busya/ss-tools
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore(specs): move clean-repo-enterprise spec from 020 to 023

Browse Source
This commit is contained in:
busya
2026-03-03 19:50:53 +03:00
parent da24fb9253
commit 19898b1570
10 changed files with 1549 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
specs/023-clean-repo-enterprise/tasks.md Normal file
View File

@@ -0,0 +1,208 @@
# Tasks: Clean Repository Enterprise Preparation
**Input**: Design documents from `/specs/023-clean-repo-enterprise/`
**Prerequisites**: [`plan.md`](./plan.md), [`spec.md`](./spec.md), [`ux_reference.md`](./ux_reference.md), [`research.md`](./research.md), [`data-model.md`](./data-model.md), [`contracts/`](./contracts)
**Tests**: Тестовые задачи включены выборочно для CRITICAL-контрактов и независимой проверки user stories.
**Organization**: Tasks grouped by user story for independent implementation and validation.
## Format: `[ID] [P?] [Story] Description`
---
## Phase 1: Setup (Shared Infrastructure)
**Purpose**: Подготовка каркаса clean-release подсистемы и мест хранения артефактов.
- [ ] T001 Create feature package skeleton for clean release modules in `backend/src/services/clean_release/__init__.py`
- [ ] T002 [P] Create clean release domain models module in `backend/src/models/clean_release.py`
- [ ] T003 [P] Create clean release API route module placeholder in `backend/src/api/routes/clean_release.py`
- [ ] T004 [P] Create TUI script entrypoint placeholder in `backend/src/scripts/clean_release_tui.py`
- [ ] T005 Register clean release router export in `backend/src/api/routes/__init__.py`
---
## Phase 2: Foundational (Blocking Prerequisites)
**Purpose**: Блокирующие основы, обязательные до user stories.
**⚠️ CRITICAL**: No user story work can begin until this phase is complete.
- [ ] T006 Implement core enums and lifecycle models (`ReleaseCandidate`, `CleanProfilePolicy`, `ResourceSourceRegistry`, `DistributionManifest`, `ComplianceCheckRun`, `ComplianceViolation`, `ComplianceReport`) in `backend/src/models/clean_release.py`
- [ ] T007 [P] Implement persistence adapter for clean release entities in `backend/src/services/clean_release/repository.py`
- [ ] T008 [P] Implement compliance stage constants and run state machine helpers in `backend/src/services/clean_release/stages.py`
- [ ] T009 Wire clean release dependencies provider in `backend/src/dependencies.py`
- [ ] T010 Add API router include for clean release endpoints in `backend/src/app.py`
- [ ] T011 Add baseline fixtures for clean release policy/candidate/report payloads in `backend/tests/fixtures/clean_release/fixtures_clean_release.json`
**Checkpoint**: Foundation ready — user story implementation can now begin.
---
## Phase 3: User Story 1 - Чистый корпоративный релиз без тестовых данных (Priority: P1) 🎯 MVP
**Goal**: Формировать enterprise clean-дистрибутив без test/demo payloads с детерминированным manifest.
**Independent Test**: На одном релиз-кандидате с тестовыми артефактами получить `excluded-prohibited`, на чистом — получить manifest без запрещённых категорий.
### Tests for User Story 1
- [ ] T012 [P] [US1] Add unit tests for artifact classification and deterministic decisions in `backend/tests/services/clean_release/test_policy_engine.py`
- [ ] T013 [P] [US1] Add integration test for manifest generation consistency in `backend/tests/services/clean_release/test_manifest_builder.py`
### Implementation for User Story 1
- [ ] T014 [US1] Implement `CleanPolicyEngine` (CRITICAL: PRE: active policy + valid registry; POST: classification in [required-system|allowed|excluded-prohibited]; TESTS: fixture `policy_enterprise_clean`, edges `conflicting_rules`/`missing_registry`/`empty_prohibited_categories`) in `backend/src/services/clean_release/policy_engine.py`
- [ ] T015 [US1] Implement distribution manifest builder and deterministic hash logic in `backend/src/services/clean_release/manifest_builder.py`
- [ ] T016 [US1] Implement release candidate preparation service flow in `backend/src/services/clean_release/preparation_service.py`
- [ ] T017 [US1] Expose candidate preparation API handler in `backend/src/api/routes/clean_release.py`
- [ ] T018 [US1] Verify implementation matches `ux_reference.md` (Happy Path & Errors) in `specs/023-clean-repo-enterprise/ux_reference.md`
**Checkpoint**: US1 independently functional and testable.
---
## Phase 4: User Story 2 - Полностью изолированная поставка без внешнего интернета (Priority: P1)
**Goal**: Гарантировать strict internal-only source policy и блокировать внешние endpoints.
**Independent Test**: При наличии внешнего endpoint выпуск блокируется; при internal-only источниках этап source isolation проходит.
