agentic-orchestrator 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.prettierignore +10 -0
- package/.prettierrc.json +24 -0
- package/CLAUDE.md +3 -2
- package/README.md +71 -48
- package/agentic/orchestrator/defaults/policy.defaults.yaml +1 -1
- package/agentic/orchestrator/prompts/planner.system.md +1 -0
- package/agentic/orchestrator/schemas/agents.schema.json +5 -22
- package/agentic/orchestrator/schemas/gates.schema.json +4 -19
- package/agentic/orchestrator/schemas/index.schema.json +3 -14
- package/agentic/orchestrator/schemas/multi-project.schema.json +2 -8
- package/agentic/orchestrator/schemas/plan.schema.json +6 -26
- package/agentic/orchestrator/schemas/policy.schema.json +19 -81
- package/agentic/orchestrator/schemas/policy.user.schema.json +1 -5
- package/agentic/orchestrator/schemas/qa_test_index.schema.json +5 -29
- package/agentic/orchestrator/schemas/state.schema.json +11 -61
- package/agentic/orchestrator/tools/catalog.json +33 -164
- package/agentic/orchestrator/tools/schemas/input/evidence.latest.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/feature.delete.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/feature.get_context.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/feature.init.input.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/input/feature.log_append.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/feature.ready_to_merge.input.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/input/feature.state_get.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/feature.state_patch.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/gates.run.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/locks.acquire.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/locks.release.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/performance.record_outcome.input.schema.json +10 -1
- package/agentic/orchestrator/tools/schemas/input/plan.get.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/plan.submit.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/plan.update.input.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/input/qa.test_index_get.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/qa.test_index_update.input.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/input/repo.apply_patch.input.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/input/repo.diff.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/repo.diff_bundle.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/repo.ensure_worktree.input.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/input/repo.read_file.input.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/input/repo.search.input.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/input/repo.status.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/input/report.feature_summary.input.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/output/collisions.scan.output.schema.json +1 -3
- package/agentic/orchestrator/tools/schemas/output/evidence.latest.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/feature.delete.output.schema.json +4 -20
- package/agentic/orchestrator/tools/schemas/output/feature.discover_specs.output.schema.json +2 -7
- package/agentic/orchestrator/tools/schemas/output/feature.get_context.output.schema.json +1 -8
- package/agentic/orchestrator/tools/schemas/output/feature.init.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/feature.log_append.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/feature.ready_to_merge.output.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/output/feature.state_get.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/feature.state_patch.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/gates.list.output.schema.json +2 -7
- package/agentic/orchestrator/tools/schemas/output/gates.run.output.schema.json +1 -8
- package/agentic/orchestrator/tools/schemas/output/locks.acquire.output.schema.json +1 -7
- package/agentic/orchestrator/tools/schemas/output/locks.release.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/performance.get_analytics.output.schema.json +22 -2
- package/agentic/orchestrator/tools/schemas/output/plan.get.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/plan.submit.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/plan.update.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/qa.test_index_get.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/qa.test_index_update.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/repo.apply_patch.output.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/output/repo.diff.output.schema.json +1 -4
- package/agentic/orchestrator/tools/schemas/output/repo.diff_bundle.output.schema.json +1 -7
- package/agentic/orchestrator/tools/schemas/output/repo.ensure_worktree.output.schema.json +1 -6
- package/agentic/orchestrator/tools/schemas/output/repo.read_file.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/repo.search.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/repo.status.output.schema.json +1 -5
- package/agentic/orchestrator/tools/schemas/output/report.dashboard.output.schema.json +1 -4
- package/apps/control-plane/scripts/validate-architecture-rules.mjs +16 -5
- package/apps/control-plane/scripts/validate-docker-mcp-contract.mjs +30 -8
- package/apps/control-plane/scripts/validate-mcp-contracts.ts +13 -7
- package/apps/control-plane/src/application/adapters/adapter-registry.ts +35 -15
- package/apps/control-plane/src/application/multi-project-loader.ts +27 -10
- package/apps/control-plane/src/application/services/activity-monitor-service.ts +26 -14
- package/apps/control-plane/src/application/services/collision-queue-service.ts +31 -17
- package/apps/control-plane/src/application/services/cost-tracking-service.ts +23 -16
- package/apps/control-plane/src/application/services/dependency-scheduler-service.ts +12 -4
- package/apps/control-plane/src/application/services/feature-deletion-service.ts +94 -58
- package/apps/control-plane/src/application/services/feature-lifecycle-service.ts +19 -13
- package/apps/control-plane/src/application/services/feature-state-service.ts +29 -19
- package/apps/control-plane/src/application/services/gate-interpolation-service.ts +7 -2
- package/apps/control-plane/src/application/services/gate-service.ts +64 -41
- package/apps/control-plane/src/application/services/instance-isolation-service.ts +1 -1
- package/apps/control-plane/src/application/services/issue-tracker-service.ts +49 -38
- package/apps/control-plane/src/application/services/lock-service.ts +75 -49
- package/apps/control-plane/src/application/services/merge-service.ts +91 -50
- package/apps/control-plane/src/application/services/notifier-service.ts +42 -20
- package/apps/control-plane/src/application/services/patch-service.ts +73 -44
- package/apps/control-plane/src/application/services/performance-analytics-service.ts +8 -6
- package/apps/control-plane/src/application/services/plan-service.ts +148 -89
- package/apps/control-plane/src/application/services/policy-loader-service.ts +10 -4
- package/apps/control-plane/src/application/services/pr-monitor-service.ts +33 -14
- package/apps/control-plane/src/application/services/qa-index-service.ts +20 -16
- package/apps/control-plane/src/application/services/reactions-service.ts +30 -15
- package/apps/control-plane/src/application/services/reporting-service.ts +16 -12
- package/apps/control-plane/src/application/services/run-lease-service.ts +138 -81
- package/apps/control-plane/src/application/tools/tool-metadata.ts +5 -5
- package/apps/control-plane/src/application/tools/tool-router.ts +6 -3
- package/apps/control-plane/src/cli/aop.ts +2 -2
