stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
docs/features/unchecked/notifier/ack-tokens-for-approval-workflows.md Normal file
View File

@@ -0,0 +1,31 @@
# Ack Tokens for Approval Workflows
## Module
Notifier
## Status
IMPLEMENTED
## Description
HMAC-based ack token service with bridge integration for acknowledgement workflows. Note: uses HMAC rather than DSSE-signed tokens as described in the advisory.
## Implementation Details
- **IAckTokenService interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Security/IAckTokenService.cs` -- `CreateToken`, `VerifyToken`, `CreateAckUrl` for signed acknowledgement tokens with configurable expiration and metadata
- **HmacAckTokenService**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Security/HmacAckTokenService.cs` -- HMAC-SHA256 implementation with HKDF key derivation, `soa1` token prefix, versioned token format, configurable signing key
- **IAckBridge interface**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Escalation/IAckBridge.cs` -- bridge between ack tokens and escalation engine
- **AckBridge**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.Worker/Escalation/AckBridge.cs` -- processes ack requests, maps external IDs to internal incident IDs, integrates with `IEscalationEngine` and `IIncidentManager`, supports audit logging
- **SecurityContracts**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Contracts/SecurityContracts.cs` -- ack token request/response DTOs
- **PackApprovalAckRequest**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Contracts/PackApprovalAckRequest.cs` -- pack approval ack request model
- **EscalationEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/EscalationEndpoints.cs` -- REST endpoints for ack token processing
- **SecurityEndpoints**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/Endpoints/SecurityEndpoints.cs` -- security-related endpoints
- **Tests**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService.Tests/Escalation/AckBridgeTests.cs`
- **OpenAPI**: `src/Notifier/StellaOps.Notifier/StellaOps.Notifier.WebService/openapi/pack-approvals.yaml`
- **Source**: Feature matrix scan
## E2E Test Plan
- [ ] Verify HMAC ack token creation with configurable expiration (default 7 days)
- [ ] Test token verification rejects expired, tampered, or malformed tokens
- [ ] Verify AckBridge routes ack actions (ack, resolve, escalate) to escalation engine
- [ ] Test ack URL generation and round-trip verification
- [ ] Verify pack approval ack workflow through EscalationEndpoints
- [ ] Test audit logging of ack processing events