Files

Pi Agent 633d6fc63a feat: add Docker Swarm initialization script with encrypted overlay (issue #95 )

Create swarm-init.sh with init/join/token/network/verify/leave commands.
Sets up encrypted overlay network (IPsec) for secure multi-node
communication. Idempotent, supports SWARM_ADVERTISE_ADDR for multi-NIC
hosts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-11 10:53:31 +01:00

14 KiB

Raw Blame History

Implementation Plans Index

Master Table

Issue	Title	Milestone	Status	Language	Plan
#7	Set up proto project structure and build tooling	Phase 1	`COMPLETED`	Protobuf	issue-007.md
#8	Define common.proto (shared types)	Phase 1	`COMPLETED`	Protobuf	issue-008.md
#9	Define audit.proto	Phase 1	`COMPLETED`	Protobuf	issue-009.md
#10	Define secrets.proto	Phase 1	`COMPLETED`	Protobuf	issue-010.md
#11	Define memory.proto	Phase 1	`COMPLETED`	Protobuf	issue-011.md
#12	Define model_gateway.proto	Phase 1	`COMPLETED`	Protobuf	issue-012.md
#13	Define search.proto	Phase 1	`COMPLETED`	Protobuf	issue-013.md
#14	Define tool_broker.proto	Phase 1	`COMPLETED`	Protobuf	issue-014.md
#15	Define orchestrator.proto	Phase 1	`COMPLETED`	Protobuf	issue-015.md
#16	Generate Rust stubs (prost/tonic)	Phase 1	`COMPLETED`	Rust	issue-016.md
#17	Generate Python stubs (grpcio-tools)	Phase 1	`COMPLETED`	Python	issue-017.md
#18	Scaffold Audit Service Rust project	Phase 2	`COMPLETED`	Rust	issue-018.md
#19	Implement append-only file log backend	Phase 2	`COMPLETED`	Rust	issue-019.md
#20	Implement Append gRPC endpoint	Phase 2	`COMPLETED`	Rust	issue-020.md
#21	Integration tests for Audit Service	Phase 2	`COMPLETED`	Rust	issue-021.md
#22	Scaffold Secrets Service Rust project	Phase 3	`COMPLETED`	Rust	issue-022.md
#23	Implement libsecret / D-Bus backend	Phase 3	`COMPLETED`	Rust	issue-023.md
#24	Implement kernel keyring fallback	Phase 3	`COMPLETED`	Rust	issue-024.md
#25	Implement GetSecret gRPC endpoint	Phase 3	`COMPLETED`	Rust	issue-025.md
#26	Integration tests for Secrets Service	Phase 3	`COMPLETED`	Rust	issue-026.md
#27	Scaffold Memory Service Rust project	Phase 4	`COMPLETED`	Rust	issue-027.md
#28	Set up DuckDB schema and VSS extension	Phase 4	`COMPLETED`	Rust	issue-028.md
#29	Implement embedding generation integration	Phase 4	`COMPLETED`	Rust	issue-029.md
#30	Implement staged retrieval (coarse-to-fine, 4 stages)	Phase 4	`COMPLETED`	Rust	issue-030.md
#31	Implement extraction step	Phase 4	`COMPLETED`	Rust	issue-031.md
#32	Implement semantic cache	Phase 4	`COMPLETED`	Rust	issue-032.md
#33	Implement provenance tagging and poisoning protection	Phase 4	`COMPLETED`	Rust	issue-033.md
#114	Tech debt: minor findings from issue #28 review	Phase 4	`COMPLETED`	Rust	issue-114.md
#116	Tech debt: minor findings from issue #29 review	Phase 4	`COMPLETED`	Rust	issue-116.md
#118	Tech debt: minor findings from issue #30 review	Phase 4	`COMPLETED`	Rust	issue-118.md
#120	Tech debt: minor findings from issue #31 review	Phase 4	`COMPLETED`	Rust	issue-120.md
#122	Tech debt: minor findings from issue #32 review	Phase 4	`COMPLETED`	Rust	issue-122.md
#126	Tech debt: minor findings from issue #33 review	Phase 4	`COMPLETED`	Rust	issue-126.md
#34	Implement WriteMemory gRPC endpoint	Phase 4	`COMPLETED`	Rust	issue-034.md
#35	Implement QueryMemory gRPC endpoint (server-streaming)	Phase 4	`COMPLETED`	Rust	issue-035.md
#36	Implement GetCorrelated gRPC endpoint	Phase 4	`COMPLETED`	Rust	issue-036.md
#37	Integration tests for Memory Service	Phase 4	`COMPLETED`	Rust	issue-037.md
#38	Scaffold Model Gateway Rust project	Phase 5	`COMPLETED`	Rust	issue-038.md
#39	Implement Ollama HTTP client	Phase 5	`COMPLETED`	Rust	issue-039.md
#40	Implement model routing logic	Phase 5	`COMPLETED`	Rust	issue-040.md
#41	Implement StreamInference gRPC endpoint	Phase 5	`COMPLETED`	Rust	issue-041.md
#42	Implement Inference + GenerateEmbedding endpoints	Phase 5	`COMPLETED`	Rust	issue-042.md
#43	Integration tests for Model Gateway	Phase 5	`COMPLETED`	Rust	issue-043.md
#44	Set up SearXNG Docker container	Phase 6	`COMPLETED`	Docker / YAML	issue-044.md
#45	Scaffold Search Service Python project	Phase 6	`COMPLETED`	Python	issue-045.md
#46	Implement SearXNG query + snippet filter	Phase 6	`COMPLETED`	Python	issue-046.md
#47	Implement readability-lxml extraction pipeline	Phase 6	`COMPLETED`	Python	issue-047.md
#48	Implement summarization step via Model Gateway	Phase 6	`COMPLETED`	Python	issue-048.md
#49	Implement Search gRPC endpoint	Phase 6	`COMPLETED`	Python	issue-049.md
#50	Integration tests for Search Service	Phase 6	`COMPLETED`	Python	issue-050.md
#51	Scaffold Tool Broker Rust project	Phase 7	`COMPLETED`	Rust	issue-051.md
#52	Implement Agent Type Manifest loader	Phase 7	`COMPLETED`	Rust	issue-052.md
#53	Enforcement layer 1: Session override check	Phase 7	`COMPLETED`	Rust	issue-053.md
#54	Enforcement layer 2: Agent type manifest check	Phase 7	`COMPLETED`	Rust	issue-054.md
#55	Enforcement layer 3: Lineage constraint enforcement	Phase 7	`COMPLETED`	Rust	issue-055.md
#56	Enforcement layer 4: Path allowlist check	Phase 7	`COMPLETED`	Rust	issue-056.md
#57	Enforcement layer 5: Network egress check	Phase 7	`COMPLETED`	Rust	issue-057.md
#58	Implement tool execution dispatch	Phase 7	`COMPLETED`	Rust	issue-058.md
#59	Implement tool discovery (DiscoverTools RPC)	Phase 7	`COMPLETED`	Rust	issue-059.md
#60	Implement loop and thrash detection	Phase 7	`COMPLETED`	Rust	issue-060.md
#61	Implement credential injection	Phase 7	`COMPLETED`	Rust	issue-061.md
#62	Implement prompt injection firewall	Phase 7	`COMPLETED`	Rust	issue-062.md
#63	Implement tool result tagging	Phase 7	`COMPLETED`	Rust	issue-063.md
#64	Implement ExecuteTool gRPC endpoint	Phase 7	`COMPLETED`	Rust	issue-064.md
#65	Implement ValidateCall gRPC endpoint (dry-run)	Phase 7	`COMPLETED`	Rust	issue-065.md
#66	Unit tests for each enforcement layer	Phase 7	`COMPLETED`	Rust	issue-066.md
#67	Integration tests for Tool Broker end-to-end	Phase 7	`COMPLETED`	Rust	issue-067.md
#68	Write researcher agent specification	Phase 8	`COMPLETED`	Markdown	issue-068.md
#69	Implement researcher agent loop (tool use cycle)	Phase 8	`COMPLETED`	Python	issue-069.md
#70	Implement context compaction for subagent	Phase 8	`COMPLETED`	Python	issue-070.md
#71	End-to-end validation of researcher agent	Phase 8	`COMPLETED`	Python	issue-071.md
#72	Scaffold Orchestrator Python project	Phase 9	`COMPLETED`	Python	issue-072.md
#73	Implement task decomposition	Phase 9	`COMPLETED`	Python	issue-073.md
#74	Implement parallel dispatch via asyncio	Phase 9	`COMPLETED`	Python	issue-074.md
#75	Implement orchestrator context management	Phase 9	`COMPLETED`	Python	issue-075.md
#76	Implement rolling context compaction	Phase 9	`COMPLETED`	Python	issue-076.md
#77	Implement memory write gating	Phase 9	`COMPLETED`	Python	issue-077.md
#78	Implement confidence signal handling	Phase 9	`COMPLETED`	Python	issue-078.md
#79	Implement session config application	Phase 9	`COMPLETED`	Python	issue-079.md
#80	Wire orchestrator to researcher subagent e2e	Phase 9	`COMPLETED`	Python	issue-080.md
#82	Implement fs_read and fs_write tool executors	Phase 10	`COMPLETED`	Rust	issue-082.md
#83	Implement run_code tool executor	Phase 10	`COMPLETED`	Rust	issue-083.md
#85	Implement run_shell and package_install executors	Phase 10	`COMPLETED`	Rust	issue-085.md
#81	Implement coder agent type	Phase 10	`COMPLETED`	Python	issue-081.md
#86	Implement assistant agent type	Phase 10	`COMPLETED`	Python	issue-086.md
#84	Implement sysadmin agent type	Phase 10	`COMPLETED`	Python	issue-084.md
#87	Test lineage constraint enforcement across agent types	Phase 10	`COMPLETED`	Rust	issue-087.md
#88	Integration tests for all agent types	Phase 10	`COMPLETED`	Python	issue-088.md
#89	Write Dockerfiles for Rust services	Phase 11	`COMPLETED`	Docker	issue-089.md
#90	Write Dockerfiles for Python services	Phase 11	`COMPLETED`	Docker	issue-090.md
#91	Write docker-compose.yml with internal network	Phase 11	`COMPLETED`	Docker / YAML	issue-091.md
#92	Configure Caddy v2 edge proxy	Phase 11	`COMPLETED`	Docker / Caddyfile	issue-092.md
#93	Configure secrets service D-Bus socket mounting	Phase 11	`COMPLETED`	Docker / YAML	issue-093.md
#94	Verify service DNS routing and connectivity	Phase 11	`COMPLETED`	Shell / Markdown	issue-094.md
#95	Initialize Docker Swarm and encrypted overlay	Phase 12	`COMPLETED`	Shell	issue-095.md

