workspace-v1/01-fase-control-plane/PLANEACION/00-TAREAS.md

# FASE 1 - SUBFASE C: LISTA DE TAREAS

**Fase:** 1 - Control Plane
**Subfase:** C - Planeacion de Implementacion
**Estado:** Pendiente
**Dependencia:** Analisis completado

---

## RESUMEN DE TAREAS

| ID | Tarea | Prioridad | Agente | Dependencias |
|----|-------|-----------|--------|--------------|
| T1.1.1 | Crear estructura base control-plane | P0 | Architecture-Analyst | - |
| T1.1.2 | Crear carpetas orchestration | P0 | Architecture-Analyst | T1.1.1 |
| T1.1.3 | Crear carpetas registries | P0 | Architecture-Analyst | T1.1.1 |
| T1.1.4 | Crear carpetas manifests | P0 | Architecture-Analyst | T1.1.1 |
| T1.1.5 | Crear carpetas ci | P0 | DevOps-Agent | T1.1.1 |
| T1.2.1 | Crear ports.registry.yml | P0 | DevOps-Agent | T1.1.3 |
| T1.2.2 | Crear domains.registry.yml | P0 | DevOps-Agent | T1.1.3 |
| T1.2.3 | Crear databases.registry.yml | P0 | DevOps-Agent | T1.1.3 |
| T1.2.4 | Crear services.registry.yml | P1 | DevOps-Agent | T1.1.3 |
| T1.2.5 | Crear secrets.policy.yml | P1 | DevOps-Agent | T1.1.3 |
| T1.3.1 | Crear repos.manifest.yml | P0 | Architecture-Analyst | T1.1.4 |
| T1.3.2 | Crear environments.manifest.yml | P0 | Architecture-Analyst | T1.1.4 |
| T1.4.1 | Migrar devtools/scripts | P1 | DevOps-Agent | T1.1.1 |
| T1.4.2 | Crear validate-ports.sh | P1 | DevOps-Agent | T1.2.1 |
| T1.4.3 | Crear validate-domains.sh | P2 | DevOps-Agent | T1.2.2 |
| T1.4.4 | Crear validate-databases.sh | P2 | DevOps-Agent | T1.2.3 |

---

## DETALLE DE TAREAS

### T1.1.1: Crear estructura base control-plane

**Descripcion:** Crear la estructura de carpetas raiz del control-plane

**Comandos:**
```bash
mkdir -p /home/adrian/Documentos/workspace-v1/control-plane/{orchestration,registries,manifests,ci,devtools,docs}
```

**Validacion:**
```bash
ls -la /home/adrian/Documentos/workspace-v1/control-plane/
# Debe mostrar: orchestration, registries, manifests, ci, devtools, docs
```

**Entregable:** Estructura de carpetas creada

---

### T1.1.2: Crear carpetas orchestration

**Descripcion:** Crear subestructura de orchestration

**Comandos:**
```bash
mkdir -p /home/adrian/Documentos/workspace-v1/control-plane/orchestration/{agents/{perfiles,legacy},directivas/{simco,principios,legacy},templates,checklists,patrones,referencias,impactos,inventarios}
```

**Archivos a crear:**
```
orchestration/
  +-- README.md              # Descripcion del sistema
  +-- _INDEX.md              # Indice de contenido
```

---

### T1.1.3: Crear carpetas registries

**Descripcion:** Crear estructura para registries

**Comandos:**
```bash
mkdir -p /home/adrian/Documentos/workspace-v1/control-plane/registries
```

**Archivos a crear (templates vacios):**
```
registries/
  +-- README.md
  +-- ports.registry.yml
  +-- domains.registry.yml
  +-- databases.registry.yml
  +-- services.registry.yml
  +-- secrets.policy.yml
```

