agentic-orchestrator 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +6 -1
- package/README.md +81 -54
- package/agentic/orchestrator/defaults/policy.defaults.yaml +212 -0
- package/agentic/orchestrator/schemas/adapters.schema.json +17 -4
- package/agentic/orchestrator/schemas/agents.schema.json +58 -13
- package/agentic/orchestrator/schemas/gates.schema.json +88 -17
- package/agentic/orchestrator/schemas/index.schema.json +172 -37
- package/agentic/orchestrator/schemas/multi-project.schema.json +85 -17
- package/agentic/orchestrator/schemas/plan.schema.json +135 -30
- package/agentic/orchestrator/schemas/policy.schema.json +198 -69
- package/agentic/orchestrator/schemas/policy.user.schema.json +165 -0
- package/agentic/orchestrator/schemas/qa_test_index.schema.json +71 -14
- package/agentic/orchestrator/schemas/state.schema.json +196 -39
- package/apps/control-plane/scripts/validate-architecture-rules.mjs +5 -3
- package/apps/control-plane/scripts/validate-docker-mcp-contract.mjs +0 -3
- package/apps/control-plane/scripts/validate-mcp-contracts.ts +2 -6
- package/apps/control-plane/src/application/services/policy-loader-service.ts +115 -0
- package/apps/control-plane/src/cli/aop.ts +35 -1
- package/apps/control-plane/src/cli/cli-argument-parser.ts +4 -0
- package/apps/control-plane/src/cli/help-command-handler.ts +2 -1
- package/apps/control-plane/src/cli/init-command-handler.ts +136 -27
- package/apps/control-plane/src/cli/retry-command-handler.ts +3 -6
- package/apps/control-plane/src/cli/types.ts +1 -0
- package/apps/control-plane/src/core/git.ts +1 -3
- package/apps/control-plane/src/core/kernel.ts +3 -6
- package/apps/control-plane/src/core/schemas.ts +36 -1
- package/apps/control-plane/src/interfaces/cli/bootstrap.ts +1 -1
- package/apps/control-plane/src/mcp/tool-registry-loader.ts +37 -1
- package/apps/control-plane/src/supervisor/qa-wave-executor.ts +1 -1
- package/apps/control-plane/test/aop.spec.ts +37 -0
- package/apps/control-plane/test/batch-operations.spec.ts +5 -3
- package/apps/control-plane/test/bootstrap-attach.spec.ts +28 -18
- package/apps/control-plane/test/bootstrap-edge-cases.spec.ts +25 -15
- package/apps/control-plane/test/bootstrap.spec.ts +30 -22
- package/apps/control-plane/test/cli.unit.spec.ts +55 -10
- package/apps/control-plane/test/core-utils.spec.ts +12 -3
- package/apps/control-plane/test/feature-deletion-service.spec.ts +2 -1
- package/apps/control-plane/test/feature-lifecycle.spec.ts +1 -1
- package/apps/control-plane/test/helpers.ts +22 -2
- package/apps/control-plane/test/init-wizard.spec.ts +160 -7
- package/apps/control-plane/test/issue-tracker.spec.ts +3 -3
- package/apps/control-plane/test/kernel.spec.ts +62 -0
- package/apps/control-plane/test/lock-service.spec.ts +4 -4
- package/apps/control-plane/test/policy-loader-service.spec.ts +346 -0
- package/apps/control-plane/test/reactions.spec.ts +8 -6
- package/apps/control-plane/test/resume-command.spec.ts +31 -15
- package/apps/control-plane/test/supervisor.unit.spec.ts +2 -2
- package/apps/control-plane/test/tool-registry-loader.spec.ts +12 -0
- package/apps/control-plane/vitest.config.ts +1 -1
- package/dist/apps/control-plane/application/services/policy-loader-service.d.ts +24 -0
- package/dist/apps/control-plane/application/services/policy-loader-service.js +90 -0
- package/dist/apps/control-plane/application/services/policy-loader-service.js.map +1 -0
- package/dist/apps/control-plane/application/tools/tool-metadata.js +1 -0
- package/dist/apps/control-plane/application/tools/tool-metadata.js.map +1 -1
- package/dist/apps/control-plane/cli/aop.js +33 -1
- package/dist/apps/control-plane/cli/aop.js.map +1 -1
- package/dist/apps/control-plane/cli/cli-argument-parser.js +4 -0
- package/dist/apps/control-plane/cli/cli-argument-parser.js.map +1 -1
- package/dist/apps/control-plane/cli/dashboard-command-handler.js +11 -5