- package/apps/control-plane/src/cli/attach-command-handler.ts +9 -9
- package/apps/control-plane/src/cli/cleanup-command-handler.ts +16 -11
- package/apps/control-plane/src/cli/cli-argument-parser.ts +6 -3
- package/apps/control-plane/src/cli/dashboard-command-handler.ts +28 -8
- package/apps/control-plane/src/cli/delete-command-handler.ts +7 -7
- package/apps/control-plane/src/cli/env-file.ts +115 -0
- package/apps/control-plane/src/cli/help-command-handler.ts +61 -32
- package/apps/control-plane/src/cli/init-command-handler.ts +182 -56
- package/apps/control-plane/src/cli/io.ts +7 -3
- package/apps/control-plane/src/cli/resume-command-handler.ts +21 -13
- package/apps/control-plane/src/cli/retry-command-handler.ts +12 -11
- package/apps/control-plane/src/cli/run-command-handler.ts +12 -8
- package/apps/control-plane/src/cli/send-command-handler.ts +6 -6
- package/apps/control-plane/src/cli/spec-ingestion-service.ts +14 -8
- package/apps/control-plane/src/cli/spec-input-resolver.ts +6 -1
- package/apps/control-plane/src/cli/spec-utils.ts +2 -2
- package/apps/control-plane/src/cli/status-command-handler.ts +13 -12
- package/apps/control-plane/src/cli/tooling.ts +3 -3
- package/apps/control-plane/src/cli/types.ts +1 -1
- package/apps/control-plane/src/core/collisions.ts +27 -10
- package/apps/control-plane/src/core/constants.ts +13 -7
- package/apps/control-plane/src/core/error-codes.ts +1 -1
- package/apps/control-plane/src/core/fs.ts +11 -5
- package/apps/control-plane/src/core/gates.ts +53 -27
- package/apps/control-plane/src/core/git.ts +18 -6
- package/apps/control-plane/src/core/kernel.ts +513 -227
- package/apps/control-plane/src/core/patch.ts +7 -3
- package/apps/control-plane/src/core/path-layout.ts +5 -1
- package/apps/control-plane/src/core/path-rules.ts +19 -5
- package/apps/control-plane/src/core/qa-index.ts +26 -12
- package/apps/control-plane/src/core/response.ts +9 -6
- package/apps/control-plane/src/core/schemas.ts +29 -10
- package/apps/control-plane/src/core/tool-caller.ts +1 -1
- package/apps/control-plane/src/core/workspace-hooks.ts +5 -5
- package/apps/control-plane/src/index.ts +3 -9
- package/apps/control-plane/src/interfaces/cli/bootstrap.ts +79 -35
- package/apps/control-plane/src/mcp/kernel-tool-executor.ts +7 -3
- package/apps/control-plane/src/mcp/mcp-server-adapter.ts +12 -10
- package/apps/control-plane/src/mcp/operation-ledger.ts +18 -8
- package/apps/control-plane/src/mcp/protocol-contract.ts +2 -2
- package/apps/control-plane/src/mcp/runtime-factory.ts +15 -6
- package/apps/control-plane/src/mcp/token-auth-verifier.ts +3 -2
- package/apps/control-plane/src/mcp/token-claims-validator.ts +11 -7
- package/apps/control-plane/src/mcp/tool-authorizer.ts +1 -3
- package/apps/control-plane/src/mcp/tool-client.ts +17 -5
- package/apps/control-plane/src/mcp/tool-contract-validator.ts +17 -8
- package/apps/control-plane/src/mcp/tool-registry-loader.ts +7 -3
- package/apps/control-plane/src/mcp/tool-runtime.ts +66 -39
- package/apps/control-plane/src/mcp/tools-markdown-generator.ts +6 -1
- package/apps/control-plane/src/providers/providers.ts +137 -54
- package/apps/control-plane/src/supervisor/build-wave-executor.ts +44 -25
- package/apps/control-plane/src/supervisor/planning-wave-executor.ts +46 -33
- package/apps/control-plane/src/supervisor/prompt-bundle-loader.ts +1 -1
- package/apps/control-plane/src/supervisor/qa-wave-executor.ts +38 -23
- package/apps/control-plane/src/supervisor/run-coordinator.ts +71 -36
- package/apps/control-plane/src/supervisor/runtime.ts +59 -35
- package/apps/control-plane/src/supervisor/session-orchestrator.ts +48 -31
- package/apps/control-plane/src/supervisor/types.ts +22 -7
- package/apps/control-plane/src/supervisor/worker-decision-loop.ts +30 -20
- package/apps/control-plane/test/activity-monitor.spec.ts +54 -30
- package/apps/control-plane/test/adapter-registry.spec.ts +5 -5
- package/apps/control-plane/test/aop.spec.ts +4 -4
- package/apps/control-plane/test/batch-operations.spec.ts +20 -18
- package/apps/control-plane/test/bootstrap-attach.spec.ts +52 -19
- package/apps/control-plane/test/bootstrap-edge-cases.spec.ts +58 -27
- package/apps/control-plane/test/bootstrap.spec.ts +72 -40
- package/apps/control-plane/test/cleanup-command.spec.ts +86 -32
- package/apps/control-plane/test/cli-helpers.spec.ts +119 -66
- package/apps/control-plane/test/cli.spec.ts +1 -1
- package/apps/control-plane/test/cli.unit.spec.ts +226 -167
- package/apps/control-plane/test/collision-queue.spec.ts +49 -40
- package/apps/control-plane/test/collisions.spec.ts +30 -30
- package/apps/control-plane/test/core-utils.spec.ts +29 -15
- package/apps/control-plane/test/cost-tracking.spec.ts +38 -22
- package/apps/control-plane/test/dashboard-api.integration.spec.ts +68 -36
- package/apps/control-plane/test/dashboard-client.spec.ts +18 -12
- package/apps/control-plane/test/dashboard-command.spec.ts +11 -7
- package/apps/control-plane/test/delete-command-handler.spec.ts +49 -41
- package/apps/control-plane/test/dependency-scheduler.spec.ts +47 -20
- package/apps/control-plane/test/epoch-tracking.spec.ts +9 -9
- package/apps/control-plane/test/feature-deletion-service.spec.ts +60 -52
- package/apps/control-plane/test/feature-lifecycle.spec.ts +36 -17
- package/apps/control-plane/test/gates.spec.ts +101 -81
- package/apps/control-plane/test/git-spawn-error.spec.ts +1 -1
- package/apps/control-plane/test/helpers.ts +10 -6
- package/apps/control-plane/test/incremental-gates.spec.ts +59 -20
- package/apps/control-plane/test/init-wizard.spec.ts +328 -68
- package/apps/control-plane/test/instance-isolation.spec.ts +43 -10
- package/apps/control-plane/test/issue-tracker.spec.ts +368 -128
- package/apps/control-plane/test/kernel-collision-replay.spec.ts +50 -29
- package/apps/control-plane/test/kernel.branches.spec.ts +64 -40
- package/apps/control-plane/test/kernel.coverage.spec.ts +85 -49
- package/apps/control-plane/test/kernel.coverage2.spec.ts +109 -65
- package/apps/control-plane/test/kernel.spec.ts +134 -51
- package/apps/control-plane/test/lock-service.spec.ts +92 -68
- package/apps/control-plane/test/mcp-helpers.spec.ts +53 -39
- package/apps/control-plane/test/mcp.spec.ts +231 -115
- package/apps/control-plane/test/merge-service.spec.ts +142 -94
- package/apps/control-plane/test/multi-project.spec.ts +28 -22
- package/apps/control-plane/test/notifier-service.spec.ts +136 -92
- package/apps/control-plane/test/parallel-gates.spec.ts +51 -35
- package/apps/control-plane/test/patch-service.spec.ts +128 -48
- package/apps/control-plane/test/performance-analytics.spec.ts +99 -63
- package/apps/control-plane/test/plan-service.spec.ts +50 -39
- package/apps/control-plane/test/planning-wave-executor.spec.ts +95 -71
- package/apps/control-plane/test/policy-loader-service.spec.ts +41 -19
- package/apps/control-plane/test/pr-monitor.spec.ts +113 -64
- package/apps/control-plane/test/providers.spec.ts +208 -104
- package/apps/control-plane/test/qa-index-service.spec.ts +31 -33
- package/apps/control-plane/test/qa-index.spec.ts +58 -61
- package/apps/control-plane/test/reactions.spec.ts +88 -45
- package/apps/control-plane/test/response.spec.ts +5 -5
- package/apps/control-plane/test/resume-command.spec.ts +121 -80
- package/apps/control-plane/test/run-coordinator.spec.ts +205 -136
- package/apps/control-plane/test/schema-date-time.spec.ts +49 -41
- package/apps/control-plane/test/service-retry-paths.spec.ts +77 -57
- package/apps/control-plane/test/services.spec.ts +147 -129
- package/apps/control-plane/test/session-management.spec.ts +136 -74
- package/apps/control-plane/test/spec-ingestion.spec.ts +23 -21
- package/apps/control-plane/test/spec-input-resolver.spec.ts +11 -10
