agentic-orchestrator 0.1.4 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +6 -1
- package/README.md +81 -54
- package/agentic/orchestrator/defaults/policy.defaults.yaml +212 -0
- package/agentic/orchestrator/schemas/adapters.schema.json +17 -4
- package/agentic/orchestrator/schemas/agents.schema.json +58 -13
- package/agentic/orchestrator/schemas/gates.schema.json +88 -17
- package/agentic/orchestrator/schemas/index.schema.json +172 -37
- package/agentic/orchestrator/schemas/multi-project.schema.json +85 -17
- package/agentic/orchestrator/schemas/plan.schema.json +135 -30
- package/agentic/orchestrator/schemas/policy.schema.json +198 -69
- package/agentic/orchestrator/schemas/policy.user.schema.json +165 -0
- package/agentic/orchestrator/schemas/qa_test_index.schema.json +71 -14
- package/agentic/orchestrator/schemas/state.schema.json +196 -39
- package/apps/control-plane/scripts/validate-architecture-rules.mjs +5 -3
- package/apps/control-plane/scripts/validate-docker-mcp-contract.mjs +0 -3
- package/apps/control-plane/scripts/validate-mcp-contracts.ts +2 -6
- package/apps/control-plane/src/application/services/policy-loader-service.ts +115 -0
- package/apps/control-plane/src/cli/aop.ts +35 -1
- package/apps/control-plane/src/cli/cli-argument-parser.ts +4 -0
- package/apps/control-plane/src/cli/help-command-handler.ts +2 -1
- package/apps/control-plane/src/cli/init-command-handler.ts +136 -27
- package/apps/control-plane/src/cli/retry-command-handler.ts +3 -6
- package/apps/control-plane/src/cli/types.ts +1 -0
- package/apps/control-plane/src/core/git.ts +1 -3
- package/apps/control-plane/src/core/kernel.ts +3 -6
- package/apps/control-plane/src/core/schemas.ts +36 -1
- package/apps/control-plane/src/interfaces/cli/bootstrap.ts +1 -1
- package/apps/control-plane/src/mcp/tool-registry-loader.ts +37 -1
- package/apps/control-plane/src/supervisor/qa-wave-executor.ts +1 -1
- package/apps/control-plane/test/aop.spec.ts +37 -0
- package/apps/control-plane/test/batch-operations.spec.ts +5 -3
- package/apps/control-plane/test/bootstrap-attach.spec.ts +28 -18
- package/apps/control-plane/test/bootstrap-edge-cases.spec.ts +25 -15
- package/apps/control-plane/test/bootstrap.spec.ts +30 -22
- package/apps/control-plane/test/cli.unit.spec.ts +55 -10
- package/apps/control-plane/test/core-utils.spec.ts +12 -3
- package/apps/control-plane/test/feature-deletion-service.spec.ts +2 -1
- package/apps/control-plane/test/feature-lifecycle.spec.ts +1 -1
- package/apps/control-plane/test/helpers.ts +22 -2
- package/apps/control-plane/test/init-wizard.spec.ts +160 -7
- package/apps/control-plane/test/issue-tracker.spec.ts +3 -3
- package/apps/control-plane/test/kernel.spec.ts +62 -0
- package/apps/control-plane/test/lock-service.spec.ts +4 -4
- package/apps/control-plane/test/policy-loader-service.spec.ts +346 -0
- package/apps/control-plane/test/reactions.spec.ts +8 -6
- package/apps/control-plane/test/resume-command.spec.ts +31 -15
- package/apps/control-plane/test/supervisor.unit.spec.ts +2 -2
- package/apps/control-plane/test/tool-registry-loader.spec.ts +12 -0
- package/apps/control-plane/vitest.config.ts +1 -1
- package/dist/apps/control-plane/application/services/policy-loader-service.d.ts +24 -0
- package/dist/apps/control-plane/application/services/policy-loader-service.js +90 -0
- package/dist/apps/control-plane/application/services/policy-loader-service.js.map +1 -0
- package/dist/apps/control-plane/application/tools/tool-metadata.js +1 -0
- package/dist/apps/control-plane/application/tools/tool-metadata.js.map +1 -1
- package/dist/apps/control-plane/cli/aop.js +33 -1
- package/dist/apps/control-plane/cli/aop.js.map +1 -1
- package/dist/apps/control-plane/cli/cli-argument-parser.js +4 -0
- package/dist/apps/control-plane/cli/cli-argument-parser.js.map +1 -1
- package/dist/apps/control-plane/cli/dashboard-command-handler.js +11 -5
- package/dist/apps/control-plane/cli/dashboard-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/help-command-handler.js +5 -4
- package/dist/apps/control-plane/cli/help-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/init-command-handler.d.ts +1 -0
- package/dist/apps/control-plane/cli/init-command-handler.js +110 -26
- package/dist/apps/control-plane/cli/init-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/retry-command-handler.js +3 -6
- package/dist/apps/control-plane/cli/retry-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/types.d.ts +1 -0
- package/dist/apps/control-plane/core/git.js +1 -3
- package/dist/apps/control-plane/core/git.js.map +1 -1
- package/dist/apps/control-plane/core/kernel.js +3 -5
- package/dist/apps/control-plane/core/kernel.js.map +1 -1
- package/dist/apps/control-plane/core/schemas.d.ts +2 -0
- package/dist/apps/control-plane/core/schemas.js +31 -1
- package/dist/apps/control-plane/core/schemas.js.map +1 -1
- package/dist/apps/control-plane/interfaces/cli/bootstrap.js +1 -1