- package/dist/apps/control-plane/cli/dashboard-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/help-command-handler.js +5 -4
- package/dist/apps/control-plane/cli/help-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/init-command-handler.d.ts +1 -0
- package/dist/apps/control-plane/cli/init-command-handler.js +110 -26
- package/dist/apps/control-plane/cli/init-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/retry-command-handler.js +3 -6
- package/dist/apps/control-plane/cli/retry-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/types.d.ts +1 -0
- package/dist/apps/control-plane/core/git.js +1 -3
- package/dist/apps/control-plane/core/git.js.map +1 -1
- package/dist/apps/control-plane/core/kernel.js +3 -5
- package/dist/apps/control-plane/core/kernel.js.map +1 -1
- package/dist/apps/control-plane/core/schemas.d.ts +2 -0
- package/dist/apps/control-plane/core/schemas.js +31 -1
- package/dist/apps/control-plane/core/schemas.js.map +1 -1
- package/dist/apps/control-plane/interfaces/cli/bootstrap.js +1 -1
- package/dist/apps/control-plane/interfaces/cli/bootstrap.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-registry-loader.d.ts +2 -0
- package/dist/apps/control-plane/mcp/tool-registry-loader.js +31 -1
- package/dist/apps/control-plane/mcp/tool-registry-loader.js.map +1 -1
- package/dist/apps/control-plane/supervisor/build-wave-executor.js +1 -1
- package/dist/apps/control-plane/supervisor/build-wave-executor.js.map +1 -1
- package/dist/apps/control-plane/supervisor/qa-wave-executor.js +1 -1
- package/dist/apps/control-plane/supervisor/qa-wave-executor.js.map +1 -1
- package/package.json +18 -17
- package/packages/web-dashboard/package.json +1 -1
- package/packages/web-dashboard/src/app/api/actions/route.ts +2 -2
- package/packages/web-dashboard/src/app/api/events/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/features/[id]/checkout/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/features/[id]/diff/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/features/[id]/evidence/[artifact]/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/features/[id]/review/route.ts +2 -2
- package/packages/web-dashboard/src/app/api/features/[id]/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/projects/route.ts +2 -2
- package/packages/web-dashboard/src/app/api/status/route.ts +1 -1
- package/packages/web-dashboard/src/app/page.tsx +1 -1
- package/packages/web-dashboard/src/lib/aop-client.ts +1 -1
- package/packages/web-dashboard/src/lib/orchestrator-tools.ts +1 -1
- package/packages/web-dashboard/tsconfig.json +1 -0
- package/spec-files/completed/agentic_orchestrator_init_policy_ux_simplification_spec.md +481 -0
- package/spec-files/outstanding/agentic_orchestrator_artifact_database_publishing_spec.md +500 -0
- package/spec-files/outstanding/agentic_orchestrator_observability_integrity_diagnostics_spec.md +500 -195
- package/spec-files/outstanding/agentic_orchestrator_performance_improvements_spec.md +471 -162
- package/spec-files/outstanding/agentic_orchestrator_planning_review_quality_spec.md +532 -268
- package/spec-files/outstanding/agentic_orchestrator_productization_commercial_spec.md +645 -0
- package/spec-files/progress.md +99 -2
- package/tsconfig.base.json +4 -0
- /package/spec-files/{outstanding → completed}/agentic_orchestrator_validator_hardening_spec.md +0 -0
|
@@ -0,0 +1,500 @@
|
|
|
1
|
+
# Feature Spec: `.aop` Artifact Publishing to Configurable Audit Database (AOP)
|
|
2
|
+
|
|
3
|
+
> **Purpose of this document**: Define implementation-ready functionality to publish runtime artifacts from `.aop/**` to a user-configured database after execution, enabling durable audit history of what the orchestrator did and why it did it. The feature includes external database targets and a built-in local Docker-backed database mode (`type: local`).