- package/apps/control-plane/test/supervisor-collaborators.spec.ts +168 -121
- package/apps/control-plane/test/supervisor.calltool.spec.ts +21 -18
- package/apps/control-plane/test/supervisor.spec.ts +67 -43
- package/apps/control-plane/test/supervisor.unit.spec.ts +195 -126
- package/apps/control-plane/test/token-auth-verifier.spec.ts +29 -14
- package/apps/control-plane/test/tool-registry-loader.spec.ts +51 -27
- package/apps/control-plane/test/tool-runtime.spec.ts +63 -46
- package/apps/control-plane/test/worker-decision-loop.spec.ts +143 -122
- package/apps/control-plane/test/workspace-hooks.spec.ts +61 -23
- package/apps/control-plane/tsconfig.build.json +2 -7
- package/apps/control-plane/tsconfig.json +1 -5
- package/apps/control-plane/vitest.config.ts +7 -7
- package/config/agentic/orchestrator/adapters.yaml +3 -0
- package/config/agentic/orchestrator/agents.yaml +14 -0
- package/config/agentic/orchestrator/gates.yaml +28 -0
- package/config/agentic/orchestrator/policy.yaml +22 -0
- package/config/agentic/orchestrator/prompts/builder.system.md +1 -0
- package/config/agentic/orchestrator/prompts/planner.system.md +16 -0
- package/config/agentic/orchestrator/prompts/qa.system.md +1 -0
- package/dist/apps/control-plane/application/adapters/adapter-registry.js +12 -5
- package/dist/apps/control-plane/application/adapters/adapter-registry.js.map +1 -1
- package/dist/apps/control-plane/application/multi-project-loader.js +26 -9
- package/dist/apps/control-plane/application/multi-project-loader.js.map +1 -1
- package/dist/apps/control-plane/application/services/activity-monitor-service.js +7 -7
- package/dist/apps/control-plane/application/services/activity-monitor-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/collision-queue-service.js +7 -7
- package/dist/apps/control-plane/application/services/collision-queue-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/cost-tracking-service.js +6 -8
- package/dist/apps/control-plane/application/services/cost-tracking-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/dependency-scheduler-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/feature-deletion-service.js +37 -29
- package/dist/apps/control-plane/application/services/feature-deletion-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/feature-lifecycle-service.js +10 -10
- package/dist/apps/control-plane/application/services/feature-lifecycle-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/feature-state-service.js +11 -11
- package/dist/apps/control-plane/application/services/feature-state-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/gate-interpolation-service.js +3 -1
- package/dist/apps/control-plane/application/services/gate-interpolation-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/gate-service.js +26 -26
- package/dist/apps/control-plane/application/services/gate-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/instance-isolation-service.js +1 -1
- package/dist/apps/control-plane/application/services/instance-isolation-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/issue-tracker-service.js +25 -15
- package/dist/apps/control-plane/application/services/issue-tracker-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/lock-service.js +32 -32
- package/dist/apps/control-plane/application/services/lock-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/merge-service.js +41 -27
- package/dist/apps/control-plane/application/services/merge-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/notifier-service.js +29 -15
- package/dist/apps/control-plane/application/services/notifier-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/patch-service.js +21 -19
- package/dist/apps/control-plane/application/services/patch-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/performance-analytics-service.js +4 -4
- package/dist/apps/control-plane/application/services/performance-analytics-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/plan-service.js +33 -33
- package/dist/apps/control-plane/application/services/plan-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/policy-loader-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/pr-monitor-service.js +23 -11
- package/dist/apps/control-plane/application/services/pr-monitor-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/qa-index-service.js +11 -11
- package/dist/apps/control-plane/application/services/qa-index-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/reactions-service.js +13 -9
- package/dist/apps/control-plane/application/services/reactions-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/reporting-service.js +11 -9
- package/dist/apps/control-plane/application/services/reporting-service.js.map +1 -1
- package/dist/apps/control-plane/application/services/run-lease-service.js +34 -33
- package/dist/apps/control-plane/application/services/run-lease-service.js.map +1 -1
- package/dist/apps/control-plane/application/tools/tool-metadata.js +2 -2
- package/dist/apps/control-plane/application/tools/tool-router.js.map +1 -1
- package/dist/apps/control-plane/cli/attach-command-handler.js +9 -9
- package/dist/apps/control-plane/cli/cleanup-command-handler.js +11 -9
- package/dist/apps/control-plane/cli/cleanup-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/cli-argument-parser.js +4 -3
- package/dist/apps/control-plane/cli/cli-argument-parser.js.map +1 -1
- package/dist/apps/control-plane/cli/dashboard-command-handler.js +23 -7
- package/dist/apps/control-plane/cli/dashboard-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/delete-command-handler.js +7 -7
- package/dist/apps/control-plane/cli/env-file.d.ts +4 -0
- package/dist/apps/control-plane/cli/env-file.js +89 -0
- package/dist/apps/control-plane/cli/env-file.js.map +1 -0
- package/dist/apps/control-plane/cli/help-command-handler.js +58 -30
- package/dist/apps/control-plane/cli/help-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/init-command-handler.js +97 -37
- package/dist/apps/control-plane/cli/init-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/io.js +2 -2
- package/dist/apps/control-plane/cli/io.js.map +1 -1
- package/dist/apps/control-plane/cli/resume-command-handler.js +9 -9
- package/dist/apps/control-plane/cli/resume-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/retry-command-handler.js +12 -11
- package/dist/apps/control-plane/cli/retry-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/run-command-handler.js +12 -8
- package/dist/apps/control-plane/cli/run-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/send-command-handler.js +6 -6
- package/dist/apps/control-plane/cli/spec-ingestion-service.js +10 -8
- package/dist/apps/control-plane/cli/spec-ingestion-service.js.map +1 -1
- package/dist/apps/control-plane/cli/spec-input-resolver.js.map +1 -1
- package/dist/apps/control-plane/cli/spec-utils.js.map +1 -1
- package/dist/apps/control-plane/cli/status-command-handler.js +8 -8
- package/dist/apps/control-plane/cli/status-command-handler.js.map +1 -1
- package/dist/apps/control-plane/cli/tooling.js +1 -1
- package/dist/apps/control-plane/core/collisions.js +11 -8
- package/dist/apps/control-plane/core/collisions.js.map +1 -1
- package/dist/apps/control-plane/core/constants.js +13 -7
- package/dist/apps/control-plane/core/constants.js.map +1 -1
- package/dist/apps/control-plane/core/error-codes.js +1 -1
- package/dist/apps/control-plane/core/fs.js.map +1 -1
- package/dist/apps/control-plane/core/gates.d.ts +2 -2
- package/dist/apps/control-plane/core/gates.js +26 -19
- package/dist/apps/control-plane/core/gates.js.map +1 -1
- package/dist/apps/control-plane/core/git.js +3 -3
- package/dist/apps/control-plane/core/git.js.map +1 -1
- package/dist/apps/control-plane/core/kernel.d.ts +1 -0
