agentic-orchestrator 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/.claude/settings.local.json +6 -1
  2. package/README.md +81 -54
  3. package/agentic/orchestrator/defaults/policy.defaults.yaml +212 -0
  4. package/agentic/orchestrator/schemas/adapters.schema.json +17 -4
  5. package/agentic/orchestrator/schemas/agents.schema.json +58 -13
  6. package/agentic/orchestrator/schemas/gates.schema.json +88 -17
  7. package/agentic/orchestrator/schemas/index.schema.json +172 -37
  8. package/agentic/orchestrator/schemas/multi-project.schema.json +85 -17
  9. package/agentic/orchestrator/schemas/plan.schema.json +135 -30
  10. package/agentic/orchestrator/schemas/policy.schema.json +198 -69
  11. package/agentic/orchestrator/schemas/policy.user.schema.json +165 -0
  12. package/agentic/orchestrator/schemas/qa_test_index.schema.json +71 -14
  13. package/agentic/orchestrator/schemas/state.schema.json +196 -39
  14. package/apps/control-plane/scripts/validate-architecture-rules.mjs +5 -3
  15. package/apps/control-plane/scripts/validate-docker-mcp-contract.mjs +0 -3
  16. package/apps/control-plane/scripts/validate-mcp-contracts.ts +2 -6
  17. package/apps/control-plane/src/application/services/policy-loader-service.ts +115 -0
  18. package/apps/control-plane/src/cli/aop.ts +35 -1
  19. package/apps/control-plane/src/cli/cli-argument-parser.ts +4 -0
  20. package/apps/control-plane/src/cli/help-command-handler.ts +2 -1
  21. package/apps/control-plane/src/cli/init-command-handler.ts +136 -27
  22. package/apps/control-plane/src/cli/retry-command-handler.ts +3 -6
  23. package/apps/control-plane/src/cli/types.ts +1 -0
  24. package/apps/control-plane/src/core/git.ts +1 -3
  25. package/apps/control-plane/src/core/kernel.ts +3 -6
  26. package/apps/control-plane/src/core/schemas.ts +36 -1
  27. package/apps/control-plane/src/interfaces/cli/bootstrap.ts +1 -1
  28. package/apps/control-plane/src/mcp/tool-registry-loader.ts +37 -1
  29. package/apps/control-plane/src/supervisor/qa-wave-executor.ts +1 -1
  30. package/apps/control-plane/test/aop.spec.ts +37 -0
  31. package/apps/control-plane/test/batch-operations.spec.ts +5 -3
  32. package/apps/control-plane/test/bootstrap-attach.spec.ts +28 -18
  33. package/apps/control-plane/test/bootstrap-edge-cases.spec.ts +25 -15
  34. package/apps/control-plane/test/bootstrap.spec.ts +30 -22
  35. package/apps/control-plane/test/cli.unit.spec.ts +55 -10
  36. package/apps/control-plane/test/core-utils.spec.ts +12 -3
  37. package/apps/control-plane/test/feature-deletion-service.spec.ts +2 -1
  38. package/apps/control-plane/test/feature-lifecycle.spec.ts +1 -1
  39. package/apps/control-plane/test/helpers.ts +22 -2
  40. package/apps/control-plane/test/init-wizard.spec.ts +160 -7
  41. package/apps/control-plane/test/issue-tracker.spec.ts +3 -3
  42. package/apps/control-plane/test/kernel.spec.ts +62 -0
  43. package/apps/control-plane/test/lock-service.spec.ts +4 -4
  44. package/apps/control-plane/test/policy-loader-service.spec.ts +346 -0
  45. package/apps/control-plane/test/reactions.spec.ts +8 -6
  46. package/apps/control-plane/test/resume-command.spec.ts +31 -15
  47. package/apps/control-plane/test/supervisor.unit.spec.ts +2 -2
  48. package/apps/control-plane/test/tool-registry-loader.spec.ts +12 -0
  49. package/apps/control-plane/vitest.config.ts +1 -1
  50. package/dist/apps/control-plane/application/services/policy-loader-service.d.ts +24 -0