|
|
4
|
+
|
|
5
|
+
**Version:** 1.0
|
|
6
|
+
**Date:** 2026-03-04
|
|
7
|
+
**Status:** Draft
|
|
8
|
+
**Roadmap Mapping:** M40
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## 0. Standards and Dependencies
|
|
13
|
+
|
|
14
|
+
### 0.1 Required Standards
|
|
15
|
+
|
|
16
|
+
All implementation MUST preserve:
|
|
17
|
+
- deterministic runtime behavior and MCP/in-process parity
|
|
18
|
+
- existing command behavior when publishing is disabled
|
|
19
|
+
- normalized error envelope (`{ ok: false, error: { code, message, details } }`)
|
|
20
|
+
- atomic file-write/lock guarantees for `.aop/**` artifacts
|
|
21
|
+
- Nx + Vitest + coverage thresholds (>= 90% per file)
|
|
22
|
+
|
|
23
|
+
### 0.2 Upstream Inputs
|
|
24
|
+
|
|
25
|
+
Implementing agents MUST read:
|
|
26
|
+
- `apps/control-plane/src/core/path-layout.ts`
|
|
27
|
+
- `apps/control-plane/src/core/kernel.ts`
|
|
28
|
+
- `apps/control-plane/src/supervisor/run-coordinator.ts`
|
|
29
|
+
- `apps/control-plane/src/cli/run-command-handler.ts`
|
|
30
|
+
- `apps/control-plane/src/interfaces/cli/bootstrap.ts`
|
|
31
|
+
- `apps/control-plane/src/cli/cli-argument-parser.ts`
|
|
32
|
+
- `apps/control-plane/src/cli/help-command-handler.ts`
|
|
33
|
+
- `apps/control-plane/src/core/constants.ts`
|
|
34
|
+
- `apps/control-plane/src/core/error-codes.ts`
|
|
35
|
+
- `apps/control-plane/src/mcp/operation-ledger.ts`
|
|
36
|
+
- `agentic/orchestrator/policy.yaml`
|
|
37
|
+
- `agentic/orchestrator/defaults/policy.defaults.yaml`
|
|
38
|
+
- `agentic/orchestrator/schemas/policy.schema.json`
|
|
39
|
+
- `agentic/orchestrator/tools/catalog.json`
|
|
40
|
+
- `spec-files/completed/agentic_orchestrator_dot_aop_generated_artifacts_spec.md`
|
|
41
|
+
|
|
42
|
+
### 0.3 Feature Scope
|
|
43
|
+
|
|
44
|
+
This spec implements three slices:
|
|
45
|
+
- **DB1** Configurable artifact publishing policy + database connection contract
|
|
46
|
+
- **DB2** Post-run and manual publishing pipeline with idempotent checkpoints
|
|
47
|
+
- **DB3** Local Docker database mode (`database.type: local`)
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## 1. Objectives
|
|
52
|
+
|
|
53
|
+
### 1.1 Must-Have Outcomes
|
|
54
|
+
|
|
55
|
+
- Users can configure a database target in YAML and publish `.aop/**` artifacts to it.
|
|
56
|
+
- Publishing can run automatically after `aop run` execution and can also be triggered manually.
|
|
57
|
+
- Published records are queryable over time by `run_id`, `feature_id`, tool activity, gate results, and decisions.
|
|
58
|
+
- `database.type: local` starts/uses a local Docker database automatically and publishes there without external infra setup.
|
|
59
|
+
- Publishing is idempotent and safe to retry.
|
|
60
|
+
|
|
61
|
+
### 1.2 Non-Goals
|
|
62
|
+
|
|
63
|
+
- No replacement of file-backed `.aop/**` runtime storage.
|
|
64
|
+
- No requirement to support every SQL engine in first release.
|
|
65
|
+
- No real-time streaming pipeline in this phase (batch publish at execution boundaries).
|
|
66
|
+
- No dashboard UI implementation in this phase (data plane + CLI/tool contracts only).
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## 2. Architecture Decisions
|
|
71
|
+
|
|
72
|
+
### 2.1 Source of Truth Remains `.aop/**`
|
|
73
|
+
|
|
74
|
+
Database rows are derived artifacts for analytics/audit. `.aop/**` remains authoritative runtime state.
|
|
75
|
+
|
|
76
|
+
### 2.2 First-Class Publisher Service
|
|
77
|
+
|
|
78
|
+
All publishing must route through a single service boundary (`ArtifactPublisherService`) to centralize:
|
|
79
|
+
- artifact enumeration
|
|
80
|
+
- normalization and hashing
|
|
81
|
+
- DB transaction semantics
|
|
82
|
+
- checkpointing/retry behavior
|
|
83
|
+
|
|
84
|
+
### 2.3 Idempotency by `(target_id, run_id, publish_revision)`
|
|
85
|
+
|
|
86
|
+
Publishing writes must be safely repeatable. Re-running publish for the same run must not duplicate logical records.
|
|
87
|
+
|
|
88
|
+
### 2.4 Local Mode Resolves to Docker-Managed Postgres
|
|
89
|
+
|
|
90
|
+
`database.type: local` is a convenience wrapper around a managed local Postgres container. External engines remain explicitly configured.
|
|
91
|
+
|
|
92
|
+
### 2.5 Failure Behavior is Configurable
|
|
93
|
+
|
|
94
|
+
Default is best-effort (run succeeds even if publish fails). Strict mode is available when audit persistence is mandatory.
