working out the worker/execution interface

migrations/20250101000002_pack_system.sql

@@ -95,6 +95,7 @@ CREATE TABLE runtime (
     name TEXT NOT NULL,
     distributions JSONB NOT NULL,
     installation JSONB,
+    installers JSONB DEFAULT '[]'::jsonb,
     created TIMESTAMPTZ NOT NULL DEFAULT NOW(),
     updated TIMESTAMPTZ NOT NULL DEFAULT NOW(),
 
@@ -121,3 +122,4 @@ COMMENT ON COLUMN runtime.ref IS 'Unique runtime reference (format: pack.name, e
 COMMENT ON COLUMN runtime.name IS 'Runtime name (e.g., "Python", "Node.js", "Shell")';
 COMMENT ON COLUMN runtime.distributions IS 'Runtime distribution metadata including verification commands, version requirements, and capabilities';
 COMMENT ON COLUMN runtime.installation IS 'Installation requirements and instructions including package managers and setup steps';
+COMMENT ON COLUMN runtime.installers IS 'Array of installer actions to create pack-specific runtime environments. Each installer defines commands to set up isolated environments (e.g., Python venv, npm install).';

migrations/20250101000005_action.sql

@@ -17,6 +17,8 @@ CREATE TABLE action (
     runtime BIGINT REFERENCES runtime(id),
     param_schema JSONB,
     out_schema JSONB,
+    parameter_delivery TEXT NOT NULL DEFAULT 'stdin' CHECK (parameter_delivery IN ('stdin', 'file')),
+    parameter_format TEXT NOT NULL DEFAULT 'json' CHECK (parameter_format IN ('dotenv', 'json', 'yaml')),
     is_adhoc BOOLEAN NOT NULL DEFAULT FALSE,
     created TIMESTAMPTZ NOT NULL DEFAULT NOW(),
     updated TIMESTAMPTZ NOT NULL DEFAULT NOW(),
@@ -30,6 +32,8 @@ CREATE TABLE action (
 CREATE INDEX idx_action_ref ON action(ref);
 CREATE INDEX idx_action_pack ON action(pack);
 CREATE INDEX idx_action_runtime ON action(runtime);
+CREATE INDEX idx_action_parameter_delivery ON action(parameter_delivery);
+CREATE INDEX idx_action_parameter_format ON action(parameter_format);
 CREATE INDEX idx_action_is_adhoc ON action(is_adhoc) WHERE is_adhoc = true;
 CREATE INDEX idx_action_created ON action(created DESC);
 
@@ -48,6 +52,8 @@ COMMENT ON COLUMN action.entrypoint IS 'Script or command to execute';
 COMMENT ON COLUMN action.runtime IS 'Runtime environment for execution';
 COMMENT ON COLUMN action.param_schema IS 'JSON schema for action parameters';
 COMMENT ON COLUMN action.out_schema IS 'JSON schema for action output';
+COMMENT ON COLUMN action.parameter_delivery IS 'How parameters are delivered: stdin (standard input - secure), file (temporary file - secure for large payloads). Environment variables are set separately via execution.env_vars.';
+COMMENT ON COLUMN action.parameter_format IS 'Parameter serialization format: json (JSON object - default), dotenv (KEY=''VALUE''), yaml (YAML format)';
 COMMENT ON COLUMN action.is_adhoc IS 'True if action was manually created (ad-hoc), false if installed from pack';
 
 -- ============================================================================

migrations/20250101000006_execution_system.sql

@@ -11,6 +11,7 @@ CREATE TABLE execution (
     action BIGINT REFERENCES action(id),
     action_ref TEXT NOT NULL,
     config JSONB,
+    env_vars JSONB,
     parent BIGINT REFERENCES execution(id),
     enforcement BIGINT REFERENCES enforcement(id),
     executor BIGINT REFERENCES identity(id) ON DELETE SET NULL,
@@ -38,6 +39,7 @@ CREATE INDEX idx_execution_action_status ON execution(action, status);
 CREATE INDEX idx_execution_executor_created ON execution(executor, created DESC);
 CREATE INDEX idx_execution_parent_created ON execution(parent, created DESC);
 CREATE INDEX idx_execution_result_gin ON execution USING GIN (result);
+CREATE INDEX idx_execution_env_vars_gin ON execution USING GIN (env_vars);
 
