agentic-orchestrator 0.1.6 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.prettierignore +10 -0
- package/.prettierrc.json +24 -0
- package/CLAUDE.md +3 -2
- package/README.md +47 -46
- package/agentic/orchestrator/defaults/policy.defaults.yaml +1 -1
- package/agentic/orchestrator/prompts/planner.system.md +1 -0
- package/agentic/orchestrator/schemas/agents.schema.json +4 -21
- package/agentic/orchestrator/schemas/gates.schema.json +4 -19
- package/agentic/orchestrator/schemas/index.schema.json +3 -14
- package/agentic/orchestrator/schemas/multi-project.schema.json +2 -8
- package/agentic/orchestrator/schemas/plan.schema.json +6 -26
- package/agentic/orchestrator/schemas/policy.schema.json +19 -81
- package/agentic/orchestrator/schemas/policy.user.schema.json +1 -5
- package/agentic/orchestrator/schemas/qa_test_index.schema.json +5 -29
- package/agentic/orchestrator/schemas/state.schema.json +11 -61
- package/agentic/orchestrator/tools/catalog.json +33 -164
- package/agentic/orchestrator/tools/schemas/input/evidence.latest.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/feature.delete.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/feature.get_context.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/feature.init.input.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/input/feature.log_append.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/feature.ready_to_merge.input.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/input/feature.state_get.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/feature.state_patch.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/gates.run.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/locks.acquire.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/locks.release.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/performance.record_outcome.input.schema.json +10 -1
- package/agentic/orchestrator/tools/schemas/input/plan.get.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/plan.submit.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/plan.update.input.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/input/qa.test_index_get.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/qa.test_index_update.input.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/input/repo.apply_patch.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/repo.diff.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/repo.diff_bundle.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/repo.ensure_worktree.input.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/input/repo.read_file.input.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/input/repo.search.input.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/input/repo.status.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/report.feature_summary.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/output/collisions.scan.output.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/output/evidence.latest.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/feature.delete.output.schema.json +4 -20
- package/agentic/orchestrator/tools/schemas/output/feature.discover_specs.output.schema.json +2 -7
- package/agentic/orchestrator/tools/schemas/output/feature.get_context.output.schema.json +1 -8
- package/agentic/orchestrator/tools/schemas/output/feature.init.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/feature.log_append.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/feature.ready_to_merge.output.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/output/feature.state_get.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/feature.state_patch.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/gates.list.output.schema.json +2 -7
- package/agentic/orchestrator/tools/schemas/output/gates.run.output.schema.json +1 -8
- package/agentic/orchestrator/tools/schemas/output/locks.acquire.output.schema.json +1 -7
- package/agentic/orchestrator/tools/schemas/output/locks.release.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/performance.get_analytics.output.schema.json +22 -2
- package/agentic/orchestrator/tools/schemas/output/plan.get.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/plan.submit.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/plan.update.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/qa.test_index_get.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/qa.test_index_update.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/repo.apply_patch.output.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/output/repo.diff.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/repo.diff_bundle.output.schema.json +1 -7
- package/agentic/orchestrator/tools/schemas/output/repo.ensure_worktree.output.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/output/repo.read_file.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/repo.search.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/repo.status.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/report.dashboard.output.schema.json +1 -4
- package/apps/control-plane/scripts/validate-architecture-rules.mjs +16 -5
- package/apps/control-plane/scripts/validate-docker-mcp-contract.mjs +30 -8
- package/apps/control-plane/scripts/validate-mcp-contracts.ts +13 -7
- package/apps/control-plane/src/application/adapters/adapter-registry.ts +35 -15
- package/apps/control-plane/src/application/multi-project-loader.ts +27 -10
- package/apps/control-plane/src/application/services/activity-monitor-service.ts +26 -14
- package/apps/control-plane/src/application/services/collision-queue-service.ts +31 -17
- package/apps/control-plane/src/application/services/cost-tracking-service.ts +23 -16
- package/apps/control-plane/src/application/services/dependency-scheduler-service.ts +12 -4
- package/apps/control-plane/src/application/services/feature-deletion-service.ts +94 -58
- package/apps/control-plane/src/application/services/feature-lifecycle-service.ts +19 -13
- package/apps/control-plane/src/application/services/feature-state-service.ts +29 -19
- package/apps/control-plane/src/application/services/gate-interpolation-service.ts +7 -2
- package/apps/control-plane/src/application/services/gate-service.ts +64 -41
- package/apps/control-plane/src/application/services/instance-isolation-service.ts +1 -1
- package/apps/control-plane/src/application/services/issue-tracker-service.ts +49 -38
- package/apps/control-plane/src/application/services/lock-service.ts +75 -49
- package/apps/control-plane/src/application/services/merge-service.ts +91 -50
- package/apps/control-plane/src/application/services/notifier-service.ts +42 -20
- package/apps/control-plane/src/application/services/patch-service.ts +73 -44
- package/apps/control-plane/src/application/services/performance-analytics-service.ts +8 -6
- package/apps/control-plane/src/application/services/plan-service.ts +148 -89
- package/apps/control-plane/src/application/services/policy-loader-service.ts +10 -4
- package/apps/control-plane/src/application/services/pr-monitor-service.ts +33 -14
- package/apps/control-plane/src/application/services/qa-index-service.ts +20 -16
- package/apps/control-plane/src/application/services/reactions-service.ts +30 -15
- package/apps/control-plane/src/application/services/reporting-service.ts +16 -12
- package/apps/control-plane/src/application/services/run-lease-service.ts +138 -81
- package/apps/control-plane/src/application/tools/tool-metadata.ts +5 -5
- package/apps/control-plane/src/application/tools/tool-router.ts +6 -3
- package/apps/control-plane/src/cli/aop.ts +2 -2
- package/apps/control-plane/src/cli/attach-command-handler.ts +9 -9
- package/apps/control-plane/src/cli/cleanup-command-handler.ts +16 -11
- package/apps/control-plane/src/cli/cli-argument-parser.ts +6 -3
- package/apps/control-plane/src/cli/dashboard-command-handler.ts +28 -8
- package/apps/control-plane/src/cli/delete-command-handler.ts +7 -7
- package/apps/control-plane/src/cli/help-command-handler.ts +61 -32
- package/apps/control-plane/src/cli/init-command-handler.ts +110 -54