|
|
95
|
+
|
|
96
|
+
---
|
|
97
|
+
|
|
98
|
+
## 3. Configuration Contract
|
|
99
|
+
|
|
100
|
+
### 3.1 Policy Additions (`policy.yaml`)
|
|
101
|
+
|
|
102
|
+
Add `artifact_publishing` section to policy (full + defaults + schema):
|
|
103
|
+
|
|
104
|
+
```yaml
|
|
105
|
+
artifact_publishing:
|
|
106
|
+
enabled: false
|
|
107
|
+
trigger: post_run # post_run | manual_only
|
|
108
|
+
mode: best_effort # best_effort | required
|
|
109
|
+
include_content:
|
|
110
|
+
state_md: true
|
|
111
|
+
plan_json: true
|
|
112
|
+
decisions_md: true
|
|
113
|
+
qa_index_json: true
|
|
114
|
+
gate_logs_preview_bytes: 16384
|
|
115
|
+
database:
|
|
116
|
+
type: postgres # postgres | local
|
|
117
|
+
target_id: default
|
|
118
|
+
postgres:
|
|
119
|
+
connection_uri: "${AOP_AUDIT_DB_URL}"
|
|
120
|
+
schema: aop_audit
|
|
121
|
+
ssl_mode: require # disable | require
|
|
122
|
+
connect_timeout_ms: 8000
|
|
123
|
+
local:
|
|
124
|
+
engine: postgres
|
|
125
|
+
image: postgres:16-alpine
|
|
126
|
+
container_name: aop-audit-db
|
|
127
|
+
port: 55432
|
|
128
|
+
database: aop_audit
|
|
129
|
+
username: aop
|
|
130
|
+
password_env: AOP_LOCAL_AUDIT_DB_PASSWORD
|
|
131
|
+
volume_name: aop_audit_db_data
|
|
132
|
+
auto_start: true
|
|
133
|
+
wait_timeout_ms: 30000
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
### 3.2 YAML Validation
|
|
137
|
+
|
|
138
|
+
`agentic/orchestrator/schemas/policy.schema.json` MUST validate the new section with:
|
|
139
|
+
- strict enums for `trigger`, `mode`, `database.type`
|
|
140
|
+
- required `postgres.connection_uri` when `type: postgres`
|
|
141
|
+
- required local fields when `type: local`
|
|
142
|
+
- numeric bounds for port/timeouts/preview bytes
|
|
143
|
+
|
|
144
|
+
### 3.3 Secret Handling
|
|
145
|
+
|
|
146
|
+
- connection strings and passwords MUST support env interpolation (`${ENV_VAR}`).
|
|
147
|
+
- raw password literals in committed policy SHOULD be rejected with explicit validation guidance.
|
|
148
|
+
|
|
149
|
+
### 3.4 Defaults
|
|
150
|
+
|
|
151
|
+
`agentic/orchestrator/defaults/policy.defaults.yaml` MUST include `artifact_publishing.enabled: false` so behavior remains opt-in.
|
|
152
|
+
|
|
153
|
+
---
|
|
154
|
+
|
|
155
|
+
## 4. Canonical Publish Payload
|
|
156
|
+
|
|
157
|
+
### 4.1 Artifacts Included Per Run
|
|
158
|
+
|
|
159
|
+
Minimum dataset for a run publish:
|
|
160
|
+
- `.aop/features/index.json`
|
|
161
|
+
- `.aop/runtime/operation-ledger/<run_id>.json`
|
|
162
|
+
- for each feature in run scope:
|
|
163
|
+
- `state.md`
|
|
164
|
+
- `plan.json` (if present)
|
|
165
|
+
- `qa_test_index.json` (if present)
|
|
166
|
+
- `cost.json` (if present)
|
|
167
|
+
- `decisions.md` (if present)
|
|
168
|
+
- gate/evidence metadata and selected content previews
|
|
169
|
+
|
|
170
|
+
### 4.2 Normalized Record Categories
|
|
171
|
+
|
|
172
|
+
Publisher MUST normalize into these logical categories:
|
|
173
|
+
- `run_summary`
|
|
174
|
+
- `feature_snapshot`
|
|
175
|
+
- `tool_execution`
|
|
176
|
+
- `gate_execution`
|
|
177
|
+
- `decision_log_entry`
|
|
178
|
+
- `artifact_manifest_entry`
|
|
179
|
+
- `publish_event`
|
|
180
|
+
|
|
181
|
+
### 4.3 Hashing and Determinism
|
|
182
|
+
|
|
183
|
+
For each artifact row:
|
|
184
|
+
- include `content_sha256`
|
|
185
|
+
- include `relative_path`
|
|
186
|
+
- normalize JSON key order before hashing JSON content
|
|
187
|
+
- ensure stable sort order by `feature_id`, then `relative_path`
