stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
docs/features/unchecked/cli/token-minting-and-delegation-cli.md Normal file
View File

@@ -0,0 +1,24 @@
# Token Minting and Delegation CLI
## Module
Cli
## Status
IMPLEMENTED
## Description
Service account token minting with scope/expiry/tenant control, and token delegation to other principals with scope restriction and audit reasons.
## Implementation Details
- **Command Group**: `src/Cli/StellaOps.Cli/Commands/AuthCommandGroup.cs` -- auth token commands
- **Authority Console Client**: `src/Cli/StellaOps.Cli/Services/AuthorityConsoleClient.cs` / `IAuthorityConsoleClient.cs`
- **Commands**:
- `stella auth token mint --scope <scopes> --expiry <duration> --tenant <id>` -- mint service account token
- `stella auth token delegate --to <principal> --scope <scopes> --reason <text>` -- delegate token with scope restriction
## E2E Test Plan
- [ ] Run `stella auth token mint --scope "read:policy" --expiry 24h` and verify token minted
- [ ] Run with `--tenant <id>` and verify tenant-scoped token
- [ ] Run `stella auth token delegate --to service-a --scope "read:evidence" --reason "CI pipeline"` and verify delegation
- [ ] Verify delegated token has restricted scopes
- [ ] Verify audit reason recorded for delegation