- package/apps/control-plane/src/cli/io.ts +7 -3
- package/apps/control-plane/src/cli/resume-command-handler.ts +21 -13
- package/apps/control-plane/src/cli/retry-command-handler.ts +12 -11
- package/apps/control-plane/src/cli/run-command-handler.ts +12 -8
- package/apps/control-plane/src/cli/send-command-handler.ts +6 -6
- package/apps/control-plane/src/cli/spec-ingestion-service.ts +14 -8
- package/apps/control-plane/src/cli/spec-input-resolver.ts +6 -1
- package/apps/control-plane/src/cli/spec-utils.ts +2 -2
- package/apps/control-plane/src/cli/status-command-handler.ts +13 -12
- package/apps/control-plane/src/cli/tooling.ts +3 -3
- package/apps/control-plane/src/cli/types.ts +1 -1
- package/apps/control-plane/src/core/collisions.ts +27 -10
- package/apps/control-plane/src/core/constants.ts +13 -7
- package/apps/control-plane/src/core/error-codes.ts +1 -1
- package/apps/control-plane/src/core/fs.ts +11 -5
- package/apps/control-plane/src/core/gates.ts +53 -27
- package/apps/control-plane/src/core/git.ts +18 -6
- package/apps/control-plane/src/core/kernel.ts +515 -227
- package/apps/control-plane/src/core/patch.ts +7 -3
- package/apps/control-plane/src/core/path-layout.ts +5 -1
- package/apps/control-plane/src/core/path-rules.ts +19 -5
- package/apps/control-plane/src/core/qa-index.ts +26 -12
- package/apps/control-plane/src/core/response.ts +9 -6
- package/apps/control-plane/src/core/schemas.ts +29 -10
- package/apps/control-plane/src/core/tool-caller.ts +1 -1
- package/apps/control-plane/src/core/workspace-hooks.ts +5 -5
- package/apps/control-plane/src/index.ts +3 -9
- package/apps/control-plane/src/interfaces/cli/bootstrap.ts +69 -32
- package/apps/control-plane/src/mcp/kernel-tool-executor.ts +7 -3
- package/apps/control-plane/src/mcp/mcp-server-adapter.ts +12 -10
- package/apps/control-plane/src/mcp/operation-ledger.ts +18 -8
- package/apps/control-plane/src/mcp/protocol-contract.ts +2 -2
- package/apps/control-plane/src/mcp/runtime-factory.ts +15 -6
- package/apps/control-plane/src/mcp/token-auth-verifier.ts +3 -2
- package/apps/control-plane/src/mcp/token-claims-validator.ts +11 -7
- package/apps/control-plane/src/mcp/tool-authorizer.ts +1 -3
- package/apps/control-plane/src/mcp/tool-client.ts +17 -5
- package/apps/control-plane/src/mcp/tool-contract-validator.ts +17 -8
- package/apps/control-plane/src/mcp/tool-registry-loader.ts +7 -3
- package/apps/control-plane/src/mcp/tool-runtime.ts +66 -39
- package/apps/control-plane/src/mcp/tools-markdown-generator.ts +6 -1
- package/apps/control-plane/src/providers/providers.ts +72 -48
- package/apps/control-plane/src/supervisor/build-wave-executor.ts +44 -25
- package/apps/control-plane/src/supervisor/planning-wave-executor.ts +46 -33
- package/apps/control-plane/src/supervisor/prompt-bundle-loader.ts +1 -1
- package/apps/control-plane/src/supervisor/qa-wave-executor.ts +38 -23
- package/apps/control-plane/src/supervisor/run-coordinator.ts +71 -36
- package/apps/control-plane/src/supervisor/runtime.ts +59 -35
- package/apps/control-plane/src/supervisor/session-orchestrator.ts +48 -31
- package/apps/control-plane/src/supervisor/types.ts +22 -7
- package/apps/control-plane/src/supervisor/worker-decision-loop.ts +30 -20
- package/apps/control-plane/test/activity-monitor.spec.ts +54 -30
- package/apps/control-plane/test/adapter-registry.spec.ts +5 -5
- package/apps/control-plane/test/aop.spec.ts +4 -4
- package/apps/control-plane/test/batch-operations.spec.ts +20 -18
- package/apps/control-plane/test/bootstrap-attach.spec.ts +52 -19
- package/apps/control-plane/test/bootstrap-edge-cases.spec.ts +58 -27
- package/apps/control-plane/test/bootstrap.spec.ts +72 -40
- package/apps/control-plane/test/cleanup-command.spec.ts +86 -32
- package/apps/control-plane/test/cli-helpers.spec.ts +119 -66
- package/apps/control-plane/test/cli.spec.ts +1 -1
- package/apps/control-plane/test/cli.unit.spec.ts +226 -167
- package/apps/control-plane/test/collision-queue.spec.ts +49 -40
- package/apps/control-plane/test/collisions.spec.ts +30 -30
- package/apps/control-plane/test/core-utils.spec.ts +29 -15
- package/apps/control-plane/test/cost-tracking.spec.ts +38 -22
- package/apps/control-plane/test/dashboard-api.integration.spec.ts +68 -36
- package/apps/control-plane/test/dashboard-client.spec.ts +18 -12
- package/apps/control-plane/test/dashboard-command.spec.ts +11 -7
- package/apps/control-plane/test/delete-command-handler.spec.ts +49 -41
- package/apps/control-plane/test/dependency-scheduler.spec.ts +47 -20
- package/apps/control-plane/test/epoch-tracking.spec.ts +9 -9
- package/apps/control-plane/test/feature-deletion-service.spec.ts +60 -52
- package/apps/control-plane/test/feature-lifecycle.spec.ts +36 -17
- package/apps/control-plane/test/gates.spec.ts +101 -81
- package/apps/control-plane/test/git-spawn-error.spec.ts +1 -1
- package/apps/control-plane/test/helpers.ts +10 -6
- package/apps/control-plane/test/incremental-gates.spec.ts +59 -20
- package/apps/control-plane/test/init-wizard.spec.ts +162 -67
- package/apps/control-plane/test/instance-isolation.spec.ts +43 -10
- package/apps/control-plane/test/issue-tracker.spec.ts +368 -128
- package/apps/control-plane/test/kernel-collision-replay.spec.ts +50 -29
- package/apps/control-plane/test/kernel.branches.spec.ts +64 -40
- package/apps/control-plane/test/kernel.coverage.spec.ts +85 -49
- package/apps/control-plane/test/kernel.coverage2.spec.ts +109 -65
- package/apps/control-plane/test/kernel.spec.ts +134 -51
- package/apps/control-plane/test/lock-service.spec.ts +92 -68
- package/apps/control-plane/test/mcp-helpers.spec.ts +53 -39
- package/apps/control-plane/test/mcp.spec.ts +231 -115
- package/apps/control-plane/test/merge-service.spec.ts +142 -94
- package/apps/control-plane/test/multi-project.spec.ts +28 -22
- package/apps/control-plane/test/notifier-service.spec.ts +136 -92
- package/apps/control-plane/test/parallel-gates.spec.ts +51 -35
- package/apps/control-plane/test/patch-service.spec.ts +128 -48
- package/apps/control-plane/test/performance-analytics.spec.ts +99 -63
- package/apps/control-plane/test/plan-service.spec.ts +50 -39
- package/apps/control-plane/test/planning-wave-executor.spec.ts +95 -71
- package/apps/control-plane/test/policy-loader-service.spec.ts +41 -19
- package/apps/control-plane/test/pr-monitor.spec.ts +113 -64
- package/apps/control-plane/test/providers.spec.ts +133 -102
- package/apps/control-plane/test/qa-index-service.spec.ts +31 -33
- package/apps/control-plane/test/qa-index.spec.ts +58 -61
- package/apps/control-plane/test/reactions.spec.ts +88 -45
- package/apps/control-plane/test/response.spec.ts +5 -5
- package/apps/control-plane/test/resume-command.spec.ts +121 -80
- package/apps/control-plane/test/run-coordinator.spec.ts +205 -136
- package/apps/control-plane/test/schema-date-time.spec.ts +49 -41
- package/apps/control-plane/test/service-retry-paths.spec.ts +77 -57
- package/apps/control-plane/test/services.spec.ts +147 -129
- package/apps/control-plane/test/session-management.spec.ts +136 -74
- package/apps/control-plane/test/spec-ingestion.spec.ts +23 -21
- package/apps/control-plane/test/spec-input-resolver.spec.ts +11 -10
- package/apps/control-plane/test/supervisor-collaborators.spec.ts +168 -121
- package/apps/control-plane/test/supervisor.calltool.spec.ts +21 -18
- package/apps/control-plane/test/supervisor.spec.ts +67 -43
- package/apps/control-plane/test/supervisor.unit.spec.ts +195 -126
- package/apps/control-plane/test/token-auth-verifier.spec.ts +29 -14
- package/apps/control-plane/test/tool-registry-loader.spec.ts +51 -27
- package/apps/control-plane/test/tool-runtime.spec.ts +63 -46
- package/apps/control-plane/test/worker-decision-loop.spec.ts +143 -122
- package/apps/control-plane/test/workspace-hooks.spec.ts +61 -23
- package/apps/control-plane/tsconfig.build.json +2 -7
- package/apps/control-plane/tsconfig.json +1 -5
- package/apps/control-plane/vitest.config.ts +7 -7
- package/dist/apps/control-plane/application/adapters/adapter-registry.js +12 -5