### Tests for User Story 2
- [ ] T019 [P] [US2] Add unit tests for internal source registry validation in `backend/tests/services/clean_release/test_source_isolation.py`
- [ ] T020 [P] [US2] Add integration test for external endpoint blocking in `backend/tests/api/routes/test_clean_release_source_policy.py`
### Implementation for User Story 2
- [ ] T021 [US2] Implement source isolation validator service in `backend/src/services/clean_release/source_isolation.py`
- [ ] T022 [US2] Extend `CleanPolicyEngine` with source registry checks for external endpoint detection in `backend/src/services/clean_release/policy_engine.py`
- [ ] T023 [US2] Add source registry API contract handling (`internal-only` validation errors) in `backend/src/api/routes/clean_release.py`
- [ ] T024 [US2] Update TUI view model to display Allowed Internal Sources panel and External Source blocking messages in `backend/src/scripts/clean_release_tui.py`
- [ ] T025 [US2] Verify implementation matches `ux_reference.md` (Happy Path & Errors) in `specs/023-clean-repo-enterprise/ux_reference.md`
**Checkpoint**: US2 independently functional and testable.
---
## Phase 5: User Story 3 - Обязательная проверка соответствия перед выпуском (Priority: P2)
**Goal**: Реализовать обязательный blocking compliance gate с отчётностью для аудита.
**Independent Test**: Запуск проверки возвращает `COMPLIANT` только при pass всех обязательных стадий; иначе `BLOCKED` с violation details.
### Tests for User Story 3
- [ ] T026 [P] [US3] Add orchestrator state machine tests for stage pass/fail transitions in `backend/tests/services/clean_release/test_compliance_orchestrator.py`
- [ ] T027 [P] [US3] Add report builder validation tests for counters and blocking violations in `backend/tests/services/clean_release/test_report_builder.py`
- [ ] T028 [P] [US3] Add API contract tests for `/api/clean-release/checks*` and `/api/clean-release/reports/{id}` in `backend/tests/api/routes/test_clean_release_api.py`
### Implementation for User Story 3
- [ ] T029 [US3] Implement `CleanComplianceOrchestrator` (CRITICAL: PRE: candidate exists + active policy; POST: final status COMPLIANT/BLOCKED/FAILED; TESTS: fixture `compliant_candidate`, edges `stage_failure_blocks_release`/`missing_stage_result`/`report_generation_error`) in `backend/src/services/clean_release/compliance_orchestrator.py`
- [ ] T030 [US3] Implement `ComplianceReportBuilder` (CRITICAL: PRE: terminal run state; POST: report counters consistent with violations; TESTS: fixture `blocked_with_two_violations`, edges `empty_violations_for_blocked`/`counter_mismatch`/`missing_operator_summary`) in `backend/src/services/clean_release/report_builder.py`
- [ ] T031 [US3] Implement clean release API endpoints from `contracts/api.yaml` in `backend/src/api/routes/clean_release.py`
- [ ] T032 [US3] Add audit logging hooks for preparation/check/report lifecycle in `backend/src/services/clean_release/audit_service.py`
- [ ] T033 [US3] Verify implementation matches `ux_reference.md` (Happy Path & Errors) in `specs/023-clean-repo-enterprise/ux_reference.md`