- package/dist/apps/control-plane/interfaces/cli/bootstrap.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-registry-loader.d.ts +2 -0
- package/dist/apps/control-plane/mcp/tool-registry-loader.js +31 -1
- package/dist/apps/control-plane/mcp/tool-registry-loader.js.map +1 -1
- package/dist/apps/control-plane/supervisor/build-wave-executor.js +1 -1
- package/dist/apps/control-plane/supervisor/build-wave-executor.js.map +1 -1
- package/dist/apps/control-plane/supervisor/qa-wave-executor.js +1 -1
- package/dist/apps/control-plane/supervisor/qa-wave-executor.js.map +1 -1
- package/package.json +18 -17
- package/packages/web-dashboard/package.json +1 -1
- package/packages/web-dashboard/src/app/api/actions/route.ts +2 -2
- package/packages/web-dashboard/src/app/api/events/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/features/[id]/checkout/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/features/[id]/diff/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/features/[id]/evidence/[artifact]/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/features/[id]/review/route.ts +2 -2
- package/packages/web-dashboard/src/app/api/features/[id]/route.ts +1 -1
- package/packages/web-dashboard/src/app/api/projects/route.ts +2 -2
- package/packages/web-dashboard/src/app/api/status/route.ts +1 -1
- package/packages/web-dashboard/src/app/page.tsx +1 -1
- package/packages/web-dashboard/src/lib/aop-client.ts +1 -1
- package/packages/web-dashboard/src/lib/orchestrator-tools.ts +1 -1
- package/packages/web-dashboard/tsconfig.json +1 -0
- package/spec-files/completed/agentic_orchestrator_init_policy_ux_simplification_spec.md +481 -0
- package/spec-files/outstanding/agentic_orchestrator_artifact_database_publishing_spec.md +500 -0
- package/spec-files/outstanding/agentic_orchestrator_observability_integrity_diagnostics_spec.md +500 -195
- package/spec-files/outstanding/agentic_orchestrator_performance_improvements_spec.md +471 -162
- package/spec-files/outstanding/agentic_orchestrator_planning_review_quality_spec.md +532 -268
- package/spec-files/outstanding/agentic_orchestrator_productization_commercial_spec.md +645 -0
- package/spec-files/progress.md +99 -2
- package/tsconfig.base.json +4 -0
- /package/spec-files/{outstanding → completed}/agentic_orchestrator_validator_hardening_spec.md +0 -0
|
@@ -0,0 +1,645 @@
|
|
|
1
|
+
# Feature Spec: Commercial Productization and Monetization Platform (AOP)
|
|
2
|
+
|
|
3
|
+
> **Purpose of this document**: Define a concrete, implementation-ready path to turn Agentic-Orchestrator from a strong local tool into a product customers will pay for by adding team-scale governance, hosted audit durability, enterprise identity controls, and usage-based commercial operations.
|
|
4
|
+
|
|
5
|
+
**Version:** 1.0
|
|
6
|
+
**Date:** 2026-03-04
|
|
7
|
+
**Status:** Draft (Productization Program)
|
|
8
|
+
**Roadmap Mapping:** M39-M44
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## 0. Standards and Dependencies
|
|
13
|
+
|
|
14
|
+
### 0.1 Required Standards
|
|
15
|
+
|
|
16
|
+
All implementation MUST preserve:
|
|
17
|
+
- deterministic kernel behavior and normalized error envelopes
|
|
18
|
+
- local execution viability when cloud/commercial services are unavailable
|
|
19
|
+
- MCP/in-process transport parity for tool contracts
|
|
20
|
+
- strict schema-driven policy evolution (`policy.schema.json`, `policy.user.schema.json`)
|
|
21
|
+
- architecture boundary validation and contract validation (`validate:architecture`, `validate:mcp-contracts`)
|
|
22
|
+
|
|
23
|
+
### 0.2 Required Upstream Inputs
|
|
24
|
+
|
|
25
|
+
Implementing agents MUST read:
|
|
26
|
+
- `README.md`
|
|
27
|
+
- `spec-files/outstanding/agentic_orchestrator_quality_adoption_execution_spec.md`
|
|
28
|
+
- `spec-files/outstanding/agentic_orchestrator_enterprise_governance_dashboard_spec.md`
|
|
29
|
+
- `spec-files/outstanding/agentic_orchestrator_artifact_database_publishing_spec.md`
|
|
30
|
+
- `apps/control-plane/src/mcp/tool-runtime.ts`
|
|
31
|
+
- `apps/control-plane/src/mcp/operation-ledger.ts`
|
|
32
|
+
- `apps/control-plane/src/application/tools/tool-metadata.ts`
|
|
33
|
+
- `apps/control-plane/src/application/services/cost-tracking-service.ts`
|
|
34
|
+
- `apps/control-plane/src/core/kernel.ts`
|
|
35
|
+
- `apps/control-plane/src/core/constants.ts`
|
|
36
|
+
- `apps/control-plane/src/core/error-codes.ts`
|
|
37
|
+
- `apps/control-plane/src/cli/types.ts`
|
|
38
|
+
- `apps/control-plane/src/cli/cli-argument-parser.ts`
|
|
39
|
+
- `apps/control-plane/src/cli/help-command-handler.ts`
|
|
40
|
+
- `apps/control-plane/src/interfaces/cli/bootstrap.ts`
|
|
41
|
+
- `agentic/orchestrator/defaults/policy.defaults.yaml`
|
|
42
|
+
- `agentic/orchestrator/schemas/policy.schema.json`
|
|
43
|
+
- `agentic/orchestrator/schemas/policy.user.schema.json`
|
|
44
|
+
- `agentic/orchestrator/tools/catalog.json`
|
|
45
|
+
- `packages/web-dashboard/src/lib/aop-client.ts`
|
|
46
|
+