- package/dist/apps/control-plane/core/kernel.js +134 -81
- package/dist/apps/control-plane/core/kernel.js.map +1 -1
- package/dist/apps/control-plane/core/patch.js +7 -3
- package/dist/apps/control-plane/core/patch.js.map +1 -1
- package/dist/apps/control-plane/core/path-layout.d.ts +1 -0
- package/dist/apps/control-plane/core/path-layout.js +4 -1
- package/dist/apps/control-plane/core/path-layout.js.map +1 -1
- package/dist/apps/control-plane/core/path-rules.js +3 -1
- package/dist/apps/control-plane/core/path-rules.js.map +1 -1
- package/dist/apps/control-plane/core/qa-index.js +5 -5
- package/dist/apps/control-plane/core/qa-index.js.map +1 -1
- package/dist/apps/control-plane/core/response.js +3 -3
- package/dist/apps/control-plane/core/response.js.map +1 -1
- package/dist/apps/control-plane/core/schemas.js +10 -6
- package/dist/apps/control-plane/core/schemas.js.map +1 -1
- package/dist/apps/control-plane/core/workspace-hooks.js +3 -3
- package/dist/apps/control-plane/index.d.ts +1 -1
- package/dist/apps/control-plane/index.js +1 -1
- package/dist/apps/control-plane/index.js.map +1 -1
- package/dist/apps/control-plane/interfaces/cli/bootstrap.js +40 -23
- package/dist/apps/control-plane/interfaces/cli/bootstrap.js.map +1 -1
- package/dist/apps/control-plane/mcp/kernel-tool-executor.js +1 -1
- package/dist/apps/control-plane/mcp/kernel-tool-executor.js.map +1 -1
- package/dist/apps/control-plane/mcp/mcp-server-adapter.js +6 -7
- package/dist/apps/control-plane/mcp/mcp-server-adapter.js.map +1 -1
- package/dist/apps/control-plane/mcp/operation-ledger.js +5 -5
- package/dist/apps/control-plane/mcp/operation-ledger.js.map +1 -1
- package/dist/apps/control-plane/mcp/protocol-contract.js +2 -2
- package/dist/apps/control-plane/mcp/runtime-factory.js +2 -2
- package/dist/apps/control-plane/mcp/runtime-factory.js.map +1 -1
- package/dist/apps/control-plane/mcp/token-auth-verifier.js +1 -1
- package/dist/apps/control-plane/mcp/token-auth-verifier.js.map +1 -1
- package/dist/apps/control-plane/mcp/token-claims-validator.js +5 -5
- package/dist/apps/control-plane/mcp/token-claims-validator.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-authorizer.js +1 -3
- package/dist/apps/control-plane/mcp/tool-authorizer.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-client.js +2 -2
- package/dist/apps/control-plane/mcp/tool-client.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-contract-validator.js +3 -3
- package/dist/apps/control-plane/mcp/tool-contract-validator.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-registry-loader.js +1 -1
- package/dist/apps/control-plane/mcp/tool-registry-loader.js.map +1 -1
- package/dist/apps/control-plane/mcp/tool-runtime.js +17 -17
- package/dist/apps/control-plane/mcp/tool-runtime.js.map +1 -1
- package/dist/apps/control-plane/mcp/tools-markdown-generator.js +6 -1
- package/dist/apps/control-plane/mcp/tools-markdown-generator.js.map +1 -1
- package/dist/apps/control-plane/providers/providers.d.ts +3 -2
- package/dist/apps/control-plane/providers/providers.js +81 -39
- package/dist/apps/control-plane/providers/providers.js.map +1 -1
- package/dist/apps/control-plane/supervisor/build-wave-executor.js +12 -12
- package/dist/apps/control-plane/supervisor/build-wave-executor.js.map +1 -1
- package/dist/apps/control-plane/supervisor/planning-wave-executor.js +19 -16
- package/dist/apps/control-plane/supervisor/planning-wave-executor.js.map +1 -1
- package/dist/apps/control-plane/supervisor/prompt-bundle-loader.js +1 -1
- package/dist/apps/control-plane/supervisor/qa-wave-executor.js +13 -13
- package/dist/apps/control-plane/supervisor/qa-wave-executor.js.map +1 -1
- package/dist/apps/control-plane/supervisor/run-coordinator.js +37 -20
- package/dist/apps/control-plane/supervisor/run-coordinator.js.map +1 -1
- package/dist/apps/control-plane/supervisor/runtime.js +25 -21
- package/dist/apps/control-plane/supervisor/runtime.js.map +1 -1
- package/dist/apps/control-plane/supervisor/session-orchestrator.js +29 -23
- package/dist/apps/control-plane/supervisor/session-orchestrator.js.map +1 -1
- package/dist/apps/control-plane/supervisor/types.d.ts +3 -3
- package/dist/apps/control-plane/supervisor/types.js.map +1 -1
- package/dist/apps/control-plane/supervisor/worker-decision-loop.js +14 -16
- package/dist/apps/control-plane/supervisor/worker-decision-loop.js.map +1 -1
- package/eslint.config.mjs +20 -20
- package/example-configurations/README.md +1 -1
- package/example-configurations/java/agents.yaml +3 -3
- package/example-configurations/java/policy.yaml +1 -1
- package/example-configurations/node/agents.yaml +3 -3
- package/example-configurations/node/policy.yaml +1 -1
- package/package.json +10 -5
- package/packages/web-dashboard/next.config.js +2 -2
- package/packages/web-dashboard/src/app/api/actions/route.ts +25 -9
- package/packages/web-dashboard/src/app/api/events/route.ts +20 -6
- package/packages/web-dashboard/src/app/api/features/[id]/checkout/route.ts +88 -37
- package/packages/web-dashboard/src/app/api/features/[id]/evidence/[artifact]/route.ts +8 -5
- package/packages/web-dashboard/src/app/api/features/[id]/review/route.ts +27 -9
- package/packages/web-dashboard/src/app/api/features/[id]/route.ts +5 -2
- package/packages/web-dashboard/src/app/api/projects/route.ts +5 -5
- package/packages/web-dashboard/src/app/globals.css +10 -2
- package/packages/web-dashboard/src/app/page.tsx +100 -37
- package/packages/web-dashboard/src/lib/aop-client.ts +68 -37
- package/packages/web-dashboard/src/lib/multi-project-config.ts +28 -7
- package/packages/web-dashboard/src/lib/orchestrator-tools.ts +59 -36
- package/packages/web-dashboard/tsconfig.json +3 -11
- package/scripts/nx-safe.mjs +10 -10
- package/spec-files/completed/agentic_orchestrator_cli_delete_command_spec.md +5 -0
- package/spec-files/completed/agentic_orchestrator_feature_gaps_closure_spec.md +189 -90
- package/spec-files/completed/agentic_orchestrator_init_policy_ux_simplification_spec.md +49 -16
- package/spec-files/completed/agentic_orchestrator_mcp_formalization_spec.md +24 -1
- package/spec-files/completed/agentic_orchestrator_single_global_orchestrator_spec.md +9 -0
- package/spec-files/completed/agentic_orchestrator_spec.md +171 -75
- package/spec-files/completed/agentic_orchestrator_validator_hardening_spec.md +25 -17
- package/spec-files/outstanding/agentic_orchestrator_artifact_database_publishing_spec.md +40 -5
- package/spec-files/outstanding/agentic_orchestrator_enterprise_governance_dashboard_spec.md +23 -12
- package/spec-files/outstanding/agentic_orchestrator_knowledge_canary_spec.md +16 -4
- package/spec-files/outstanding/agentic_orchestrator_observability_integrity_diagnostics_spec.md +42 -2
- package/spec-files/outstanding/agentic_orchestrator_performance_improvements_spec.md +209 -130
- package/spec-files/outstanding/agentic_orchestrator_planning_review_quality_spec.md +56 -3
- package/spec-files/outstanding/agentic_orchestrator_productization_commercial_spec.md +77 -10
- package/spec-files/outstanding/agentic_orchestrator_provider_auth_bootstrap_spec.md +384 -0
- package/spec-files/outstanding/agentic_orchestrator_quality_adoption_execution_spec.md +29 -14
- package/spec-files/progress.md +186 -175
- package/tsconfig.json +2 -8
|
@@ -0,0 +1,384 @@
|
|
|
1
|
+
# Feature Spec: Provider Auth Bootstrap UX for Local CLI and API-Backed Providers (AOP)
|
|
2
|
+
|
|
3
|
+
> **Purpose of this document**: Define implementation-ready changes for `aop init` and provider selection so local CLI providers (for example Codex/Claude Code) do not require API-key env wiring, while API-backed providers get guided env validation and credential bootstrap.