- package/dist/apps/control-plane/application/adapters/adapter-registry.js.map +1 -1
- package/dist/apps/control-plane/application/multi-project-loader.js +26 -9
- package/dist/apps/control-plane/application/multi-project-loader.js.map +1 -1
- package/dist/apps/control-plane/application/services/activity-monitor-service.js +7 -7
- package/dist/apps/control-plane/application/services/activity-monitor-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/collision-queue-service.js +7 -7
- package/dist/apps/control-plane/application/services/collision-queue-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/cost-tracking-service.js +6 -8
- package/dist/apps/control-plane/application/services/cost-tracking-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/dependency-scheduler-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/feature-deletion-service.js +37 -29
- package/dist/apps/control-plane/application/services/feature-deletion-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/feature-lifecycle-service.js +10 -10
- package/dist/apps/control-plane/application/services/feature-lifecycle-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/feature-state-service.js +11 -11
- package/dist/apps/control-plane/application/services/feature-state-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/gate-interpolation-service.js +3 -1
- package/dist/apps/control-plane/application/services/gate-interpolation-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/gate-service.js +26 -26
- package/dist/apps/control-plane/application/services/gate-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/instance-isolation-service.js +1 -1
- package/dist/apps/control-plane/application/services/instance-isolation-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/issue-tracker-service.js +25 -15
- package/dist/apps/control-plane/application/services/issue-tracker-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/lock-service.js +32 -32
- package/dist/apps/control-plane/application/services/lock-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/merge-service.js +41 -27
- package/dist/apps/control-plane/application/services/merge-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/notifier-service.js +29 -15
- package/dist/apps/control-plane/application/services/notifier-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/patch-service.js +21 -19
- package/dist/apps/control-plane/application/services/patch-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/performance-analytics-service.js +4 -4
- package/dist/apps/control-plane/application/services/performance-analytics-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/plan-service.js +33 -33
- package/dist/apps/control-plane/application/services/plan-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/policy-loader-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/pr-monitor-service.js +23 -11
- package/dist/apps/control-plane/application/services/pr-monitor-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/qa-index-service.js +11 -11
- package/dist/apps/control-plane/application/services/qa-index-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/reactions-service.js +13 -9
- package/dist/apps/control-plane/application/services/reactions-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/reporting-service.js +11 -9
- package/dist/apps/control-plane/application/services/reporting-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/run-lease-service.js +34 -33
- package/dist/apps/control-plane/application/services/run-lease-service.js.map +1 -1
- package/dist/apps/control-plane/application/tools/tool-metadata.js +2 -2
- package/dist/apps/control-plane/application/tools/tool-router.js.map +1 -1
- package/dist/apps/control-plane/cli/attach-command-handler.js +9 -9
- package/dist/apps/control-plane/cli/cleanup-command-handler.js +11 -9
- package/dist/apps/control-plane/cli/cleanup-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/cli-argument-parser.js +4 -3
- package/dist/apps/control-plane/cli/cli-argument-parser.js.map +1 -1
- package/dist/apps/control-plane/cli/dashboard-command-handler.js +23 -7
- package/dist/apps/control-plane/cli/dashboard-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/delete-command-handler.js +7 -7
- package/dist/apps/control-plane/cli/help-command-handler.js +58 -30
- package/dist/apps/control-plane/cli/help-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/init-command-handler.js +44 -33
- package/dist/apps/control-plane/cli/init-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/io.js +2 -2
- package/dist/apps/control-plane/cli/io.js.map +1 -1
- package/dist/apps/control-plane/cli/resume-command-handler.js +9 -9
- package/dist/apps/control-plane/cli/resume-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/retry-command-handler.js +12 -11
- package/dist/apps/control-plane/cli/retry-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/run-command-handler.js +12 -8
- package/dist/apps/control-plane/cli/run-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/send-command-handler.js +6 -6
- package/dist/apps/control-plane/cli/spec-ingestion-service.js +10 -8
- package/dist/apps/control-plane/cli/spec-ingestion-service.js.map +1 -1
- package/dist/apps/control-plane/cli/spec-input-resolver.js.map +1 -1
- package/dist/apps/control-plane/cli/spec-utils.js.map +1 -1
- package/dist/apps/control-plane/cli/status-command-handler.js +8 -8
- package/dist/apps/control-plane/cli/status-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/tooling.js +1 -1
- package/dist/apps/control-plane/core/collisions.js +11 -8
- package/dist/apps/control-plane/core/collisions.js.map +1 -1
- package/dist/apps/control-plane/core/constants.js +13 -7
- package/dist/apps/control-plane/core/constants.js.map +1 -1
- package/dist/apps/control-plane/core/error-codes.js +1 -1
- package/dist/apps/control-plane/core/fs.js.map +1 -1
- package/dist/apps/control-plane/core/gates.d.ts +2 -2
- package/dist/apps/control-plane/core/gates.js +26 -19
- package/dist/apps/control-plane/core/gates.js.map +1 -1
- package/dist/apps/control-plane/core/git.js +3 -3
- package/dist/apps/control-plane/core/git.js.map +1 -1
- package/dist/apps/control-plane/core/kernel.d.ts +1 -0
- package/dist/apps/control-plane/core/kernel.js +134 -81
- package/dist/apps/control-plane/core/kernel.js.map +1 -1
- package/dist/apps/control-plane/core/patch.js +7 -3
- package/dist/apps/control-plane/core/patch.js.map +1 -1
- package/dist/apps/control-plane/core/path-layout.d.ts +1 -0
- package/dist/apps/control-plane/core/path-layout.js +4 -1
- package/dist/apps/control-plane/core/path-layout.js.map +1 -1
- package/dist/apps/control-plane/core/path-rules.js +3 -1
- package/dist/apps/control-plane/core/path-rules.js.map +1 -1
- package/dist/apps/control-plane/core/qa-index.js +5 -5
- package/dist/apps/control-plane/core/qa-index.js.map +1 -1
- package/dist/apps/control-plane/core/response.js +3 -3
- package/dist/apps/control-plane/core/response.js.map +1 -1
- package/dist/apps/control-plane/core/schemas.js +10 -6
- package/dist/apps/control-plane/core/schemas.js.map +1 -1
- package/dist/apps/control-plane/core/workspace-hooks.js +3 -3
- package/dist/apps/control-plane/index.d.ts +1 -1
- package/dist/apps/control-plane/index.js +1 -1
- package/dist/apps/control-plane/index.js.map +1 -1
- package/dist/apps/control-plane/interfaces/cli/bootstrap.js +31 -20
- package/dist/apps/control-plane/interfaces/cli/bootstrap.js.map +1 -1
- package/dist/apps/control-plane/mcp/kernel-tool-executor.js +1 -1
- package/dist/apps/control-plane/mcp/kernel-tool-executor.js.map +1 -1
- package/dist/apps/control-plane/mcp/mcp-server-adapter.js +6 -7
- package/dist/apps/control-plane/mcp/mcp-server-adapter.js.map +1 -1
- package/dist/apps/control-plane/mcp/operation-ledger.js +5 -5
- package/dist/apps/control-plane/mcp/operation-ledger.js.map +1 -1
- package/dist/apps/control-plane/mcp/protocol-contract.js +2 -2
- package/dist/apps/control-plane/mcp/runtime-factory.js +2 -2
- package/dist/apps/control-plane/mcp/runtime-factory.js.map +1 -1