- `packages/web-dashboard/src/lib/types.ts`
|
|
47
|
+
- `packages/web-dashboard/src/app/page.tsx`
|
|
48
|
+
|
|
49
|
+
### 0.3 Feature Scope
|
|
50
|
+
|
|
51
|
+
This spec implements:
|
|
52
|
+
- **P1** Product packaging and entitlement model
|
|
53
|
+
- **P2** Workspace identity and cloud connectivity (`auth`, `whoami`, workspace binding)
|
|
54
|
+
- **P3** Entitlement enforcement and offline cache semantics
|
|
55
|
+
- **P4** Usage metering and billing event pipeline
|
|
56
|
+
- **P5** Hosted audit history sync (building on artifact publishing)
|
|
57
|
+
- **P6** Team/enterprise dashboard capabilities and tenant-aware APIs
|
|
58
|
+
|
|
59
|
+
Out of scope:
|
|
60
|
+
- fully automated sales/CRM workflows
|
|
61
|
+
- payment processor selection lock-in (Stripe is default implementation target, not protocol requirement)
|
|
62
|
+
- replacing local `.aop/**` as source of truth
|
|
63
|
+
|
|
64
|
+
---
|
|
65
|
+
|
|
66
|
+
## 1. Monetization Thesis (What Customers Pay For)
|
|
67
|
+
|
|
68
|
+
### 1.1 Free vs Paid Value Boundary
|
|
69
|
+
|
|
70
|
+
Customers do not pay for basic local orchestration. They pay for organizational risk reduction and operational scale:
|
|
71
|
+
- durable audit history across runs/repos/teams
|
|
72
|
+
- enterprise identity, authorization, and compliance evidence
|
|
73
|
+
- usage analytics, cost controls, and executive reporting
|
|
74
|
+
- managed reliability with entitlements, retention, and SLA-backed operations
|
|
75
|
+
|
|
76
|
+
### 1.2 Product Packaging (Normative)
|
|
77
|
+
|
|
78
|
+
| Tier | Primary Buyer | Included Capabilities | Technical Gate |
|
|
79
|
+
|---|---|---|---|
|
|
80
|
+
| Community (Free) | Individual devs | Local deterministic orchestration, local dashboard, local `.aop` artifacts | `product.mode=community` |
|
|
81
|
+
| Team (Paid) | Eng managers | Multi-user workspace, hosted artifact retention, trend analytics, shared dashboard | `entitlements.features.team_workspace=true` |
|
|
82
|
+
| Enterprise (Paid) | Platform/security | SSO/SAML/OIDC, SCIM, compliance exports, policy packs, long retention, private deployment | `entitlements.features.enterprise_controls=true` |
|
|
83
|
+
|
|
84
|
+
### 1.3 Billable Dimensions
|
|
85
|
+
|
|
86
|
+
Billing MUST be derivable from deterministic metering events:
|
|
87
|
+
- `active_seats` (distinct active users per billing period)
|
|
88
|
+
- `orchestrated_runs` (count of completed run IDs)
|
|
89
|
+
- `artifact_storage_gb_month` (hosted storage footprint)
|
|
90
|
+
- `artifact_retention_days` (retention tier)
|
|
91
|
+
- optional overage dimension: `tool_invocations` beyond plan allowance
|
|
92
|
+
|
|
93
|
+
---
|
|
94
|
+
|
|
95
|
+
## 2. Architectural Critique of Current State
|
|
96
|
+
|
|
97
|
+
1. **No tenancy model**
|
|
98
|
+
- Current runtime is repository-local with no first-class `organization/workspace/project` contract.
|
|
99
|
+
- Result: no customer/account boundary for paid features.
|
|
100
|
+
|
|
101
|
+
2. **No entitlement boundary in tool execution path**
|
|
102
|
+
- `ToolRuntime.callTool()` enforces RBAC and schema, but not plan/tier entitlements.
|
|
103
|
+
- Result: no deterministic paid feature gate.
|
|
104
|
+
|
|
105
|
+
3. **No canonical usage-metering stream for billing**
|
|
106
|
+
- Cost tracking exists per feature, but there is no auditable, periodized commercial usage event model.
|
|
107
|
+
- Result: cannot invoice reliably.
|
|
108
|
+
|
|
109
|
+
4. **Dashboard is filesystem-local and single-tenant**
|
|
110
|
+
- Dashboard reads `.aop/**` directly via local API routes.
|
|
111
|
+
- Result: cannot support paid multi-user workspace analytics without a hosted backend.
|
|
112
|
+
|
|
113
|
+
5. **No customer auth lifecycle in CLI**
|
|
114
|
+
- CLI has no login/whoami/workspace binding flow.
|
|
115
|
+
- Result: no secure binding to subscription and entitlements.
|
|
116
|
+
|
|
117
|
+
6. **Artifact persistence exists but is not yet monetization-connected**
|
|
118
|
+
- Artifact publishing spec exists, but not tied to product plans, retention SKUs, or workspace-level access.
|
|
119
|
+
- Result: technical capability without commercial control plane.
|
|
120
|
+
|
|
121
|
+
---
|
|
122
|
+
|
|
123
|
+
## 3. Target Product Architecture
|
|
124
|
+
|
|
125
|
+
### 3.1 Architecture Summary
|
|
126
|
+
|
|
127
|
+
Retain the current deterministic local control-plane as execution engine. Add an optional commercial control hub and sync plane.
|
|
128
|
+
|
|
129
|
+
1. **Local Execution Plane (existing, enhanced)**
|
|
130
|
+
- Runs orchestrator and writes canonical `.aop/**` artifacts.
|
|
131
|
+
- Emits usage events and optional cloud-sync batches.
|
|
132
|
+
|
|
133
|
+
2. **Commercial Control Hub (new)**
|
|
134
|
+
- Multi-tenant API for auth, workspaces, entitlements, usage ingest, artifact indexing, and billing summaries.
|
|
135
|
+
- Can be hosted SaaS or self-hosted enterprise deployment.
