capsule inputs for evidence locker (payload digests, worker image, config hash, log manifest) and invoke locker snapshot hooks on completion/failure. Ensure redaction guard enforced. Dependencies: ORCH-OBS-52-001. Orchestrator Service Guild, Evidence Locker Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OBS-54-001 TODO Produce DSSE attestations for orchestrator-scheduled jobs (subject = job capsule) and store references in timeline + evidence locker. Provide verification endpoint /jobs/{id}/attestation. Dependencies: ORCH-OBS-53-001. Orchestrator Service Guild, Provenance Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-OBS-55-001 TODO Implement incident mode hooks (sampling overrides, extended retention, additional debug spans) and automatic activation on SLO burn-rate breach. Emit activation/deactivation events to timeline + Notifier. Dependencies: ORCH-OBS-54-001. Orchestrator Service Guild, DevOps Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-32-001 TODO Bootstrap service project, configuration, and Postgres schema/migrations for sources, runs, jobs, dag_edges, artifacts, quotas, schedules. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)

[Scheduling & Automation] 150.A) Orchestrator.II Depends on: Sprint 150.A - Orchestrator.I Summary: Scheduling & Automation focus on Orchestrator (phase II).

Task ID State Task description Owners (Source)
ORCH-SVC-32-002 TODO Implement scheduler DAG planner + dependency resolver, job state machine, and critical-path metadata without yet issuing control actions. Dependencies: ORCH-SVC-32-001. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-32-003 TODO Expose read-only REST APIs (sources, runs, jobs, DAG) with OpenAPI, validation, pagination, and tenant scoping. Dependencies: ORCH-SVC-32-002. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-32-004 TODO Implement WebSocket/SSE stream for job/run updates, emit structured metrics counters/histograms, and add health probes. Dependencies: ORCH-SVC-32-003. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-32-005 TODO Deliver worker claim/heartbeat/progress endpoints capturing artifact metadata/checksums and enforcing idempotency keys. Dependencies: ORCH-SVC-32-004. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-33-001 TODO Enable `sources test. Dependencies: ORCH-SVC-32-005. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-33-002 TODO Implement per-source/tenant adaptive token-bucket rate limiter, concurrency caps, and backpressure signals reacting to upstream 429/503. Dependencies: ORCH-SVC-33-001. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-33-003 TODO Add watermark/backfill manager with event-time windows, duplicate suppression, dry-run preview endpoint, and safety validations. Dependencies: ORCH-SVC-33-002. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-33-004 TODO Deliver dead-letter store, replay endpoints, and error classification surfaces with remediation hints + notification hooks. Dependencies: ORCH-SVC-33-003. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-34-001 TODO Implement quota management APIs, per-tenant SLO burn-rate computation, and alert budget tracking surfaced via metrics. Dependencies: ORCH-SVC-33-004. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-34-002 TODO Build audit log + immutable run ledger export with signed manifest support, including provenance chain to artifacts. Dependencies: ORCH-SVC-34-001. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-34-003 TODO Execute perf/scale validation (≥10k pending jobs, dispatch P95 <150ms) and add autoscaling hooks with health probes. Dependencies: ORCH-SVC-34-002. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-34-004 TODO Package orchestrator container, Helm overlays, offline bundle seeds, provenance attestations, and compliance checklist for GA. Dependencies: ORCH-SVC-34-003. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-35-101 TODO Register export job type with quotas/rate policies, expose telemetry, and ensure exporter workers heartbeat via orchestrator contracts. Dependencies: ORCH-SVC-34-004. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-36-101 TODO Capture distribution metadata and retention timestamps for export jobs, updating dashboards and SSE payloads. Dependencies: ORCH-SVC-35-101. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-37-101 TODO Enable scheduled export runs, retention pruning hooks, and failure alerting tied to export job class. Dependencies: ORCH-SVC-36-101. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)

[Scheduling & Automation] 150.A) Orchestrator.III Depends on: Sprint 150.A - Orchestrator.II Summary: Scheduling & Automation focus on Orchestrator (phase III).