|
|
188
|
+
|
|
189
|
+
---
|
|
190
|
+
|
|
191
|
+
## 5. Database Schema (v1)
|
|
192
|
+
|
|
193
|
+
### 5.1 Required Tables
|
|
194
|
+
|
|
195
|
+
1. `aop_publish_runs`
|
|
196
|
+
- `publish_id` (PK)
|
|
197
|
+
- `target_id`
|
|
198
|
+
- `run_id`
|
|
199
|
+
- `publish_revision`
|
|
200
|
+
- `status` (`started|succeeded|failed`)
|
|
201
|
+
- `started_at`, `finished_at`
|
|
202
|
+
- `error_code`, `error_message`
|
|
203
|
+
|
|
204
|
+
2. `aop_runs`
|
|
205
|
+
- `run_id` (PK)
|
|
206
|
+
- `project_root_hash`
|
|
207
|
+
- `started_at`
|
|
208
|
+
- `finished_at`
|
|
209
|
+
- `queue_depth`
|
|
210
|
+
- `runtime_status`
|
|
211
|
+
|
|
212
|
+
3. `aop_features`
|
|
213
|
+
- composite PK: (`run_id`, `feature_id`)
|
|
214
|
+
- `status`
|
|
215
|
+
- `branch`
|
|
216
|
+
- `gate_profile`
|
|
217
|
+
- `last_updated`
|
|
218
|
+
- `cost_estimated_usd`
|
|
219
|
+
- `tokens_used`
|
|
220
|
+
|
|
221
|
+
4. `aop_tool_executions`
|
|
222
|
+
- composite PK: (`run_id`, `operation_id`)
|
|
223
|
+
- `feature_id`
|
|
224
|
+
- `tool_name`
|
|
225
|
+
- `actor_type`
|
|
226
|
+
- `result`
|
|
227
|
+
- `error_code`
|
|
228
|
+
- `latency_ms`
|
|
229
|
+
- `request_hash`
|
|
230
|
+
- `created_at`, `updated_at`
|
|
231
|
+
|
|
232
|
+
5. `aop_gate_executions`
|
|
233
|
+
- surrogate PK + unique (`run_id`, `feature_id`, `gate_name`, `executed_at`)
|
|
234
|
+
- `result`, `exit_code`
|
|
235
|
+
- `mode`
|
|
236
|
+
- `evidence_path`
|
|
237
|
+
- `logs_preview`
|
|
238
|
+
|
|
239
|
+
6. `aop_decisions`
|
|
240
|
+
- surrogate PK + index (`run_id`, `feature_id`, `line_no`)
|
|
241
|
+
- `entry_text`
|
|
242
|
+
- `entry_hash`
|
|
243
|
+
|
|
244
|
+
7. `aop_artifact_manifest`
|
|
245
|
+
- composite PK: (`run_id`, `feature_id`, `relative_path`)
|
|
246
|
+
- `size_bytes`
|
|
247
|
+
- `content_sha256`
|
|
248
|
+
- `content_preview`
|
|
249
|
+
- `modified_at`
|
|
250
|
+
|
|
251
|
+
### 5.2 Migration Contract
|
|
252
|
+
|
|
253
|
+
- Create `schema_migrations` table and apply ordered SQL migrations.
|
|
254
|
+
- Publisher must run `ensureSchema()` before first write for a target.
|
|
255
|
+
|
|
256
|
+
---
|
|
257
|
+
|
|
258
|
+
## 6. Runtime Flow and Trigger Points
|
|
259
|
+
|
|
260
|
+
### 6.1 Automatic Post-Run Publishing
|
|
261
|
+
|
|
262
|
+
`RunCommandHandler.execute(...)` flow extension:
|
|
263
|
+
1. run supervisor cycle (`supervisor.start(...)`)
|
|
264
|
+
2. if `artifact_publishing.enabled && trigger == post_run`, invoke publisher
|
|
265
|
+
3. attach publish result under response payload:
|
|
266
|
+
- `data.artifact_publish.status`
|
|
267
|
+
- `data.artifact_publish.publish_id`
|
|
268
|
+
- `data.artifact_publish.warning` (best-effort failure only)
|
|
269
|
+
|
|
270
|
+
### 6.2 Manual Publishing
|
|
271
|
+
|
|
272
|
+
Add CLI command:
|
|
273
|
+
- `aop publish [--run-id <id>] [--latest] [--dry-run] [--strict]`
|
|
274
|
+
|
|
275
|
+
Behavior:
|
|
276
|
+
- default `--latest` when no run id provided
|
|
277
|
+
- `--dry-run` builds manifest + stats without DB writes
|
|
278
|
+
- `--strict` forces non-zero exit on publish failure regardless of policy mode
|
|
279
|
+
|
|
280
|
+
### 6.3 MCP Tool Surface
|
|
281
|
+
|
|
282
|
+
Add tools:
|
|
283
|
+
- `artifacts.publish` (mutating: true)
|
|
284
|
+
- `artifacts.publish_status` (mutating: false)
|
|
285
|
+
|
|
286
|
+
`artifacts.publish` input includes `run_id`, `dry_run`, `strict`, `trigger_source`.
