8895b0df83
Adds a profile-gated compose overlay defining `postgres-federated`
(pgvector/pgvector:pg17, port 5433) and `valkey-federated`
(valkey/valkey:8-alpine, port 6380) with named volumes
(`pg_federated_data`, `valkey_federated_data`), healthchecks identical
to the base stack, and the existing `infra/pg-init` mount so the vector
extension is created automatically on first boot.
Both services are gated by `profiles: [federated]` so they never start
on a plain `docker compose up`. Usage:
docker compose -f docker-compose.federated.yml --profile federated up -d
The overlay is mutually exclusive with the base dev stack on host ports
5433/6380 (header comment documents this). Base file untouched.
Refs #460
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
8.8 KiB
Tasks — Federation v1
Single-writer: orchestrator only. Workers read but never modify.
Mission: federation-v1-20260419 Schema:
| id | status | description | issue | agent | branch | depends_on | estimate | notes |Status values:not-started|in-progress|done|blocked|failed|needs-qaAgent values:codex|glm-5.1|haiku|sonnet|opus|—(auto)Scope of this file: M1 is fully decomposed below. M2–M7 are placeholders pending each milestone's entry into active planning — the orchestrator expands them one milestone at a time to avoid speculative decomposition of work whose shape will depend on what M1 surfaces.
Milestone 1 — Federated tier infrastructure (FED-M1)
Goal: Gateway runs in federated tier with containerized PG+pgvector+Valkey. No federation logic yet. Existing standalone behavior does not regress.
| id | status | description | issue | agent | branch | depends_on | estimate | notes |
|---|---|---|---|---|---|---|---|---|
| FED-M1-01 | done | Extend mosaic.config.json schema: add "federated" to tier enum in validator + TS types. Keep local and standalone working. Update schema docs/README where referenced. |
#460 | sonnet | feat/federation-m1-tier-config | — | 4K | Shipped in PR #470. Renamed team → standalone; added team deprecation alias; added DEFAULT_FEDERATED_CONFIG. |
| FED-M1-02 | in-progress | Author docker-compose.federated.yml as an overlay profile: Postgres 17 + pgvector extension (port 5433), Valkey (6380), named volumes, healthchecks. Compose-up should boot cleanly on a clean machine. |
#460 | sonnet | feat/federation-m1-compose | FED-M1-01 | 5K | Bumped PG16→PG17 to match base compose. Overlay defines distinct postgres-federated/valkey-federated services, profile-gated. |
| FED-M1-03 | not-started | Add pgvector support to packages/storage/src/adapters/postgres.ts: create extension on init (idempotent), expose vector column type in schema helpers. No adapter changes for non-federated tiers. |
#460 | codex | feat/federation-m1-pgvector | FED-M1-02 | 8K | Extension create is idempotent CREATE EXTENSION IF NOT EXISTS vector. Gate on tier = federated. |
| FED-M1-04 | not-started | Implement apps/gateway/src/bootstrap/tier-detector.ts: reads config, asserts PG/Valkey/pgvector reachable for federated, fail-fast with actionable error message on failure. Unit tests for each failure mode. |
#460 | codex | feat/federation-m1-detector | FED-M1-03 | 8K | Structured error type with remediation hints. Logs which service failed, with host:port attempted. |
| FED-M1-05 | not-started | Write scripts/migrate-to-federated.ts: one-way migration from local (PGlite) / standalone (PG without pgvector) → federated. Dumps, transforms, loads; dry-run + confirm UX. Idempotent on re-run. |
#460 | codex | feat/federation-m1-migrate | FED-M1-04 | 10K | Do NOT run automatically. CLI subcommand mosaic migrate tier --to federated --dry-run. Safety rails. |
| FED-M1-06 | not-started | Update mosaic doctor: report current tier, required services, actual health per service, pgvector presence, overall green/yellow/red. Machine-readable JSON output flag for CI use. |
