up

ops/authority/AGENTS.md

@@ -0,0 +1,16 @@
+# Authority DevOps Crew
+
+## Mission
+Operate and harden the StellaOps Authority platform in production and air-gapped environments: container images, deployment assets, observability defaults, backup/restore, and runtime key management.
+
+## Focus Areas
+- **Build & Packaging** – Dockerfiles, OCI bundles, offline artefact refresh.
+- **Deployment Tooling** – Compose/Kubernetes manifests, secrets bootstrap, upgrade paths.
+- **Observability** – Logging defaults, metrics/trace exporters, dashboards, alert policies.
+- **Continuity & Security** – Backup/restore guides, key rotation playbooks, revocation propagation.
+
+## Working Agreements
+- Track work in `ops/authority/TASKS.md` (TODO → DOING → DONE/BLOCKED); keep entries dated.
+- Validate container changes with the CI pipeline (`ops/authority` GitHub workflow) before marking DONE.
+- Update operator documentation in `docs/` together with any behavioural change.
+- Coordinate with Authority Core and Security Guild before altering sensitive defaults (rate limits, crypto providers, revocation jobs).

ops/authority/Dockerfile

@@ -14,7 +14,7 @@ WORKDIR /src
 
 # Restore & publish
 COPY . .
-RUN dotnet restore StellaOps.sln
+RUN dotnet restore src/StellaOps.sln
 RUN dotnet publish src/StellaOps.Authority/StellaOps.Authority/StellaOps.Authority.csproj \
     -c Release \
     -o /app/publish \

ops/authority/TASKS.md

@@ -0,0 +1,6 @@
+# Authority DevOps Task Board (UTC 2025-10-10)
+
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
+|----|--------|----------|------------|-------------|---------------|
+| OPS3.KEY-ROTATION | BLOCKED | DevOps Crew, Authority Core | CORE10.JWKS | Implement key rotation tooling + pipeline hook once rotating JWKS lands. Document SOP and secret handling. | ✅ CLI/script rotates keys + updates JWKS; ✅ Pipeline job documented; ✅ docs/ops runbook updated. |