fix(dispatcher): correct ILI label to packdelivery-{name} + lineage unit test

Dockerfile

@@ -1,22 +1,24 @@
-# Dockerfile — Wrapper operator (distroless).
+# Dockerfile — Dispatcher operator (distroless).
 #
-# Wrapper is a long-running Deployment in seam-system. It manages ClusterPack
-# compilation and delivery. Distroless: zero attack surface. INV-022.
-# wrapper-schema.md §3.
+# Dispatcher is a long-running Deployment in seam-system. It manages pack
+# delivery and lifecycle. Distroless: zero attack surface. INV-022.
+# dispatcher-schema.md §3.
 
 FROM golang:1.25 AS builder
 WORKDIR /build
-COPY wrapper/ .
+COPY dispatcher/ .
 COPY conductor/ ../conductor/
-COPY seam-core/ ../seam-core/
+COPY seam/ ../seam/
+COPY seam-sdk/ ../seam-sdk/
+COPY conductor-sdk/ ../conductor-sdk/
 RUN CGO_ENABLED=0 GOOS=linux go build \
     -trimpath \
     -ldflags="-s -w" \
-    -o /bin/wrapper \
+    -o /bin/dispatcher \
     ./cmd/wrapper
 
 FROM gcr.io/distroless/base:nonroot
-COPY --from=builder /bin/wrapper /usr/local/bin/wrapper
+COPY --from=builder /bin/dispatcher /usr/local/bin/dispatcher
 
 USER 65532:65532
-ENTRYPOINT ["/usr/local/bin/wrapper"]
+ENTRYPOINT ["/usr/local/bin/dispatcher"]

Makefile

@@ -2,7 +2,7 @@
 
 CONTROLLER_GEN   ?= $(shell which controller-gen 2>/dev/null || echo $(HOME)/go/bin/controller-gen)
 IMAGE_REGISTRY   ?= 10.20.0.1:5000/ontai-dev
-IMAGE_NAME       := wrapper
+IMAGE_NAME       := dispatcher
 TAG              ?= dev
 
 build:

api/seam/v1alpha1/packinstalled_types.go

@@ -85,6 +85,22 @@ type PackInstalledSpec struct {
 	// HelmVersion is the Helm SDK version used to render the pack. Carried from PackDelivery.
 	// +optional
 	HelmVersion string `json:"helmVersion,omitempty"`
+
+	// RemediationPolicyRef is an optional reference to a RemediationPolicy CR
+	// (conductor.ontai.dev) in the same namespace. When absent, Conductor Watchdog
+	// applies the platform defaults (threshold=3, per-reason default strategies,
+	// MaxAttempts=3, 5m window).
+	// +optional
+	RemediationPolicyRef *RemediationPolicyRefSpec `json:"remediationPolicyRef,omitempty"`
+}
+
+// RemediationPolicyRefSpec is a name+namespace reference to a RemediationPolicy CR.
+type RemediationPolicyRefSpec struct {
+	// Name is the RemediationPolicy CR name.
+	Name string `json:"name"`
+
+	// Namespace is the namespace of the RemediationPolicy CR.
+	Namespace string `json:"namespace"`
 }
 
 // PackInstalledStatus is the observed state of a PackInstalled.

api/seam/v1alpha1/packlog_types.go

@@ -181,12 +181,33 @@ type PackLogSpec struct {
 	WorkloadDigest string `json:"workloadDigest,omitempty"`
 }
 
+// RemediationAttemptRecord tracks one remediation attempt series for a specific
+// FailureReason. Written by the management Conductor after each remediation Job
+// completes. The management Conductor is the sole writer; tenant conductor
+// observes failure counts but does not write here.
+type RemediationAttemptRecord struct {
+	// FailureReason is the seam-sdk FailureReason value this record tracks.
+	// +kubebuilder:validation:Enum=CrashLoopBackOff;OOMKilled;ImagePullBackOff;FailedMount;MultiAttachError
+	FailureReason string `json:"failureReason"`
+
+	// AttemptCount is the total number of remediation Jobs submitted for this reason.
+	AttemptCount int32 `json:"attemptCount"`
+
+	// LastAttemptAt is the time the most recent remediation Job was submitted.
+	// +optional
+	LastAttemptAt *metav1.Time `json:"lastAttemptAt,omitempty"`
+}
+
 // PackLogStatus is the observed state of a PackLog.
-// Currently empty; reserved for future controller-set conditions.
 type PackLogStatus struct {
 	// ObservedGeneration is the last generation processed by any consumer.
 	// +optional
 	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// RemediationAttempts records the Conductor Watchdog remediation attempt history
+	// per FailureReason. Written by management Conductor exec mode after each Job.
+	// +optional
+	RemediationAttempts []RemediationAttemptRecord `json:"remediationAttempts,omitempty"`
 }
 
 // +kubebuilder:object:root=true

cmd/wrapper/main.go

@@ -7,20 +7,23 @@
 package main
 
 import (
+	"context"
 	"flag"
 	"os"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
 	seamv1alpha1 "github.com/ontai-dev/seam/api/v1alpha1"
 	dispatcherv1alpha1 "github.com/ontai-dev/dispatcher/api/seam/v1alpha1"
 	"github.com/ontai-dev/dispatcher/internal/controller"
+	"github.com/ontai-dev/dispatcher/internal/identity"
 )
 
 var scheme = runtime.NewScheme()
@@ -60,14 +63,25 @@ func main() {
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 	setupLog := ctrl.Log.WithName("setup")
 
-	// CI-INV-004: leader election required. Lease name: wrapper-leader.
+	cfg := ctrl.GetConfigOrDie()
+	startupClient, err := client.New(cfg, client.Options{Scheme: scheme})
+	if err != nil {
+		setupLog.Error(err, "unable to create startup client")
+		os.Exit(1)
+	}
+	if err := identity.EnsureSeamMembership(context.Background(), startupClient); err != nil {
+		setupLog.Error(err, "unable to ensure SeamMembership")
+		os.Exit(1)
+	}
+
+	// CI-INV-004: leader election required. Lease name: dispatcher-leader.
 	// Lease namespace: seam-system (canonical operator namespace).
-	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 		Scheme:                  scheme,
 		Metrics:                 metricsserver.Options{BindAddress: metricsAddr},
 		HealthProbeBindAddress:  healthProbeAddr,
 		LeaderElection:          enableLeaderElection,
-		LeaderElectionID:        "wrapper-leader",
+		LeaderElectionID:        "dispatcher-leader",
 		LeaderElectionNamespace: "seam-system",
 	})
 	if err != nil {

config/crd/bases/seam.ontai.dev_packdeliveries.yaml

@@ -4,8 +4,11 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.16.1
+<<<<<<<< HEAD:config/crd/seam.ontai.dev_packdeliveries.yaml
+========
   labels:
     infrastructure.ontai.dev/lineage-root: "true"
+>>>>>>>> origin/main:config/crd/bases/seam.ontai.dev_packdeliveries.yaml
   name: packdeliveries.seam.ontai.dev
 spec:
   group: seam.ontai.dev