|
|
4
|
+
|
|
5
|
+
**Version:** 1.0
|
|
6
|
+
**Date:** 2026-03-04
|
|
7
|
+
**Status:** Draft
|
|
8
|
+
**Roadmap Mapping:** M41
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## 0. Standards and Dependencies
|
|
13
|
+
|
|
14
|
+
### 0.1 Required Standards
|
|
15
|
+
|
|
16
|
+
All implementation MUST preserve:
|
|
17
|
+
|
|
18
|
+
- deterministic provider selection behavior
|
|
19
|
+
- normalized error envelopes (`{ ok: false, error: { code, message, details } }`)
|
|
20
|
+
- no credential values written to logs, CLI payloads, or exceptions
|
|
21
|
+
- existing CLI command names and flags (`aop init`, `aop run`, `--provider-config-env`)
|
|
22
|
+
- backward compatibility for existing `agents.yaml` + env workflows
|
|
23
|
+
- Nx + Vitest + lint/typecheck quality gates
|
|
24
|
+
|
|
25
|
+
### 0.2 Upstream Inputs
|
|
26
|
+
|
|
27
|
+
Implementing agents MUST read:
|
|
28
|
+
|
|
29
|
+
- `apps/control-plane/src/cli/init-command-handler.ts`
|
|
30
|
+
- `apps/control-plane/src/cli/help-command-handler.ts`
|
|
31
|
+
- `apps/control-plane/src/cli/cli-argument-parser.ts`
|
|
32
|
+
- `apps/control-plane/src/cli/types.ts`
|
|
33
|
+
- `apps/control-plane/src/providers/providers.ts`
|
|
34
|
+
- `apps/control-plane/src/interfaces/cli/bootstrap.ts`
|
|
35
|
+
- `apps/control-plane/src/core/kernel.ts`
|
|
36
|
+
- `apps/control-plane/test/init-wizard.spec.ts`
|
|
37
|
+
- `apps/control-plane/test/providers.spec.ts`
|
|
38
|
+
- `agentic/orchestrator/schemas/agents.schema.json`
|
|
39
|
+
- `README.md`
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## 1. Problem Statement
|
|
44
|
+
|
|
45
|
+
### 1.1 Current Gaps
|
|
46
|
+
|
|
47
|
+
1. `aop init` always emits `runtime.provider_config_env: AOP_PROVIDER_CONFIG_ENV` and does not branch by provider auth model.
|
|
48
|
+
2. `resolveProviderSelection()` currently treats `codex` and `claude` as auth-required, even though current execution path uses local CLI commands.
|
|
49
|
+
3. The init flow does not validate whether a user-provided provider env var exists.
|
|
50
|
+
4. There is no guided fallback to capture missing credentials during init.
|
|
51
|
+
5. Current semantics around `AOP_PROVIDER_CONFIG_ENV` are confusing in CLI-first workflows.
|
|
52
|
+
|
|
53
|
+
### 1.2 User-Requested Behavior
|
|
54
|
+
|
|
55
|
+
The target UX must implement this sequence:
|
|
56
|
+
|
|
57
|
+
1. init asks whether the user will use a local CLI provider (Codex/Claude Code/etc.)
|
|
58
|
+
2. if yes, init does not ask for `provider_config_env`
|
|
59
|
+
3. if no, init asks for provider and env var name
|
|
60
|
+
4. if env var missing, init asks for key input and stores it in `AOP_PROVIDER_CONFIG_ENV`
|
|
61
|
+
|
|
62
|
+
---
|
|
63
|
+
|
|
64
|
+
## 2. Objectives
|
|
65
|
+
|
|
66
|
+
### 2.1 Must-Have Outcomes
|
|
67
|
+
|
|
68
|
+
1. Interactive init has an explicit local-CLI vs API-backed auth branch.
|
|
69
|
+
2. Local-CLI path generates valid config without `provider_config_env`.
|
|
70
|
+
3. API-backed path validates configured env var availability.
|
|
71
|
+
4. Missing-env fallback writes credential into repo-local `.env` under `AOP_PROVIDER_CONFIG_ENV`.
|
|
72
|
+
5. Runtime provider selection supports this fallback without breaking existing env-name indirection setups.
|
|
73
|
+
6. `codex` and `claude` flows no longer hard-fail for missing provider auth env vars.
|
|
74
|
+
|
|
75
|
+
### 2.2 Non-Goals
|
|
76
|
+
|
|
77
|
+
- no change to orchestration algorithm/state machine
|
|
78
|
+
- no remote secret manager integration in this phase
|
|
79
|
+
- no encryption-at-rest feature for local `.env`
|
|
80
|
+
- no dashboard credential editor in this phase
|
|
81
|
+
|
|
82
|
+
---
|
|
83
|
+
|
|
84
|
+
## 3. UX Specification (Normative)
|
|
85
|
+
|
|
86
|
+
### 3.1 Init Decision Tree
|
|
87
|
+
|
|
88
|
+
New prompt early in interactive init:
|
|
89
|
+
|
|
90
|
+
- `Will you use a local agent CLI (codex/claude-code/kiro-cli/copilot)? [yes/no]` (default: `yes`)
|
|
91
|
+
|
|
92
|
+
Branch rules:
|
|
93
|
+
|
|
94
|
+
- **If `yes`**:
|
|
95
|
+
- ask default provider and model as today
|
|
96
|
+
- do **not** ask for provider config env var
|
|
97
|
+
- do not write `runtime.provider_config_env` in generated `agents.yaml`
|
|
98
|
+
- **If `no`**:
|
|
99
|
+
- ask default provider and model
|
|
100
|
+
- ask: `Provider config env var name` (example defaults by provider: `GEMINI_API_KEY`, `OPENAI_API_KEY`, etc.)
|
|
101
|
+
- validate env var exists in effective env context
|
|
102
|
+
- if missing: prompt for key and persist to `.env` as `AOP_PROVIDER_CONFIG_ENV=<pasted_key>`
|
|
103
|
+
- set generated `runtime.provider_config_env: AOP_PROVIDER_CONFIG_ENV`
|
|
104
|
+
|
|
105
|
+
### 3.2 Env Validation Rules
|
|
106
|
+
|
|
107
|
+
Env var existence check MUST include:
|
|
108
|
+
|
|
109
|
+
1. current process env (`runtime.env`)
|
|
110
|
+
2. repo-root `.env` entries (if file exists)
|
|
111
|
+
|
|
112
|
+
A value is “existing” only when non-empty after trim.
|
|
113
|
+
|
|
114
|
+
### 3.3 Missing Env Fallback Rules
|
|
115
|
+
|
|
116
|
+
If requested env var is missing:
|
|
117
|
+
|
|
118
|
+
1. init must print actionable message: requested env var not found
|
|
119
|
+
2. init must prompt: `Paste provider key to store in AOP_PROVIDER_CONFIG_ENV`
|
|
120
|
+
3. empty input is rejected and re-prompted
|
|
121
|
+
4. key is persisted to `.env` as `AOP_PROVIDER_CONFIG_ENV=<key>`
|
|
122
|
+
5. return payload includes non-sensitive note in `next_steps` that `.env` was updated
|
|
123
|
+
|
|
124
|
+
No printed output may include key value.