Status Legend

PLANNED — Plan written, not yet started
IMPLEMENTING — Currently being implemented
RETRY — Implementation failed, retry pending
COMPLETED — Verified and merged
BLOCKED — Blocked after max retries, needs manual intervention

Service Map

Audit Service

issue-009.md — audit.proto (AuditService, AuditEntry)
issue-018.md — Scaffold Audit Service Rust project
issue-019.md — Append-only file log backend
issue-020.md — Append gRPC endpoint with validation
issue-021.md — Integration tests (gRPC client→server)

Secrets Service

issue-010.md — secrets.proto (SecretsService, GetSecret)
issue-022.md — Scaffold Secrets Service Rust project
issue-023.md — libsecret / D-Bus backend (keyring crate)
issue-024.md — Kernel keyring fallback (linux-keyutils)
issue-025.md — GetSecret gRPC endpoint with audit logging
issue-026.md — Integration tests (mock audit, full gRPC flow)

Memory Service

issue-011.md — memory.proto (MemoryService, MemoryEntry)
issue-027.md — Scaffold Memory Service Rust project
issue-028.md — DuckDB schema, VSS extension, HNSW indexes, migrations
issue-029.md — Embedding generation integration (Model Gateway gRPC client, batch support, DuckDB storage)
issue-030.md — Staged retrieval pipeline (4-stage coarse-to-fine: HNSW search, description re-rank, corpus re-rank, threshold cutoff)
issue-031.md — Extraction step (Model Gateway inference for query extraction)
issue-032.md — Semantic cache (cosine similarity cache with TTL and eviction)
issue-033.md — Provenance tagging and poisoning protection
issue-034.md — WriteMemory gRPC endpoint (embedding + provenance + DuckDB storage + audit logging)
issue-035.md — QueryMemory gRPC endpoint (server-streaming, staged retrieval + extraction + cache)
issue-036.md — GetCorrelated gRPC endpoint (correlation lookup by memory ID, session, and explicit IDs + audit logging)

Model Gateway

issue-012.md — model_gateway.proto (ModelGatewayService)
issue-038.md — Scaffold Model Gateway Rust project
issue-039.md — Ollama HTTP client (reqwest, streaming, embeddings)
issue-040.md — Model routing logic (task complexity routing, alias expansion, audit logging)
issue-041.md — StreamInference gRPC endpoint (server-streaming, Ollama bridge, params mapping)

Search Service

issue-013.md — search.proto (SearchService)

Tool Broker

issue-014.md — tool_broker.proto (ToolBrokerService)
issue-082.md — fs_read and fs_write tool executors (file I/O with path canonicalization)
issue-083.md — run_code tool executor (sandboxed code execution with resource limits)

Orchestrator

issue-015.md — orchestrator.proto (OrchestratorService)
issue-072.md — Scaffold Orchestrator Python project
issue-073.md — Task decomposition (model-driven subtask planning, validation, fallback)
issue-074.md — Parallel dispatch via asyncio (dependency-aware scheduling, timeout, error handling)
issue-075.md — Orchestrator context management (state tracking, lineage, serialization, size monitoring)

Proto Definitions

issue-007.md — Proto project structure and build tooling
issue-008.md — Common proto shared types (SessionContext, AgentLineage, AgentType)

Infrastructure / DevOps

issue-016.md — Rust stub generation (prost/tonic via build.rs)
issue-017.md — Python stub generation (buf generate)

14 KiB Raw Blame History

Implementation Plans Index

Master Table

Status Legend

Service Map

Audit Service

Secrets Service

Memory Service

Model Gateway

Search Service

Tool Broker

Orchestrator

Proto Definitions

Infrastructure / DevOps

14 KiB

Raw Blame History