332 lines
8.5 KiB
Markdown
332 lines
8.5 KiB
Markdown
---
|
|
phase: 03-tier-3-9-providers
|
|
plan: 06
|
|
type: execute
|
|
wave: 1
|
|
depends_on: []
|
|
files_modified:
|
|
- providers/salesforce-einstein.yaml
|
|
- providers/servicenow.yaml
|
|
- providers/sap-ai-core.yaml
|
|
- providers/palantir.yaml
|
|
- providers/databricks.yaml
|
|
- providers/snowflake.yaml
|
|
- providers/oracle-genai.yaml
|
|
- providers/hpe-greenlake.yaml
|
|
- pkg/providers/definitions/salesforce-einstein.yaml
|
|
- pkg/providers/definitions/servicenow.yaml
|
|
- pkg/providers/definitions/sap-ai-core.yaml
|
|
- pkg/providers/definitions/palantir.yaml
|
|
- pkg/providers/definitions/databricks.yaml
|
|
- pkg/providers/definitions/snowflake.yaml
|
|
- pkg/providers/definitions/oracle-genai.yaml
|
|
- pkg/providers/definitions/hpe-greenlake.yaml
|
|
autonomous: true
|
|
requirements: [PROV-09]
|
|
must_haves:
|
|
truths:
|
|
- "8 Tier 9 Enterprise provider YAMLs load"
|
|
- "Databricks dapi-prefix and Snowflake JWT keywords captured"
|
|
- "All enterprise providers have strong env var keyword anchors"
|
|
artifacts:
|
|
- path: "providers/databricks.yaml"
|
|
provides: "Databricks dapi token pattern"
|
|
contains: "dapi"
|
|
- path: "providers/snowflake.yaml"
|
|
provides: "Snowflake Cortex keyword detection"
|
|
contains: "snowflake"
|
|
- path: "providers/palantir.yaml"
|
|
provides: "Palantir AIP keyword detection"
|
|
contains: "palantir"
|
|
key_links:
|
|
- from: "provider keywords[]"
|
|
to: "Registry Aho-Corasick automaton"
|
|
via: "NewRegistry()"
|
|
pattern: "keywords"
|
|
---
|
|
|
|
<objective>
|
|
Create 8 Tier 9 Enterprise AI platform provider YAMLs — enterprise SaaS AI (Salesforce Einstein, ServiceNow Now Assist, SAP Joule, Palantir AIP, Databricks, Snowflake Cortex, Oracle GenAI, HPE GreenLake).
|
|
|
|
Purpose: Satisfy PROV-09 (8 Tier 9 Enterprise providers). These target regulated enterprise estates where leaked keys carry high blast radius.
|
|
|
|
Output: 16 YAML files.
|
|
|
|
Addresses PROV-09.
|
|
|
|
Note: `oracle-genai` here is distinct from `oracle-ai` in plan 03-04 (which is Tier 7 code tools). Tier 9 entry uses name `oracle-genai` to avoid collision.
|
|
</objective>
|
|
|
|
<execution_context>
|
|
@$HOME/.claude/get-shit-done/workflows/execute-plan.md
|
|
@$HOME/.claude/get-shit-done/templates/summary.md
|
|
</execution_context>
|
|
|
|
<context>
|
|
@.planning/ROADMAP.md
|
|
@.planning/phases/03-tier-3-9-providers/03-CONTEXT.md
|
|
@pkg/providers/schema.go
|
|
|
|
<interfaces>
|
|
Dual-location required. Keyword-only for most; databricks has a documented `dapi` prefix.
|
|
</interfaces>
|
|
</context>
|
|
|
|
<tasks>
|
|
|
|
<task type="auto">
|
|
<name>Task 1: Salesforce, ServiceNow, SAP, Palantir YAMLs</name>
|
|
<files>providers/salesforce-einstein.yaml, providers/servicenow.yaml, providers/sap-ai-core.yaml, providers/palantir.yaml, pkg/providers/definitions/salesforce-einstein.yaml, pkg/providers/definitions/servicenow.yaml, pkg/providers/definitions/sap-ai-core.yaml, pkg/providers/definitions/palantir.yaml</files>
|
|
<read_first>
|
|
- pkg/providers/schema.go
|
|
</read_first>
|
|
<action>
|
|
All 4 use keyword-only detection (no public key formats documented).