|
|
125
|
+
|
|
126
|
+
### 3.4 `--auto` Mode
|
|
127
|
+
|
|
128
|
+
`aop init --auto` remains non-interactive and defaults to local-CLI style output:
|
|
129
|
+
|
|
130
|
+
- provider/model defaults unchanged
|
|
131
|
+
- no `provider_config_env` emitted
|
|
132
|
+
- no secret prompts
|
|
133
|
+
|
|
134
|
+
---
|
|
135
|
+
|
|
136
|
+
## 4. Runtime Resolution Contract
|
|
137
|
+
|
|
138
|
+
### 4.1 Provider Auth Classes
|
|
139
|
+
|
|
140
|
+
Introduce explicit auth class sets in `providers.ts`:
|
|
141
|
+
|
|
142
|
+
- `LOCAL_CLI_PROVIDERS = {'codex','claude','kiro-cli','copilot','custom'}`
|
|
143
|
+
- `CREDENTIAL_REQUIRED_PROVIDERS = {'gemini'}` (initial set; future providers may be added)
|
|
144
|
+
|
|
145
|
+
### 4.2 New Credential Resolution Algorithm
|
|
146
|
+
|
|
147
|
+
`resolveProviderSelection()` MUST resolve credential reference using this precedence:
|
|
148
|
+
|
|
149
|
+
1. CLI `--provider-config-env <NAME>` => if `env[NAME]` exists, use it.
|
|
150
|
+
2. `agents.yaml runtime.provider_config_env` => if `env[NAME]` exists, use it.
|
|
151
|
+
3. `env.AOP_PROVIDER_CONFIG_ENV` fallback:
|
|
152
|
+
- if value looks like env-var name (`^[A-Z_][A-Z0-9_]*$`) and `env[value]` exists, treat as legacy indirection and use `env[value]`
|
|
153
|
+
- else treat value itself as direct credential string (new bootstrap behavior)
|
|
154
|
+
4. if provider is in `CREDENTIAL_REQUIRED_PROVIDERS` and no credential resolved, throw `PROVIDER_AUTH_MISSING`
|
|
155
|
+
|
|
156
|
+
### 4.3 Backward Compatibility Guarantees
|
|
157
|
+
|
|
158
|
+
All of the following must continue to work:
|
|
159
|
+
|
|
160
|
+
1. Existing config where `provider_config_env: SOME_KEY` and `SOME_KEY` exists in env
|
|
161
|
+
2. Existing env indirection usage with `AOP_PROVIDER_CONFIG_ENV=SOME_KEY` and `SOME_KEY` exists
|
|
162
|
+
3. New bootstrap usage with `AOP_PROVIDER_CONFIG_ENV=<actual_key>`
|
|
163
|
+
|
|
164
|
+
---
|
|
165
|
+
|
|
166
|
+
## 5. Configuration Contract Changes
|
|
167
|
+
|
|
168
|
+
### 5.1 Generated `agents.yaml` Shape
|
|
169
|
+
|
|
170
|
+
Local CLI branch example:
|
|
171
|
+
|
|
172
|
+
```yaml
|
|
173
|
+
version: 1
|
|
174
|
+
roles:
|
|
175
|
+
planner:
|
|
176
|
+
system_prompt_path: config/agentic/orchestrator/prompts/planner.system.md
|
|
177
|
+
builder:
|
|
178
|
+
system_prompt_path: config/agentic/orchestrator/prompts/builder.system.md
|
|
179
|
+
qa:
|
|
180
|
+
system_prompt_path: config/agentic/orchestrator/prompts/qa.system.md
|
|
181
|
+
missing_prompt_behavior: ignore
|
|
182
|
+
runtime:
|
|
183
|
+
default_provider: codex
|
|
184
|
+
default_model: local-default
|
|
185
|
+
role_provider_overrides: {}
|
|
186
|
+
```
|
|
187
|
+
|
|
188
|
+
API-backed branch with fallback example:
|
|
189
|
+
|
|
190
|
+
```yaml
|
|
191
|
+
runtime:
|
|
192
|
+
default_provider: gemini
|
|
193
|
+
default_model: gemini-default
|
|
194
|
+
provider_config_env: AOP_PROVIDER_CONFIG_ENV
|
|
195
|
+
role_provider_overrides: {}
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
### 5.2 Schema/Docs Clarification
|
|
199
|
+
|
|
200
|
+
Update `agents.schema.json` field description for `runtime.provider_config_env` to clarify:
|
|
201
|
+
|
|
202
|
+
- optional for local CLI providers
|
|
203
|
+
- when set, should be an env var name
|
|
204
|
+
- runtime also supports `AOP_PROVIDER_CONFIG_ENV` fallback behavior
|
|
205
|
+
|
|
206
|
+
---
|
|
207
|
+
|
|
208
|
+
## 6. Secret Persistence Contract
|
|
209
|
+
|
|
210
|
+
### 6.1 Storage Location
|
|
211
|
+
|
|
212
|
+
Persist init-captured fallback key in repo root:
|
|
213
|
+
|
|
214
|
+
- `.env` file at `<repoRoot>/.env`
|
|
215
|
+
- key: `AOP_PROVIDER_CONFIG_ENV`
|
|
216
|
+
|
|
217
|
+
### 6.2 Write Semantics
|
|
218
|
+
|
|
219
|
+
Env write helper must be deterministic and idempotent:
|
|
220
|
+
|
|
221
|
+
1. if `.env` missing, create it
|
|
222
|
+
2. if `AOP_PROVIDER_CONFIG_ENV=` exists, replace value
|
|
223
|
+
3. else append new line
|
|
224
|
+
4. preserve unrelated entries
|
|
225
|
+
|
|
226
|
+
### 6.3 Security Requirements
|
|
227
|
+
|
|
228
|
+
- do not emit key values in logs, exceptions, test snapshots, or payloads
|
|
229
|
+
- avoid including raw key in `validation_warnings`/`next_steps`
|
|
230
|
+
- recommend users rotate/move secret to external manager in docs (non-blocking guidance)
|
|
231
|
+
|
|
232
|
+
---
|
|
233
|
+
|
|
234
|
+
## 7. File-Level Implementation Plan
|
|
235
|
+
|
|
236
|
+
### M41-M1: Init Wizard Branching + Env Bootstrap
|
|
237
|
+
|
|
238
|
+
#### AUTH-T-001: Extend Wizard Config Model
|
|
239
|
+
|
|
240
|
+
**Files:**
|
|
241
|
+
|
|
242
|
+
- `apps/control-plane/src/cli/init-command-handler.ts`
|
|
243
|
+
|
|
244
|
+
**Changes:**
|
|
245
|
+
|
|
246
|
+
- add wizard auth branch metadata (local CLI vs API-backed)
|
|
247
|
+
- add provider env prompt only in API-backed branch
|
|
248
|
+
- add env existence validation helper (process env + `.env`)
|
|
249
|
+
- add fallback key capture + `.env` persistence helper
|
|
250
|
+
- conditionally render `provider_config_env` in generated `agents.yaml`
|
|
251
|
+
|
|
252
|
+
#### AUTH-T-002: Add `.env` Read/Write Utility
|
|
253
|
+
|
|
254
|
+
**Files (recommended):**
|
|
255
|
+
|
|
256
|
+
- `apps/control-plane/src/cli/env-file.ts` (new)
|
|
257
|
+
- `apps/control-plane/src/cli/init-command-handler.ts`
|
|
258
|
+
|
|
259
|
+
**Changes:**
|
|
260
|
+
|
|
261
|
+
- parse minimal dotenv key/value format needed for this feature
|
|
262
|
+
- implement upsert for `AOP_PROVIDER_CONFIG_ENV`
|
|
263
|
+
|
|
264
|
+
### M41-M2: Provider Resolution Semantics Update
|
|
265
|
+
|
|
266
|