**Checkpoint**: US3 independently functional and testable.
---
## Phase 6: User Story 4 - Прозрачный операционный регламент (Priority: P3)
**Goal**: Обеспечить воспроизводимый runbook для операторов и onboarding без устных договорённостей.
**Independent Test**: Новый инженер выполняет сценарий только по документации и получает валидный результат проверки.
### Implementation for User Story 4
- [ ] T034 [US4] Update operator runbook with enterprise clean lifecycle and recovery actions in `docs/installation.md`
- [ ] T035 [US4] Add dedicated enterprise clean deployment section with internal-only source policy in `README.md`
- [ ] T036 [US4] Sync quick operational guidance with compliance statuses and report workflow in `specs/023-clean-repo-enterprise/quickstart.md`
- [ ] T037 [US4] Add troubleshooting matrix for blocked categories (`data-purity`, `external-source`, `operational-risk`) in `specs/023-clean-repo-enterprise/quickstart.md`
- [ ] T038 [US4] Verify implementation matches `ux_reference.md` (Happy Path & Errors) in `specs/023-clean-repo-enterprise/ux_reference.md`
**Checkpoint**: US4 independently functional and testable.
---
## Phase 7: Polish & Cross-Cutting Concerns
**Purpose**: Финализация, smoke-проверки и governance-замыкание.
- [ ] T039 [P] Run end-to-end smoke validation of TUI scenario from `quickstart.md` and record results in `specs/023-clean-repo-enterprise/quickstart.md`
- [ ] T040 [P] Validate OpenAPI contract consistency against implemented routes in `backend/tests/api/routes/test_clean_release_api.py`
- [ ] T041 Add release checklist artifact template for compliance evidence packaging in `specs/023-clean-repo-enterprise/checklists/release-readiness.md`
- [ ] T042 Resolve numeric-prefix governance conflict note (`020-*`) and document decision in `specs/023-clean-repo-enterprise/plan.md`
- [ ] T043 Update feature status traceability and final notes in `specs/023-clean-repo-enterprise/plan.md`
---
## Dependencies & Execution Order
### Phase Dependencies
- **Phase 1 (Setup)**: Start immediately.
- **Phase 2 (Foundational)**: Depends on Phase 1 — blocks all stories.
- **Phase 3 (US1)**: Depends on Phase 2.
- **Phase 4 (US2)**: Depends on Phase 2; can run in parallel with US1 if staffed.
- **Phase 5 (US3)**: Depends on Phase 2 and outputs from US1/US2.
- **Phase 6 (US4)**: Depends on stable outputs from US1US3.
- **Phase 7 (Polish)**: Depends on all selected user stories complete.
### User Story Dependencies
- **US1 (P1)**: Independent after foundation.
- **US2 (P1)**: Independent after foundation, integrates with US1 policy artifacts.
- **US3 (P2)**: Uses services from US1/US2 for full compliance gate.
- **US4 (P3)**: Depends on finalized behavior from US1US3.
### Parallel Opportunities
- Phase 1 tasks marked [P]: T002, T003, T004.
- Phase 2 tasks marked [P]: T007, T008.
- US1 tests T012/T013 parallel.
- US2 tests T019/T020 parallel.
- US3 tests T026/T027/T028 parallel.
- Polish tasks T039/T040 parallel.
---
## Parallel Example: User Story 2
```bash
# Parallel test implementation
Task: "T019 [US2] Add unit tests for internal source registry validation in backend/tests/services/clean_release/test_source_isolation.py"
Task: "T020 [US2] Add integration test for external endpoint blocking in backend/tests/api/routes/test_clean_release_source_policy.py"
# Parallel implementation after tests
Task: "T021 [US2] Implement source isolation validator service in backend/src/services/clean_release/source_isolation.py"
Task: "T024 [US2] Update TUI view model for Allowed Internal Sources and blocking messages in backend/src/scripts/clean_release_tui.py"
```
---
## Implementation Strategy
### MVP First (US1)
1. Complete Phase 1 + Phase 2.
2. Deliver Phase 3 (US1) completely.
3. Validate US1 independently (clean distribution without test/demo data).
4. Demo MVP.
### Incremental Delivery
1. US1 (clean artifacts)
2. US2 (strict internal-only sources)
3. US3 (blocking compliance gate + reports)
4. US4 (operational runbook and onboarding)
5. Polish and governance closure.
### UX Preservation Check
- Tasks explicitly preserve TUI/ncurses interaction model from [`ux_reference.md`](./ux_reference.md).
- No task introduces web UI replacement for the primary operator flow.
- Each user story phase contains a mandatory UX conformance verification task.