---

### T1.2.1: Crear ports.registry.yml

**Descripcion:** Crear archivo de registro de puertos con estructura completa

**Contenido esperado:**
```yaml
# ports.registry.yml
version: "1.0.0"
updated: "YYYY-MM-DD"

rules:
  public_ingress_only:
    description: "Solo reverse proxy expone puertos publicos"
    allowed_public_ports: [80, 443]
  internal_ranges:
    backend_api: "3000-3099"
    frontend_web: "3100-3199"
    databases: "5432-5499"
    cache: "6379-6399"

allocations:
  infrastructure:
    traefik:
      public: [80, 443]
      dashboard: { internal: 8080 }
    postgres:
      internal: 5432
    redis:
      internal: 6379

  gamilit:
    api:
      internal: 3000
      environment: [dev, prod]
    web:
      internal: 3001
      environment: [dev, prod]

  erp_suite:
    api:
      internal: 3010
      environment: [dev, prod]
    web:
      internal: 3011
      environment: [dev, prod]

  trading:
    api:
      internal: 3020
      environment: [dev, prod]
    web:
      internal: 3021
      environment: [dev, prod]
```

---

### T1.2.2: Crear domains.registry.yml

**Descripcion:** Crear archivo de registro de dominios

**Contenido esperado:**
```yaml
# domains.registry.yml
version: "1.0.0"
updated: "YYYY-MM-DD"

base_domains:
  production: "tu-dominio.com"
  development: "dev.tu-dominio.com"
  local: "localhost"

allocations:
  gamilit:
    production:
      api: "api.gamilit.tu-dominio.com"
      web: "gamilit.tu-dominio.com"
    development:
      api: "api.gamilit.dev.tu-dominio.com"
      web: "gamilit.dev.tu-dominio.com"
    local:
      api: "api.gamilit.localhost"
      web: "gamilit.localhost"

  erp_suite:
    production:
      api: "api.erp.tu-dominio.com"
      web: "erp.tu-dominio.com"
    # ... similar
```

---

### T1.2.3: Crear databases.registry.yml

**Descripcion:** Crear archivo de registro de bases de datos

**Contenido esperado:**
```yaml
# databases.registry.yml
version: "1.0.0"
updated: "YYYY-MM-DD"

postgres_instance:
  host: "localhost"
  port: 5432
  superuser: "postgres"

databases:
  gamilit:
    db_name: "gamilit_db"
    roles:
      owner: "app_gamilit_owner"
      runtime: "app_gamilit_runtime"
      migrator: "app_gamilit_migrator"
    schemas: ["public", "auth", "gamification"]
    rls_enabled: true

  erp_suite:
    db_name: "erp_suite_db"
    roles:
      owner: "app_erp_owner"
      runtime: "app_erp_runtime"
      migrator: "app_erp_migrator"
    schemas: ["core", "inventory", "sales", "hr"]
    rls_enabled: true

  trading:
    db_name: "trading_db"
    roles:
      owner: "app_trading_owner"
      runtime: "app_trading_runtime"
      migrator: "app_trading_migrator"
    schemas: ["public", "market", "portfolio"]
    rls_enabled: true

policies:
  runtime_restrictions:
    - "NO CREATE EXTENSION"
    - "NO CREATE ROLE"
    - "NO ALTER outside migrations"
  migration_requirements:
    - "Version controlled"
    - "Reversible (up/down)"
    - "Reviewed before apply"
```

---

### T1.3.1: Crear repos.manifest.yml

**Descripcion:** Crear manifiesto de repositorios

**Contenido esperado:**
```yaml
# repos.manifest.yml
version: "1.0.0"
updated: "YYYY-MM-DD"

layers:
  control_plane:
    description: "Meta-repositorio de gobernanza"
    repos:
      - name: "workspace-control-plane"
        path: "/home/adrian/Documentos/workspace-v1/control-plane"
        type: "governance"
        contains: ["orchestration", "registries", "manifests", "ci", "devtools"]

  products:
    description: "Repositorios de productos"
    repos:
      - name: "gamilit-platform"
        path: "/home/adrian/Documentos/workspace-v1/repos/gamilit-platform"
        type: "product"
        stack: ["nestjs", "react", "postgres"]

      - name: "erp-suite"
        path: "/home/adrian/Documentos/workspace-v1/repos/erp-suite"
        type: "product-suite"
        stack: ["express", "react", "postgres"]

      - name: "trading-platform"
        path: "/home/adrian/Documentos/workspace-v1/repos/trading-platform"
        type: "product"
        stack: ["express", "fastapi", "react", "postgres"]

  shared:
    description: "Repositorios compartidos"
    repos:
      - name: "shared-libs"
        path: "/home/adrian/Documentos/workspace-v1/repos/shared-libs"
        type: "library"
        packages: ["utils", "auth", "ui-components"]

      - name: "shared-infra"
        path: "/home/adrian/Documentos/workspace-v1/repos/shared-infra"
        type: "infrastructure"
        contains: ["reverse-proxy", "observability"]

      - name: "knowledge-base"
        path: "/home/adrian/Documentos/workspace-v1/repos/knowledge-base"
        type: "documentation"
        contains: ["sources", "indexes"]
```