|
|
287
|
+
|
|
288
|
+
---
|
|
289
|
+
|
|
290
|
+
## 7. Local Docker Database Mode (`type: local`)
|
|
291
|
+
|
|
292
|
+
### 7.1 Behavior
|
|
293
|
+
|
|
294
|
+
When `database.type: local`:
|
|
295
|
+
1. verify Docker CLI availability
|
|
296
|
+
2. verify/start container using configured image/name/port/volume
|
|
297
|
+
3. wait for DB health/readiness
|
|
298
|
+
4. connect via computed Postgres URI
|
|
299
|
+
5. run schema migrations and publish
|
|
300
|
+
|
|
301
|
+
### 7.2 Local Runtime Artifacts
|
|
302
|
+
|
|
303
|
+
Persist local DB runtime metadata under:
|
|
304
|
+
- `.aop/runtime/artifact-publishing/local-db.json`
|
|
305
|
+
|
|
306
|
+
Contract example:
|
|
307
|
+
|
|
308
|
+
```json
|
|
309
|
+
{
|
|
310
|
+
"target_id": "default",
|
|
311
|
+
"container_name": "aop-audit-db",
|
|
312
|
+
"engine": "postgres",
|
|
313
|
+
"host": "127.0.0.1",
|
|
314
|
+
"port": 55432,
|
|
315
|
+
"database": "aop_audit",
|
|
316
|
+
"username": "aop",
|
|
317
|
+
"started_at": "2026-03-03T22:00:00Z"
|
|
318
|
+
}
|
|
319
|
+
```
|
|
320
|
+
|
|
321
|
+
### 7.3 Docker Failure Handling
|
|
322
|
+
|
|
323
|
+
Errors must map cleanly:
|
|
324
|
+
- `artifact_publish_local_docker_unavailable`
|
|
325
|
+
- `artifact_publish_local_start_failed`
|
|
326
|
+
- `artifact_publish_local_unhealthy`
|
|
327
|
+
|
|
328
|
+
If mode is `best_effort`, run continues and publish failure is reported in payload + logs.
|
|
329
|
+
|
|
330
|
+
---
|
|
331
|
+
|
|
332
|
+
## 8. Error Codes
|
|
333
|
+
|
|
334
|
+
Add to `apps/control-plane/src/core/error-codes.ts`:
|
|
335
|
+
- `artifact_publish_config_invalid`
|
|
336
|
+
- `artifact_publish_target_unconfigured`
|
|
337
|
+
- `artifact_publish_connect_failed`
|
|
338
|
+
- `artifact_publish_migration_failed`
|
|
339
|
+
- `artifact_publish_write_failed`
|
|
340
|
+
- `artifact_publish_checkpoint_conflict`
|
|
341
|
+
- `artifact_publish_local_docker_unavailable`
|
|
342
|
+
- `artifact_publish_local_start_failed`
|
|
343
|
+
- `artifact_publish_local_unhealthy`
|
|
344
|
+
|
|
345
|
+
---
|
|
346
|
+
|
|
347
|
+
## 9. Implementation Plan
|
|
348
|
+
|
|
349
|
+
## 9.1 DB1: Configuration + Validation
|
|
350
|
+
|
|
351
|
+
### DB1-T1 Policy contract
|
|
352
|
+
- update `policy.yaml` examples
|
|
353
|
+
- update `policy.defaults.yaml`
|
|
354
|
+
- extend `policy.schema.json`
|
|
355
|
+
|
|
356
|
+
### DB1-T2 Typed policy accessors
|
|
357
|
+
- add typed readers for `artifact_publishing` section in kernel/service layer
|
|
358
|
+
|
|
359
|
+
### DB1-T3 Config normalization
|
|
360
|
+
- implement env interpolation + normalization helper
|
|
361
|
+
|
|
362
|
+
## 9.2 DB2: Publisher pipeline
|
|
363
|
+
|
|
364
|
+
### DB2-T1 Artifact enumeration
|
|
365
|
+
- deterministic scanner for run/feature artifacts
|
|
366
|
+
- manifest builder with hashes and size
|
|
367
|
+
|
|
368
|
+
### DB2-T2 Store interface and Postgres adapter
|
|
369
|
+
- `ArtifactAuditStore` interface
|
|
370
|
+
- `PostgresArtifactAuditStore` implementation (transactional upsert)
|
|
371
|
+
|
|
372
|
+
### DB2-T3 Checkpointing and idempotency
|
|
373
|
+
- write local checkpoint under `.aop/runtime/artifact-publishing/checkpoints/<run_id>.json`
|
|
374
|
+
- support safe retries after partial failures
|
|
375
|
+
|
|
376
|
+
### DB2-T4 Trigger integration
|
|
377
|
+
- invoke publisher from run flow and manual command path