- package/dist/apps/control-plane/mcp/token-auth-verifier.js +1 -1
- package/dist/apps/control-plane/mcp/token-auth-verifier.js.map +1 -1
- package/dist/apps/control-plane/mcp/token-claims-validator.js +5 -5
- package/dist/apps/control-plane/mcp/token-claims-validator.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-authorizer.js +1 -3
- package/dist/apps/control-plane/mcp/tool-authorizer.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-client.js +2 -2
- package/dist/apps/control-plane/mcp/tool-client.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-contract-validator.js +3 -3
- package/dist/apps/control-plane/mcp/tool-contract-validator.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-registry-loader.js +1 -1
- package/dist/apps/control-plane/mcp/tool-registry-loader.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-runtime.js +17 -17
- package/dist/apps/control-plane/mcp/tool-runtime.js.map +1 -1
- package/dist/apps/control-plane/mcp/tools-markdown-generator.js +6 -1
- package/dist/apps/control-plane/mcp/tools-markdown-generator.js.map +1 -1
- package/dist/apps/control-plane/providers/providers.d.ts +1 -1
- package/dist/apps/control-plane/providers/providers.js +31 -34
- package/dist/apps/control-plane/providers/providers.js.map +1 -1
- package/dist/apps/control-plane/supervisor/build-wave-executor.js +12 -12
- package/dist/apps/control-plane/supervisor/build-wave-executor.js.map +1 -1
- package/dist/apps/control-plane/supervisor/planning-wave-executor.js +19 -16
- package/dist/apps/control-plane/supervisor/planning-wave-executor.js.map +1 -1
- package/dist/apps/control-plane/supervisor/prompt-bundle-loader.js +1 -1
- package/dist/apps/control-plane/supervisor/qa-wave-executor.js +13 -13
- package/dist/apps/control-plane/supervisor/qa-wave-executor.js.map +1 -1
- package/dist/apps/control-plane/supervisor/run-coordinator.js +37 -20
- package/dist/apps/control-plane/supervisor/run-coordinator.js.map +1 -1
- package/dist/apps/control-plane/supervisor/runtime.js +25 -21
- package/dist/apps/control-plane/supervisor/runtime.js.map +1 -1
- package/dist/apps/control-plane/supervisor/session-orchestrator.js +29 -23
- package/dist/apps/control-plane/supervisor/session-orchestrator.js.map +1 -1
- package/dist/apps/control-plane/supervisor/types.d.ts +3 -3
- package/dist/apps/control-plane/supervisor/types.js.map +1 -1
- package/dist/apps/control-plane/supervisor/worker-decision-loop.js +14 -16
- package/dist/apps/control-plane/supervisor/worker-decision-loop.js.map +1 -1
- package/eslint.config.mjs +20 -20
- package/example-configurations/README.md +1 -1
- package/example-configurations/java/agents.yaml +3 -3
- package/example-configurations/java/policy.yaml +1 -1
- package/example-configurations/node/agents.yaml +3 -3
- package/example-configurations/node/policy.yaml +1 -1
- package/package.json +10 -5
- package/packages/web-dashboard/next.config.js +2 -2
- package/packages/web-dashboard/src/app/api/actions/route.ts +25 -9
- package/packages/web-dashboard/src/app/api/events/route.ts +20 -6
- package/packages/web-dashboard/src/app/api/features/[id]/checkout/route.ts +88 -37
- package/packages/web-dashboard/src/app/api/features/[id]/evidence/[artifact]/route.ts +8 -5
- package/packages/web-dashboard/src/app/api/features/[id]/review/route.ts +27 -9
- package/packages/web-dashboard/src/app/api/features/[id]/route.ts +5 -2
- package/packages/web-dashboard/src/app/api/projects/route.ts +5 -5
- package/packages/web-dashboard/src/app/globals.css +10 -2
- package/packages/web-dashboard/src/app/page.tsx +100 -37
- package/packages/web-dashboard/src/lib/aop-client.ts +68 -37
- package/packages/web-dashboard/src/lib/multi-project-config.ts +28 -7
- package/packages/web-dashboard/src/lib/orchestrator-tools.ts +59 -36
- package/packages/web-dashboard/tsconfig.json +3 -11
- package/scripts/nx-safe.mjs +10 -10
- package/spec-files/completed/agentic_orchestrator_cli_delete_command_spec.md +5 -0
- package/spec-files/completed/agentic_orchestrator_feature_gaps_closure_spec.md +187 -90
- package/spec-files/completed/agentic_orchestrator_init_policy_ux_simplification_spec.md +49 -16
- package/spec-files/completed/agentic_orchestrator_mcp_formalization_spec.md +24 -1
- package/spec-files/completed/agentic_orchestrator_single_global_orchestrator_spec.md +9 -0
- package/spec-files/completed/agentic_orchestrator_spec.md +171 -75
- package/spec-files/completed/agentic_orchestrator_validator_hardening_spec.md +25 -17
- package/spec-files/outstanding/agentic_orchestrator_artifact_database_publishing_spec.md +40 -5
- package/spec-files/outstanding/agentic_orchestrator_enterprise_governance_dashboard_spec.md +23 -12
- package/spec-files/outstanding/agentic_orchestrator_knowledge_canary_spec.md +16 -4
- package/spec-files/outstanding/agentic_orchestrator_observability_integrity_diagnostics_spec.md +42 -2
- package/spec-files/outstanding/agentic_orchestrator_performance_improvements_spec.md +209 -130
- package/spec-files/outstanding/agentic_orchestrator_planning_review_quality_spec.md +56 -3
- package/spec-files/outstanding/agentic_orchestrator_productization_commercial_spec.md +77 -10
- package/spec-files/outstanding/agentic_orchestrator_quality_adoption_execution_spec.md +29 -14
- package/spec-files/progress.md +186 -175
- package/tsconfig.json +2 -8
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
### 0.1 Required Standards
|
|
15
15
|
|
|
16
16
|
All implementation MUST preserve:
|
|
17
|
+
|
|
17
18
|
- All three validators continue to pass on a clean codebase with zero output on success
|
|
18
19
|
- CI command signatures are unchanged: `npm run validate:mcp-contracts`, `npm run validate:docker-mcp`, `npm run validate:architecture`
|
|
19
20
|
- Exit code 1 on any new failure; exit code 0 only when all checks pass
|
|
@@ -22,6 +23,7 @@ All implementation MUST preserve:
|
|
|
22
23
|
### 0.2 Upstream Inputs
|
|
23
24
|
|
|
24
25
|
Implementing agents MUST read:
|
|
26
|
+
|
|
25
27
|
- `agentic/orchestrator/tools/catalog.json` — source of truth for tool metadata
|
|
26
28
|
- `apps/control-plane/src/application/tools/tool-metadata.ts` — `MUTATING_TOOLS` runtime list
|
|
27
29
|
- `apps/control-plane/src/core/constants.ts` — `TOOLS` constants
|
|
@@ -33,6 +35,7 @@ Implementing agents MUST read:
|
|
|
33
35
|
### 0.3 Feature Scope
|
|
34
36
|
|
|
35
37
|
This spec implements improvements in three areas:
|
|
38
|
+
|
|
36
39
|
- **V1** MCP contract cross-validation hardening
|
|
37
40
|
- **V2** Docker MCP contract completeness
|
|
38
41
|
- **V3** Architecture rule completeness and correctness
|
|
@@ -100,12 +103,13 @@ const mutatingInCatalog = tool.mutating === true;
|
|
|
100
103
|
const mutatingInCode = TOOL_BEHAVIOR_METADATA[tool.handler_id]?.mutating === true;
|
|
101
104
|
if (mutatingInCatalog !== mutatingInCode) {
|
|
102
105
|
errors.push(
|
|
103
|
-
`Tool "${tool.handler_id}" mutating flag mismatch: catalog=${mutatingInCatalog}, code=${mutatingInCode}
|
|
106
|
+
`Tool "${tool.handler_id}" mutating flag mismatch: catalog=${mutatingInCatalog}, code=${mutatingInCode}`,
|
|
104
107
|
);
|
|
105
108
|
}
|
|
106
109
|
```
|
|
107
110
|
|
|
108
111
|
**Failure message example:**
|
|
112
|
+
|
|
109
113
|
```
|
|
110
114
|
✗ Tool "cost.record" mutating flag mismatch: catalog=true, code=false
|
|
111
115
|
Fix: add TOOLS.COST_RECORD to MUTATING_TOOLS in tool-metadata.ts
|
|
@@ -147,11 +151,13 @@ for (const tool of catalog.tools) {
|
|
|
147
151
|
**Check:** Collect all `.json` files under `agentic/orchestrator/tools/schemas/input/` and `schemas/output/`. Compare against the set of schema refs mentioned in the catalog. Files on disk that are not referenced by any tool are reported as orphans.
|
|
148
152
|
|
|
149
153
|
**Known current orphans (informational, not blocking — these may be shared base schemas):**
|
|
154
|
+
|
|
150
155
|
- `schemas/input/mutating.schema.json`
|
|
151
156
|
- `schemas/input/read.schema.json`
|
|
152
157
|
- `schemas/output/standard_success.schema.json`
|
|
153
158
|
|
|
154
159
|
These three files should be either:
|
|
160
|
+
|
|
155
161
|
1. Added as `$ref` base schemas used by at least one tool, or
|
|
156
162
|
2. Explicitly listed in a `known_shared_schemas` array in the validator (not subject to orphan check).
|
|
157
163
|
|
|
@@ -169,7 +175,11 @@ const allSchemaFiles = [
|
|
|
169
175
|
...glob.sync('schemas/output/*.json', { cwd: toolsDir }),
|
|
170
176
|
];
|
|
171
177
|
|
|
172
|
-
const knownShared = new Set([
|
|
178
|
+
const knownShared = new Set([
|
|
179
|
+
'schemas/input/mutating.schema.json',
|
|
180
|
+
'schemas/input/read.schema.json',
|
|
181
|
+
'schemas/output/standard_success.schema.json',
|
|
182
|
+
]);
|
|
173
183
|
|
|
174
184
|
for (const file of allSchemaFiles) {
|
|
175
185
|
if (!referencedSchemas.has(file) && !knownShared.has(file)) {
|
|
@@ -216,7 +226,7 @@ assert(fromMatch, 'Dockerfile must use a pinned Node version (e.g. node:22-bookw
|
|
|
216
226
|
const nodeMajor = parseInt(fromMatch[1], 10);
|
|
217
227
|
assert(
|
|
218
228
|
nodeMajor >= MIN_NODE_MAJOR,
|
|
219
|
-
`Dockerfile Node version ${nodeMajor} is below minimum required ${MIN_NODE_MAJOR}
|
|
229
|
+
`Dockerfile Node version ${nodeMajor} is below minimum required ${MIN_NODE_MAJOR}`,
|
|
220
230
|
);
|
|
221
231
|
```
|
|
222
232
|
|
|
@@ -229,10 +239,7 @@ assert(
|
|
|
229
239
|
```javascript
|
|
230
240
|
const entrypointPath = path.resolve(repoRoot, 'docker', 'entrypoint.sh');
|
|
231
241
|
const entrypoint = fs.readFileSync(entrypointPath, 'utf8');
|
|
232
|
-
assert(
|
|
233
|
-
/\bexec\s+"\$@"/.test(entrypoint),
|
|
234
|
-
'Entrypoint script must contain exec "$@" passthrough'
|
|
235
|
-
);
|
|
242
|
+
assert(/\bexec\s+"\$@"/.test(entrypoint), 'Entrypoint script must contain exec "$@" passthrough');
|
|
236
243
|
```
|
|
237
244
|
|
|
238
245
|
---
|
|
@@ -253,7 +260,7 @@ assert(
|
|
|
253
260
|
function classifyFile(relativePath) {
|
|
254
261
|
if (relativePath.startsWith('application/services/')) return 'application-services';
|
|
255
262
|
if (relativePath.startsWith('application/tools/')) return 'application-tools';
|
|
256
|
-
if (relativePath.startsWith('application/')) return 'application';
|
|
263
|
+
if (relativePath.startsWith('application/')) return 'application'; // NEW
|
|
257
264
|
if (relativePath.startsWith('cli/')) return 'cli';
|
|
258
265
|
if (relativePath.startsWith('core/')) return 'core';
|
|
259
266
|
if (relativePath.startsWith('interfaces/')) return 'interfaces';
|
|
@@ -269,7 +276,7 @@ function classifyFile(relativePath) {
|
|
|
269
276
|
```javascript
|
|
270
277
|
const ARCHITECTURE_RULES = {
|
|
271
278
|
// existing rules ...
|
|
272
|
-
|
|
279
|
+
application: ['cli', 'interfaces', 'supervisor'], // NEW: same restrictions as application-services
|
|
273
280
|
};
|
|
274
281
|
```
|
|
275
282
|
|
|
@@ -303,6 +310,7 @@ const EXEMPT_FILES = new Set(['index.ts']);
|
|
|
303
310
|
Before adding this rule, verify that no existing `core/` file currently imports from those layers. If any do, they must be refactored to eliminate the import first.
|
|
304
311
|
|
|
305
312
|
**Verification command:**
|
|
313
|
+
|
|
306
314
|
```bash
|
|
307
315
|
grep -r "from.*application\|from.*mcp\|from.*providers" apps/control-plane/src/core/ --include="*.ts"
|
|
308
316
|
```
|
|
@@ -355,11 +363,11 @@ Implement in this order to avoid false CI failures:
|
|
|
355
363
|
|
|
356
364
|
## 8. Files Affected
|
|
357
365
|
|
|
358
|
-
| File
|
|
359
|
-
|
|
360
|
-
| `apps/control-plane/scripts/validate-mcp-contracts.ts`
|
|
361
|
-
| `apps/control-plane/scripts/validate-architecture-rules.mjs`
|
|
362
|
-
| `apps/control-plane/scripts/validate-docker-mcp-contract.mjs` | Add checks 4.1–4.2
|
|
363
|
-
| `apps/control-plane/src/application/tools/tool-metadata.ts`
|
|
364
|
-
| `apps/control-plane/test/tool-metadata.spec.ts`
|
|
365
|
-
| `spec-files/progress.md`
|
|
366
|
+
| File | Change Type |
|
|
367
|
+
| ------------------------------------------------------------- | --------------------------------------------- |
|
|
368
|
+
| `apps/control-plane/scripts/validate-mcp-contracts.ts` | Add checks 3.1–3.4 |
|
|
369
|
+
| `apps/control-plane/scripts/validate-architecture-rules.mjs` | Add checks 5.1–5.2 |
|
|
370
|
+
| `apps/control-plane/scripts/validate-docker-mcp-contract.mjs` | Add checks 4.1–4.2 |
|
|
371
|
+
| `apps/control-plane/src/application/tools/tool-metadata.ts` | Add `TOOLS.COST_RECORD` to `MUTATING_TOOLS` |
|
|
372
|
+
| `apps/control-plane/test/tool-metadata.spec.ts` | Add tests for `COST_RECORD` mutating behavior |
|
|
373
|
+
| `spec-files/progress.md` | Update with completed milestone |
|
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
### 0.1 Required Standards
|
|
15
15
|
|
|
16
16
|
All implementation MUST preserve:
|
|
17
|
+
|
|
17
18
|
- deterministic runtime behavior and MCP/in-process parity
|
|
18
19
|
- existing command behavior when publishing is disabled
|
|
19
20
|
- normalized error envelope (`{ ok: false, error: { code, message, details } }`)
|
|
@@ -23,6 +24,7 @@ All implementation MUST preserve:
|
|
|
23
24
|
### 0.2 Upstream Inputs
|
|
24
25
|
|
|
25
26
|
Implementing agents MUST read:
|
|
27
|
+
|
|
26
28
|
- `apps/control-plane/src/core/path-layout.ts`
|
|
27
29
|
- `apps/control-plane/src/core/kernel.ts`
|
|
28
30
|
- `apps/control-plane/src/supervisor/run-coordinator.ts`
|
|
@@ -42,6 +44,7 @@ Implementing agents MUST read:
|
|
|
42
44
|
### 0.3 Feature Scope
|
|
43
45
|
|
|
44
46
|
This spec implements three slices:
|
|
47
|
+
|
|
45
48
|
- **DB1** Configurable artifact publishing policy + database connection contract
|
|
46
49
|
- **DB2** Post-run and manual publishing pipeline with idempotent checkpoints
|
|
47
50
|
- **DB3** Local Docker database mode (`database.type: local`)
|
|
@@ -76,6 +79,7 @@ Database rows are derived artifacts for analytics/audit. `.aop/**` remains autho
|
|
|
76
79
|
### 2.2 First-Class Publisher Service
|
|
77
80
|
|
|
78
81
|
All publishing must route through a single service boundary (`ArtifactPublisherService`) to centralize:
|
|
82
|
+
|
|
79
83
|
- artifact enumeration
|
|
80
84
|
- normalization and hashing
|
|
81
85
|
- DB transaction semantics
|
|
@@ -104,8 +108,8 @@ Add `artifact_publishing` section to policy (full + defaults + schema):
|
|
|
104
108
|
```yaml
|
|
105
109
|
artifact_publishing:
|
|
106
110
|
enabled: false
|
|
107
|
-
trigger: post_run
|
|
108