|
|
|
|
providers/salesforce-einstein.yaml:
|
|
|
|
```yaml
|
|
format_version: 1
|
|
name: salesforce-einstein
|
|
display_name: Salesforce Einstein GPT
|
|
tier: 9
|
|
last_verified: "2026-04-05"
|
|
keywords:
|
|
- "einstein-gpt"
|
|
- "einsteinGPT"
|
|
- "SALESFORCE_CONSUMER_KEY"
|
|
- "SALESFORCE_CONSUMER_SECRET"
|
|
- "api.salesforce.com"
|
|
- "einstein.ai"
|
|
- "salesforce-einstein"
|
|
verify:
|
|
method: GET
|
|
url: ""
|
|
headers: {}
|
|
valid_status: []
|
|
invalid_status: []
|
|
```
|
|
|
|
providers/servicenow.yaml:
|
|
|
|
```yaml
|
|
format_version: 1
|
|
name: servicenow
|
|
display_name: ServiceNow Now Assist
|
|
tier: 9
|
|
last_verified: "2026-04-05"
|
|
keywords:
|
|
- "servicenow"
|
|
- "now-assist"
|
|
- "SERVICENOW_INSTANCE"
|
|
- "SERVICENOW_USERNAME"
|
|
- "SERVICENOW_PASSWORD"
|
|
- "service-now.com"
|
|
verify:
|
|
method: GET
|
|
url: ""
|
|
headers: {}
|
|
valid_status: []
|
|
invalid_status: []
|
|
```
|
|
|
|
providers/sap-ai-core.yaml:
|
|
|
|
```yaml
|
|
format_version: 1
|
|
name: sap-ai-core
|
|
display_name: SAP AI Core / Joule
|
|
tier: 9
|
|
last_verified: "2026-04-05"
|
|
keywords:
|
|
- "sap-ai-core"
|
|
- "sap-joule"
|
|
- "SAP_AICORE_CLIENT_ID"
|
|
- "SAP_AICORE_CLIENT_SECRET"
|
|
- "SAP_AICORE_AUTH_URL"
|
|
- "hana.ondemand.com"
|
|
- "aicore"
|
|
verify:
|
|
method: GET
|
|
url: ""
|
|
headers: {}
|
|
valid_status: []
|
|
invalid_status: []
|
|
```
|
|
|
|
providers/palantir.yaml:
|
|
|
|
```yaml
|
|
format_version: 1
|
|
name: palantir
|
|
display_name: Palantir AIP
|
|
tier: 9
|
|
last_verified: "2026-04-05"
|
|
keywords:
|
|
- "palantir"
|
|
- "foundry"
|
|
- "PALANTIR_TOKEN"
|
|
- "FOUNDRY_TOKEN"
|
|
- "palantirfoundry.com"
|
|
- "aip-agents"
|
|
verify:
|
|
method: GET
|
|
url: ""
|
|
headers: {}
|
|
valid_status: []
|
|
invalid_status: []
|
|
```
|
|
|
|
Copy all 4 files verbatim to pkg/providers/definitions/.
|
|
</action>
|
|
<verify>
|
|
<automated>cd /home/salva/Documents/apikey && for f in salesforce-einstein servicenow sap-ai-core palantir; do diff providers/$f.yaml pkg/providers/definitions/$f.yaml || exit 1; done && go test ./pkg/providers/... -count=1 && go test ./pkg/engine/... -count=1</automated>
|
|
</verify>
|
|
<acceptance_criteria>
|
|
- All 8 files exist
|
|
- `grep -q 'einsteinGPT' providers/salesforce-einstein.yaml`
|
|
- `grep -q 'foundry' providers/palantir.yaml`
|
|
- `grep -q 'SAP_AICORE_CLIENT_ID' providers/sap-ai-core.yaml`
|
|
- `go test ./pkg/providers/... -count=1` passes
|
|
</acceptance_criteria>
|
|
<done>4 enterprise platform providers dual-located.</done>
|
|
</task>
|
|
|
|
<task type="auto">
|
|
<name>Task 2: Databricks, Snowflake, Oracle GenAI, HPE GreenLake YAMLs</name>
|
|
<files>providers/databricks.yaml, providers/snowflake.yaml, providers/oracle-genai.yaml, providers/hpe-greenlake.yaml, pkg/providers/definitions/databricks.yaml, pkg/providers/definitions/snowflake.yaml, pkg/providers/definitions/oracle-genai.yaml, pkg/providers/definitions/hpe-greenlake.yaml</files>
|
|
<read_first>
|
|
- pkg/providers/schema.go
|
|
</read_first>
|
|
<action>
|
|
providers/databricks.yaml:
|
|
|
|
```yaml
|
|
format_version: 1
|
|
name: databricks
|
|
display_name: Databricks (DBRX / Mosaic)
|
|
tier: 9
|
|
last_verified: "2026-04-05"
|
|
keywords:
|
|
- "databricks"
|
|
- "DATABRICKS_TOKEN"
|
|
- "DATABRICKS_HOST"
|
|
- "dbrx"
|
|
- "mosaicml"
|
|
- "dapi"
|
|
- ".cloud.databricks.com"
|
|
patterns:
|
|
- regex: 'dapi[a-f0-9]{32}(-[0-9]{1,2})?'