 -- Trigger
 CREATE TRIGGER update_execution_updated
@@ -50,6 +52,7 @@ COMMENT ON TABLE execution IS 'Executions represent action runs, supports nested
 COMMENT ON COLUMN execution.action IS 'Action being executed (may be null if action deleted)';
 COMMENT ON COLUMN execution.action_ref IS 'Action reference (preserved even if action deleted)';
 COMMENT ON COLUMN execution.config IS 'Snapshot of action configuration at execution time';
+COMMENT ON COLUMN execution.env_vars IS 'Environment variables for this execution as key-value pairs (string -> string). These are set in the execution environment and are separate from action parameters. Used for execution context, configuration, and non-sensitive metadata.';
 COMMENT ON COLUMN execution.parent IS 'Parent execution ID for workflow hierarchies';
 COMMENT ON COLUMN execution.enforcement IS 'Enforcement that triggered this execution (if rule-driven)';
 COMMENT ON COLUMN execution.executor IS 'Identity that initiated the execution';

migrations/20250101000011_pack_environments.sql

@@ -1,51 +1,10 @@
 -- Migration: Add Pack Runtime Environments
 -- Description: Adds support for per-pack isolated runtime environments with installer metadata
 -- Version: 20260203000002
+-- Note: runtime.installers column is defined in migration 20250101000002_pack_system.sql
 
 -- ============================================================================
--- PART 1: Add installer metadata to runtime table
--- ============================================================================
-
--- Add installers field to runtime table for environment setup instructions
-ALTER TABLE runtime ADD COLUMN IF NOT EXISTS installers JSONB DEFAULT '[]'::jsonb;
-
-COMMENT ON COLUMN runtime.installers IS 'Array of installer actions to create pack-specific runtime environments. Each installer defines commands to set up isolated environments (e.g., Python venv, npm install).
-
-Structure:
-{
-  "installers": [
-    {
-      "name": "create_environment",
-      "description": "Create isolated runtime environment",
-      "command": "python3",
-      "args": ["-m", "venv", "{env_path}"],
-      "cwd": "{pack_path}",
-      "env": {},
-      "order": 1
-    },
-    {
-      "name": "install_dependencies",
-      "description": "Install pack dependencies",
-      "command": "{env_path}/bin/pip",
-      "args": ["install", "-r", "{pack_path}/requirements.txt"],
-      "cwd": "{pack_path}",
-      "env": {},
-      "order": 2,
-      "optional": false
-    }
-  ]
-}
-
-Template variables:
-  {env_path}   - Full path to environment directory (e.g., /opt/attune/packenvs/mypack/python)
-  {pack_path}  - Full path to pack directory (e.g., /opt/attune/packs/mypack)
-  {pack_ref}   - Pack reference (e.g., mycompany.monitoring)
-  {runtime_ref} - Runtime reference (e.g., core.python)
-  {runtime_name} - Runtime name (e.g., Python)
-';
-
--- ============================================================================
--- PART 2: Create pack_environment table
+-- PART 1: Create pack_environment table
 -- ============================================================================
 
 -- Pack environment table
@@ -96,7 +55,7 @@ COMMENT ON COLUMN pack_environment.install_error IS 'Error message if installati
 COMMENT ON COLUMN pack_environment.metadata IS 'Additional metadata (installed packages, versions, etc.)';
 
 -- ============================================================================
--- PART 3: Update existing runtimes with installer metadata
+-- PART 2: Update existing runtimes with installer metadata
 -- ============================================================================
 
 -- Python runtime installers
@@ -208,7 +167,7 @@ SET installers = jsonb_build_object(
 WHERE ref = 'core.sensor.builtin';
 
 -- ============================================================================
--- PART 4: Add helper functions
+-- PART 3: Add helper functions
 -- ============================================================================
 
 -- Function to get environment path for a pack/runtime combination
@@ -261,7 +220,7 @@ $$ LANGUAGE plpgsql STABLE;
 COMMENT ON FUNCTION runtime_requires_environment IS 'Check if a runtime needs a pack-specific environment';
 
 -- ============================================================================
--- PART 5: Create view for environment status
+-- PART 4: Create view for environment status
 -- ============================================================================
 
 CREATE OR REPLACE VIEW v_pack_environment_status AS