|
-
mode: best_effort
|
|
111
|
+
trigger: post_run # post_run | manual_only
|
|
112
|
+
mode: best_effort # best_effort | required
|
|
109
113
|
include_content:
|
|
110
114
|
state_md: true
|
|
111
115
|
plan_json: true
|
|
@@ -113,12 +117,12 @@ artifact_publishing:
|
|
|
113
117
|
qa_index_json: true
|
|
114
118
|
gate_logs_preview_bytes: 16384
|
|
115
119
|
database:
|
|
116
|
-
type: postgres
|
|
120
|
+
type: postgres # postgres | local
|
|
117
121
|
target_id: default
|
|
118
122
|
postgres:
|
|
119
|
-
connection_uri:
|
|
123
|
+
connection_uri: '${AOP_AUDIT_DB_URL}'
|
|
120
124
|
schema: aop_audit
|
|
121
|
-
ssl_mode: require
|
|
125
|
+
ssl_mode: require # disable | require
|
|
122
126
|
connect_timeout_ms: 8000
|
|
123
127
|
local:
|
|
124
128
|
engine: postgres
|
|
@@ -136,6 +140,7 @@ artifact_publishing:
|
|
|
136
140
|
### 3.2 YAML Validation
|
|
137
141
|
|
|
138
142
|
`agentic/orchestrator/schemas/policy.schema.json` MUST validate the new section with:
|
|
143
|
+
|
|
139
144
|
- strict enums for `trigger`, `mode`, `database.type`
|
|
140
145
|
- required `postgres.connection_uri` when `type: postgres`
|
|
141
146
|
- required local fields when `type: local`
|
|
@@ -157,6 +162,7 @@ artifact_publishing:
|
|
|
157
162
|
### 4.1 Artifacts Included Per Run
|
|
158
163
|
|
|
159
164
|
Minimum dataset for a run publish:
|
|
165
|
+
|
|
160
166
|
- `.aop/features/index.json`
|
|
161
167
|
- `.aop/runtime/operation-ledger/<run_id>.json`
|
|
162
168
|
- for each feature in run scope:
|
|
@@ -170,6 +176,7 @@ Minimum dataset for a run publish:
|
|
|
170
176
|
### 4.2 Normalized Record Categories
|
|
171
177
|
|
|
172
178
|
Publisher MUST normalize into these logical categories:
|
|
179
|
+
|
|
173
180
|
- `run_summary`
|
|
174
181
|
- `feature_snapshot`
|
|
175
182
|
- `tool_execution`
|
|
@@ -181,6 +188,7 @@ Publisher MUST normalize into these logical categories:
|
|
|
181
188
|
### 4.3 Hashing and Determinism
|
|
182
189
|
|
|
183
190
|
For each artifact row:
|
|
191
|
+
|
|
184
192
|
- include `content_sha256`
|
|
185
193
|
- include `relative_path`
|
|
186
194
|
- normalize JSON key order before hashing JSON content
|
|
@@ -193,6 +201,7 @@ For each artifact row:
|
|
|
193
201
|
### 5.1 Required Tables
|
|
194
202
|
|
|
195
203
|
1. `aop_publish_runs`
|
|
204
|
+
|
|
196
205
|
- `publish_id` (PK)
|
|
197
206
|
- `target_id`
|
|
198
207
|
- `run_id`
|
|
@@ -202,6 +211,7 @@ For each artifact row:
|
|
|
202
211
|
- `error_code`, `error_message`
|
|
203
212
|
|
|
204
213
|
2. `aop_runs`
|
|
214
|
+
|
|
205
215
|
- `run_id` (PK)
|
|
206
216
|
- `project_root_hash`
|
|
207
217
|
- `started_at`
|
|
@@ -210,6 +220,7 @@ For each artifact row:
|
|
|
210
220
|
- `runtime_status`
|
|
211
221
|
|
|
212
222
|
3. `aop_features`
|
|
223
|
+
|
|
213
224
|
- composite PK: (`run_id`, `feature_id`)
|
|
214
225
|
- `status`
|
|
215
226
|
- `branch`
|
|
@@ -219,6 +230,7 @@ For each artifact row:
|
|
|
219
230
|
- `tokens_used`
|
|
220
231
|
|
|
221
232
|
4. `aop_tool_executions`
|
|
233
|
+
|
|
222
234
|
- composite PK: (`run_id`, `operation_id`)
|
|
223
235
|
- `feature_id`
|
|
224
236
|
- `tool_name`
|
|
@@ -230,6 +242,7 @@ For each artifact row:
|
|
|
230
242
|
- `created_at`, `updated_at`
|
|
231
243
|
|
|
232
244
|
5. `aop_gate_executions`
|
|
245
|
+
|
|
233
246
|
- surrogate PK + unique (`run_id`, `feature_id`, `gate_name`, `executed_at`)
|
|
234
247
|
- `result`, `exit_code`
|
|
235
248
|
- `mode`
|
|
@@ -237,11 +250,13 @@ For each artifact row:
|
|
|
237
250
|
- `logs_preview`
|
|
238
251
|
|
|
239
252
|
6. `aop_decisions`
|
|
253
|
+
|
|
240
254
|
- surrogate PK + index (`run_id`, `feature_id`, `line_no`)
|
|
241
255
|
- `entry_text`
|
|
242
256
|
- `entry_hash`
|
|
243
257
|
|
|
244
258
|
7. `aop_artifact_manifest`
|
|
259
|
+
|
|
245
260
|
- composite PK: (`run_id`, `feature_id`, `relative_path`)
|
|
246
261
|
- `size_bytes`
|
|
247
262
|
- `content_sha256`
|
|
@@ -260,6 +275,7 @@ For each artifact row:
|
|
|
260
275
|
### 6.1 Automatic Post-Run Publishing
|
|
261
276
|
|
|
262
277
|
`RunCommandHandler.execute(...)` flow extension:
|
|
278
|
+
|
|
263
279
|
1. run supervisor cycle (`supervisor.start(...)`)
|
|
264
280
|
2. if `artifact_publishing.enabled && trigger == post_run`, invoke publisher
|
|
265
281
|
3. attach publish result under response payload:
|
|
@@ -270,9 +286,11 @@ For each artifact row:
|
|
|
270
286
|
### 6.2 Manual Publishing
|
|
271
287
|
|
|
272
288
|
Add CLI command:
|
|
289
|
+
|
|
273
290
|
- `aop publish [--run-id <id>] [--latest] [--dry-run] [--strict]`
|
|
274
291
|
|
|
275
292
|
Behavior:
|
|
293
|
+
|
|
276
294
|
- default `--latest` when no run id provided
|
|
277
295
|
- `--dry-run` builds manifest + stats without DB writes
|
|
278
296
|
- `--strict` forces non-zero exit on publish failure regardless of policy mode
|
|
@@ -280,6 +298,7 @@ Behavior:
|
|
|
280
298
|
### 6.3 MCP Tool Surface
|
|
281
299
|
|
|
282
300
|
Add tools:
|
|
301
|
+
|
|
283
302
|
- `artifacts.publish` (mutating: true)
|
|
284
303
|
- `artifacts.publish_status` (mutating: false)
|
|
285
304
|
|
|
@@ -292,6 +311,7 @@ Add tools:
|
|
|
292
311
|
### 7.1 Behavior
|
|
293
312
|
|
|
294
313
|
When `database.type: local`:
|
|
314
|
+
|
|
295
315
|
1. verify Docker CLI availability
|
|
296
316
|
2. verify/start container using configured image/name/port/volume
|
|
297
317
|
3. wait for DB health/readiness
|
|
@@ -301,6 +321,7 @@ When `database.type: local`:
|
|
|
301
321
|
### 7.2 Local Runtime Artifacts
|
|
302
322
|
|
|
303
323
|
Persist local DB runtime metadata under:
|
|
324
|
+
|
|
304
325
|
- `.aop/runtime/artifact-publishing/local-db.json`
|
|
305
326
|
|
|
306
327
|
Contract example:
|
|
@@ -321,6 +342,7 @@ Contract example:
|
|
|
321
342
|
### 7.3 Docker Failure Handling
|
|
322
343
|
|
|
323
344
|
Errors must map cleanly:
|
|
345
|
+
|
|
324
346
|
- `artifact_publish_local_docker_unavailable`
|
|
325
347
|
- `artifact_publish_local_start_failed`
|
|
326
348
|
- `artifact_publish_local_unhealthy`
|
|
@@ -332,6 +354,7 @@ If mode is `best_effort`, run continues and publish failure is reported in paylo
|
|
|
332
354
|
## 8. Error Codes
|
|
333
355
|
|
|
334
356
|
Add to `apps/control-plane/src/core/error-codes.ts`:
|
|
357
|
+
|
|
335
358
|
- `artifact_publish_config_invalid`
|
|
336
359
|
- `artifact_publish_target_unconfigured`
|
|
337
360
|
