Jarvis
37675ae3f2
fix(federation/client): serialize cache fills, destroy evicted Agent, cover env-var guard
...
ci/woodpecker/pr/ci Pipeline was successful
ci/woodpecker/push/ci Pipeline was successful
- HIGH-A: resolveEntry now uses promise-cache pattern so concurrent
callers serialize on a single in-flight build, eliminating duplicate
key material in heap and duplicate DB round-trips
- HIGH-B: flushPeer destroys the evicted undici Agent so stale TLS
connections close on cert rotation
- MED-C: add regression test for PEER_MISCONFIGURED when
STEP_CA_ROOT_CERT_PATH is unset
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-23 22:56:57 -05:00
Jarvis
a4a6769a6d
fix(federation/client): pin Step-CA root, fix lockfile, harden cache test
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
CRIT-1: regenerate pnpm-lock.yaml so apps/gateway resolves undici@7.24 .6
(prior PR pushed package.json without lockfile update; CI failed with
ERR_PNPM_OUTDATED_LOCKFILE). Incidentally cleans 57 lines of stale
peer-dep entries.
CRIT-2: cache-hit test no longer swallows resolveEntry errors. Calls the
private method directly twice and asserts identity equality plus a
single DB select, removing the silent-failure path the prior assertion
allowed.
HIGH-1: mTLS Agent now pins Step-CA root via STEP_CA_ROOT_CERT_PATH.
Without the env var resolveEntry throws PEER_MISCONFIGURED, refusing to
dial peers against the public trust store. PEM is read once and cached
on the service instance.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
2026-04-23 22:30:09 -05:00
Jarvis
21650fb194
feat(federation): outbound mTLS FederationClient (FED-M3-08)
...
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/pr/ci Pipeline failed
Implements FederationClientService — a NestJS injectable that dials peer
gateways over mTLS (undici Agent with cert+sealed-key from federation_peers),
invokes list/get/capabilities verbs, validates responses via Zod, and surfaces
all failure modes as typed FederationClientError with a coherent error code
taxonomy (PEER_NOT_FOUND, PEER_INACTIVE, PEER_MISCONFIGURED, NETWORK,
FORBIDDEN, HTTP_{status}, INVALID_RESPONSE).
Per-peer Agent instances are cached in a Map for the service lifetime;
flushPeer(peerId) invalidates the cache for M5/M6 cert rotation and
revocation events.
Wired into FederationModule providers + exports so QuerySourceService
(M3-09) can inject it.
13 unit tests covering all required scenarios via undici MockAgent +
real sealClientKey/unsealClientKey round-trip.
Closes #462
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-23 22:16:52 -05:00
89c733e0b9
feat(federation): two-gateway test harness scaffold (FED-M3-02) ( #505 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-24 03:01:25 +00:00
ee3f2defd9
feat(types): federation v1 DTOs (FED-M3-01) ( #506 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline failed
2026-04-24 02:54:40 +00:00
7342c1290d
fix(federation): use real PEM certs in enrollment + ca service tests ( #507 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline failed
2026-04-24 02:43:42 +00:00
e64ddd2c1c
docs(federation): M3 mission planning — 14-task decomposition ( #504 )
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/push/publish Pipeline was successful
2026-04-24 01:13:40 +00:00
4ece6dc643
chore(federation): M2 milestone close (FED-M2-13) ( #503 )
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/tag/publish Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 06:09:54 +00:00
194c3b603e
docs(federation): M2 Step-CA setup guide + admin CLI reference (FED-M2-12) ( #502 )
ci/woodpecker/push/publish Pipeline failed
ci/woodpecker/push/ci Pipeline failed
2026-04-22 06:06:45 +00:00
fc1600b738
fix(federation): security hardening — OID verification, atomic activation, audit on failure ( #501 )
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/push/publish Pipeline failed
2026-04-22 06:02:52 +00:00
0ee5b14c68
test(federation): M2 E2E peer-add enrollment flow (FED-M2-10) ( #500 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 05:37:06 +00:00