|
|
136
|
+
|
|
137
|
+
3. **Entitlement Cache Layer (new, local)**
|
|
138
|
+
- Local signed entitlement snapshot with TTL + grace behavior.
|
|
139
|
+
- Ensures paid features can be enforced deterministically even during temporary cloud outages.
|
|
140
|
+
|
|
141
|
+
4. **Billing/Metering Pipeline (new)**
|
|
142
|
+
- Usage event ingestion -> aggregation -> invoice line item derivation.
|
|
143
|
+
|
|
144
|
+
### 3.2 Non-Negotiable Boundary Rules
|
|
145
|
+
|
|
146
|
+
- Core free orchestration (`run`, local gates, local artifacts) MUST remain functional without cloud.
|
|
147
|
+
- Paid-only features MUST fail with explicit entitlement errors, never silent downgrades.
|
|
148
|
+
- Entitlement and usage calculations MUST be deterministic from persisted events.
|
|
149
|
+
- Billing logic MUST never mutate execution outcomes retroactively.
|
|
150
|
+
|
|
151
|
+
---
|
|
152
|
+
|
|
153
|
+
## 4. Contracts and Schema Deltas
|
|
154
|
+
|
|
155
|
+
## 4.1 Policy Extensions (Defaults + User Schema + Full Schema)
|
|
156
|
+
|
|
157
|
+
Add:
|
|
158
|
+
|
|
159
|
+
```yaml
|
|
160
|
+
innovation:
|
|
161
|
+
commercial_productization: false
|
|
162
|
+
|
|
163
|
+
product:
|
|
164
|
+
mode: community # community | team | enterprise
|
|
165
|
+
cloud:
|
|
166
|
+
enabled: false
|
|
167
|
+
endpoint: ""
|
|
168
|
+
workspace_id: ""
|
|
169
|
+
api_token_env: AOP_CLOUD_API_TOKEN
|
|
170
|
+
sync_mode: best_effort # best_effort | required
|
|
171
|
+
sync_triggers:
|
|
172
|
+
- post_run # post_run | manual
|
|
173
|
+
entitlements:
|
|
174
|
+
enabled: false
|
|
175
|
+
cache_ttl_seconds: 900
|
|
176
|
+
grace_period_hours: 168
|
|
177
|
+
fail_mode: grace_then_block_paid # allow_cached | grace_then_block_paid
|
|
178
|
+
metering:
|
|
179
|
+
enabled: false
|
|
180
|
+
flush_interval_seconds: 60
|
|
181
|
+
max_batch_size: 500
|
|
182
|
+
retention:
|
|
183
|
+
hosted_artifact_days: 30
|
|
184
|
+
```
|
|
185
|
+
|
|
186
|
+
Normative behavior:
|
|
187
|
+
- all productization toggles default off
|
|
188
|
+
- `product.mode=community` implies no paid-only enforcement
|
|
189
|
+
- if `product.mode in {team, enterprise}`, `entitlements.enabled=true` is required
|
|
190
|
+
- `sync_mode=required` affects only paid sync operations, never base local run completion
|
|
191
|
+
|
|
192
|
+
## 4.2 Entitlement Snapshot Contract
|
|
193
|
+
|
|
194
|
+
Path:
|
|
195
|
+
|
|
196
|
+
```text
|
|
197
|
+
.aop/runtime/entitlements/cache.json
|
|
198
|
+
```
|
|
199
|
+
|
|
200
|
+
Contract:
|
|
201
|
+
|
|
202
|
+
```json
|
|
203
|
+
{
|
|
204
|
+
"workspace_id": "ws_123",
|
|
205
|
+
"plan": "team",
|
|
206
|
+
"fetched_at": "2026-03-04T10:00:00.000Z",
|
|
207
|
+
"expires_at": "2026-03-04T10:15:00.000Z",
|
|
208
|
+
"grace_expires_at": "2026-03-11T10:15:00.000Z",
|
|
209
|
+
"features": {
|
|
210
|
+
"team_workspace": true,
|
|
211
|
+
"hosted_audit_history": true,
|
|
212
|
+
"enterprise_controls": false,
|
|
213
|
+
"sso": false,
|
|
214
|
+
"scim": false
|
|
215
|
+
},
|
|
216
|
+
"limits": {
|
|
217
|
+
"max_seats": 25,
|
|
218
|
+
"max_projects": 50,
|
|
219
|
+
"artifact_retention_days": 30
|
|
220
|
+
},
|
|
221
|
+
"signature": "base64:..."
|
|
222
|
+
}
|
|
223
|
+
```
|
|
224
|
+
|
|
225
|
+
Rules:
|
|
226
|
+
- snapshot must be signed by control hub key and verified locally
|
|
227
|
+
- expired snapshot inside grace can run with warning; outside grace paid features block
|
|
228
|
+
- missing snapshot in team/enterprise mode returns explicit entitlement error for paid operations
|
|
229
|
+
|
|
230
|
+
## 4.3 Usage Metering Event Contract
|
|
231
|
+
|
|
232
|
+
Path:
|
|
233
|
+
|
|
234
|
+
```text
|
|
235
|
+
.aop/runtime/usage/events/<run_id>.jsonl
|
|
236
|
+
.aop/runtime/usage/checkpoints/last_flush.json
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
Event contract:
|
|
240
|
+
|
|
241
|
+
```json
|
|
242
|
+
{
|
|
243
|
+
"event_id": "evt_01J...",
|
|
244
|
+
"ts": "2026-03-04T10:01:12.000Z",
|
|
245
|
+
"workspace_id": "ws_123",
|
|
246
|
+
"project_id": "proj_abc",
|
|
247
|
+
"run_id": "run:...",
|
|
248
|
+
"feature_id": "payment_retry_guard",
|
|
249
|
+
"event_type": "tool_invocation",
|
|
250
|
+
"dimensions": {
|
|
251
|
+
"tool_name": "repo.apply_patch",
|
|
252
|
+
"actor_type": "builder",
|
|
253
|
+
"result": "ok",
|
|
254
|
+
"latency_ms": 173
|
|
255
|
+
},
|
|
256
|
+
"billable_units": {
|
|
257
|
+
"tool_invocations": 1
|
|
258
|
+
}
|
|
259
|
+
}
|
|
260
|
+
```
|
|
261
|
+
|
|
262
|
+
Rules:
|
|
263
|
+
- `event_id` must be deterministic (UUIDv7 allowed; stable dedupe key must also be emitted)
|
|
264
|
+
- flush must be idempotent with server-side dedupe key `(workspace_id,event_id)`
|
|
265
|
+
- local writes are append-only and never block core tool execution in best-effort mode
|
|
266
|
+
|
|
267
|
+
## 4.4 Hosted Artifact Sync Contract
|
|
268
|
+
|
|
269
|
+
This extends the artifact publishing foundation into commercial product behavior.