  51. package/dist/apps/control-plane/application/services/policy-loader-service.js +90 -0
  52. package/dist/apps/control-plane/application/services/policy-loader-service.js.map +1 -0
  53. package/dist/apps/control-plane/application/tools/tool-metadata.js +1 -0
  54. package/dist/apps/control-plane/application/tools/tool-metadata.js.map +1 -1
  55. package/dist/apps/control-plane/cli/aop.js +33 -1
  56. package/dist/apps/control-plane/cli/aop.js.map +1 -1
  57. package/dist/apps/control-plane/cli/cli-argument-parser.js +4 -0
  58. package/dist/apps/control-plane/cli/cli-argument-parser.js.map +1 -1
  59. package/dist/apps/control-plane/cli/dashboard-command-handler.js +11 -5
  60. package/dist/apps/control-plane/cli/dashboard-command-handler.js.map +1 -1
  61. package/dist/apps/control-plane/cli/help-command-handler.js +5 -4
  62. package/dist/apps/control-plane/cli/help-command-handler.js.map +1 -1
  63. package/dist/apps/control-plane/cli/init-command-handler.d.ts +1 -0
  64. package/dist/apps/control-plane/cli/init-command-handler.js +110 -26
  65. package/dist/apps/control-plane/cli/init-command-handler.js.map +1 -1
  66. package/dist/apps/control-plane/cli/retry-command-handler.js +3 -6
  67. package/dist/apps/control-plane/cli/retry-command-handler.js.map +1 -1
  68. package/dist/apps/control-plane/cli/types.d.ts +1 -0
  69. package/dist/apps/control-plane/core/git.js +1 -3
  70. package/dist/apps/control-plane/core/git.js.map +1 -1
  71. package/dist/apps/control-plane/core/kernel.js +3 -5
  72. package/dist/apps/control-plane/core/kernel.js.map +1 -1
  73. package/dist/apps/control-plane/core/schemas.d.ts +2 -0
  74. package/dist/apps/control-plane/core/schemas.js +31 -1
  75. package/dist/apps/control-plane/core/schemas.js.map +1 -1
  76. package/dist/apps/control-plane/interfaces/cli/bootstrap.js +1 -1
  77. package/dist/apps/control-plane/interfaces/cli/bootstrap.js.map +1 -1
  78. package/dist/apps/control-plane/mcp/tool-registry-loader.d.ts +2 -0
  79. package/dist/apps/control-plane/mcp/tool-registry-loader.js +31 -1
  80. package/dist/apps/control-plane/mcp/tool-registry-loader.js.map +1 -1
  81. package/dist/apps/control-plane/supervisor/build-wave-executor.js +1 -1
  82. package/dist/apps/control-plane/supervisor/build-wave-executor.js.map +1 -1
  83. package/dist/apps/control-plane/supervisor/qa-wave-executor.js +1 -1
  84. package/dist/apps/control-plane/supervisor/qa-wave-executor.js.map +1 -1
  85. package/package.json +18 -17
  86. package/packages/web-dashboard/package.json +1 -1
  87. package/packages/web-dashboard/src/app/api/actions/route.ts +2 -2
  88. package/packages/web-dashboard/src/app/api/events/route.ts +1 -1
  89. package/packages/web-dashboard/src/app/api/features/[id]/checkout/route.ts +1 -1
  90. package/packages/web-dashboard/src/app/api/features/[id]/diff/route.ts +1 -1
  91. package/packages/web-dashboard/src/app/api/features/[id]/evidence/[artifact]/route.ts +1 -1
  92. package/packages/web-dashboard/src/app/api/features/[id]/review/route.ts +2 -2
  93. package/packages/web-dashboard/src/app/api/features/[id]/route.ts +1 -1
  94. package/packages/web-dashboard/src/app/api/projects/route.ts +2 -2
  95. package/packages/web-dashboard/src/app/api/status/route.ts +1 -1
  96. package/packages/web-dashboard/src/app/page.tsx +1 -1
  97. package/packages/web-dashboard/src/lib/aop-client.ts +1 -1
  98. package/packages/web-dashboard/src/lib/orchestrator-tools.ts +1 -1
  99. package/packages/web-dashboard/tsconfig.json +1 -0
  100. package/spec-files/completed/agentic_orchestrator_init_policy_ux_simplification_spec.md +481 -0
  101. package/spec-files/outstanding/agentic_orchestrator_artifact_database_publishing_spec.md +500 -0
  102. package/spec-files/outstanding/agentic_orchestrator_observability_integrity_diagnostics_spec.md +500 -195
  103. package/spec-files/outstanding/agentic_orchestrator_performance_improvements_spec.md +471 -162
  104. package/spec-files/outstanding/agentic_orchestrator_planning_review_quality_spec.md +532 -268
  105. package/spec-files/outstanding/agentic_orchestrator_productization_commercial_spec.md +645 -0
  106. package/spec-files/progress.md +99 -2
  107. package/tsconfig.base.json +4 -0
  108. /package/spec-files/{outstanding → completed}/agentic_orchestrator_validator_hardening_spec.md +0 -0
@@ -0,0 +1,500 @@
1
+ # Feature Spec: `.aop` Artifact Publishing to Configurable Audit Database (AOP)
2
+
3
+ > **Purpose of this document**: Define implementation-ready functionality to publish runtime artifacts from `.aop/**` to a user-configured database after execution, enabling durable audit history of what the orchestrator did and why it did it. The feature includes external database targets and a built-in local Docker-backed database mode (`type: local`).
4
+
5
+ **Version:** 1.0
6
+ **Date:** 2026-03-04
7
+ **Status:** Draft
8
+ **Roadmap Mapping:** M40
9
+
10
+ ---
11
+
12
+ ## 0. Standards and Dependencies
13
+
14
+ ### 0.1 Required Standards
15
+
16
+ All implementation MUST preserve:
17
+ - deterministic runtime behavior and MCP/in-process parity
18
+ - existing command behavior when publishing is disabled
19
+ - normalized error envelope (`{ ok: false, error: { code, message, details } }`)
20
+ - atomic file-write/lock guarantees for `.aop/**` artifacts
21
+ - Nx + Vitest + coverage thresholds (>= 90% per file)
22
+
23
+ ### 0.2 Upstream Inputs
24
+
25
+ Implementing agents MUST read:
26
+ - `apps/control-plane/src/core/path-layout.ts`
27
+ - `apps/control-plane/src/core/kernel.ts`
28
+ - `apps/control-plane/src/supervisor/run-coordinator.ts`
29
+ - `apps/control-plane/src/cli/run-command-handler.ts`
30
+ - `apps/control-plane/src/interfaces/cli/bootstrap.ts`
31
+ - `apps/control-plane/src/cli/cli-argument-parser.ts`
32
+ - `apps/control-plane/src/cli/help-command-handler.ts`
33
+ - `apps/control-plane/src/core/constants.ts`
34
+ - `apps/control-plane/src/core/error-codes.ts`
35
+ - `apps/control-plane/src/mcp/operation-ledger.ts`
36
+ - `agentic/orchestrator/policy.yaml`
37
+ - `agentic/orchestrator/defaults/policy.defaults.yaml`
38
+ - `agentic/orchestrator/schemas/policy.schema.json`
39
+ - `agentic/orchestrator/tools/catalog.json`
40
+ - `spec-files/completed/agentic_orchestrator_dot_aop_generated_artifacts_spec.md`
41
+
42
+ ### 0.3 Feature Scope
43
+
44
+ This spec implements three slices:
45
+ - **DB1** Configurable artifact publishing policy + database connection contract
46
+ - **DB2** Post-run and manual publishing pipeline with idempotent checkpoints
47
+ - **DB3** Local Docker database mode (`database.type: local`)
48
+
49
+ ---
50
+
51
+ ## 1. Objectives
52
+
53
+ ### 1.1 Must-Have Outcomes
54
+
55
+ - Users can configure a database target in YAML and publish `.aop/**` artifacts to it.
56
+ - Publishing can run automatically after `aop run` execution and can also be triggered manually.
57
+ - Published records are queryable over time by `run_id`, `feature_id`, tool activity, gate results, and decisions.
58
+ - `database.type: local` starts/uses a local Docker database automatically and publishes there without external infra setup.
59
+ - Publishing is idempotent and safe to retry.
60
+
61
+ ### 1.2 Non-Goals
62
+
63
+ - No replacement of file-backed `.aop/**` runtime storage.
64
+ - No requirement to support every SQL engine in first release.
65
+ - No real-time streaming pipeline in this phase (batch publish at execution boundaries).
66
+ - No dashboard UI implementation in this phase (data plane + CLI/tool contracts only).
67
+
68
+ ---
69
+
70
+ ## 2. Architecture Decisions
71
+
72
+ ### 2.1 Source of Truth Remains `.aop/**`
73
+
74
+ Database rows are derived artifacts for analytics/audit. `.aop/**` remains authoritative runtime state.
75
+
76
+ ### 2.2 First-Class Publisher Service
77
+
78
+ All publishing must route through a single service boundary (`ArtifactPublisherService`) to centralize:
79
+ - artifact enumeration
80
+ - normalization and hashing
81
+ - DB transaction semantics
82
+ - checkpointing/retry behavior
83
+
84
+ ### 2.3 Idempotency by `(target_id, run_id, publish_revision)`
85
+
86
+ Publishing writes must be safely repeatable. Re-running publish for the same run must not duplicate logical records.
87
+
88
+ ### 2.4 Local Mode Resolves to Docker-Managed Postgres
89
+
90
+ `database.type: local` is a convenience wrapper around a managed local Postgres container. External engines remain explicitly configured.
91
+
92
+ ### 2.5 Failure Behavior is Configurable
93
+
94
+ Default is best-effort (run succeeds even if publish fails). Strict mode is available when audit persistence is mandatory.
95
+
96
+ ---
97
+
98
+ ## 3. Configuration Contract
99
+
100
+ ### 3.1 Policy Additions (`policy.yaml`)
101
+
102
+ Add `artifact_publishing` section to policy (full + defaults + schema):
103
+
104
+ ```yaml
105
+ artifact_publishing:
106
+ enabled: false
107
+ trigger: post_run # post_run | manual_only
108
+ mode: best_effort # best_effort | required
109
+ include_content:
110
+ state_md: true
111
+ plan_json: true
112
+ decisions_md: true
113
+ qa_index_json: true
114
+ gate_logs_preview_bytes: 16384
115
+ database:
116
+ type: postgres # postgres | local
117
+ target_id: default
118
+ postgres:
119
+ connection_uri: "${AOP_AUDIT_DB_URL}"
120
+ schema: aop_audit
121
+ ssl_mode: require # disable | require
122
+ connect_timeout_ms: 8000
123
+ local:
124
+ engine: postgres
125
+ image: postgres:16-alpine
126
+ container_name: aop-audit-db
127
+ port: 55432
128
+ database: aop_audit
129
+ username: aop
130
+ password_env: AOP_LOCAL_AUDIT_DB_PASSWORD
131
+ volume_name: aop_audit_db_data
132
+ auto_start: true
133
+ wait_timeout_ms: 30000
134
+ ```
135
+
136
+ ### 3.2 YAML Validation
137
+
138
+ `agentic/orchestrator/schemas/policy.schema.json` MUST validate the new section with:
139
+ - strict enums for `trigger`, `mode`, `database.type`
140
+ - required `postgres.connection_uri` when `type: postgres`
141
+ - required local fields when `type: local`
142
+ - numeric bounds for port/timeouts/preview bytes
143
+
144
+ ### 3.3 Secret Handling
145
+
146
+ - connection strings and passwords MUST support env interpolation (`${ENV_VAR}`).