3eee176cc3
test(federation): M2 integration tests (FED-M2-09) ( #499 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 05:08:24 +00:00
74fe60d8d6
feat(federation): admin controller + CLI federation commands (FED-M2-08) ( #498 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 04:39:46 +00:00
0bfaa56e9e
feat(federation): enrollment controller + single-use token flow (FED-M2-07) ( #497 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 04:23:19 +00:00
01dd6b9fa1
feat(federation): grants service CRUD + status transitions (FED-M2-06) ( #496 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 03:57:12 +00:00
1038ae76e1
feat(federation): Step-CA client service for grant certs (FED-M2-04) ( #494 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 03:34:37 +00:00
bf082d95a0
feat(federation): seal federation peer client keys at rest (FED-M2-05) ( #495 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 03:10:20 +00:00
bb24292cf7
fix(federation): healthcheck + restart policy for federated-test stacks ( #492 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 02:56:40 +00:00
f2cda52e1a
fix(deploy): bump gateway image digest to sha-9f1a081 [DEPLOY-IMG-FIX] ( #491 )
ci/woodpecker/push/publish Pipeline was successful
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-04-22 02:35:19 +00:00
7d7cf012f0
feat(federation): scope schema validator [FED-M2-03] ( #489 )
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/push/publish Pipeline failed
2026-04-22 02:31:13 +00:00
c56dda74aa
feat(federation): Step-CA sidecar in federated compose [FED-M2-02] ( #490 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline failed
2026-04-22 02:21:49 +00:00
9f1a08185e
docs(federation): S21 tracking — DEPLOY-01/02 done, IMG-FIX in flight, M2-01 in remediation ( #487 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-22 02:02:36 +00:00
d2e408656b
fix(docker): pnpm deploy for self-contained gateway runtime image ( #488 )
ci/woodpecker/push/publish Pipeline failed
ci/woodpecker/push/ci Pipeline failed
2026-04-22 02:02:29 +00:00
54c278b871
feat(db): federation schema — grants/peers/audit_log [FED-M2-01] ( #486 )
ci/woodpecker/push/publish Pipeline failed
ci/woodpecker/push/ci Pipeline failed
2026-04-22 02:02:21 +00:00
4dbd429203
feat(deploy): portainer stack template for federation test instances [DEPLOY-02] ( #485 )
ci/woodpecker/push/publish Pipeline was successful
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-04-22 01:34:44 +00:00
b985d7bfe2
docs(federation): M2 mission planning — TASKS decomposition + manifest update ( #483 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline failed
2026-04-22 01:24:00 +00:00
45e8f02c91
feat(mosaic-portainer): PORTAINER_INSECURE flag for self-signed TLS ( #484 )
ci/woodpecker/push/publish Pipeline failed
ci/woodpecker/push/ci Pipeline failed
2026-04-22 01:21:54 +00:00
54c422ab06
Merge pull request 'docs(federation): close FED-M1 milestone' ( #481 ) from feat/federation-m1-close into main
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
ci/woodpecker/tag/publish Pipeline was successful
2026-04-20 02:20:43 +00:00
Jarvis
b9fb8aab57
docs(federation): close FED-M1 milestone
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
- TASKS.md: mark FED-M1-12 done with PR/issue/tag references
- MISSION-MANIFEST.md: phase=M1 complete, progress 1/7, M1 row done with PR range #470-#481, session log appended
- scratchpad: Session 19 entry covering M1-09 → M1-12 with PR ledger and M1 retrospective learnings
Refs #460
2026-04-19 21:12:52 -05:00
78841f228a
docs(federation): operator setup + migration guides (FED-M1-11) ( #480 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-20 02:07:15 +00:00
dc4afee848
fix(storage): redact credentials in driver errors + advisory lock (FED-M1-10) ( #479 )
ci/woodpecker/push/ci Pipeline failed
ci/woodpecker/push/publish Pipeline failed
2026-04-20 02:02:57 +00:00
1e2b8ac8de
test(federation): standalone regression canary — no breakage from M1 (FED-M1-09) ( #478 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-20 01:46:35 +00:00
