docs consolidation work
This commit is contained in:
StellaOps Bot
@@ -25,6 +25,33 @@ It exchanges an Authority-issued access token for a registry-compatible JWT afte
|
||||
- File: `etc/registry-token.yaml`
|
||||
- Environment variables: `REGISTRY_TOKEN_*`
|
||||
|
||||
## Implementation Status
|
||||
|
||||
### Current Objectives
|
||||
- Maintain deterministic behaviour and offline parity across releases
|
||||
- Keep documentation, telemetry, and runbooks aligned with latest sprint outcomes
|
||||
|
||||
### Epic Milestones
|
||||
- Epic 10 – Export Center: signed registry token bundles for mirror/Offline Kit workflows (planned)
|
||||
- Epic 14 – Identity & Tenancy: tenant-aware scope validation, revocation, audit trails (planned)
|
||||
|
||||
### Core Capabilities
|
||||
- Docker registry token exchange with Authority validation
|
||||
- Plan/license constraint enforcement via claims inspection
|
||||
- Short-lived JWT tokens (default 5 minutes) signed by local RSA key
|
||||
- Revocation support via deny list and stellaops:license claim
|
||||
|
||||
### Technical Decisions
|
||||
- Token lifetime bounded to 5 minutes to minimize exposure window
|
||||
- Local RSA key signing avoids external dependencies
|
||||
- Plan catalogue enforcement ensures license compliance
|
||||
- Integration with Authority for caller identity and scope validation
|
||||
|
||||
### Coordination Approach
|
||||
- Review AGENTS.md before starting new work
|
||||
- Sync with cross-cutting teams via docs/implplan/SPRINT_*.md
|
||||
- Track follow-ups in ../../TASKS.md and src/Registry/TASKS.md
|
||||
|
||||
## Related docs
|
||||
|
||||
- Architecture: `docs/modules/registry/architecture.md`
|
||||
|
||||
Reference in New Issue
Block a user