147
+ - raw password literals in committed policy SHOULD be rejected with explicit validation guidance.
148
+
149
+ ### 3.4 Defaults
150
+
151
+ `agentic/orchestrator/defaults/policy.defaults.yaml` MUST include `artifact_publishing.enabled: false` so behavior remains opt-in.
152
+
153
+ ---
154
+
155
+ ## 4. Canonical Publish Payload
156
+
157
+ ### 4.1 Artifacts Included Per Run
158
+
159
+ Minimum dataset for a run publish:
160
+ - `.aop/features/index.json`
161
+ - `.aop/runtime/operation-ledger/<run_id>.json`
162
+ - for each feature in run scope:
163
+ - `state.md`
164
+ - `plan.json` (if present)
165
+ - `qa_test_index.json` (if present)
166
+ - `cost.json` (if present)
167
+ - `decisions.md` (if present)
168
+ - gate/evidence metadata and selected content previews
169
+
170
+ ### 4.2 Normalized Record Categories
171
+
172
+ Publisher MUST normalize into these logical categories:
173
+ - `run_summary`
174
+ - `feature_snapshot`
175
+ - `tool_execution`
176
+ - `gate_execution`
177
+ - `decision_log_entry`
178
+ - `artifact_manifest_entry`
179
+ - `publish_event`
180
+
181
+ ### 4.3 Hashing and Determinism
182
+
183
+ For each artifact row:
184
+ - include `content_sha256`
185
+ - include `relative_path`
186
+ - normalize JSON key order before hashing JSON content
187
+ - ensure stable sort order by `feature_id`, then `relative_path`
188
+
189
+ ---
190
+
191
+ ## 5. Database Schema (v1)
192
+
193
+ ### 5.1 Required Tables
194
+
195
+ 1. `aop_publish_runs`
196
+ - `publish_id` (PK)
197
+ - `target_id`
198
+ - `run_id`
199
+ - `publish_revision`
200
+ - `status` (`started|succeeded|failed`)
201
+ - `started_at`, `finished_at`
202
+ - `error_code`, `error_message`
203
+
204
+ 2. `aop_runs`
205
+ - `run_id` (PK)
206
+ - `project_root_hash`
207
+ - `started_at`
208
+ - `finished_at`
209
+ - `queue_depth`
210
+ - `runtime_status`
211
+
212
+ 3. `aop_features`
213
+ - composite PK: (`run_id`, `feature_id`)
214
+ - `status`
215
+ - `branch`
216
+ - `gate_profile`
217
+ - `last_updated`
218
+ - `cost_estimated_usd`
219
+ - `tokens_used`
220
+
221
+ 4. `aop_tool_executions`
222
+ - composite PK: (`run_id`, `operation_id`)
223
+ - `feature_id`
224
+ - `tool_name`
225
+ - `actor_type`
226
+ - `result`
227
+ - `error_code`
228
+ - `latency_ms`
229
+ - `request_hash`
230
+ - `created_at`, `updated_at`
231
+
232
+ 5. `aop_gate_executions`
233
+ - surrogate PK + unique (`run_id`, `feature_id`, `gate_name`, `executed_at`)
234
+ - `result`, `exit_code`
235
+ - `mode`
236
+ - `evidence_path`
237
+ - `logs_preview`
238
+
239
+ 6. `aop_decisions`
240
+ - surrogate PK + index (`run_id`, `feature_id`, `line_no`)
241
+ - `entry_text`
242
+ - `entry_hash`
243
+
244
+ 7. `aop_artifact_manifest`
245
+ - composite PK: (`run_id`, `feature_id`, `relative_path`)
246
+ - `size_bytes`
247
+ - `content_sha256`
248
+ - `content_preview`
249
+ - `modified_at`
250
+
251
+ ### 5.2 Migration Contract
252
+
253
+ - Create `schema_migrations` table and apply ordered SQL migrations.