Task ID State Task description Owners (Source)
ORCH-SVC-38-101 TODO Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. Dependencies: ORCH-SVC-37-101. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-41-101 TODO Register pack-run job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. Dependencies: ORCH-SVC-38-101. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-SVC-42-101 TODO Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. Dependencies: ORCH-SVC-41-101. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
ORCH-TEN-48-001 TODO Include tenant_id/project_id in job specs, set DB session context before processing, enforce context on all queries, and reject jobs missing tenant metadata. Orchestrator Service Guild (src/Orchestrator/StellaOps.Orchestrator/TASKS.md)
WORKER-GO-32-001 TODO Bootstrap Go SDK project with configuration binding, auth headers, job claim/acknowledge client, and smoke sample. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md)
WORKER-GO-32-002 TODO Add heartbeat/progress helpers, structured logging hooks, Prometheus metrics, and jittered retry defaults. Dependencies: WORKER-GO-32-001. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md)
WORKER-GO-33-001 TODO Implement artifact publish helpers (object storage client, checksum hashing, metadata payload) and idempotency guard. Dependencies: WORKER-GO-32-002. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md)
WORKER-GO-33-002 TODO Provide error classification/retry helper, exponential backoff controls, and structured failure reporting to orchestrator. Dependencies: WORKER-GO-33-001. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md)
WORKER-GO-34-001 TODO Add backfill range execution helpers, watermark handshake utilities, and artifact dedupe verification for backfills. Dependencies: WORKER-GO-33-002. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Go/TASKS.md)
WORKER-PY-32-001 TODO Bootstrap asyncio-based Python SDK (config, auth headers, job claim/ack) plus sample worker script. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md)
WORKER-PY-32-002 TODO Implement heartbeat/progress helpers with structured logging, metrics exporter, and cancellation-safe retries. Dependencies: WORKER-PY-32-001. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md)
WORKER-PY-33-001 TODO Add artifact publish/idempotency helpers (object storage adapters, checksum hashing, metadata payload) for Python workers. Dependencies: WORKER-PY-32-002. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md)
WORKER-PY-33-002 TODO Provide error classification/backoff helper mapping to orchestrator codes, including jittered retries and structured failure reports. Dependencies: WORKER-PY-33-001. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md)
WORKER-PY-34-001 TODO Implement backfill range iteration, watermark handshake, and artifact dedupe verification utilities for Python workers. Dependencies: WORKER-PY-33-002. Worker SDK Guild (src/Orchestrator/StellaOps.Orchestrator.WorkerSdk.Python/TASKS.md)

[Scheduling & Automation] 150.B) PacksRegistry Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph Summary: Scheduling & Automation focus on PacksRegistry).

Task ID State Task description Owners (Source)
PACKS-REG-41-001 TODO Implement registry service, migrations for packs_index, parity_matrix, provenance docs; support pack upload/list/get, signature verification, RBAC enforcement, and provenance manifest storage. Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md)
PACKS-REG-42-001 TODO Add version lifecycle (promote/deprecate), tenant allowlists, provenance export, signature rotation, audit logs, and Offline Kit seed support. Dependencies: PACKS-REG-41-001. Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md)
PACKS-REG-43-001 TODO Implement registry mirroring, pack signing policies, attestation integration, and compliance dashboards; integrate with Export Center. Dependencies: PACKS-REG-42-001. Packs Registry Guild (src/PacksRegistry/StellaOps.PacksRegistry/TASKS.md)

[Scheduling & Automation] 150.C) Scheduler.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph Summary: Scheduling & Automation focus on Scheduler (phase I).