|
|
270
|
+
|
|
271
|
+
Paths:
|
|
272
|
+
|
|
273
|
+
```text
|
|
274
|
+
.aop/runtime/cloud-sync/checkpoints/<run_id>.json
|
|
275
|
+
.aop/runtime/cloud-sync/last_sync.json
|
|
276
|
+
```
|
|
277
|
+
|
|
278
|
+
Checkpoint contract:
|
|
279
|
+
|
|
280
|
+
```json
|
|
281
|
+
{
|
|
282
|
+
"run_id": "run:...",
|
|
283
|
+
"target": "control_hub",
|
|
284
|
+
"status": "succeeded",
|
|
285
|
+
"last_synced_at": "2026-03-04T10:09:00.000Z",
|
|
286
|
+
"artifact_count": 242,
|
|
287
|
+
"bytes_synced": 8172634,
|
|
288
|
+
"revision": 3
|
|
289
|
+
}
|
|
290
|
+
```
|
|
291
|
+
|
|
292
|
+
## 4.5 New Tool Surface
|
|
293
|
+
|
|
294
|
+
1. `entitlements.get` (read-only)
|
|
295
|
+
- returns active entitlement snapshot and effective capability matrix.
|
|
296
|
+
|
|
297
|
+
2. `usage.summary_get` (read-only)
|
|
298
|
+
- returns local and remote usage summary for current workspace/project.
|
|
299
|
+
|
|
300
|
+
3. `artifacts.sync_remote` (mutating)
|
|
301
|
+
- pushes run artifacts and usage events to control hub.
|
|
302
|
+
|
|
303
|
+
4. `billing.subscription_get` (read-only)
|
|
304
|
+
- returns plan, period usage, and overage status.
|
|
305
|
+
|
|
306
|
+
Required wiring for all tools:
|
|
307
|
+
- `apps/control-plane/src/core/constants.ts`
|
|
308
|
+
- `apps/control-plane/src/core/kernel.ts`
|
|
309
|
+
- `apps/control-plane/src/application/tools/tool-metadata.ts`
|
|
310
|
+
- `agentic/orchestrator/tools/catalog.json`
|
|
311
|
+
- `agentic/orchestrator/tools/schemas/input/*.json`
|
|
312
|
+
- `agentic/orchestrator/tools/schemas/output/*.json`
|
|
313
|
+
- RBAC in `policy.defaults.yaml`
|
|
314
|
+
- regenerated `agentic/orchestrator/tools.md`
|
|
315
|
+
|
|
316
|
+
## 4.6 CLI Surface Changes
|
|
317
|
+
|
|
318
|
+
Add commands:
|
|
319
|
+
- `aop auth login --endpoint <url> --workspace <id> [--token-env <ENV>]`
|
|
320
|
+
- `aop auth whoami`
|
|
321
|
+
- `aop auth logout`
|
|
322
|
+
- `aop cloud sync [--run-id <id>|--latest] [--strict]`
|
|
323
|
+
- `aop usage [--period current] [--json]`
|
|
324
|
+
- `aop billing [--json]`
|
|
325
|
+
|
|
326
|
+
Required CLI wiring:
|
|
327
|
+
- `apps/control-plane/src/cli/types.ts`
|
|
328
|
+
- `apps/control-plane/src/cli/cli-argument-parser.ts`
|
|
329
|
+
- `apps/control-plane/src/cli/help-command-handler.ts`
|
|
330
|
+
- `apps/control-plane/src/interfaces/cli/bootstrap.ts`
|
|
331
|
+
- new handlers under `apps/control-plane/src/cli/*`
|
|
332
|
+
|
|
333
|
+
## 4.7 Error Code Additions
|
|
334
|
+
|
|
335
|
+
Add to `apps/control-plane/src/core/error-codes.ts`:
|
|
336
|
+
- `entitlement_required`
|
|
337
|
+
- `entitlement_cache_missing`
|
|
338
|
+
- `entitlement_signature_invalid`
|
|
339
|
+
- `entitlement_expired`
|
|
340
|
+
- `cloud_auth_failed`
|
|
341
|
+
- `cloud_workspace_unbound`
|
|
342
|
+
- `cloud_sync_failed`
|
|
343
|
+
- `metering_flush_failed`
|
|
344
|
+
- `billing_overage_blocked`
|
|
345
|
+
|
|
346
|
+
---
|
|
347
|
+
|
|
348
|
+
## 5. Detailed Implementation Plan (Normative)
|
|
349
|
+
|
|
350
|
+
## CP0: Contract Scaffolding and Feature Flags
|
|
351
|
+
|
|
352
|
+
### Goals
|
|
353
|
+
- add policy/schema/tool/CLI scaffolding with defaults off
|
|
354
|
+
|
|
355
|
+
### File Targets
|
|
356
|
+
- `agentic/orchestrator/defaults/policy.defaults.yaml`
|
|
357
|
+
- `agentic/orchestrator/schemas/policy.schema.json`
|
|
358
|
+
- `agentic/orchestrator/schemas/policy.user.schema.json`
|
|
359
|
+
- `apps/control-plane/src/core/constants.ts`
|
|
360
|
+
- `apps/control-plane/src/core/error-codes.ts`
|
|
361
|
+
- `agentic/orchestrator/tools/catalog.json`
|
|
362
|
+
- input/output schemas for new tools
|
|
363
|
+
- `agentic/orchestrator/tools.md`
|
|
364
|
+
|
|
365
|
+
### Mandatory Checks
|
|
366
|
+
- `npm run validate:mcp-contracts`
|
|
367
|
+
- `npm run validate:architecture`
|
|
368
|
+
|
|
369
|
+
Exit criteria:
|
|
370
|
+
- policy loads with new fields
|
|
371
|
+
- tool catalog/schemas/docs are consistent
|
|
372
|
+
|
|
373
|
+
---
|
|
374
|
+
|
|
375
|
+
## CP1: Workspace Auth and Binding
|
|
376
|
+
|
|
377
|
+
### Design
|
|
378
|
+
|
|
379
|
+
Introduce a control-hub client and local credential binding.
