# FASE 1 - SUBFASE C: LISTA DE TAREAS **Fase:** 1 - Control Plane **Subfase:** C - Planeacion de Implementacion **Estado:** Pendiente **Dependencia:** Analisis completado --- ## RESUMEN DE TAREAS | ID | Tarea | Prioridad | Agente | Dependencias | |----|-------|-----------|--------|--------------| | T1.1.1 | Crear estructura base control-plane | P0 | Architecture-Analyst | - | | T1.1.2 | Crear carpetas orchestration | P0 | Architecture-Analyst | T1.1.1 | | T1.1.3 | Crear carpetas registries | P0 | Architecture-Analyst | T1.1.1 | | T1.1.4 | Crear carpetas manifests | P0 | Architecture-Analyst | T1.1.1 | | T1.1.5 | Crear carpetas ci | P0 | DevOps-Agent | T1.1.1 | | T1.2.1 | Crear ports.registry.yml | P0 | DevOps-Agent | T1.1.3 | | T1.2.2 | Crear domains.registry.yml | P0 | DevOps-Agent | T1.1.3 | | T1.2.3 | Crear databases.registry.yml | P0 | DevOps-Agent | T1.1.3 | | T1.2.4 | Crear services.registry.yml | P1 | DevOps-Agent | T1.1.3 | | T1.2.5 | Crear secrets.policy.yml | P1 | DevOps-Agent | T1.1.3 | | T1.3.1 | Crear repos.manifest.yml | P0 | Architecture-Analyst | T1.1.4 | | T1.3.2 | Crear environments.manifest.yml | P0 | Architecture-Analyst | T1.1.4 | | T1.4.1 | Migrar devtools/scripts | P1 | DevOps-Agent | T1.1.1 | | T1.4.2 | Crear validate-ports.sh | P1 | DevOps-Agent | T1.2.1 | | T1.4.3 | Crear validate-domains.sh | P2 | DevOps-Agent | T1.2.2 | | T1.4.4 | Crear validate-databases.sh | P2 | DevOps-Agent | T1.2.3 | --- ## DETALLE DE TAREAS ### T1.1.1: Crear estructura base control-plane **Descripcion:** Crear la estructura de carpetas raiz del control-plane **Comandos:** ```bash mkdir -p /home/adrian/Documentos/workspace-v1/control-plane/{orchestration,registries,manifests,ci,devtools,docs} ``` **Validacion:** ```bash ls -la /home/adrian/Documentos/workspace-v1/control-plane/ # Debe mostrar: orchestration, registries, manifests, ci, devtools, docs ``` **Entregable:** Estructura de carpetas creada --- ### T1.1.2: Crear carpetas orchestration **Descripcion:** Crear subestructura de orchestration **Comandos:** ```bash mkdir -p /home/adrian/Documentos/workspace-v1/control-plane/orchestration/{agents/{perfiles,legacy},directivas/{simco,principios,legacy},templates,checklists,patrones,referencias,impactos,inventarios} ``` **Archivos a crear:** ``` orchestration/ +-- README.md # Descripcion del sistema +-- _INDEX.md # Indice de contenido ``` --- ### T1.1.3: Crear carpetas registries **Descripcion:** Crear estructura para registries **Comandos:** ```bash mkdir -p /home/adrian/Documentos/workspace-v1/control-plane/registries ``` **Archivos a crear (templates vacios):** ``` registries/ +-- README.md +-- ports.registry.yml +-- domains.registry.yml +-- databases.registry.yml +-- services.registry.yml +-- secrets.policy.yml ``` --- ### T1.2.1: Crear ports.registry.yml **Descripcion:** Crear archivo de registro de puertos con estructura completa **Contenido esperado:** ```yaml # ports.registry.yml version: "1.0.0" updated: "YYYY-MM-DD" rules: public_ingress_only: description: "Solo reverse proxy expone puertos publicos" allowed_public_ports: [80, 443] internal_ranges: backend_api: "3000-3099" frontend_web: "3100-3199" databases: "5432-5499" cache: "6379-6399" allocations: infrastructure: traefik: public: [80, 443] dashboard: { internal: 8080 } postgres: internal: 5432 redis: internal: 6379 gamilit: api: internal: 3000 environment: [dev, prod] web: internal: 3001 environment: [dev, prod] erp_suite: api: internal: 3010 environment: [dev, prod] web: internal: 3011 environment: [dev, prod] trading: api: internal: 3020 environment: [dev, prod] web: internal: 3021 environment: [dev, prod] ``` --- ### T1.2.2: Crear domains.registry.yml **Descripcion:** Crear archivo de registro de dominios **Contenido esperado:** ```yaml # domains.registry.yml version: "1.0.0" updated: "YYYY-MM-DD" base_domains: production: "tu-dominio.com" development: "dev.tu-dominio.com" local: "localhost" allocations: gamilit: production: api: "api.gamilit.tu-dominio.com" web: "gamilit.tu-dominio.com" development: api: "api.gamilit.dev.tu-dominio.com" web: "gamilit.dev.tu-dominio.com" local: api: "api.gamilit.localhost" web: "gamilit.localhost" erp_suite: production: api: "api.erp.tu-dominio.com" web: "erp.tu-dominio.com" # ... similar ``` --- ### T1.2.3: Crear databases.registry.yml **Descripcion:** Crear archivo de registro de bases de datos **Contenido esperado:** ```yaml # databases.registry.yml version: "1.0.0" updated: "YYYY-MM-DD" postgres_instance: host: "localhost" port: 5432 superuser: "postgres" databases: gamilit: db_name: "gamilit_db" roles: owner: "app_gamilit_owner" runtime: "app_gamilit_runtime" migrator: "app_gamilit_migrator" schemas: ["public", "auth", "gamification"] rls_enabled: true erp_suite: db_name: "erp_suite_db" roles: owner: "app_erp_owner" runtime: "app_erp_runtime" migrator: "app_erp_migrator" schemas: ["core", "inventory", "sales", "hr"] rls_enabled: true trading: db_name: "trading_db" roles: owner: "app_trading_owner" runtime: "app_trading_runtime" migrator: "app_trading_migrator" schemas: ["public", "market", "portfolio"] rls_enabled: true policies: runtime_restrictions: - "NO CREATE EXTENSION" - "NO CREATE ROLE" - "NO ALTER outside migrations" migration_requirements: - "Version controlled" - "Reversible (up/down)" - "Reviewed before apply" ``` --- ### T1.3.1: Crear repos.manifest.yml **Descripcion:** Crear manifiesto de repositorios **Contenido esperado:** ```yaml # repos.manifest.yml version: "1.0.0" updated: "YYYY-MM-DD" layers: control_plane: description: "Meta-repositorio de gobernanza" repos: - name: "workspace-control-plane" path: "/home/adrian/Documentos/workspace-v1/control-plane" type: "governance" contains: ["orchestration", "registries", "manifests", "ci", "devtools"] products: description: "Repositorios de productos" repos: - name: "gamilit-platform" path: "/home/adrian/Documentos/workspace-v1/repos/gamilit-platform" type: "product" stack: ["nestjs", "react", "postgres"] - name: "erp-suite" path: "/home/adrian/Documentos/workspace-v1/repos/erp-suite" type: "product-suite" stack: ["express", "react", "postgres"] - name: "trading-platform" path: "/home/adrian/Documentos/workspace-v1/repos/trading-platform" type: "product" stack: ["express", "fastapi", "react", "postgres"] shared: description: "Repositorios compartidos" repos: - name: "shared-libs" path: "/home/adrian/Documentos/workspace-v1/repos/shared-libs" type: "library" packages: ["utils", "auth", "ui-components"] - name: "shared-infra" path: "/home/adrian/Documentos/workspace-v1/repos/shared-infra" type: "infrastructure" contains: ["reverse-proxy", "observability"] - name: "knowledge-base" path: "/home/adrian/Documentos/workspace-v1/repos/knowledge-base" type: "documentation" contains: ["sources", "indexes"] ``` --- ### T1.3.2: Crear environments.manifest.yml **Descripcion:** Crear manifiesto de ambientes **Contenido esperado:** ```yaml # environments.manifest.yml version: "1.0.0" updated: "YYYY-MM-DD" environments: local: description: "Desarrollo local" network_prefix: "local_" domain_suffix: ".localhost" ssl: false development: description: "Ambiente de desarrollo compartido" network_prefix: "dev_" domain_suffix: ".dev.tu-dominio.com" ssl: true server: "mismo-servidor" staging: description: "Pre-produccion" network_prefix: "stg_" domain_suffix: ".staging.tu-dominio.com" ssl: true server: "mismo-servidor" production: description: "Produccion" network_prefix: "prod_" domain_suffix: ".tu-dominio.com" ssl: true server: "mismo-servidor" isolation: strategy: "docker-networks" rules: - "Cada producto tiene su red por ambiente" - "Solo traefik conecta redes" - "No exposicion directa de puertos" ``` --- ### T1.4.2: Crear validate-ports.sh **Descripcion:** Script de validacion de puertos contra registry **Contenido esperado:** ```bash #!/bin/bash # validate-ports.sh # Valida que los puertos en docker-compose coincidan con ports.registry.yml set -e REGISTRY_FILE="${CONTROL_PLANE}/registries/ports.registry.yml" COMPOSE_FILES=$(find . -name "docker-compose*.yml" -o -name "compose*.yml") echo "=== Validando puertos contra registry ===" # Extraer puertos del registry ALLOWED_PORTS=$(yq '.allocations | .. | .internal // .public | .[]?' "$REGISTRY_FILE" 2>/dev/null | sort -u) # Validar cada compose file for file in $COMPOSE_FILES; do echo "Validando: $file" COMPOSE_PORTS=$(grep -oP '(?<=:)\d+(?=:)' "$file" 2>/dev/null || true) for port in $COMPOSE_PORTS; do if ! echo "$ALLOWED_PORTS" | grep -q "^$port$"; then echo "ERROR: Puerto $port en $file no esta en registry" exit 1 fi done done echo "=== Validacion exitosa ===" ``` --- ## ORDEN DE EJECUCION ``` Dia 1: [x] T1.1.1 - Estructura base [x] T1.1.2 - Carpetas orchestration [x] T1.1.3 - Carpetas registries [x] T1.1.4 - Carpetas manifests [x] T1.1.5 - Carpetas ci Dia 2: [ ] T1.2.1 - ports.registry.yml [ ] T1.2.2 - domains.registry.yml [ ] T1.2.3 - databases.registry.yml [ ] T1.3.1 - repos.manifest.yml [ ] T1.3.2 - environments.manifest.yml Dia 3: [ ] T1.2.4 - services.registry.yml [ ] T1.2.5 - secrets.policy.yml [ ] T1.4.1 - Migrar devtools [ ] T1.4.2 - validate-ports.sh [ ] T1.4.3 - validate-domains.sh [ ] T1.4.4 - validate-databases.sh ``` --- ## CRITERIOS DE COMPLETITUD ```markdown [ ] Todas las carpetas creadas [ ] Todos los registries con estructura valida [ ] Todos los manifests con estructura valida [ ] Scripts de validacion funcionales [ ] README.md en cada carpeta principal [ ] Sin errores de sintaxis en YAMLs ``` --- **Siguiente paso:** Validar este plan en `01-VALIDACION.md`