15d849c166
test(storage): integration test for migrate-tier (FED-M1-08) + camelCase column fix ( #477 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline failed
2026-04-20 01:40:02 +00:00
78251d4af8
test(federation): integration tests for federated tier gateway boot (FED-M1-07) ( #476 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-20 01:13:10 +00:00
1a4b1ebbf1
feat(gateway,storage): mosaic gateway doctor with tier health JSON (FED-M1-06) ( #475 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-20 01:00:39 +00:00
ccad30dd27
feat(storage): mosaic storage migrate-tier with dry-run + idempotency (FED-M1-05) ( #474 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-20 00:35:08 +00:00
4c2b177eab
feat(gateway): tier-detector with fail-fast PG/Valkey/pgvector probes (FED-M1-04) ( #473 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-20 00:07:07 +00:00
58169f9979
feat(storage): pgvector adapter support gated on tier=federated (FED-M1-03) ( #472 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-19 23:42:18 +00:00
51402bdb6d
feat(infra): docker-compose.federated.yml overlay (FED-M1-02) ( #471 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-19 23:21:31 +00:00
9c89c32684
feat(config): add federated tier + rename team→standalone (FED-M1-01) ( #470 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline failed
2026-04-19 23:11:11 +00:00
8aabb8c5b2
docs(mission): author MVP rollup manifest, archive install-ux-v2 ( #469 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-19 22:51:11 +00:00
66512550df
docs(federation): PRD, milestones, mission manifest, and M1 task breakdown ( #468 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-19 22:27:09 +00:00
46dd799548
docs(federation): PRD, milestones, mission manifest, and M1 task breakdown ( #467 )
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
2026-04-19 22:09:20 +00:00
5f03c05523
chore(release): @mosaicstack/mosaic 0.0.30 ( #459 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
Co-authored-by: Jason Woltje <jason@diversecanvas.com >
Co-committed-by: Jason Woltje <jason@diversecanvas.com >
2026-04-12 02:18:17 +00:00
c3f810bbd1
fix(mosaic): seed TOOLS.md from defaults on install ( #458 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
Co-authored-by: Jason Woltje <jason@diversecanvas.com >
Co-committed-by: Jason Woltje <jason@diversecanvas.com >
2026-04-12 02:02:21 +00:00
b2cbf898d7
docs(scratchpad): finalize yolo runtime hotfix evidence ( #456 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
Follow-up to mosaicstack/stack#455 .
Co-authored-by: Jason Woltje <jason@diversecanvas.com >
Co-committed-by: Jason Woltje <jason@diversecanvas.com >
2026-04-11 17:14:00 +00:00
b2cec8c6ba
fix(mosaic): stop yolo runtime from leaking runtime name as first user message ( #455 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
Fixes mosaicstack/stack#454
Co-authored-by: Jason Woltje <jason@diversecanvas.com >
Co-committed-by: Jason Woltje <jason@diversecanvas.com >
2026-04-11 16:57:43 +00:00
81c1775a03
chore(release): @mosaicstack/mosaic 0.0.29 ( #453 )
...
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/push/publish Pipeline was successful
ci/woodpecker/tag/publish Pipeline failed
Co-authored-by: Jason Woltje <jason@diversecanvas.com >
Co-committed-by: Jason Woltje <jason@diversecanvas.com >
2026-04-08 00:42:54 +00:00
f64ec12f39
fix(installer): preserve credentials dir and seed STANDARDS.md ( #452 )
...
ci/woodpecker/push/publish Pipeline failed
ci/woodpecker/push/ci Pipeline failed
Co-authored-by: Jason Woltje <jason@diversecanvas.com >
Co-committed-by: Jason Woltje <jason@diversecanvas.com >
2026-04-08 00:40:49 +00:00
026382325c
feat(framework): superpowers enforcement, typecheck hook, file-ownership rules ( #451 )
...
ci/woodpecker/manual/ci Pipeline was successful
ci/woodpecker/manual/publish Pipeline was successful
Co-authored-by: Jason Woltje <jason@diversecanvas.com >
Co-committed-by: Jason Woltje <jason@diversecanvas.com >
2026-04-07 00:44:22 +00:00