Task ID State Task description Owners (Source)
SCHED-CONSOLE-23-001 DONE (2025-11-03) Extend runs APIs with live progress SSE endpoints (/console/runs/{id}/stream), queue lag summaries, diff metadata fetch, retry/cancel hooks with RBAC enforcement, and deterministic pagination for history views consumed by Console. Scheduler WebService Guild, BE-Base Platform Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md)
SCHED-CONSOLE-27-001 DONE (2025-11-03) Provide policy batch simulation orchestration endpoints (/policies/simulations POST/GET) exposing run creation, shard status, SSE progress, cancellation, and retries with RBAC enforcement. Dependencies: SCHED-CONSOLE-23-001. Scheduler WebService Guild, Policy Registry Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md)
SCHED-CONSOLE-27-002 DOING (2025-11-03) Emit telemetry endpoints/metrics (policy_simulation_queue_depth, policy_simulation_latency) and webhook callbacks for completion/failure consumed by Registry. Dependencies: SCHED-CONSOLE-27-001. Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md)
SCHED-IMPACT-16-303 TODO Snapshot/compaction + invalidation for removed images; persistence to RocksDB/Redis per architecture. Scheduler ImpactIndex Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.ImpactIndex/TASKS.md)
SCHED-SURFACE-01 TODO Evaluate Surface.FS pointers when planning delta scans to avoid redundant work and prioritise drift-triggered assets. Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-VULN-29-001 TODO Expose resolver job APIs (POST /vuln/resolver/jobs, GET /vuln/resolver/jobs/{id}) to trigger candidate recomputation per artifact/policy change with RBAC and rate limits. Scheduler WebService Guild, Findings Ledger Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md)
SCHED-VULN-29-002 TODO Provide projector lag metrics endpoint and webhook notifications for backlog breaches consumed by DevOps dashboards. Dependencies: SCHED-VULN-29-001. Scheduler WebService Guild, Observability Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md)
SCHED-WEB-20-002 BLOCKED (waiting on SCHED-WORKER-20-301) Provide simulation trigger endpoint returning diff preview metadata and job state for UI/CLI consumption. Scheduler WebService Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md)
SCHED-WEB-21-004 DONE (2025-11-04) Persist graph job lifecycle to Mongo storage and publish scheduler.graph.job.completed@1 events + outbound webhook to Cartographer. Dependencies: SCHED-WEB-20-002. Scheduler WebService Guild, Scheduler Storage Guild (src/Scheduler/StellaOps.Scheduler.WebService/TASKS.md)

2025-11-04: Graph job completions now persist to Mongo with optimistic guards, emit Redis/webhook notifications once per transition, and refresh result URI metadata idempotently (tests cover service + Mongo store paths). SCHED-WORKER-21-203 | TODO | Export metrics (graph_build_seconds, graph_jobs_inflight, overlay_lag_seconds) and structured logs with tenant/graph identifiers. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) SCHED-WORKER-23-101 | TODO | Implement policy re-evaluation worker that shards assets, honours rate limits, and updates progress for Console after policy activation events. Dependencies: SCHED-WORKER-21-203. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) SCHED-WORKER-23-102 | TODO | Add reconciliation job ensuring re-eval completion within SLA, emitting alerts on backlog and persisting status to policy_runs. Dependencies: SCHED-WORKER-23-101. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) SCHED-WORKER-25-101 | TODO | Implement exception lifecycle worker handling auto-activation/expiry and publishing exception.* events with retries/backoff. Dependencies: SCHED-WORKER-23-102. | Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) SCHED-WORKER-25-102 | TODO | Add expiring notification job generating digests, marking expiring state, updating metrics/alerts. Dependencies: SCHED-WORKER-25-101. | Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md) SCHED-WORKER-26-201 | TODO | Build reachability joiner worker that combines SBOM snapshots with signals, writes cached facts, and schedules updates on new events. Dependencies: SCHED-WORKER-25-102. | Scheduler Worker Guild, Signals Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)

[Scheduling & Automation] 150.C) Scheduler.II Depends on: Sprint 150.C - Scheduler.I Summary: Scheduling & Automation focus on Scheduler (phase II).