- `artifact_publish_connect_failed`
|
|
@@ -349,40 +372,49 @@ Add to `apps/control-plane/src/core/error-codes.ts`:
|
|
|
349
372
|
## 9.1 DB1: Configuration + Validation
|
|
350
373
|
|
|
351
374
|
### DB1-T1 Policy contract
|
|
375
|
+
|
|
352
376
|
- update `policy.yaml` examples
|
|
353
377
|
- update `policy.defaults.yaml`
|
|
354
378
|
- extend `policy.schema.json`
|
|
355
379
|
|
|
356
380
|
### DB1-T2 Typed policy accessors
|
|
381
|
+
|
|
357
382
|
- add typed readers for `artifact_publishing` section in kernel/service layer
|
|
358
383
|
|
|
359
384
|
### DB1-T3 Config normalization
|
|
385
|
+
|
|
360
386
|
- implement env interpolation + normalization helper
|
|
361
387
|
|
|
362
388
|
## 9.2 DB2: Publisher pipeline
|
|
363
389
|
|
|
364
390
|
### DB2-T1 Artifact enumeration
|
|
391
|
+
|
|
365
392
|
- deterministic scanner for run/feature artifacts
|
|
366
393
|
- manifest builder with hashes and size
|
|
367
394
|
|
|
368
395
|
### DB2-T2 Store interface and Postgres adapter
|
|
396
|
+
|
|
369
397
|
- `ArtifactAuditStore` interface
|
|
370
398
|
- `PostgresArtifactAuditStore` implementation (transactional upsert)
|
|
371
399
|
|
|
372
400
|
### DB2-T3 Checkpointing and idempotency
|
|
401
|
+
|
|
373
402
|
- write local checkpoint under `.aop/runtime/artifact-publishing/checkpoints/<run_id>.json`
|
|
374
403
|
- support safe retries after partial failures
|
|
375
404
|
|
|
376
405
|
### DB2-T4 Trigger integration
|
|
406
|
+
|
|
377
407
|
- invoke publisher from run flow and manual command path
|
|
378
408
|
|
|
379
409
|
## 9.3 DB3: Local Docker orchestration
|
|
380
410
|
|
|
381
411
|
### DB3-T1 Local DB manager
|
|
412
|
+
|
|
382
413
|
- start/inspect/wait for container
|
|
383
414
|
- compute connection URI for local target
|
|
384
415
|
|
|
385
416
|
### DB3-T2 Local-only smoke checks
|
|
417
|
+
|
|
386
418
|
- optional smoke test command for local mode readiness
|
|
387
419
|
|
|
388
420
|
---
|
|
@@ -390,6 +422,7 @@ Add to `apps/control-plane/src/core/error-codes.ts`:
|
|
|
390
422
|
## 10. File Targets
|
|
391
423
|
|
|
392
424
|
### 10.1 New files
|
|
425
|
+
|
|
393
426
|
- `apps/control-plane/src/application/services/artifact-publisher-service.ts`
|
|
394
427
|
- `apps/control-plane/src/application/services/artifact-manifest-service.ts`
|
|
395
428
|
- `apps/control-plane/src/application/services/artifact-audit-store.ts`
|
|
@@ -403,6 +436,7 @@ Add to `apps/control-plane/src/core/error-codes.ts`:
|
|
|
403
436
|
- `apps/control-plane/src/application/services/sql/artifact-publishing/postgres/001_init.sql`
|
|
404
437
|
|
|
405
438
|
### 10.2 Existing files to modify
|
|
439
|
+
|
|
406
440
|
- `apps/control-plane/src/core/kernel.ts`
|
|
407
441
|
- `apps/control-plane/src/core/constants.ts`
|
|
408
442
|
- `apps/control-plane/src/core/error-codes.ts`
|
|
@@ -420,6 +454,7 @@ Add to `apps/control-plane/src/core/error-codes.ts`:
|
|
|
420
454
|
- `README.md`
|
|
421
455
|
|
|
422
456
|
### 10.3 Tests
|
|
457
|
+
|
|
423
458
|
- `apps/control-plane/test/artifact-publisher.spec.ts` (new)
|
|
424
459
|
- `apps/control-plane/test/local-artifact-db-manager.spec.ts` (new)
|
|
425
460
|
- `apps/control-plane/test/run-command.spec.ts` (extend post-run publish assertions)
|
|
@@ -14,12 +14,14 @@
|
|
|
14
14
|
### 0.1 Feature Scope
|
|
15
15
|
|
|
16
16
|
This spec implements:
|
|
17
|
+
|
|
17
18
|
- **Q5** Compliance Policy Packs + Control Export
|
|
18
19
|
- **Q6** Dashboard AuthN/AuthZ + SSO + Audit Federation
|
|
19
20
|
|
|
20
21
|
### 0.2 Required Standards
|
|
21
22
|
|
|
22
23
|
Implementation MUST preserve:
|
|
24
|
+
|
|
23
25
|
- deterministic evidence mapping
|
|
24
26
|
- explicit authorization for all mutating dashboard actions
|
|
25
27
|
- audit-log completeness for privileged operations
|
|
@@ -77,22 +79,22 @@ compliance:
|
|
|
77
79
|
dashboard:
|
|
78
80
|
auth:
|
|
79
81
|
enabled: false
|
|
80
|
-
mode: oidc_or_api_key
|
|
82
|
+
mode: oidc_or_api_key # oidc | api_key | oidc_or_api_key
|
|
81
83
|
oidc:
|
|
82
|
-
issuer:
|
|
83
|
-
client_id:
|
|
84
|
-
audience:
|
|
84
|
+
issuer: ''
|
|
85
|
+
client_id: ''
|
|
86
|
+
audience: ''
|
|
85
87
|
api_keys:
|
|
86
88
|
env_var: AOP_DASHBOARD_API_KEYS
|
|
87
89
|
rbac:
|
|
88
90
|
viewer: [status_read, feature_read, evidence_read]
|
|
89
91
|
reviewer: [status_read, feature_read, evidence_read, review_decide]
|
|
90
92
|
operator: [status_read, feature_read, evidence_read, review_decide, feature_checkout]
|
|
91
|
-
admin: [
|
|
93
|
+
admin: ['*']
|
|
92
94
|
audit:
|
|
93
95
|
enabled: true
|
|
94
|
-
sink: file
|
|
95
|
-
webhook_url:
|
|
96
|
+
sink: file # file | webhook
|
|
97
|
+
webhook_url: ''
|
|
96
98
|
```
|
|
97
99
|
|
|
98
100
|
### 3.2 Source-Managed Compliance Assets
|
|
@@ -127,16 +129,18 @@ agentic/orchestrator/schemas/compliance_pack.schema.json
|
|
|
127
129
|
## 4.1 Q5: Compliance Policy Packs + Control Export
|
|
128
130
|
|
|
129
131
|
### 4.1.1 Problem
|
|
132
|
+
|
|
130
133
|
Enterprise adoption requires consistent control mapping from orchestrator behavior/evidence to recognized control frameworks.
|
|
131
134
|
|
|
132
135
|
### 4.1.2 Design
|
|
136
|
+
|
|
133
137
|
Provide curated compliance packs plus deterministic export routine.
|
|
134
138
|
|
|
135
139
|
### 4.1.3 Pack Structure
|
|
136
140
|
|
|
137
141
|
```yaml
|
|
138
142
|
id: soc2_baseline
|
|
139
|
-
version:
|
|
143
|
+
version: '1.0'
|
|
140
144
|
controls:
|
|
141
145
|
- id: CC7.2
|
|
142
146
|
title: Monitor system components for anomalies
|
|
@@ -170,9 +174,7 @@ controls:
|
|
|
170
174
|
"observed": 0.9
|
|
171
175
|
}
|
|
172
176
|
],
|
|
173
|
-
"evidence_refs": [
|
|
174
|
-
".aop/features/feature_x/evidence/gates/full-2026-03-03.json"
|
|
175
|
-
],
|
|
177
|
+
"evidence_refs": [".aop/features/feature_x/evidence/gates/full-2026-03-03.json"],
|
|
176
178
|
"manual_evidence_required": false
|
|
177
179
|
}
|
|
178
180
|
]
|
|
@@ -199,9 +201,11 @@ controls:
|
|
|
199
201
|
## 4.2 Q6: Dashboard AuthN/AuthZ + SSO + Audit Federation
|
|
200
202
|
|
|
201
203
|
### 4.2.1 Problem
|
|
204
|
+
|
|
202
205
|
Dashboard operation in shared/production contexts needs strong identity + authorization + audit controls.
|
|
203
206
|
|
|
204
207
|
### 4.2.2 Design
|
|
208
|
+
|
|
205
209
|
Add optional auth middleware, server-side action authorization, and audit sink integration.