+
#### AUTH-T-003: Reclassify Provider Auth Requirements
|
|
267
|
+
|
|
268
|
+
**Files:**
|
|
269
|
+
|
|
270
|
+
- `apps/control-plane/src/providers/providers.ts`
|
|
271
|
+
|
|
272
|
+
**Changes:**
|
|
273
|
+
|
|
274
|
+
- replace current auth-required set to include only credential-required providers
|
|
275
|
+
- ensure local CLI providers do not throw `PROVIDER_AUTH_MISSING` when key is absent
|
|
276
|
+
|
|
277
|
+
#### AUTH-T-004: Add Backward-Compatible AOP Fallback Parser
|
|
278
|
+
|
|
279
|
+
**Files:**
|
|
280
|
+
|
|
281
|
+
- `apps/control-plane/src/providers/providers.ts`
|
|
282
|
+
|
|
283
|
+
**Changes:**
|
|
284
|
+
|
|
285
|
+
- implement precedence and dual-mode parsing from Section 4.2
|
|
286
|
+
- maintain output fields `provider_config_env` and `provider_config_ref`
|
|
287
|
+
|
|
288
|
+
### M41-M3: Documentation and Help Updates
|
|
289
|
+
|
|
290
|
+
#### AUTH-T-005: Update CLI Help + README
|
|
291
|
+
|
|
292
|
+
**Files:**
|
|
293
|
+
|
|
294
|
+
- `README.md`
|
|
295
|
+
- `apps/control-plane/src/cli/help-command-handler.ts`
|
|
296
|
+
- `agentic/orchestrator/schemas/agents.schema.json`
|
|
297
|
+
|
|
298
|
+
**Changes:**
|
|
299
|
+
|
|
300
|
+
- document init auth branching and fallback behavior
|
|
301
|
+
- clarify `--provider-config-env` applies to API-backed provider auth
|
|
302
|
+
- clarify local CLI providers generally use local CLI login state
|
|
303
|
+
|
|
304
|
+
---
|
|
305
|
+
|
|
306
|
+
## 8. Test Plan
|
|
307
|
+
|
|
308
|
+
### 8.1 Init Wizard Tests (`init-wizard.spec.ts`)
|
|
309
|
+
|
|
310
|
+
Add/adjust tests:
|
|
311
|
+
|
|
312
|
+
1. local-CLI branch does not ask for provider env var and generated `agents.yaml` omits `provider_config_env`
|
|
313
|
+
2. API-backed branch with existing env var writes that env var name to `agents.yaml`
|
|
314
|
+
3. API-backed branch with missing env var prompts for key and writes `.env` entry `AOP_PROVIDER_CONFIG_ENV=...`
|
|
315
|
+
4. fallback branch sets `runtime.provider_config_env: AOP_PROVIDER_CONFIG_ENV`
|
|
316
|
+
5. `--auto` path remains non-interactive and emits no provider config env
|
|
317
|
+
6. `.env` upsert replaces existing `AOP_PROVIDER_CONFIG_ENV` value without duplicating lines
|
|
318
|
+
|
|
319
|
+
### 8.2 Provider Resolver Tests (`providers.spec.ts`)
|
|
320
|
+
|
|
321
|
+
Add/adjust tests:
|
|
322
|
+
|
|
323
|
+
1. `codex` without credentials no longer throws `PROVIDER_AUTH_MISSING`
|
|
324
|
+
2. `claude` without credentials no longer throws `PROVIDER_AUTH_MISSING`
|
|
325
|
+
3. credential-required provider (initially `gemini`) still throws when unresolved
|
|
326
|
+
4. `AOP_PROVIDER_CONFIG_ENV=<KEY_VALUE>` direct fallback resolves as credential
|
|
327
|
+
5. legacy indirection `AOP_PROVIDER_CONFIG_ENV=SOME_ENV` with `SOME_ENV=value` still resolves
|
|
328
|
+
6. CLI/env/config precedence remains deterministic
|
|
329
|
+
|
|
330
|
+
### 8.3 Regression/Contract Tests
|
|
331
|
+
|
|
332
|
+
1. `npm run nx -- run control-plane:test`
|
|
333
|
+
2. `npm run nx -- run control-plane:build`
|
|
334
|
+
3. `npm run validate:mcp-contracts`
|
|
335
|
+
4. targeted manual smoke:
|
|
336
|
+
- `aop init` local CLI path
|
|
337
|
+
- `aop init` API-backed path with missing env var + key paste
|
|
338
|
+
- `aop run` using resulting config
|
|
339
|
+
|
|
340
|
+
---
|
|
341
|
+
|
|
342
|
+
## 9. Acceptance Criteria
|
|
343
|
+
|
|
344
|
+
- [ ] `aop init` asks whether user will use a local CLI provider
|
|
345
|
+
- [ ] local CLI path does not prompt for `provider_config_env`
|
|
346
|
+
- [ ] API-backed path prompts for provider then env var name
|
|
347
|
+
- [ ] init validates env var existence
|
|
348
|
+
- [ ] if missing, init captures key and stores it in `.env` as `AOP_PROVIDER_CONFIG_ENV`
|
|
349
|
+
- [ ] generated config references `AOP_PROVIDER_CONFIG_ENV` in fallback path
|
|
350
|
+
- [ ] codex/claude local CLI runs do not fail on missing provider auth env var
|
|
351
|
+
- [ ] gemini/API-backed runs still enforce credential presence
|
|
352
|
+
- [ ] docs and schema descriptions reflect updated behavior
|
|
353
|
+
- [ ] full test/build/contract validation passes
|
|
354
|
+
|
|
355
|
+
---
|
|
356
|
+
|
|
357
|
+
## 10. Risks and Mitigations
|
|
358
|
+
|
|
359
|
+
### Risk 1: Plaintext Secret in `.env`
|
|
360
|
+
|
|
361
|
+
- **Mitigation:** keep `.env` gitignored, avoid logging values, document rotation path.
|
|
362
|
+
|
|
363
|
+
### Risk 2: Breaking Existing Indirection Behavior
|
|
364
|
+
|
|
365
|
+
- **Mitigation:** keep legacy pointer interpretation in `AOP_PROVIDER_CONFIG_ENV` when it resolves to an existing env-var name.
|
|
366
|
+
|
|
367
|
+
### Risk 3: User Confusion About Local vs API Mode
|
|
368
|
+
|
|
369
|
+
- **Mitigation:** explicit init prompt text + README examples for both branches.
|
|
370
|
+
|
|
371
|
+
### Risk 4: Credential Leaks in Tests
|
|
372
|
+
|
|
373
|
+
- **Mitigation:** use placeholder test values and assert only presence/non-presence, never full output dumps.
|
|
374
|
+
|
|
375
|
+
---
|
|
376
|
+
|
|
377
|
+
## 11. Rollout and Migration
|
|
378
|
+
|
|
379
|
+
1. Ship init + resolver changes together to avoid mismatched behavior.
|
|
380
|
+
2. Existing repos require no migration; current `agents.yaml` remains valid.
|
|
381
|
+
3. On first `aop init --force`, local-CLI users get cleaner `agents.yaml` without `provider_config_env`.
|
|
382
|
+
4. Add release note callout:
|
|
383
|
+
- “Codex/Claude local CLI providers no longer require provider auth env by default.”
|
|
384
|
+
- “`AOP_PROVIDER_CONFIG_ENV` now supports direct credential fallback for init bootstrap.”