|
|
entropy_min: 3.5
|
|
confidence: high
|
|
verify:
|
|
method: GET
|
|
url: ""
|
|
headers: {}
|
|
valid_status: []
|
|
invalid_status: []
|
|
```
|
|
|
|
providers/snowflake.yaml:
|
|
|
|
```yaml
|
|
format_version: 1
|
|
name: snowflake
|
|
display_name: Snowflake Cortex
|
|
tier: 9
|
|
last_verified: "2026-04-05"
|
|
keywords:
|
|
- "snowflake"
|
|
- "SNOWFLAKE_ACCOUNT"
|
|
- "SNOWFLAKE_USER"
|
|
- "SNOWFLAKE_PASSWORD"
|
|
- "SNOWFLAKE_PRIVATE_KEY"
|
|
- "snowflakecomputing.com"
|
|
- "cortex"
|
|
verify:
|
|
method: GET
|
|
url: ""
|
|
headers: {}
|
|
valid_status: []
|
|
invalid_status: []
|
|
```
|
|
|
|
providers/oracle-genai.yaml:
|
|
|
|
```yaml
|
|
format_version: 1
|
|
name: oracle-genai
|
|
display_name: Oracle Cloud Generative AI Service
|
|
tier: 9
|
|
last_verified: "2026-04-05"
|
|
keywords:
|
|
- "oci-generative-ai"
|
|
- "OCI_GENAI_COMPARTMENT"
|
|
- "oracle-cloud-genai"
|
|
- "inference.generativeai.us-chicago-1"
|
|
- "oci-cli"
|
|
- "OCI_CONFIG_FILE"
|
|
verify:
|
|
method: GET
|
|
url: ""
|
|
headers: {}
|
|
valid_status: []
|
|
invalid_status: []
|
|
```
|
|
|
|
providers/hpe-greenlake.yaml:
|
|
|
|
```yaml
|
|
format_version: 1
|
|
name: hpe-greenlake
|
|
display_name: HPE GreenLake for LLMs
|
|
tier: 9
|
|
last_verified: "2026-04-05"
|
|
keywords:
|
|
- "hpe-greenlake"
|
|
- "greenlake"
|
|
- "HPE_CLIENT_ID"
|
|
- "HPE_CLIENT_SECRET"
|
|
- "common.cloud.hpe.com"
|
|
- "hpe-ai"
|
|
verify:
|
|
method: GET
|
|
url: ""
|
|
headers: {}
|
|
valid_status: []
|
|
invalid_status: []
|
|
```
|
|
|
|
Copy all 4 files verbatim to pkg/providers/definitions/.
|
|
</action>
|
|
<verify>
|
|
<automated>cd /home/salva/Documents/apikey && for f in databricks snowflake oracle-genai hpe-greenlake; do diff providers/$f.yaml pkg/providers/definitions/$f.yaml || exit 1; done && go test ./pkg/providers/... -count=1 && go test ./pkg/engine/... -count=1 && test $(grep -l 'tier: 9' providers/*.yaml | wc -l) -eq 8</automated>
|
|
</verify>
|
|
<acceptance_criteria>
|
|
- All 8 files exist
|
|
- `grep -q 'dapi' providers/databricks.yaml`
|
|
- `grep -q 'snowflakecomputing.com' providers/snowflake.yaml`
|
|
- `grep -q 'greenlake' providers/hpe-greenlake.yaml`
|
|
- Total Tier 9 count = 8
|
|
- `go test ./pkg/providers/... -count=1` passes
|
|
</acceptance_criteria>
|
|
<done>All 8 Tier 9 enterprise providers dual-located. PROV-09 satisfied.</done>
|
|
</task>
|
|
|
|
</tasks>
|
|
|
|
<verification>
|
|
`grep -l 'tier: 9' providers/*.yaml | wc -l` returns 8.
|
|
</verification>
|
|
|
|
<success_criteria>
|
|
- 8 Tier 9 enterprise providers created
|
|
- Databricks uses documented `dapi` high-confidence pattern
|
|
- Strong env var keyword anchors on all
|
|
- No engine regression
|
|
</success_criteria>
|
|
|
|
<output>
|
|
After completion, create `.planning/phases/03-tier-3-9-providers/03-06-SUMMARY.md`
|
|
</output>
|