List view
Begin expanding ECLI beyond VMLab into the broader Professional Operations Workbench direction. This milestone starts adding additional operations panels and service-backed workflows after the Services Foundation and VMLab safety model are proven. Candidate scope: - File Manager Pro privileged write plans - System Doctor remediation plans - package/tooling diagnostics - service manager read-only inspection - SSH target model - first Kubernetes/OpenShift read-only inventory - first Terraform/Ansible read-only integration Non-goals: - no implicit production mutation - no cloud changes without plan preview - no Terraform apply without CommandPlanService - no Kubernetes mutation without explicit plan and confirmation - no secret display by default Architecture rule: All operational modules must use the same Services Foundation: CommandPlanService, PolicyEngine, AuditLogService, and PrivilegedActionService.
Due by August 19, 2026Add controlled runtime interaction features for VMLab. This milestone introduces interactive and mutating runtime operations, but only under the security model defined by the VMLab contracts. Scope: - serial console attach mode - single-attacher lock - terminal state save/restore - QMP mutating command mediation through CommandPlanService - QMP event stream integration - QMP diagnostics console - log viewer and redaction-on-view Non-goals: - no unmediated QMP mutation - no multiple interactive attachers - no raw guest output interpretation as host commands - no unredacted AI/export flows - no automatic destructive cleanup Security rule: Interactive attach and mutating QMP commands require explicit guardrails and tests before merge. Issues included later: feat: implement serial attach mode with exclusive lock feat: implement terminal state manager for attach/detach feat: route mutating QMP commands through CommandPlanService feat: implement QMP event viewer feat: implement redaction-on-view for VMLab logs
Due by July 31, 2026Introduce controlled, plan-mediated QEMU execution for VMLab. This milestone is the first point where real QEMU process execution may be enabled, but only through CommandPlanService, PolicyEngine, AuditLogService, and explicit user confirmation. Scope: - approved CommandPlan-based QEMU start - VMSupervisor process launch via validated argv - PID file lifecycle - QEMU stdout/stderr capture under approved log policy - graceful stop plan - crash detection and audit logging - dry-run mode preserved as default-safe path Non-goals: - no silent privilege escalation - no direct subprocess execution from UI - no raw sudo/doas/pkexec from VMLab - no automatic restart after crash - no mutating QMP outside approved plans - no hidden logs outside logs/ Security rule: Every process lifecycle mutation must be represented as a CommandPlan and audit-logged. Issues included later: feat: enable plan-mediated QEMU start feat: implement PID file lifecycle feat: implement QEMU stdout/stderr capture feat: implement graceful VM stop plan feat: add crash detection and audit integration
Due by July 15, 2026Extend the VMLab skeleton with read-only runtime awareness. This milestone adds the first safe runtime introspection features while preserving the no-mutation rule for dangerous operations. Scope: - VMSupervisor metadata model - dry-run/runtime status model - PID file format contract implementation - QMPClient read-only query support - QMP connection lifecycle for Unix sockets only - read-only VM status inspection - console follow mode for existing serial logs - RuntimeLogService read-only indexing - structured diagnostics for stale runtime artifacts Non-goals: - no real QEMU start/stop yet unless separately approved - no mutating QMP commands - no privileged remediation - no serial attach input - no log deletion/cleanup mutation by default Development invariant: All development logs and runtime evidence remain under repository-level logs/. Issues included later: feat: implement VMSupervisor metadata model feat: implement QMPClient read-only query support feat: implement VMLab read-only runtime status feat: implement serial console follow mode feat: implement RuntimeLogService read-only indexing
Due by June 30, 2026Implement the Phase 2A VMLab skeleton on top of the completed Services Foundation. Scope: - VMLab strategic architecture contracts - VMLab profile discovery - typed TOML profile schema validation - path safety validation - development logs invariant enforcement - dry-run QEMU argv generation - CommandPlanService integration for VM start plans - minimal VMLab CLI surface - VMLab security guardrail tests Non-goals: - no real QEMU execution - no real privileged remediation - no QMP mutation - no real VMSupervisor process lifecycle - no interactive serial attach - no log rotation mutation - no cloud or remote runtime workflows - no multi-VM orchestration Dependency: This milestone is blocked until v0.2.0 — Services Foundation is completed. Development invariant: All VMLab development logs, dry-run reports, smoke outputs, test evidence, and agent-generated debug artifacts must be written only under repository-level logs/.
Overdue by 4 day(s)•Due by June 10, 2026•4/8 issues closedEstablish the Phase 1 service-oriented foundation for ECLI. Scope: - license metadata normalization and repository hygiene before new implementation - repository-level logs/ invariant for all generated development artifacts - ECLI architecture contract corrections and approval - ConfigService with typed schema, migrations, and precedence - ProjectService with workspace discovery and project-local context - CommandPlan models, validators, and service-owned export support - BuiltInPolicyEngine with deterministic rules - AuditLogService JSONL with mandatory redaction - PrivilegedActionService refusal-only skeleton - SystemDoctor read-only skeleton and DoctorFinding → CommandPlan integration - ServiceRegistry composition root - minimal CLI surface for plan/doctor commands - characterization tests for Ecli.py behavior - initial Ecli.py reduction through service delegation Non-goals: - no real privileged execution - no plan apply in Phase 1 - no real remediation - no QEMU execution - no VMLab runtime mutation - no mutating QMP commands - no interactive console attach - no GUI Desktop Development invariant: All development logs, dry-run reports, smoke outputs, test evidence, and agent-generated debug artifacts must be written only under repository-level logs/.
Overdue by 14 day(s)•Due by May 31, 2026•25/27 issues closed