|
|
@@ -22,6 +22,7 @@ The original monolithic execution document covered too many orthogonal concerns
|
|
|
22
22
|
- `spec-files/agentic_orchestrator_observability_integrity_diagnostics_spec.md`
|
|
23
23
|
|
|
24
24
|
Implements:
|
|
25
|
+
|
|
25
26
|
- Q3 Deterministic Replay + Time-Travel Debugger
|
|
26
27
|
- Q4 Tamper-Evident Evidence Chain
|
|
27
28
|
- Q11 `aop doctor` Readiness + Drift Scanner
|
|
@@ -31,6 +32,7 @@ Implements:
|
|
|
31
32
|
- `spec-files/agentic_orchestrator_planning_review_quality_spec.md`
|
|
32
33
|
|
|
33
34
|
Implements:
|
|
35
|
+
|
|
34
36
|
- Q1 Semantic Collision Engine
|
|
35
37
|
- Q2 Plan Feasibility Scoring
|
|
36
38
|
- Q7 Prompt Contract Test Harness
|
|
@@ -42,6 +44,7 @@ Implements:
|
|
|
42
44
|
- `spec-files/agentic_orchestrator_enterprise_governance_dashboard_spec.md`
|
|
43
45
|
|
|
44
46
|
Implements:
|
|
47
|
+
|
|
45
48
|
- Q5 Compliance Policy Packs + Control Export
|
|
46
49
|
- Q6 Dashboard AuthN/AuthZ + SSO + Audit Federation
|
|
47
50
|
|
|
@@ -50,6 +53,7 @@ Implements:
|
|
|
50
53
|
- `spec-files/agentic_orchestrator_knowledge_canary_spec.md`
|
|
51
54
|
|
|
52
55
|
Implements:
|
|
56
|
+
|
|
53
57
|
- Q10 Cross-Feature Knowledge Graph
|
|
54
58
|
- Q12 Progressive Merge Guardrails (Canary Verification)
|
|
55
59
|
|
|
@@ -57,20 +61,20 @@ Implements:
|
|
|
57
61
|
|
|
58
62
|
## 3. Feature Outcome Matrix
|
|
59
63
|
|
|
60
|
-
| ID
|
|
61
|
-
|
|
62
|
-
| Q1
|
|
63
|
-
| Q2
|
|
64
|
-
| Q3
|
|
65
|
-
| Q4
|
|
66
|
-
| Q5
|
|
67
|
-
| Q6
|
|
68
|
-
| Q7
|
|
69
|
-
| Q8
|
|
70
|
-
| Q9
|
|
71
|
-
| Q10 | Knowledge Graph
|
|
72
|
-
| Q11 | `aop doctor`
|
|
73
|
-
| Q12 | Canary Merge Verification
|
|
64
|
+
| ID | Feature | Primary Outcome | Detailed Spec |
|
|
65
|
+
| --- | ---------------------------- | -------------------------------------------------- | ------------------------------------------------------------------ |
|
|
66
|
+
| Q1 | Semantic Collision Engine | Fewer hidden integration conflicts before build/QA | `agentic_orchestrator_planning_review_quality_spec.md` |
|
|
67
|
+
| Q2 | Plan Feasibility Scoring | Early detection of weak plans | `agentic_orchestrator_planning_review_quality_spec.md` |
|
|
68
|
+
| Q3 | Replay + Time-Travel | Faster incident RCA | `agentic_orchestrator_observability_integrity_diagnostics_spec.md` |
|
|
69
|
+
| Q4 | Tamper-Evident Evidence | Stronger audit trust | `agentic_orchestrator_observability_integrity_diagnostics_spec.md` |
|
|
70
|
+
| Q5 | Compliance Packs + Export | Faster enterprise onboarding | `agentic_orchestrator_enterprise_governance_dashboard_spec.md` |
|
|
71
|
+
| Q6 | Dashboard Auth + SSO + Audit | Production-safe dashboard operation | `agentic_orchestrator_enterprise_governance_dashboard_spec.md` |
|
|
72
|
+
| Q7 | Prompt Contract Tests | Prompt regression prevention | `agentic_orchestrator_planning_review_quality_spec.md` |
|
|
73
|
+
| Q8 | Flaky Intelligence | Higher gate signal quality | `agentic_orchestrator_planning_review_quality_spec.md` |
|
|
74
|
+
| Q9 | Review Briefs | Faster/high-quality human review | `agentic_orchestrator_planning_review_quality_spec.md` |
|
|
75
|
+
| Q10 | Knowledge Graph | Better cross-feature reuse | `agentic_orchestrator_knowledge_canary_spec.md` |
|
|
76
|
+
| Q11 | `aop doctor` | Faster readiness/drift triage | `agentic_orchestrator_observability_integrity_diagnostics_spec.md` |
|
|
77
|
+
| Q12 | Canary Merge Verification | Safer merge promotion | `agentic_orchestrator_knowledge_canary_spec.md` |
|
|
74
78
|
|
|
75
79
|
---
|
|
76
80
|
|
|
@@ -79,6 +83,7 @@ Implements:
|
|
|
79
83
|
### 4.1 Shared Constraints (Normative)
|
|
80
84
|
|
|
81
85
|
All split specs MUST preserve:
|
|
86
|
+
|
|
82
87
|
- deterministic MCP contract behavior
|
|
83
88
|
- explicit user approval for merge promotion
|
|
84
89
|
- policy/schema-driven validation
|
|
@@ -107,6 +112,7 @@ innovation:
|
|
|
107
112
|
### 4.3 Tool Contract Integration
|
|
108
113
|
|
|
109
114
|
Any new tool introduced in a child spec MUST include:
|
|
115
|
+
|
|
110
116
|
- catalog entry
|
|
111
117
|
- input/output schemas
|
|
112
118
|
- RBAC entry
|
|
@@ -120,40 +126,48 @@ Any new tool introduced in a child spec MUST include:
|
|
|
120
126
|
### M33 (must complete first)
|
|
121
127
|
|
|
122
128
|
From `observability_integrity_diagnostics_spec`:
|
|
129
|
+
|
|
123
130
|
- replay timeline
|
|
124
131
|
- evidence chain verification
|
|
125
132
|
- doctor scanner
|
|
126
133
|
|
|
127
134
|
Dependency rationale:
|
|
135
|
+
|
|
128
136
|
- provides baseline observability needed to debug and harden later milestones
|
|
129
137
|
|
|
130
138
|
### M34-M36
|
|
131
139
|
|
|
132
140
|
From `planning_review_quality_spec`:
|
|
141
|
+
|
|
133
142
|
- semantic collisions + feasibility scoring
|
|
134
143
|
- prompt contracts
|
|
135
144
|
- flaky intelligence
|
|
136
145
|
- review briefs
|
|
137
146
|
|
|
138
147
|
Dependency rationale:
|
|
148
|
+
|
|
139
149
|
- quality-admission and review optimizations depend on M33 observability artifacts
|
|
140
150
|
|
|
141
151
|
### M37
|
|
142
152
|
|
|
143
153
|
From `enterprise_governance_dashboard_spec`:
|
|
154
|
+
|
|
144
155
|
- compliance export
|
|
145
156
|
- dashboard auth/authz/audit federation
|
|
146
157
|
|
|
147
158
|
Dependency rationale:
|
|
159
|
+
|
|
148
160
|
- enterprise controls consume stable evidence/reporting from prior milestones
|
|
149
161
|
|
|
150
162
|
### M38
|
|
151
163
|
|
|
152
164
|
From `knowledge_canary_spec`:
|
|
165
|
+
|
|
153
166
|
- knowledge graph retrieval
|
|
154
167
|
- canary merge verification
|
|
155
168
|
|
|
156
169
|
Dependency rationale:
|
|
170
|
+
|
|
157
171
|
- canary and graph quality improve with historical artifacts generated by M33-M37
|
|
158
172
|
|
|
159
173
|
---
|
|
@@ -192,6 +206,7 @@ For each milestone:
|
|
|
192
206
|
## 8. Definition of Done (Master)
|
|
193
207
|
|
|
194
208
|
The split initiative is complete only when:
|
|
209
|
+
|
|
195
210
|
1. Q1-Q12 are delivered via their child specs.
|
|
196
211
|
2. all feature flags and schema/tool contracts are integrated and validated.
|
|
197
212
|
3. no regressions occur in existing deterministic behavior.
|