Skip to main content

Delivery Roadmap — 5-Phase Plan

10-week delivery across 5 phases. 1 HITL gate per phase. Agents execute in parallel; HITL reviews evidence then approves.

5S + 3T Operating Principles

PrincipleWhat It Means
SortIaC only — remove all manual Console configs
Set in OrderCLAUDE.md + @.claude/ skeleton defined
Shinedocker-compose one-command local stack
Standardizeinfracost CI ≤5% · checkov pre-HITL gate
SustainPDCA autonomous → HITL on escalation
TransparentEvidence every phase → tmp/cloud-infra/
Trust≥99.5% accuracy · ≥95% consensus
TeamworkParallel PO+CA+MEE+IE — not sequential

Phase 1 · Foundation + Local Stack (Wk 1–2)

HITL Gate: Review docker-compose smoke test evidence before Phase 2.

Deliverables:

  • docker-compose.yml: openwebui + fastapi+crewai (2 services) · ollama optional --profile ollama
  • devcontainer.json: same file = same env (bare-metal + devcontainer parity rule)
  • CLAUDE.md v1: ADLC Constitutional Principles for xops project
  • Playwright scaffold: health-check all containers → HTTP 200
  • .env templates: ANTHROPIC_API_KEY for local · LiteLLM config per env

Commands:

docker compose up -d --build
playwright test --project=local
infracost breakdown --path . --format table

MCP Servers: github (issues + milestones), atlassian (Confluence docs), filesystem (codebase access)

Validation: Playwright — all containers HTTP 200 · docker ps --all = 0 unhealthy

Agent Tasks:

  • PO: INVEST stories drafted for all 8 deliverables
  • CA: Architecture ADR — local-first hybrid-cloud decision record
  • MEE: ADLC pattern checklist + anti-pattern prevention gate
  • IE: infracost $0 baseline confirmed · docker-compose lint pass

Phase 2 · CloudOps-Runbooks MCP (Wk 3–4)

HITL Gate: Review runbook execution evidence (boto3 vs MCP cross-check ≤0.5%).

Deliverables:

  • MCP server: cloudops-runbooks-mcp (FastAPI + mcpo OpenAPI wrapper)
  • CloudOps-Runbooks PyPI v2: 119+ analyzers as MCP tools
  • Open WebUI pipeline: /cloudops → runbook executor
  • Playwright: trigger runbook via Open WebUI → assert CloudWatch API response
  • Evidence: tmp/cloud-infrastructure/cloudops-runbook-evidence/

Commands:

pip install cloudops-runbooks --break-system-packages
mcpo --config .mcp-cloudops.json --port 8001
playwright test --project=cloudops-integration

MCP Servers: aws (boto3 API via MCP), cloudops-runbooks-mcp (new), filesystem (CloudOps-Runbooks codebase)

Validation: boto3 response ≈ MCP response ≤0.5% variance · Playwright asserts correct resource count

Phase 3 · FinOps FOCUS 1.2+ Pipeline (Wk 5–6)

HITL Gate: Review FinOps report (4-way validated) before production enablement.

Deliverables:

  • CrewAI FinOps crew: CostAggregator + AnomalyDetector + AlertWriter (sequential Flow)
  • Open WebUI pipeline: /finops → cost report with FOCUS 1.2+ schema
  • FOCUS 1.2+ tags on ALL TF modules: ServiceCategory + ChargeCategory + Environment + ADLCPhase + Module
  • 4-way cross-validation: boto3 + MCP + runbooks + Console screenshots
  • infracost diff ≤5% CI gate · Evidence: tmp/cloud-infrastructure/finops-evidence/

Commands:

crewai run --flow finops-flow --verbose
infracost diff --compare-to main --format json
playwright test --project=finops-console

Validation: infracost diff ≤5% · boto3 Cost Explorer ≈ MCP ≤0.5% · CrewAI JSON schema valid per FOCUS spec

Phase 4 · DevOps + TF Module 3 (Wk 7–8)

HITL Gate: Review terraform plan + checkov 0 FAILED + infracost diff ≤5% before apply.

Deliverables:

  • terraform-aws-web (M3): Open WebUI variant — ECS + ALB + CloudFront + WAFv2 + ACM + Route53
  • HITL CI hook: checkov + trivy config auto-gate on every PR (0 CRITICAL/HIGH = gate passes)
  • DevOps-TechDocs submodule: M3 architecture ADR + 6-layer diagram
  • devops.oceansoft.io publish: M1+M2+M3 usage guides
  • Playwright: terraform plan output screenshot evidence in tmp/

Commands:

terraform init && terraform plan -out=tfplan.binary
checkov -d modules/web --framework terraform --compact
trivy config modules/web --severity CRITICAL,HIGH
infracost breakdown --path modules/web --format json

Validation: terraform plan --detailed-exitcode=0 · checkov: 0 FAILED · infracost diff ≤+5%

Phase 5 · AWS Deploy + Cross-Validation (Wk 9–10)

HITL Gate: FINAL — Review 4-layer evidence package before prod cutover.

Deliverables:

  • Full AWS stack: M1+M2+M3 applied via 1 HITL SNS approval
  • Layer 1: tmp/cloud-infrastructure/layer1-boto3-evidence/ (A1–A6)
  • Layer 2: MCP validation — all signals vs Layer 1 ≤0.5%
  • Layer 3: runbooks multi-account FOCUS 1.2 report
  • Layer 4: Playwright Console screenshots (ECS + Cost Explorer + EFS + CloudFront)
  • PDCA closed: all 4 layers ≥99.5% agreement

Commands:

# HUMAN SNS APPROVE → terraform apply -auto-approve
python evidence/collect_layer1.py --env prod
python validate/cross_validate_all_layers.py --tolerance 0.005
playwright test --project=aws-console --screenshot=on

Validation: 4 layers: boto3 ≈ MCP ≈ runbooks ≈ Console ≤0.5% · Agent consensus ≥95% · ≥99.5% accuracy

Agent Final Tasks:

  • PO: Business value metrics — $ saved vs SaaS · runbooks automated · MTTR reduction
  • CA: 4-way cross-validation execution + architecture final sign-off
  • MEE: PDCA cycle closure — all patterns enforced · anti-patterns absent · evidence filed
  • IE: Prod FinOps FOCUS 1.2 chargeback report to enterprise business units