254
+ - Publisher must run `ensureSchema()` before first write for a target.
255
+
256
+ ---
257
+
258
+ ## 6. Runtime Flow and Trigger Points
259
+
260
+ ### 6.1 Automatic Post-Run Publishing
261
+
262
+ `RunCommandHandler.execute(...)` flow extension:
263
+ 1. run supervisor cycle (`supervisor.start(...)`)
264
+ 2. if `artifact_publishing.enabled && trigger == post_run`, invoke publisher
265
+ 3. attach publish result under response payload:
266
+ - `data.artifact_publish.status`
267
+ - `data.artifact_publish.publish_id`
268
+ - `data.artifact_publish.warning` (best-effort failure only)
269
+
270
+ ### 6.2 Manual Publishing
271
+
272
+ Add CLI command:
273
+ - `aop publish [--run-id <id>] [--latest] [--dry-run] [--strict]`
274
+
275
+ Behavior:
276
+ - default `--latest` when no run id provided
277
+ - `--dry-run` builds manifest + stats without DB writes
278
+ - `--strict` forces non-zero exit on publish failure regardless of policy mode
279
+
280
+ ### 6.3 MCP Tool Surface
281
+
282
+ Add tools:
283
+ - `artifacts.publish` (mutating: true)
284
+ - `artifacts.publish_status` (mutating: false)
285
+
286
+ `artifacts.publish` input includes `run_id`, `dry_run`, `strict`, `trigger_source`.
287
+
288
+ ---
289
+
290
+ ## 7. Local Docker Database Mode (`type: local`)
291
+
292
+ ### 7.1 Behavior
293
+
294
+ When `database.type: local`:
295
+ 1. verify Docker CLI availability
296
+ 2. verify/start container using configured image/name/port/volume
297
+ 3. wait for DB health/readiness
298
+ 4. connect via computed Postgres URI
299
+ 5. run schema migrations and publish
300
+
301
+ ### 7.2 Local Runtime Artifacts
302
+
303
+ Persist local DB runtime metadata under:
304
+ - `.aop/runtime/artifact-publishing/local-db.json`
305
+
306
+ Contract example:
307
+
308
+ ```json
309
+ {
310
+ "target_id": "default",
311
+ "container_name": "aop-audit-db",
312
+ "engine": "postgres",
313
+ "host": "127.0.0.1",
314
+ "port": 55432,
315
+ "database": "aop_audit",
316
+ "username": "aop",
317
+ "started_at": "2026-03-03T22:00:00Z"
318
+ }
319
+ ```
320
+
321
+ ### 7.3 Docker Failure Handling
322
+
323
+ Errors must map cleanly:
324
+ - `artifact_publish_local_docker_unavailable`
325
+ - `artifact_publish_local_start_failed`
326
+ - `artifact_publish_local_unhealthy`
327
+
328
+ If mode is `best_effort`, run continues and publish failure is reported in payload + logs.
329
+
330
+ ---
331
+
332
+ ## 8. Error Codes
333
+
334
+ Add to `apps/control-plane/src/core/error-codes.ts`:
335
+ - `artifact_publish_config_invalid`
336
+ - `artifact_publish_target_unconfigured`
337
+ - `artifact_publish_connect_failed`
338
+ - `artifact_publish_migration_failed`
339
+ - `artifact_publish_write_failed`
340
+ - `artifact_publish_checkpoint_conflict`
341
+ - `artifact_publish_local_docker_unavailable`
342
+ - `artifact_publish_local_start_failed`
343
+ - `artifact_publish_local_unhealthy`
344
+
345
+ ---
346
+
347
+ ## 9. Implementation Plan
348
+
349
+ ## 9.1 DB1: Configuration + Validation
350
+
351
+ ### DB1-T1 Policy contract
352
+ - update `policy.yaml` examples
353
+ - update `policy.defaults.yaml`
354
+ - extend `policy.schema.json`
355
+
356
+ ### DB1-T2 Typed policy accessors
357
+ - add typed readers for `artifact_publishing` section in kernel/service layer
358
+
359
+ ### DB1-T3 Config normalization
360
+ - implement env interpolation + normalization helper
361
+
362
+ ## 9.2 DB2: Publisher pipeline
363
+
364
+ ### DB2-T1 Artifact enumeration
365
+ - deterministic scanner for run/feature artifacts
366
+ - manifest builder with hashes and size
367
+
368
+ ### DB2-T2 Store interface and Postgres adapter
369
+ - `ArtifactAuditStore` interface
370
+ - `PostgresArtifactAuditStore` implementation (transactional upsert)
371
+
372
+ ### DB2-T3 Checkpointing and idempotency
373
+ - write local checkpoint under `.aop/runtime/artifact-publishing/checkpoints/<run_id>.json`
374
+ - support safe retries after partial failures
375
+
376
+ ### DB2-T4 Trigger integration
377
+ - invoke publisher from run flow and manual command path
378
+
379
+ ## 9.3 DB3: Local Docker orchestration
380
+
381
+ ### DB3-T1 Local DB manager
382
+ - start/inspect/wait for container
383
+ - compute connection URI for local target
384
+
385
+ ### DB3-T2 Local-only smoke checks
386
+ - optional smoke test command for local mode readiness
387
+
388
+ ---
389
+
390
+ ## 10. File Targets
391
+
392
+ ### 10.1 New files
393
+ - `apps/control-plane/src/application/services/artifact-publisher-service.ts`
394
+ - `apps/control-plane/src/application/services/artifact-manifest-service.ts`
395
+ - `apps/control-plane/src/application/services/artifact-audit-store.ts`
396
+ - `apps/control-plane/src/application/services/postgres-artifact-audit-store.ts`
397
+ - `apps/control-plane/src/application/services/local-artifact-db-manager.ts`
398
+ - `apps/control-plane/src/cli/publish-command-handler.ts`
399
+ - `agentic/orchestrator/tools/schemas/input/artifacts.publish.input.schema.json`
400
+ - `agentic/orchestrator/tools/schemas/output/artifacts.publish.output.schema.json`
401
+ - `agentic/orchestrator/tools/schemas/input/artifacts.publish_status.input.schema.json`
402
+ - `agentic/orchestrator/tools/schemas/output/artifacts.publish_status.output.schema.json`
403
+ - `apps/control-plane/src/application/services/sql/artifact-publishing/postgres/001_init.sql`
404
+
405
+ ### 10.2 Existing files to modify
406
+ - `apps/control-plane/src/core/kernel.ts`
407
+ - `apps/control-plane/src/core/constants.ts`
408
+ - `apps/control-plane/src/core/error-codes.ts`
409
+ - `apps/control-plane/src/core/path-layout.ts`
410
+ - `apps/control-plane/src/cli/cli-argument-parser.ts`
411
+ - `apps/control-plane/src/cli/help-command-handler.ts`
412
+ - `apps/control-plane/src/cli/types.ts`
413
+ - `apps/control-plane/src/interfaces/cli/bootstrap.ts`
414
+ - `apps/control-plane/src/cli/run-command-handler.ts`
415
+ - `agentic/orchestrator/tools/catalog.json`
416
+ - `agentic/orchestrator/tools.md`
417
+ - `agentic/orchestrator/policy.yaml`
418
+ - `agentic/orchestrator/defaults/policy.defaults.yaml`
419
+ - `agentic/orchestrator/schemas/policy.schema.json`
420
+ - `README.md`
421
+
422
+ ### 10.3 Tests
423