Task ID State Task description Owners (Source)
SCHED-WORKER-26-202 TODO Implement staleness monitor + notifier for outdated reachability facts, publishing warnings and updating dashboards. Dependencies: SCHED-WORKER-26-201. Scheduler Worker Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-WORKER-27-301 TODO Implement policy batch simulation worker: shard SBOM inventories, invoke Policy Engine, emit partial results, handle retries/backoff, and publish progress events. Dependencies: SCHED-WORKER-26-202. Scheduler Worker Guild, Policy Registry Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-WORKER-27-302 TODO Build reducer job aggregating shard outputs into final manifests (counts, deltas, samples) and writing to object storage with checksums; emit completion events. Dependencies: SCHED-WORKER-27-301. Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-WORKER-27-303 TODO Enforce tenant isolation, scope checks, and attestation integration for simulation jobs; secret scanning pipeline for uploaded policy sources. Dependencies: SCHED-WORKER-27-302. Scheduler Worker Guild, Security Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-WORKER-29-001 TODO Implement resolver worker generating candidate findings from inventory + advisory evidence, respecting ecosystem version semantics and path scope; emit jobs for policy evaluation. Dependencies: SCHED-WORKER-27-303. Scheduler Worker Guild, Findings Ledger Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-WORKER-29-002 TODO Build evaluation orchestration worker invoking Policy Engine batch eval, writing results to Findings Ledger projector queue, and handling retries/backoff. Dependencies: SCHED-WORKER-29-001. Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-WORKER-29-003 TODO Add monitoring for resolver/evaluation backlog, SLA breaches, and export job queue; expose metrics/alerts feeding DevOps dashboards. Dependencies: SCHED-WORKER-29-002. Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-WORKER-CONSOLE-23-201 TODO Stream run progress events (stage status, tuples processed, SLA hints) to Redis/NATS for Console SSE, with heartbeat, dedupe, and retention policy. Publish metrics + structured logs for queue lag. Scheduler Worker Guild, Observability Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)
SCHED-WORKER-CONSOLE-23-202 TODO Coordinate evidence bundle jobs (enqueue, track status, cleanup) and expose job manifests to Web gateway; ensure idempotent reruns and cancellation support. Dependencies: SCHED-WORKER-CONSOLE-23-201. Scheduler Worker Guild, Policy Guild (src/Scheduler/__Libraries/StellaOps.Scheduler.Worker/TASKS.md)

[Scheduling & Automation] 150.D) TaskRunner.I Depends on: Sprint 120.A - AirGap, Sprint 130.A - Scanner, Sprint 140.A - Graph Summary: Scheduling & Automation focus on TaskRunner (phase I).

Task ID State Task description Owners (Source)
TASKRUN-41-001 TODO Bootstrap service, define migrations for pack_runs, pack_run_logs, pack_artifacts, implement run API (create/get/log stream), local executor, approvals pause, artifact capture, and provenance manifest generation. Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)
TASKRUN-42-001 DONE (2025-11-04) Add loops, conditionals, maxParallel, outputs, simulation mode, policy gate integration, and failure recovery (retry/abort) with deterministic state. Dependencies: TASKRUN-41-001. Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)
TASKRUN-43-001 DOING (2025-10-29) Implement approvals workflow (resume after approval), notifications integration, remote artifact uploads, chaos resilience, secret injection, and audit logs. Dependencies: TASKRUN-42-001. Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)
TASKRUN-AIRGAP-56-001 TODO Enforce plan-time validation rejecting steps with non-allowlisted network calls in sealed mode and surface remediation errors. Task Runner Guild, AirGap Policy Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)
TASKRUN-AIRGAP-56-002 TODO Add helper steps for bundle ingestion (checksum verification, staging to object store) with deterministic outputs. Dependencies: TASKRUN-AIRGAP-56-001. Task Runner Guild, AirGap Importer Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)
TASKRUN-AIRGAP-57-001 TODO Refuse to execute plans when environment sealed=false but declared sealed install; emit advisory timeline events. Dependencies: TASKRUN-AIRGAP-56-002. Task Runner Guild, AirGap Controller Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)
TASKRUN-AIRGAP-58-001 TODO Capture bundle import job transcripts, hashed inputs, and outputs into portable evidence bundles. Dependencies: TASKRUN-AIRGAP-57-001. Task Runner Guild, Evidence Locker Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)

