mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity
Files
110e18127217488e679c64913a13bbcbf025aa90
stack/docs/reports/m4.2-implementation-plan.md
Jason Woltje a5416e4a66 fix(#180): Update pnpm to 10.27.0 in Dockerfiles 
Updated pnpm version from 10.19.0 to 10.27.0 to fix HIGH severity
vulnerabilities (CVE-2025-69262, CVE-2025-69263, CVE-2025-6926).

Changes:
- apps/api/Dockerfile: line 8
- apps/web/Dockerfile: lines 8 and 81

Fixes #180
2026-02-01 20:52:43 -06:00

10 KiB
Raw Blame History

M4.2-Infrastructure Implementation Plan

Milestone: M4.2-Infrastructure (0.0.4) Date: 2026-02-01 Orchestrator: Claude Opus 4.5

Issue Summary

Issue Title Phase Priority Depends On Est. Tokens Model
#162 [EPIC] Mosaic Component Architecture - - All 0 manual
#163 [INFRA-001] Add BullMQ dependencies 1 p0 none 15,000 haiku
#164 [INFRA-002] Database schema for job tracking 1 p0 none 40,000 sonnet
#165 [INFRA-003] BullMQ module setup 1 p0 #163 45,000 sonnet
#166 [INFRA-004] Stitcher module structure 2 p0 #165 50,000 sonnet
#167 [INFRA-005] Runner jobs CRUD and queue submission 2 p0 #164, #165 55,000 sonnet
#168 [INFRA-006] Job steps tracking 2 p0 #164, #167 45,000 sonnet
#169 [INFRA-007] Job events and audit logging 2 p0 #164, #167 55,000 sonnet
#170 [INFRA-008] mosaic-bridge module for Discord 3 p1 #166 55,000 sonnet
#171 [INFRA-009] Chat command parsing 3 p1 #170 40,000 sonnet
#172 [INFRA-010] Herald status updates 3 p1 #169, #170 50,000 sonnet
#173 [INFRA-011] WebSocket gateway for job events 4 p1 #169 45,000 sonnet
#174 [INFRA-012] SSE endpoint for CLI consumers 4 p1 #169 40,000 sonnet
#175 [INFRA-013] End-to-end test harness 5 p0 Phase 1-4 65,000 sonnet
#176 [INFRA-014] Integration with M4.1 coordinator 5 p0 All M4.2 75,000 opus
#179 fix(security): Update Node.js dependencies - HIGH none 12,000 haiku
#180 fix(security): Update pnpm in Dockerfiles - HIGH none 10,000 haiku
#181 fix(security): Update Go stdlib in postgres - HIGH none 15,000 haiku

Total Estimated Tokens: ~712,000

Dependency Graph

Phase 1: Core Infrastructure (Foundation)
┌───────────────────────────────────────────────────────────────┐
│                                                               │
│   #163 BullMQ deps ──────┬──► #165 BullMQ module             │
│                          │                                    │
│   #164 Database schema ──┼──────────────────────────────────►│
│                          │                                    │
│   #179,#180,#181 ◄───────┴─── Security (parallel anytime)    │
│                                                               │
└───────────────────────────────────────────────────────────────┘
                              │
                              ▼
Phase 2: Stitcher Service
┌───────────────────────────────────────────────────────────────┐
│                                                               │
│   #165 ──► #166 Stitcher module ──────────────────────────►  │
│                                                               │
│   #164,#165 ──► #167 Runner jobs CRUD ──┬──► #168 Job steps  │
│                                         │                     │
│                                         └──► #169 Job events │
│                                                               │
└───────────────────────────────────────────────────────────────┘
                              │
                              ▼
Phase 3: Chat Integration         Phase 4: Real-time Status
┌──────────────────────────┐     ┌────────────────────────────┐
│                          │     │                            │
│ #166 ──► #170 Bridge     │     │ #169 ──► #173 WebSocket    │
│          │               │     │          │                 │
│          ▼               │     │          └──► #174 SSE     │
│     #171 Parser          │     │                            │
│          │               │     │                            │
│          └──┬──► #172    │     │                            │
│  #169 ─────┘   Herald    │     │                            │
│                          │     │                            │
└──────────────────────────┘     └────────────────────────────┘
                              │
                              ▼
Phase 5: Integration
┌───────────────────────────────────────────────────────────────┐
│                                                               │
│   All Phase 1-4 ──► #175 E2E test harness                    │
│                                                               │
│   All M4.2 ──► #176 Integration with M4.1 coordinator        │
│                                                               │
│   All complete ──► #162 EPIC (close)                         │
│                                                               │
└───────────────────────────────────────────────────────────────┘

Execution Plan (2 Parallel Agents Max)

Wave 0: Security (Can run first, independent)

Agent A Agent B
#179 Node.js deps #180 pnpm Dockerfiles
#181 Go stdlib -

Wave 1: Foundation (Phase 1)

Agent A Agent B
#163 BullMQ deps #164 Database schema
#165 BullMQ module (wait for #163)

Wave 2: Stitcher Core (Phase 2, Part 1)

Agent A Agent B
#166 Stitcher module #167 Runner jobs CRUD

Wave 3: Stitcher Events (Phase 2, Part 2)

Agent A Agent B
#168 Job steps #169 Job events

Wave 4: Chat + Real-time (Phase 3 + 4)

Agent A Agent B
#170 Bridge module #173 WebSocket gateway
#171 Command parser #174 SSE endpoint

Wave 5: Herald + E2E Setup

Agent A Agent B
#172 Herald updates #175 E2E test harness (start)

Wave 6: Integration (Phase 5)

Agent A Agent B
#175 E2E complete #176 M4.1 integration

Wave 7: Closure

Agent A Agent B
Close #162 EPIC Final verification

Quality Gates (Mandatory - Cannot Be Bypassed)

Every issue must pass:

  1. Unit Tests - TDD required, minimum 85% coverage
  2. Type Check - pnpm typecheck must pass
  3. Lint - pnpm lint must pass
  4. Build - pnpm build must pass
  5. Code Review - Independent agent review before merge
  6. QA Verification - Functional testing by separate agent

Agent Protocol

  1. Before starting: Read issue details, check dependencies are complete
  2. Create scratchpad: docs/scratchpads/{issue#}-{short-name}.md
  3. Follow TDD: Write tests first (RED), implement (GREEN), refactor
  4. Commit format: <type>(#{issue}): description
  5. Quality gates: Run all gates before marking complete
  6. Code review: Request independent review
  7. Close issue: Add completion comment with summary

Orchestrator Checkpoints

  • Wave 0 complete (security)
  • Wave 1 complete (foundation)
  • Wave 2 complete (stitcher core)
  • Wave 3 complete (stitcher events)
  • Wave 4 complete (chat + real-time)
  • Wave 5 complete (herald + E2E setup)
  • Wave 6 complete (integration)
  • Wave 7 complete (closure)
  • All issues closed
  • EPIC #162 closed
  • Token tracking report finalized

Risk Mitigation

  1. Dependency conflicts: BullMQ + existing ioredis - Agent must verify compatibility
  2. Schema migrations: Test on dev database before production
  3. Discord API rate limits: Implement proper throttling in bridge module
  4. WebSocket scaling: Design for horizontal scaling from start
  5. Integration complexity: Phase 5 may require opus-level reasoning

Notes

  • Maximum 2 parallel agents to prevent merge conflicts
  • All agents must pull latest before starting work
  • Coordinate via git commits, not direct communication
  • Security issues are HIGH priority but don't block feature work
Reference in New Issue View Git Blame Copy Permalink