|
|
206
210
|
|
|
207
211
|
### 4.2.3 Auth Modes
|
|
@@ -213,6 +217,7 @@ Add optional auth middleware, server-side action authorization, and audit sink i
|
|
|
213
217
|
### 4.2.4 Action Authorization Matrix
|
|
214
218
|
|
|
215
219
|
Actions to guard:
|
|
220
|
+
|
|
216
221
|
- `feature_review_decide` (approve/deny/request_changes)
|
|
217
222
|
- `feature_checkout`
|
|
218
223
|
- `dashboard_admin_settings`
|
|
@@ -261,28 +266,34 @@ Each action must map to role permission in policy.
|
|
|
261
266
|
### EGD1: Compliance Pack Foundation
|
|
262
267
|
|
|
263
268
|
Tasks:
|
|
269
|
+
|
|
264
270
|
1. Add compliance pack assets + schemas.
|
|
265
271
|
2. Implement export service + MCP tool + CLI command.
|
|
266
272
|
|
|
267
273
|
Exit gate:
|
|
274
|
+
|
|
268
275
|
- deterministic export and evidence mapping verified by tests.
|
|
269
276
|
|
|
270
277
|
### EGD2: Dashboard Auth and RBAC
|
|
271
278
|
|
|
272
279
|
Tasks:
|
|
280
|
+
|
|
273
281
|
1. Add auth middleware and token/api key validation.
|
|
274
282
|
2. Implement server-side role authorization for protected endpoints.
|
|
275
283
|
|
|
276
284
|
Exit gate:
|
|
285
|
+
|
|
277
286
|
- protected actions denied when unauthorized in integration tests.
|
|
278
287
|
|
|
279
288
|
### EGD3: Audit Federation
|
|
280
289
|
|
|
281
290
|
Tasks:
|
|
291
|
+
|
|
282
292
|
1. Add unified audit envelope and file sink.
|
|
283
293
|
2. Add optional webhook sink with retry/backoff.
|
|
284
294
|
|
|
285
295
|
Exit gate:
|
|
296
|
+
|
|
286
297
|
- allow/deny events emitted and schema-valid in both sinks.
|
|
287
298
|
|
|
288
299
|
---
|
|
@@ -340,9 +351,9 @@ Exit gate:
|
|
|
340
351
|
## 9. Definition of Done
|
|
341
352
|
|
|
342
353
|
A completed EGD milestone MUST include:
|
|
354
|
+
|
|
343
355
|
- changed files and architecture rationale
|
|
344
356
|
- schema/catalog/policy diffs
|
|
345
357
|
- security + integration test coverage
|
|
346
358
|
- gate command results
|
|
347
359
|
- updates in `spec-files/progress.md`
|
|
348
|
-
|
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
### 0.1 Feature Scope
|
|
15
15
|
|
|
16
16
|
This spec implements:
|
|
17
|
+
|
|
17
18
|
- **Q10** Cross-Feature Knowledge Graph
|
|
18
19
|
- **Q12** Progressive Merge Guardrails (Canary Verification)
|
|
19
20
|
|
|
@@ -96,6 +97,7 @@ Edge contract:
|
|
|
96
97
|
### 3.2 Canary State Additions (Optional)
|
|
97
98
|
|
|
98
99
|
`state.md` frontmatter optional fields:
|
|
100
|
+
|
|
99
101
|
- `canary.status`: `na|pending|pass|fail`
|
|
100
102
|
- `canary.last_run_at`: RFC3339
|
|
101
103
|
- `canary.evidence_refs`: string[]
|
|
@@ -112,9 +114,11 @@ Edge contract:
|
|
|
112
114
|
## 4.1 Q10: Cross-Feature Knowledge Graph
|
|
113
115
|
|
|
114
116
|
### 4.1.1 Problem
|
|
117
|
+
|
|
115
118
|
Historical delivery knowledge exists but is difficult to query/reuse during planning.
|
|
116
119
|
|
|
117
120
|
### 4.1.2 Design
|
|
121
|
+
|
|
118
122
|
Build and maintain graph from canonical artifacts and expose deterministic search API.
|
|
119
123
|
|
|
120
124
|
### 4.1.3 Node Types
|
|
@@ -137,6 +141,7 @@ Build and maintain graph from canonical artifacts and expose deterministic searc
|
|
|
137
141
|
### 4.1.5 Ranking Rules (Deterministic)
|
|
138
142
|
|
|
139
143
|
Ranking by tuple order:
|
|
144
|
+
|
|
140
145
|
1. exact feature/status/type match
|
|
141
146
|
2. recency descending
|
|
142
147
|
3. frequency of relevant edge types
|
|
@@ -165,9 +170,7 @@ Output:
|
|
|
165
170
|
{
|
|
166
171
|
"node_id": "node:mitigation:retry_lock_backoff",
|
|
167
172
|
"score": 0.89,
|
|
168
|
-
"evidence_refs": [
|
|
169
|
-
".aop/features/legacy_feature/evidence/gates/full-2026-02-20.json"
|
|
170
|
-
]
|
|
173
|
+
"evidence_refs": [".aop/features/legacy_feature/evidence/gates/full-2026-02-20.json"]
|
|
171
174
|
}
|
|
172
175
|
]
|
|
173
176
|
}
|
|
@@ -192,9 +195,11 @@ Output:
|
|
|
192
195
|
## 4.2 Q12: Progressive Merge Guardrails (Canary Verification)
|
|
193
196
|
|
|
194
197
|
### 4.2.1 Problem
|
|
198
|
+
|
|
195
199
|
Pre-merge checks can miss issues that only surface on merged head.
|
|
196
200
|
|
|
197
201
|
### 4.2.2 Design
|
|
202
|
+
|
|
198
203
|
Optional post-merge canary gate profile runs before final merged-state confirmation.
|
|
199
204
|
|
|
200
205
|
### 4.2.3 Canary Flow
|
|
@@ -230,6 +235,7 @@ merge_policy:
|
|
|
230
235
|
```
|
|
231
236
|
|
|
232
237
|
Includes:
|
|
238
|
+
|
|
233
239
|
- failing canary steps
|
|
234
240
|
- relevant logs/evidence refs
|
|
235
241
|
- deterministic git commands to revert/fix-forward (suggested, not auto-executed)
|
|
@@ -257,29 +263,35 @@ Includes:
|
|
|
257
263
|
### KC1: Knowledge Graph Foundation
|
|
258
264
|
|
|
259
265
|
Tasks:
|
|
266
|
+
|
|
260
267
|
1. implement graph model/service and build/update pipeline.
|
|
261
268
|
2. add search tool contracts and query API.
|
|
262
269
|
|
|
263
270
|
Exit gate:
|
|
271
|
+
|
|
264
272
|
- graph file and search output deterministic under repeated runs.
|
|
265
273
|
|
|
266
274
|
### KC2: Planner Context Integration
|
|
267
275
|
|
|
268
276
|
Tasks:
|
|
277
|
+
|
|
269
278
|
1. wire optional knowledge retrieval into planner context bundle.
|
|
270
279
|
2. add policy toggle for knowledge enrichment usage.
|
|
271
280
|
|
|
272
281
|
Exit gate:
|
|
282
|
+
|
|
273
283
|
- planner receives contextual patterns without changing core deterministic flow.
|
|
274
284
|
|
|
275
285
|
### KC3: Canary Merge Verification
|
|
276
286
|
|
|
277
287
|
Tasks:
|
|
288
|
+
|
|
278
289
|
1. implement canary verification service.
|
|
279
290
|
2. integrate into merge-service finalization path.
|
|
280
291
|
3. emit rollback guidance on fail.
|
|
281
292
|
|
|
282
293
|
Exit gate:
|
|
294
|
+
|
|
283
295
|
- merge path with canary enabled handles pass/fail transitions correctly.
|
|
284
296
|
|
|
285
297
|
---
|
|
@@ -336,9 +348,9 @@ Exit gate:
|
|
|
336
348
|
## 9. Definition of Done
|
|
337
349
|
|
|
338
350
|
A completed KC milestone MUST include:
|
|
351
|
+
|
|
339
352
|
- changed files and rationale
|
|
340
353
|
- policy/schema/tool catalog diffs
|
|
341
354
|
- integration + parity tests
|
|
342
355
|
- command verification summary
|
|
343
356
|
- `spec-files/progress.md` update with residual tasks (if any)
|
|
344
|
-
|