---

### T1.3.2: Crear environments.manifest.yml

**Descripcion:** Crear manifiesto de ambientes

**Contenido esperado:**
```yaml
# environments.manifest.yml
version: "1.0.0"
updated: "YYYY-MM-DD"

environments:
  local:
    description: "Desarrollo local"
    network_prefix: "local_"
    domain_suffix: ".localhost"
    ssl: false

  development:
    description: "Ambiente de desarrollo compartido"
    network_prefix: "dev_"
    domain_suffix: ".dev.tu-dominio.com"
    ssl: true
    server: "mismo-servidor"

  staging:
    description: "Pre-produccion"
    network_prefix: "stg_"
    domain_suffix: ".staging.tu-dominio.com"
    ssl: true
    server: "mismo-servidor"

  production:
    description: "Produccion"
    network_prefix: "prod_"
    domain_suffix: ".tu-dominio.com"
    ssl: true
    server: "mismo-servidor"

isolation:
  strategy: "docker-networks"
  rules:
    - "Cada producto tiene su red por ambiente"
    - "Solo traefik conecta redes"
    - "No exposicion directa de puertos"
```

---

### T1.4.2: Crear validate-ports.sh

**Descripcion:** Script de validacion de puertos contra registry

**Contenido esperado:**
```bash
#!/bin/bash
# validate-ports.sh
# Valida que los puertos en docker-compose coincidan con ports.registry.yml

set -e

REGISTRY_FILE="${CONTROL_PLANE}/registries/ports.registry.yml"
COMPOSE_FILES=$(find . -name "docker-compose*.yml" -o -name "compose*.yml")

echo "=== Validando puertos contra registry ==="

# Extraer puertos del registry
ALLOWED_PORTS=$(yq '.allocations | .. | .internal // .public | .[]?' "$REGISTRY_FILE" 2>/dev/null | sort -u)

# Validar cada compose file
for file in $COMPOSE_FILES; do
    echo "Validando: $file"
    COMPOSE_PORTS=$(grep -oP '(?<=:)\d+(?=:)' "$file" 2>/dev/null || true)

    for port in $COMPOSE_PORTS; do
        if ! echo "$ALLOWED_PORTS" | grep -q "^$port$"; then
            echo "ERROR: Puerto $port en $file no esta en registry"
            exit 1
        fi
    done
done

echo "=== Validacion exitosa ==="
```

---

## ORDEN DE EJECUCION

```
Dia 1:
  [x] T1.1.1 - Estructura base
  [x] T1.1.2 - Carpetas orchestration
  [x] T1.1.3 - Carpetas registries
  [x] T1.1.4 - Carpetas manifests
  [x] T1.1.5 - Carpetas ci

Dia 2:
  [ ] T1.2.1 - ports.registry.yml
  [ ] T1.2.2 - domains.registry.yml
  [ ] T1.2.3 - databases.registry.yml
  [ ] T1.3.1 - repos.manifest.yml
  [ ] T1.3.2 - environments.manifest.yml

Dia 3:
  [ ] T1.2.4 - services.registry.yml
  [ ] T1.2.5 - secrets.policy.yml
  [ ] T1.4.1 - Migrar devtools
  [ ] T1.4.2 - validate-ports.sh
  [ ] T1.4.3 - validate-domains.sh
  [ ] T1.4.4 - validate-databases.sh
```

---

## CRITERIOS DE COMPLETITUD

```markdown
[ ] Todas las carpetas creadas
[ ] Todos los registries con estructura valida
[ ] Todos los manifests con estructura valida
[ ] Scripts de validacion funcionales
[ ] README.md en cada carpeta principal
[ ] Sin errores de sintaxis en YAMLs
```

---

**Siguiente paso:** Validar este plan en `01-VALIDACION.md`