Skip to content

Feature: Add scheduled Process Sentinel worker #239

Description

@smithaldon1

Parent Epic

#232

Purpose

Add a scheduled Process Sentinel worker service for the Docker Compose runtime so detections, evidence, and recommendations are generated from stored external-source events without manual make demo-* commands.

Acceptance Criteria

  • Add a Process Sentinel worker entrypoint or command that runs repeatedly on a configurable interval.
  • Worker reads events from the configured runtime event store.
  • Worker writes detections, evidence items, recommendations, and supporting state to the configured runtime state store.
  • Docker Compose starts the worker as sentinel-worker.
  • Worker interval is configurable via SENTINEL_RUN_INTERVAL_SECONDS or equivalent.
  • Logs clearly report run start, run completion, event count, detection count, evidence count, and recommendation count.
  • Worker handles empty event stores and transient storage errors gracefully.
  • Existing one-shot CLI remains available for tests and manual troubleshooting unless intentionally replaced.
  • Tests cover one-shot behavior and scheduled-loop behavior with a short/fake interval.

Out of Scope

  • New detection rules beyond what is needed to run the current Process Sentinel logic.
  • ML/AI detection pipelines.
  • Production scheduler/queue framework.
  • HA worker coordination or distributed locking.

Dependencies

Validation

  • Focused Process Sentinel worker tests.
  • make test-unit
  • make test-integration
  • Compose smoke once connector ingestion is available.

Safety Boundary

The worker produces advisory detections and recommendations only. It must not perform autonomous action, equipment writeback, product disposition, QMS/MES writeback, or production CAPA creation.

Metadata

Metadata

Assignees

No one assigned

    Labels

    FeaturebackendBackend service workdockerDocker and Docker Compose workprocess-sentinelProcess Sentinel detection work

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions