Skip to main content

TracePulse PLM Engine Core — control_plane (governance, autonomy, HITL, run lifecycle, trace propagation) + agent_runtime (selector, dispatcher, retry, escalation). US-CR.1 scaffold; behaviour lands in US-CR.0+. Internal one-way import contract: control_plane MUST NOT import from agent_runtime (mechanical enforcement in US-CR.2).

Project description

plm-engine-core

TracePulse PLM Engine Core package. Lives next to plm-shared in the monorepo; shipped editable for Wave 1 (pip install -e ../plm-engine-core), internal PyPI publication deferred to Wave 5.

US-CR.1 ships this package as empty scaffolding. Every other US-CR.* story in FTR-607 lands its implementation inside the two sub-packages declared here, on top of contracts published by plm-shared (US-W1.0).

Internal layout

Sub-package Owns Stories landing here
control_plane/ governance, autonomy, HITL, run lifecycle, trace propagation CR.0, CR.3, CR.4, CR.5, CR.6, CR.10, CR.13
agent_runtime/ selector, dispatcher, retry, escalation CR.10, CR.11

The split implements target architecture invariant #5execution separated from expertise — and decision D-LOCKED-13. The physical repo split is deferred to V1.1; Wave 1 delivers the logical boundary.

One-way import contract

control_plane  ─────►  plm_shared.*       (frozen contracts)
agent_runtime  ─────►  plm_shared.*       (frozen contracts)
agent_runtime  ─────►  control_plane      (asks for verdicts)
control_plane  ──╳──►  agent_runtime      (FORBIDDEN)
plm_engine_core ─╳──►  plm_accelerators   (FORBIDDEN)

control_plane decides what is allowed; agent_runtime asks how do I run this. Reversing the dependency (control_plane reading runtime state) couples policy to execution and breaks the V1.1 repo split. plm-engine-core MUST NOT import from the Workbench / Accelerators package; reversing this absorption would dissolve the platform / product-line boundary (anti-pattern #8).

Mechanical enforcement (US-CR.2 / Conv F sub-story 3): two import-linter contracts in pyproject.toml fail CI on any violation:

Contract Source Forbidden
control_plane-must-not-depend-on-agent_runtime plm_engine_core.control_plane plm_engine_core.agent_runtime
plm_engine_core-must-not-depend-on-workbench plm_engine_core plm_accelerators

if TYPE_CHECKING: imports across the boundary are blocked by default (CR.2 AC-6) — TYPE_CHECKING leakage is the most common way the boundary erodes silently. tests/ lives outside the package and is naturally excluded.

The CR.1-era by-convention guard in tests/test_imports.py STAYS alongside the mechanical contract. Both fire if either rule trips — belt-and-braces protection if the linter contract has to be relaxed for a transient reason.

Negative-fixture toggling test

A permanent sandbox lives at plm_engine_core/control_plane/_lint_fixtures/violation_demo.py. The tests/test_import_linter.py::test_negative_fixture_trips_* tests (gated by RUN_LINTER_NEGATIVE=1) materialise a temporary sibling file with an offending import, run lint-imports, assert the contract trips with the right name + file:line, then delete the temp file and verify the clean state passes again. Run with:

RUN_LINTER_NEGATIVE=1 pytest tests/test_import_linter.py -v

Exemption process

Genuine exceptions go through an ADR signed off by the architecture team. ADRs live under 02_App/plm-engine-core/docs/adr/. Each ADR records the contract relaxed, the scope of the relaxation (typically a specific ignore_imports entry on one contract), the rationale, and the cross-link to D-LOCKED-13 + invariant #5. The contract / ignore_imports edit MUST cite the ADR file path in a comment so a future reader finds the authority for the exemption.

Known limitations

  • Transitive imports via plm-shared are not caught (CR.2 §9 + Edge cases). A control_plane file importing a plm-shared helper that itself transitively imports agent_runtime is invisible to the contract. Intentional — limits blast radius of a single PR's contract scope.
  • Dynamic imports (importlib, string-based) are not caught. Static analysis only.
  • The contracts are scoped to plm-engine-core. Cross-product- line contracts (e.g. agent_runtime → connectors, agent_runtime → workbench) land with Epic 6 / Epic 8.

with_system_identity allowlist (CR.2 Decision #24)

plm_engine_core.control_plane.identity.with_system_identity is a context manager that binds an actor_kind="system" identity for in-process callers without an inbound JWT (cron, BackgroundTask, GC). It bypasses JWT validation by design and MUST NOT be invoked from arbitrary call sites.

The path-based BL6 guardrail in 02_App/backend/scripts/architecture_guardrails.py restricts the importer set. Initial allowlist:

  • plm_engine_core/control_plane/identity/system_identity.py — defining module.
  • plm_engine_core/control_plane/identity/__init__.py — re-export site.
  • plm_engine_core/cli/plm-cli future subcommands may bind a system identity for offline operations.
  • tests/ — fixtures may import freely.

Adding a new module to the allowlist requires an ADR.

Install (developer)

cd 02_App/backend
pip install -e ../plm-engine-core

The editable install puts plm_engine_core.* on the sys.path of the backend venv. Like plm-shared, pip install MUST run from 02_App/backend/ because pip resolves -e ../plm-engine-core relative to the invocation CWD.

Tests

cd 02_App/plm-engine-core
python -m pytest tests/ -v

The smoke test verifies:

  • Both sub-packages import cleanly.
  • __all__ placeholders match the documented public surface.
  • No control_plane module imports from agent_runtime (one-way contract guard, AC-10).
  • No business logic has snuck in beyond __init__.py files (AC-9 scope-creep guard).

CI

.github/workflows/test.yml runs a plm-engine-core-tests job mirroring plm-shared-tests — editable-install + pytest on every push to main / FTR575-Codebase-Split and on every PR touching 02_App/**.

Status

  • US-CR.1: scaffold (Conv E close 822c415). Ships placeholders only.
  • US-CR.0 (Wave 1 Conv E + Conv F): IdentityMiddleware, Hs256JwtIdentityProvider, with_system_identity, audit_log migration 0013, and plm-cli auth issue-token all land. 16/16 ACs covered; story closed Conv F (3/3 PRs).
  • US-CR.2 (Wave 1 Conv F): two import-linter Forbidden contracts + permanent negative-fixture toggling test + BL6 path-based guardrail for with_system_identity + ADR exemption process.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

plm_engine_core-1.0.2.tar.gz (217.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

plm_engine_core-1.0.2-py3-none-any.whl (191.3 kB view details)

Uploaded Python 3

File details

Details for the file plm_engine_core-1.0.2.tar.gz.

File metadata

  • Download URL: plm_engine_core-1.0.2.tar.gz
  • Upload date:
  • Size: 217.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.0

File hashes

Hashes for plm_engine_core-1.0.2.tar.gz
Algorithm Hash digest
SHA256 b8323f73ceeac38cdb08e9a965364fdb985e4bb913ecada618ff9f2998307e23
MD5 5b54eded63280194615532b89fa05618
BLAKE2b-256 63afeaa6f6d64932ea51324f71b4203e34c7747e9d40228c3def8dbb740dac97

See more details on using hashes here.

File details

Details for the file plm_engine_core-1.0.2-py3-none-any.whl.

File metadata

File hashes

Hashes for plm_engine_core-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 04e8caac078342c9ad90ac2b78e213d406c32cbd9e91d39bb74cbc3921e6ceb8
MD5 65e50120dc9611dfcc6d3ad0d414422d
BLAKE2b-256 c223b4b71ad81529aa0b34bae143fa230537eb884bd229c154ccb2523578801f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page