|
|
378
|
+
|
|
379
|
+
## 9.3 DB3: Local Docker orchestration
|
|
380
|
+
|
|
381
|
+
### DB3-T1 Local DB manager
|
|
382
|
+
- start/inspect/wait for container
|
|
383
|
+
- compute connection URI for local target
|
|
384
|
+
|
|
385
|
+
### DB3-T2 Local-only smoke checks
|
|
386
|
+
- optional smoke test command for local mode readiness
|
|
387
|
+
|
|
388
|
+
---
|
|
389
|
+
|
|
390
|
+
## 10. File Targets
|
|
391
|
+
|
|
392
|
+
### 10.1 New files
|
|
393
|
+
- `apps/control-plane/src/application/services/artifact-publisher-service.ts`
|
|
394
|
+
- `apps/control-plane/src/application/services/artifact-manifest-service.ts`
|
|
395
|
+
- `apps/control-plane/src/application/services/artifact-audit-store.ts`
|
|
396
|
+
- `apps/control-plane/src/application/services/postgres-artifact-audit-store.ts`
|
|
397
|
+
- `apps/control-plane/src/application/services/local-artifact-db-manager.ts`
|
|
398
|
+
- `apps/control-plane/src/cli/publish-command-handler.ts`
|
|
399
|
+
- `agentic/orchestrator/tools/schemas/input/artifacts.publish.input.schema.json`
|
|
400
|
+
- `agentic/orchestrator/tools/schemas/output/artifacts.publish.output.schema.json`
|
|
401
|
+
- `agentic/orchestrator/tools/schemas/input/artifacts.publish_status.input.schema.json`
|
|
402
|
+
- `agentic/orchestrator/tools/schemas/output/artifacts.publish_status.output.schema.json`
|
|
403
|
+
- `apps/control-plane/src/application/services/sql/artifact-publishing/postgres/001_init.sql`
|
|
404
|
+
|
|
405
|
+
### 10.2 Existing files to modify
|
|
406
|
+
- `apps/control-plane/src/core/kernel.ts`
|
|
407
|
+
- `apps/control-plane/src/core/constants.ts`
|
|
408
|
+
- `apps/control-plane/src/core/error-codes.ts`
|
|
409
|
+
- `apps/control-plane/src/core/path-layout.ts`
|
|
410
|
+
- `apps/control-plane/src/cli/cli-argument-parser.ts`
|
|
411
|
+
- `apps/control-plane/src/cli/help-command-handler.ts`
|
|
412
|
+
- `apps/control-plane/src/cli/types.ts`
|
|
413
|
+
- `apps/control-plane/src/interfaces/cli/bootstrap.ts`
|
|
414
|
+
- `apps/control-plane/src/cli/run-command-handler.ts`
|
|
415
|
+
- `agentic/orchestrator/tools/catalog.json`
|
|
416
|
+
- `agentic/orchestrator/tools.md`
|
|
417
|
+
- `agentic/orchestrator/policy.yaml`
|
|
418
|
+
- `agentic/orchestrator/defaults/policy.defaults.yaml`
|
|
419
|
+
- `agentic/orchestrator/schemas/policy.schema.json`
|
|
420
|
+
- `README.md`
|
|
421
|
+
|
|
422
|
+
### 10.3 Tests
|
|
423
|
+
- `apps/control-plane/test/artifact-publisher.spec.ts` (new)
|
|
424
|
+
- `apps/control-plane/test/local-artifact-db-manager.spec.ts` (new)
|
|
425
|
+
- `apps/control-plane/test/run-command.spec.ts` (extend post-run publish assertions)
|
|
426
|
+
- `apps/control-plane/test/cli.unit.spec.ts` (parse + publish command)
|
|
427
|
+
- `apps/control-plane/test/mcp.spec.ts` (new tool registration + parity)
|
|
428
|
+
- `apps/control-plane/test/kernel.spec.ts` (tool handler contracts)
|
|
429
|
+
|
|
430
|
+
---
|
|
431
|
+
|
|
432
|
+
## 11. Acceptance Criteria
|
|
433
|
+
|
|
434
|
+
### DB1 — Configurable DB contract
|
|
435
|
+
|
|
436
|
+
- [ ] `artifact_publishing` policy section schema-validates with strict enum/type checks
|
|
437
|
+
- [ ] env-variable interpolation is supported for DB secrets
|
|
438
|
+
- [ ] invalid config surfaces `artifact_publish_config_invalid` with actionable details
|
|
439
|
+
|
|
440
