feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00
parent 7e2fa0a42a
commit 5ce40d2eeb
966 changed files with 91038 additions and 1850 deletions
--- a/src/StellaOps.Cryptography/AGENTS.md
+++ b/src/StellaOps.Cryptography/AGENTS.md
@@ -18,4 +18,5 @@ Team 8 owns the end-to-end security posture for StellaOps Authority and its cons
 - Rate-limit `/token` and bootstrap endpoints once CORE8 hooks are available.  
 - Deliver offline revocation bundles signed with detached JWS and provide a verification script.  
 - Maintain `docs/security/authority-threat-model.md` and ensure mitigations are tracked.  
- All crypto consumption flows through `StellaOps.Cryptography` abstractions to enable sovereign crypto providers.
+- All crypto consumption flows through `StellaOps.Cryptography` abstractions to enable sovereign crypto providers.  
+- Every new cryptographic algorithm, dependency, or acceleration path ships as an `ICryptoProvider` plug-in under `StellaOps.Cryptography.*`; feature code must never bind directly to third-party crypto libraries.