|
|
380
|
+
|
|
381
|
+
### Implementation Targets
|
|
382
|
+
- `apps/control-plane/src/application/services/cloud-auth-service.ts` (new)
|
|
383
|
+
- `apps/control-plane/src/application/services/workspace-binding-service.ts` (new)
|
|
384
|
+
- `apps/control-plane/src/cli/auth-command-handler.ts` (new)
|
|
385
|
+
- `apps/control-plane/src/cli/types.ts` / parser / bootstrap wiring
|
|
386
|
+
- `.aop/runtime/cloud-auth/session.json` contract helper in `path-layout.ts`
|
|
387
|
+
|
|
388
|
+
### Rules
|
|
389
|
+
- credentials never stored in plaintext if token env indirection exists
|
|
390
|
+
- `whoami` reads from validated local session + optional remote refresh
|
|
391
|
+
- auth failures must not break non-commercial local operations
|
|
392
|
+
|
|
393
|
+
### Tests
|
|
394
|
+
- `apps/control-plane/test/cloud-auth-service.spec.ts` (new)
|
|
395
|
+
- `apps/control-plane/test/cli.unit.spec.ts` auth parser/help coverage
|
|
396
|
+
|
|
397
|
+
Exit criteria:
|
|
398
|
+
- `auth login/whoami/logout` deterministic and tested
|
|
399
|
+
|
|
400
|
+
---
|
|
401
|
+
|
|
402
|
+
## CP2: Entitlement Engine and Enforcement
|
|
403
|
+
|
|
404
|
+
### Design
|
|
405
|
+
|
|
406
|
+
Enforce paid features through a central entitlement service queried by tool runtime and selected CLI paths.
|
|
407
|
+
|
|
408
|
+
### Implementation Targets
|
|
409
|
+
- `apps/control-plane/src/application/services/entitlement-service.ts` (new)
|
|
410
|
+
- `apps/control-plane/src/mcp/tool-runtime.ts` (pre-execution entitlement gate)
|
|
411
|
+
- `apps/control-plane/src/application/tools/tool-metadata.ts` (required entitlement tag per paid tool)
|
|
412
|
+
- `apps/control-plane/src/core/kernel.ts` (tool wrappers where needed)
|
|
413
|
+
|
|
414
|
+
### Rules
|
|
415
|
+
- entitlement checks apply only to paid operations
|
|
416
|
+
- core orchestration commands remain accessible in community mode
|
|
417
|
+
- grace behavior driven solely by policy + cache timestamps
|
|
418
|
+
|
|
419
|
+
### Tests
|
|
420
|
+
- `apps/control-plane/test/entitlement-service.spec.ts` (new)
|
|
421
|
+
- extend `apps/control-plane/test/tool-runtime.spec.ts`
|
|
422
|
+
- extend `apps/control-plane/test/mcp.spec.ts` for entitlement failures and parity
|
|
423
|
+
|
|
424
|
+
Exit criteria:
|
|
425
|
+
- paid tool calls blocked deterministically when not entitled
|
|
426
|
+
- no regressions in community flow
|
|
427
|
+
|
|
428
|
+
---
|
|
429
|
+
|
|
430
|
+
## CP3: Usage Metering Pipeline
|
|
431
|
+
|
|
432
|
+
### Design
|
|
433
|
+
|
|
434
|
+
Emit deterministic usage events from runtime boundaries and flush in batches.
|
|
435
|
+
|
|
436
|
+
### Implementation Targets
|
|
437
|
+
- `apps/control-plane/src/application/services/usage-metering-service.ts` (new)
|
|
438
|
+
- `apps/control-plane/src/mcp/tool-runtime.ts` (tool invocation events)
|
|
439
|
+
- `apps/control-plane/src/supervisor/run-coordinator.ts` (run lifecycle events)
|
|
440
|
+
- `apps/control-plane/src/application/services/cost-tracking-service.ts` (alignment with billable dimensions)
|
|
441
|
+
- `apps/control-plane/src/cli/usage-command-handler.ts` (new)
|
|
442
|
+
|
|
443
|
+
### Rules
|
|
444
|
+
- event writes append-only and non-blocking by default
|
|
445
|
+
- dedupe keys required on remote flush
|
|
446
|
+
- local summary always available even when cloud is unavailable
|
|
447
|
+
|
|
448
|
+
### Tests
|
|
449
|
+
- `apps/control-plane/test/usage-metering-service.spec.ts` (new)
|
|
450
|
+
- integration test for end-to-end run event emission
|
|
451
|
+
|
|
452
|
+
Exit criteria:
|
|
453
|
+
- usage events generated for run start/end, tool invocations, gate execution
|
|
454
|
+
- local summary and remote flush both deterministic
|
|
455
|
+
|
|
456
|
+
---
|
|
457
|
+
|
|
458
|
+
## CP4: Hosted Artifact and Audit Sync
|
|
459
|
+
|
|
460
|
+
### Design
|
|
461
|
+
|
|
462
|
+
Build on artifact publishing to support control-hub sync and retention-aware indexing.