#460 | sonnet | feat/federation-m1-doctor | FED-M1-04 | 6K | Existing doctor output evolves; add --json flag. Green/yellow/red + remediation suggestions per issue. |
| FED-M1-07 | not-started | Integration test: gateway boots in federated tier with docker-compose federated profile; refuses to boot when PG unreachable (asserts fail-fast); pgvector extension query succeeds. |
#460 | sonnet | feat/federation-m1-integration | FED-M1-04 | 8K | Vitest + docker-compose test profile. One test file per assertion; real services, no mocks. |
| FED-M1-08 | not-started | Integration test for migration script: seed a local PGlite with representative data (tasks, notes, users, teams), run migration, assert row counts + key samples equal on federated PG. | #460 | sonnet | feat/federation-m1-migrate-test | FED-M1-05 | 6K | Runs against docker-compose federated profile; uses temp PGlite file; deterministic seed. |
| FED-M1-09 | not-started | Standalone regression: full agent-session E2E on existing standalone tier with a gateway built from this branch. Must pass without referencing any federation module. |
#460 | haiku | feat/federation-m1-regression | FED-M1-07 | 4K | Reuse existing e2e harness; just re-point at the federation branch build. Canary that we didn't break it. |
| FED-M1-10 | not-started | Code review pass: security-focused on the migration script (data-at-rest during migration) + tier detector (error-message sensitivity leakage). Independent reviewer, not authors of tasks 01-09. | #460 | sonnet | — | FED-M1-09 | 8K | Use feature-dev:code-reviewer agent. Specifically: no secrets in error messages; no partial-migration footguns. |
| FED-M1-11 | not-started | Docs update: docs/federation/ operator notes for tier setup; README blurb on federated tier; docs/guides/ entry for migration. Do NOT touch runbook yet (deferred to FED-M7). |
#460 | haiku | feat/federation-m1-docs | FED-M1-10 | 4K | Short, actionable. Link from MISSION-MANIFEST. No decisions captured here — those belong in PRD. |
| FED-M1-12 | not-started | PR, CI green, merge to main, close #460. | #460 | — | (aggregate) | FED-M1-11 | 3K | Queue-guard before push; wait for green; merge squashed; tea issue-close #460. |
M1 total estimate: ~74K tokens (over-budget vs 20K PRD estimate — explanation below)
Why over-budget: PRD's 20K estimate reflected implementation complexity only. The per-task breakdown includes tests, review, and docs as separate tasks per the delivery cycle, which catches the real cost. The final per-milestone budgets in MISSION-MANIFEST will be updated after M1 completes with actuals.
Milestone 2 — Step-CA + grant schema + admin CLI (FED-M2)
Deferred to mission planning when M1 is complete. Issue #461 tracks scope.
Milestone 3 — mTLS handshake + list/get + scope enforcement (FED-M3)
Deferred. Issue #462.
Milestone 4 — search + audit + rate limit (FED-M4)
Deferred. Issue #463.
Milestone 5 — cache + offline + OTEL (FED-M5)
Deferred. Issue #464.
Milestone 6 — revocation + auto-renewal + CRL (FED-M6)
Deferred. Issue #465.
Milestone 7 — multi-user hardening + acceptance suite (FED-M7)
Deferred. Issue #466.
Execution Notes
Agent assignment rationale:
codexfor most implementation tasks (OpenAI credit pool preferred for feature code)sonnetfor tests (pattern-based, moderate complexity),doctorwork (cross-cutting), and independent code reviewhaikufor docs and the standalone regression canary (cheapest tier for mechanical/verification work)- No
opusin M1 — save for cross-cutting architecture decisions if they surface later
Branch strategy: Each task gets its own feature branch off main. Tasks within a milestone merge in dependency order. Final aggregate PR (FED-M1-12) isn't a branch of its own — it's the merge of the last upstream task that closes the issue.
Queue guard: Every push and every merge in this mission must run ~/.config/mosaic/tools/git/ci-queue-wait.sh --purpose push|merge per Mosaic hard gate #6.