feat(sofiia-console): add guided runbook runner with http checks and audit integration

adds runbook_runs/runbook_steps state machine parses markdown runbooks into guided steps supports allowlisted http_check (health/metrics/audit) integrates runbook execution with audit trail exposes authenticated runbook runs API Made-with: Cursor
2026-03-03 04:49:19 -08:00
parent 4db1774a34
commit ad8bddf595
6 changed files with 771 additions and 0 deletions
--- a/services/sofiia-console/app/db.py
+++ b/services/sofiia-console/app/db.py
@@ -379,6 +379,40 @@ CREATE TABLE IF NOT EXISTS docs_index_meta (
    value TEXT NOT NULL DEFAULT ''
 );

+-- ── Runbook Runner (PR2) ───────────────────────────────────────────────────
+CREATE TABLE IF NOT EXISTS runbook_runs (
+    run_id        TEXT PRIMARY KEY,
+    runbook_path  TEXT NOT NULL,
+    status        TEXT NOT NULL DEFAULT 'running',
+    current_step  INTEGER NOT NULL DEFAULT 0,
+    created_at    REAL NOT NULL,
+    started_at    REAL,
+    finished_at   REAL,
+    operator_id   TEXT,
+    node_id       TEXT,
+    sofiia_url    TEXT,
+    data_json     TEXT,
+    evidence_path TEXT
+);
+CREATE INDEX IF NOT EXISTS idx_runbook_runs_status_created ON runbook_runs(status, created_at);
+CREATE INDEX IF NOT EXISTS idx_runbook_runs_path_created ON runbook_runs(runbook_path, created_at);
+
+CREATE TABLE IF NOT EXISTS runbook_steps (
+    run_id       TEXT NOT NULL,
+    step_index   INTEGER NOT NULL,
+    title        TEXT NOT NULL,
+    section      TEXT,
+    action_type  TEXT NOT NULL,
+    action_json  TEXT NOT NULL,
+    status       TEXT NOT NULL DEFAULT 'pending',
+    result_json  TEXT,
+    started_at   REAL,
+    finished_at  REAL,
+    PRIMARY KEY (run_id, step_index),
+    FOREIGN KEY (run_id) REFERENCES runbook_runs(run_id) ON DELETE CASCADE
+);
+CREATE INDEX IF NOT EXISTS idx_runbook_steps_run_status ON runbook_steps(run_id, status);
+
 -- ── Graph Intelligence (Hygiene + Reflection) ──────────────────────────────
 -- These ADD COLUMN statements are idempotent (IF NOT EXISTS requires SQLite 3.37+).
 -- On older SQLite they fail silently — init_db() wraps them in a separate try block.