|
|
463
|
+
|
|
464
|
+
### Implementation Targets
|
|
465
|
+
- `apps/control-plane/src/application/services/artifact-publisher-service.ts` (extend)
|
|
466
|
+
- `apps/control-plane/src/application/services/cloud-sync-service.ts` (new)
|
|
467
|
+
- `apps/control-plane/src/cli/cloud-sync-command-handler.ts` (new)
|
|
468
|
+
- `apps/control-plane/src/cli/run-command-handler.ts` (post-run sync trigger)
|
|
469
|
+
|
|
470
|
+
### Rules
|
|
471
|
+
- `sync_mode=best_effort` must not fail base run completion
|
|
472
|
+
- `sync_mode=required` fails paid sync action only, with explicit error
|
|
473
|
+
- checkpoints guarantee idempotent retries
|
|
474
|
+
|
|
475
|
+
### Tests
|
|
476
|
+
- `apps/control-plane/test/cloud-sync-service.spec.ts` (new)
|
|
477
|
+
- extend run-command tests for post-run sync outcomes
|
|
478
|
+
|
|
479
|
+
Exit criteria:
|
|
480
|
+
- remote sync supports full run + retry without duplicate logical records
|
|
481
|
+
|
|
482
|
+
---
|
|
483
|
+
|
|
484
|
+
## CP5: Tenant-Aware Dashboard and Team Features
|
|
485
|
+
|
|
486
|
+
### Design
|
|
487
|
+
|
|
488
|
+
Enable workspace-scoped views and paid analytics in dashboard APIs/UI.
|
|
489
|
+
|
|
490
|
+
### Implementation Targets
|
|
491
|
+
- `packages/web-dashboard/src/lib/aop-client.ts`
|
|
492
|
+
- `packages/web-dashboard/src/lib/types.ts`
|
|
493
|
+
- `packages/web-dashboard/src/app/api/*` routes for workspace/billing/usage
|
|
494
|
+
- `packages/web-dashboard/src/app/page.tsx` (workspace selector, paid analytics cards)
|
|
495
|
+
|
|
496
|
+
### Rules
|
|
497
|
+
- paid panels hidden when entitlement absent
|
|
498
|
+
- APIs enforce workspace identity server-side, not only UI checks
|
|
499
|
+
|
|
500
|
+
### Tests
|
|
501
|
+
- dashboard API integration tests for workspace isolation
|
|
502
|
+
- UI tests for entitlement-conditioned rendering
|
|
503
|
+
|
|
504
|
+
Exit criteria:
|
|
505
|
+
- team dashboards show cross-run metrics and audit trend views per workspace
|
|
506
|
+
|
|
507
|
+
---
|
|
508
|
+
|
|
509
|
+
## CP6: Commercial Control Hub (New Service)
|
|
510
|
+
|
|
511
|
+
### Design
|
|
512
|
+
|
|
513
|
+
Introduce a new multi-tenant backend service inside this monorepo.
|
|
514
|
+
|
|
515
|
+
### New Workspace Targets
|
|
516
|
+
- `apps/control-hub-api/` (new)
|
|
517
|
+
- `apps/control-hub-api/src/auth/*`
|
|
518
|
+
- `apps/control-hub-api/src/tenancy/*`
|
|
519
|
+
- `apps/control-hub-api/src/entitlements/*`
|
|
520
|
+
- `apps/control-hub-api/src/metering/*`
|
|
521
|
+
- `apps/control-hub-api/src/artifacts/*`
|
|
522
|
+
- `apps/control-hub-api/src/billing/*`
|
|
523
|
+
- `apps/control-hub-api/src/db/migrations/*`
|
|
524
|
+
|
|
525
|
+
### Minimum API Contract
|
|
526
|
+
- `GET /v1/whoami`
|
|
527
|
+
- `GET /v1/entitlements/current`
|
|
528
|
+
- `POST /v1/usage/events:ingest`
|
|
529
|
+
- `POST /v1/artifacts/sync`
|
|
530
|
+
- `GET /v1/billing/subscription`
|
|
531
|
+
|
|
532
|
+
### Data Model (Minimum)
|
|
533
|
+
- `organizations`
|
|
534
|
+
- `workspaces`
|
|
535
|
+
- `projects`
|
|
536
|
+
- `memberships`
|
|
537
|
+
- `subscriptions`
|
|
538
|
+
- `entitlement_snapshots`
|
|
539
|
+
- `usage_events`
|
|
540
|
+
- `usage_aggregates`
|
|
541
|
+
- `artifact_runs`
|
|
542
|
+
|
|
543
|
+
### Exit criteria
|
|
544
|
+
- control-plane can authenticate and sync against control-hub in staging
|
|
545
|
+
- metering and entitlement endpoints are production-safe with tenant isolation tests
|
|
546
|
+
|
|
547
|
+
---
|
|
548
|
+
|
|
549
|
+
## CP7: Rollout, Migration, and Commercial Readiness
|
|
550
|
+
|
|
551
|
+
### Rollout Phases
|
|
552
|
+
1. Internal dogfood: community mode + optional auth only.
|
|
553
|
+
2. Pilot customers: team mode with best-effort sync and warning-only overage.
|
|
554
|
+
3. Paid GA: required entitlement checks for paid operations, invoicing enabled.
|
|
555
|
+
4. Enterprise GA: SSO/SCIM/compliance controls enabled by entitlement.
|
|
556
|
+
|
|
557
|
+
### Migration Rules
|
|
558
|
+
- existing repos require no config changes for community mode
|
|
559
|
+
- `aop init --advanced-policy` adds product section templates
|
|
560
|
+
- paid mode onboarding requires explicit `aop auth login` and workspace bind
|
|
561
|
+
|
|
562
|
+
### Rollback Rules
|
|
563
|
+
- disable `innovation.commercial_productization` to return to community behavior
|
|
564
|
+
- keep usage/artifact logs; do not delete commercial runtime artifacts on rollback
|
|
565
|
+
|
|
566
|
+
---
|
|
567
|
+
|
|
568
|
+
## 6. Test Strategy (Normative)
|
|
569
|
+
|
|
570
|
+
### 6.1 Unit Tests
|
|
571
|
+
- entitlement signature and expiry/grace logic
|
|
572
|
+
- metering event generation and dedupe keys
|
|
573
|
+
- cloud sync checkpoint idempotency
|
|
574
|
+
|
|
575
|
+
### 6.2 Integration Tests
|
|
576
|
+
- end-to-end paid flow: login -> entitlement fetch -> run -> usage flush -> artifact sync
|
|
577
|
+
- tenant isolation: workspace A cannot read workspace B assets
|
|
578
|
+
|
|
579
|
+
### 6.3 Contract/Parity Tests
|
|
580
|
+
- new tools validated in MCP and in-process modes
|
|
581
|
+
- CLI commands parse/help/bootstrap coverage for `auth`, `cloud sync`, `usage`, `billing`
|
|
582
|
+
|
|
583
|
+
### 6.4 Regression Tests
|
|
584
|
+
- community mode behavior unchanged when productization disabled
|
|
585
|
+
- run completion unaffected by cloud outage in best-effort mode
|
|
586
|
+
|
|
587
|
+
---
|
|
588
|
+
|
|
589
|
+
## 7. Acceptance Criteria
|
|
590
|
+
|
|
591
|
+
1. Community users can run existing workflows unchanged with productization disabled.
|
|
592
|
+
2. Team/enterprise mode requires valid workspace auth and entitlement snapshot.
|
|
593
|
+
3. Paid features are blocked with explicit entitlement errors when unauthorized.
|
|
594
|
+
4. Usage events are persisted locally and can be flushed idempotently to control-hub.
|
|
595
|
+
5. Artifact sync supports durable hosted audit history and deterministic retry behavior.
|
|
596
|
+
6. Dashboard can render tenant-aware, entitlement-gated analytics without data leakage.
|
|
597
|
+
7. Billing summary endpoint returns plan usage and overage signals from deterministic aggregates.
|
|
598
|
+
8. Quality gates pass: `lint`, `typecheck`, `test`, `validate:mcp-contracts`, `validate:architecture`.
|
|
599
|
+
|
|
600
|
+
---
|
|
601
|
+
|
|
602
|
+
## 8. Core Tradeoffs
|
|
603
|
+
|
|
604
|
+
1. **Fail-open reliability vs revenue enforcement**
|
|
605
|
+
- strict entitlement blocking improves monetization control but risks customer-facing outages.
|
|
606
|
+
- chosen path: core execution always local-safe; paid operations enforce with TTL+grace.
|
|
607
|
+
|
|
608
|
+
2. **Hosted convenience vs data sovereignty**
|
|
609
|
+
- SaaS enables fast value but regulated customers need self-hosting.
|
|
610
|
+
- chosen path: same APIs for hosted and enterprise self-hosted control-hub.
|
|
611
|
+
|
|
612
|
+
3. **Metering granularity vs runtime overhead**
|
|
613
|
+
- finer events improve billing accuracy but increase write/flush cost.
|
|
614
|
+
- chosen path: bounded JSONL events, batched flush, deterministic aggregation.
|
|
615
|
+
|
|
616
|
+
4. **Broad paywall vs trust/adoption**
|
|
617
|
+
- over-gating core capabilities harms OSS adoption.
|
|
618
|
+
- chosen path: keep deterministic orchestration free; monetize team governance, hosted retention, enterprise controls.
|
|
619
|
+
|
|
620
|
+
---
|
|
621
|
+
|
|
622
|
+
## 9. Risks and Mitigations
|
|
623
|
+
|
|
624
|
+
- Risk: entitlement service outage blocks paying customers.
|
|
625
|
+
- Mitigation: signed local cache + grace period + explicit degraded-mode warnings.
|
|
626
|
+
|
|
627
|
+
- Risk: billing disputes due to inconsistent metering.
|
|
628
|
+
- Mitigation: immutable event log, deterministic aggregation jobs, exportable customer usage report.
|
|
629
|
+
|
|
630
|
+
- Risk: tenant data leakage.
|
|
631
|
+
- Mitigation: mandatory workspace scoping in every API query plus isolation integration tests.
|
|
632
|
+
|
|
633
|
+
- Risk: implementation spread across too many subsystems.
|
|
634
|
+
- Mitigation: CP0-first contract scaffolding and phased rollout with strict exit criteria.
|
|
635
|
+
|
|
636
|
+
---
|
|
637
|
+
|
|
638
|
+
## 10. Definition of Done
|
|
639
|
+
|
|
640
|
+
A completed implementation session for this program MUST provide:
|
|
641
|
+
- phase-by-phase completion notes (CP0-CP7)
|
|
642
|
+
- policy/schema/catalog/tool docs deltas and rationale
|
|
643
|
+
- executed validation/test commands with outcomes
|
|
644
|
+
- rollout/rollback runbook notes
|
|
645
|
+
- `spec-files/progress.md` entry with completed milestones and remaining commercialization tasks
|