+ - `apps/control-plane/test/artifact-publisher.spec.ts` (new)
424
+ - `apps/control-plane/test/local-artifact-db-manager.spec.ts` (new)
425
+ - `apps/control-plane/test/run-command.spec.ts` (extend post-run publish assertions)
426
+ - `apps/control-plane/test/cli.unit.spec.ts` (parse + publish command)
427
+ - `apps/control-plane/test/mcp.spec.ts` (new tool registration + parity)
428
+ - `apps/control-plane/test/kernel.spec.ts` (tool handler contracts)
429
+
430
+ ---
431
+
432
+ ## 11. Acceptance Criteria
433
+
434
+ ### DB1 — Configurable DB contract
435
+
436
+ - [ ] `artifact_publishing` policy section schema-validates with strict enum/type checks
437
+ - [ ] env-variable interpolation is supported for DB secrets
438
+ - [ ] invalid config surfaces `artifact_publish_config_invalid` with actionable details
439
+
440
+ ### DB2 — Publish pipeline
441
+
442
+ - [ ] `aop run` publishes artifacts post-run when enabled and trigger is `post_run`
443
+ - [ ] `aop publish --run-id <id>` publishes historical run artifacts on demand
444
+ - [ ] published dataset includes run summary, feature snapshots, tool executions, decisions, and artifact manifest
445
+ - [ ] re-running publish for same run is idempotent (no duplicate logical records)
446
+ - [ ] best-effort mode does not fail run command on publish failure; required mode does
447
+
448
+ ### DB3 — Local Docker mode
449
+
450
+ - [ ] `database.type: local` auto-starts/uses configured Docker DB container
451
+ - [ ] publish succeeds to local DB without external DB provisioning
452
+ - [ ] explicit, typed errors are returned when Docker is missing/unhealthy
453
+
454
+ ### Quality and regression
455
+
456
+ - [ ] existing commands continue to work unchanged when publishing is disabled
457
+ - [ ] `npm run typecheck` and `npm test` pass with coverage thresholds preserved
458
+ - [ ] `npm run validate:mcp-contracts` passes with updated tool catalog/schemas
459
+
460
+ ---
461
+
462
+ ## 12. Implementation Order
463
+
464
+ 1. Add policy contract + schema + defaults (`artifact_publishing`, disabled by default)
465
+ 2. Add new error codes and constants for publish tools
466
+ 3. Implement manifest + hashing service (no DB yet)
467
+ 4. Implement Postgres audit store + migrations
468
+ 5. Add `artifacts.publish` / `artifacts.publish_status` tool handlers and schemas
469
+ 6. Add `aop publish` CLI command and bootstrap wiring
470
+ 7. Wire post-run trigger in `RunCommandHandler`
471
+ 8. Implement `type: local` Docker manager and integrate with publisher
472
+ 9. Add tests (unit + integration contracts)
473
+ 10. Update docs and examples
474
+
475
+ ---
476
+
477
+ ## 13. Risks and Mitigations
478
+
479
+ - Risk: large artifact payloads cause slow publish times.
480
+ - Mitigation: default to metadata + bounded previews for large logs, plus batched writes.
481
+ - Risk: local Docker startup flakiness creates noisy failures.
482
+ - Mitigation: explicit readiness checks, bounded retries, and best-effort default mode.
483
+ - Risk: duplicate records on retries.
484
+ - Mitigation: deterministic upsert keys and run-level publish checkpoints.
485
+ - Risk: secrets leakage in logs.
486
+ - Mitigation: redact connection URI credentials and password fields from all logs/errors.
487
+
488
+ ---
489
+
490
+ ## 14. Open Questions
491
+
492
+ 1. Should first release support only Postgres (`postgres` + `local`) or include MySQL in MVP?
493
+ 2. Should `aop status` expose latest publish status summary by default?
494
+ 3. Should strict mode be policy-only, CLI-only, or both (recommended: both)?
495
+
496
+ ---
497
+
498
+ ## 15. Progress Tracking Note
499
+
500
+ When implementation starts, add milestone entries to `spec-files/progress.md` and move this spec from `spec-files/outstanding/` to `spec-files/completed/` only after acceptance criteria are met.