Parent Epic
#232
Purpose
Add a scheduled Process Sentinel worker service for the Docker Compose runtime so detections, evidence, and recommendations are generated from stored external-source events without manual make demo-* commands.
Acceptance Criteria
- Add a Process Sentinel worker entrypoint or command that runs repeatedly on a configurable interval.
- Worker reads events from the configured runtime event store.
- Worker writes detections, evidence items, recommendations, and supporting state to the configured runtime state store.
- Docker Compose starts the worker as
sentinel-worker.
- Worker interval is configurable via
SENTINEL_RUN_INTERVAL_SECONDS or equivalent.
- Logs clearly report run start, run completion, event count, detection count, evidence count, and recommendation count.
- Worker handles empty event stores and transient storage errors gracefully.
- Existing one-shot CLI remains available for tests and manual troubleshooting unless intentionally replaced.
- Tests cover one-shot behavior and scheduled-loop behavior with a short/fake interval.
Out of Scope
- New detection rules beyond what is needed to run the current Process Sentinel logic.
- ML/AI detection pipelines.
- Production scheduler/queue framework.
- HA worker coordination or distributed locking.
Dependencies
Validation
- Focused Process Sentinel worker tests.
make test-unit
make test-integration
- Compose smoke once connector ingestion is available.
Safety Boundary
The worker produces advisory detections and recommendations only. It must not perform autonomous action, equipment writeback, product disposition, QMS/MES writeback, or production CAPA creation.
Parent Epic
#232
Purpose
Add a scheduled Process Sentinel worker service for the Docker Compose runtime so detections, evidence, and recommendations are generated from stored external-source events without manual
make demo-*commands.Acceptance Criteria
sentinel-worker.SENTINEL_RUN_INTERVAL_SECONDSor equivalent.Out of Scope
Dependencies
Validation
make test-unitmake test-integrationSafety Boundary
The worker produces advisory detections and recommendations only. It must not perform autonomous action, equipment writeback, product disposition, QMS/MES writeback, or production CAPA creation.