2025-11-04: Resumed TASKRUN-42-001 — scoping execution engine upgrades (loops/conditionals/maxParallel), simulation mode, policy gate integration, and deterministic failure recovery. 2025-11-04: Worker/WebService wiring in place — execution graph honours maxParallel/continueOnError, retry windows persisted, and simulation API exposed. 2025-11-04: Continuing TASKRUN-42-001 — cleaning persistence anomalies, validating retry metadata, and wiring simulation preview into CLI surface. 2025-11-04: CLI command stella task-runner simulate wired to the new endpoint with JSON/table output modes. TASKRUN-OAS-61-001 | TODO | Document Task Runner APIs (pack runs, logs, approvals) in service OAS, including streaming response schemas and examples. | Task Runner Guild, API Contracts Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) TASKRUN-OAS-61-002 | TODO | Expose GET /.well-known/openapi returning signed spec metadata, build version, and ETag. Dependencies: TASKRUN-OAS-61-001. | Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) TASKRUN-OAS-62-001 | TODO | Provide SDK examples for pack run lifecycle; ensure SDKs offer streaming log helpers and paginator wrappers. Dependencies: TASKRUN-OAS-61-002. | Task Runner Guild, SDK Generator Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) TASKRUN-OAS-63-001 | TODO | Implement deprecation header support and Sunset handling for legacy pack APIs; emit notifications metadata. Dependencies: TASKRUN-OAS-62-001. | Task Runner Guild, API Governance Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) TASKRUN-OBS-50-001 | TODO | Adopt telemetry core in Task Runner host + worker executors, ensuring step execution spans/logs include trace_id, tenant_id, run_id, and scrubbed command transcripts. | Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) TASKRUN-OBS-51-001 | TODO | Emit metrics for step latency, retries, queue depth, sandbox resource usage; define SLOs for pack run completion and failure rate; surface burn-rate alerts to collector/Notifier. Dependencies: TASKRUN-OBS-50-001. | Task Runner Guild, DevOps Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) TASKRUN-OBS-52-001 | TODO | Produce timeline events for pack runs (pack.started, pack.step.completed, pack.failed) containing evidence pointers and policy gate context. Provide dedupe + retry logic. Dependencies: TASKRUN-OBS-51-001. | Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md) TASKRUN-OBS-53-001 | TODO | Capture step transcripts, artifact manifests, environment digests, and policy approvals into evidence locker snapshots; ensure redaction + hash chain coverage. Dependencies: TASKRUN-OBS-52-001. | Task Runner Guild, Evidence Locker Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)

[Scheduling & Automation] 150.D) TaskRunner.II Depends on: Sprint 150.D - TaskRunner.I Summary: Scheduling & Automation focus on TaskRunner (phase II).

Task ID State Task description Owners (Source)
TASKRUN-OBS-54-001 TODO Generate DSSE attestations for pack runs (subjects = produced artifacts) and expose verification API/CLI integration. Store references in timeline events. Dependencies: TASKRUN-OBS-53-001. Task Runner Guild, Provenance Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)
TASKRUN-OBS-55-001 TODO Implement incident mode escalations (extra telemetry, debug artifact capture, retention bump) and align on automatic activation via SLO breach webhooks. Dependencies: TASKRUN-OBS-54-001. Task Runner Guild, DevOps Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)
TASKRUN-TEN-48-001 TODO Require tenant/project context for every pack run, set DB/object-store prefixes, block egress when tenant restricted, and propagate context to steps/logs. Task Runner Guild (src/TaskRunner/StellaOps.TaskRunner/TASKS.md)

If all tasks are done - read next sprint section - SPRINT_160_export_evidence.md