|
+
### DB2 — Publish pipeline
|
|
441
|
+
|
|
442
|
+
- [ ] `aop run` publishes artifacts post-run when enabled and trigger is `post_run`
|
|
443
|
+
- [ ] `aop publish --run-id <id>` publishes historical run artifacts on demand
|
|
444
|
+
- [ ] published dataset includes run summary, feature snapshots, tool executions, decisions, and artifact manifest
|
|
445
|
+
- [ ] re-running publish for same run is idempotent (no duplicate logical records)
|
|
446
|
+
- [ ] best-effort mode does not fail run command on publish failure; required mode does
|
|
447
|
+
|
|
448
|
+
### DB3 — Local Docker mode
|
|
449
|
+
|
|
450
|
+
- [ ] `database.type: local` auto-starts/uses configured Docker DB container
|
|
451
|
+
- [ ] publish succeeds to local DB without external DB provisioning
|
|
452
|
+
- [ ] explicit, typed errors are returned when Docker is missing/unhealthy
|
|
453
|
+
|
|
454
|
+
### Quality and regression
|
|
455
|
+
|
|
456
|
+
- [ ] existing commands continue to work unchanged when publishing is disabled
|
|
457
|
+
- [ ] `npm run typecheck` and `npm test` pass with coverage thresholds preserved
|
|
458
|
+
- [ ] `npm run validate:mcp-contracts` passes with updated tool catalog/schemas
|
|
459
|
+
|
|
460
|
+
---
|
|
461
|
+
|
|
462
|
+
## 12. Implementation Order
|
|
463
|
+
|
|
464
|
+
1. Add policy contract + schema + defaults (`artifact_publishing`, disabled by default)
|
|
465
|
+
2. Add new error codes and constants for publish tools
|
|
466
|
+
3. Implement manifest + hashing service (no DB yet)
|
|
467
|
+
4. Implement Postgres audit store + migrations
|
|
468
|
+
5. Add `artifacts.publish` / `artifacts.publish_status` tool handlers and schemas
|
|
469
|
+
6. Add `aop publish` CLI command and bootstrap wiring
|
|
470
|
+
7. Wire post-run trigger in `RunCommandHandler`
|
|
471
|
+
8. Implement `type: local` Docker manager and integrate with publisher
|
|
472
|
+
9. Add tests (unit + integration contracts)
|
|
473
|
+
10. Update docs and examples
|
|
474
|
+
|
|
475
|
+
---
|
|
476
|
+
|
|
477
|
+
## 13. Risks and Mitigations
|
|
478
|
+
|
|
479
|
+
- Risk: large artifact payloads cause slow publish times.
|
|
480
|
+
- Mitigation: default to metadata + bounded previews for large logs, plus batched writes.
|
|
481
|
+
- Risk: local Docker startup flakiness creates noisy failures.
|
|
482
|
+
- Mitigation: explicit readiness checks, bounded retries, and best-effort default mode.
|
|
483
|
+
- Risk: duplicate records on retries.
|
|
484
|
+
- Mitigation: deterministic upsert keys and run-level publish checkpoints.
|
|
485
|
+
- Risk: secrets leakage in logs.
|
|
486
|
+
- Mitigation: redact connection URI credentials and password fields from all logs/errors.
|
|
487
|
+
|
|
488
|
+
---
|
|
489
|
+
|
|
490
|
+
## 14. Open Questions
|
|
491
|
+
|
|
492
|
+
1. Should first release support only Postgres (`postgres` + `local`) or include MySQL in MVP?
|
|
493
|
+
2. Should `aop status` expose latest publish status summary by default?
|
|
494
|
+
3. Should strict mode be policy-only, CLI-only, or both (recommended: both)?
|
|
495
|
+
|
|
496
|
+
---
|
|
497
|
+
|
|
498
|
+
## 15. Progress Tracking Note
|
|
499
|
+
|
|
500
|
+
When implementation starts, add milestone entries to `spec-files/progress.md` and move this spec from `spec-files/outstanding/` to `spec-files/completed/` only after acceptance criteria are met.
|