stabilize tests

src/Authority/AGENTS.md

@@ -0,0 +1,23 @@
+# AGENTS - Authority Module
+
+## Working Directory
+- `src/Authority/**` (Authority service, libraries, plugins, tests).
+
+## Required Reading
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/platform/architecture-overview.md`
+- `docs/modules/authority/architecture.md`
+- `docs/modules/authority/README.md`
+
+## Engineering Rules
+- Enforce authn/authz on every surface; default-deny for new endpoints.
+- Preserve determinism for token/evidence workflows (stable ordering, UTC timestamps).
+- No plaintext secrets in logs or storage.
+
+## Testing & Verification
+- Tests live in `src/Authority/__Tests/**`.
+- Cover authz policies, error handling, and offline behavior.
+
+## Sprint Discipline
+- Record decisions and risks for security-sensitive changes in the sprint file.

src/Authority/StellaOps.Authority/AGENTS.md

@@ -5,7 +5,7 @@ Own the StellaOps Authority host service: ASP.NET minimal API, OpenIddict flows,
 
 ## Teams On Call
 - Team 2 (Authority Core)
-- Team 8 (Security Guild) — collaborates on security-sensitive endpoints
+- Team 8 (Security Guild) ??? collaborates on security-sensitive endpoints
 
 ## Operating Principles
 - Deterministic responses, structured logging, cancellation-ready handlers.
@@ -15,16 +15,16 @@ Own the StellaOps Authority host service: ASP.NET minimal API, OpenIddict flows,
 - Keep Console admin endpoints (`/console/admin/*`) DPoP-safe and aligned with `authority:*` scopes.
 
 ## Key Directories
-- `src/Authority/StellaOps.Authority/` — host app
-- `src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/` — integration/unit tests
-- `src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/` — data access helpers
-- `src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/` — default identity provider plugin
+- `src/Authority/StellaOps.Authority/` ??? host app
+- `src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/` ??? integration/unit tests
+- `src/Authority/__Libraries/StellaOps.Authority.Storage.Postgres/` ??? data access helpers
+- `src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/` ??? default identity provider plugin
 
 ## Required Reading
 - `docs/modules/authority/architecture.md`
 - `docs/modules/platform/architecture-overview.md`
-- `docs/architecture/console-admin-rbac.md`
-- `docs/architecture/console-branding.md`
+- `docs/technical/architecture/console-admin-rbac.md`
+- `docs/technical/architecture/console-branding.md`
 
 ## Working Agreement
 - 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
@@ -32,3 +32,4 @@ Own the StellaOps Authority host service: ASP.NET minimal API, OpenIddict flows,
 - 3. Keep changes deterministic (stable ordering, timestamps, hashes) and align with offline/air-gap expectations.
 - 4. Coordinate doc updates, tests, and cross-guild communication whenever contracts or workflows change.
 - 5. Revert to `TODO` if you pause the task without shipping changes; leave notes in commit/PR descriptions for context.
+

src/Authority/StellaOps.Authority/StellaOps.Auth.Abstractions/StellaOpsProblemResultFactory.cs

@@ -1,9 +1,10 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc;
+using System;
+using System.Collections.Generic;
+using System.Linq;
 
 namespace StellaOps.Auth.Abstractions;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/FileTokenCache.cs

@@ -1,12 +1,13 @@
+
+using Microsoft.Extensions.Logging;
 using System;
 using System.IO;
-using System.Security.Cryptography;
 using System.Security.AccessControl;
+using System.Security.Cryptography;
 using System.Security.Principal;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/IStellaOpsTokenClient.cs

@@ -1,7 +1,8 @@
+
+using Microsoft.IdentityModel.Tokens;
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.IdentityModel.Tokens;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/MessagingTokenCache.cs

@@ -1,8 +1,9 @@
+
+using StellaOps.Messaging;
+using StellaOps.Messaging.Abstractions;
 using System;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Messaging;
-using StellaOps.Messaging.Abstractions;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/ServiceCollectionExtensions.cs

@@ -1,6 +1,4 @@
-using System;
-using System.Net;
-using System.Net.Http;
+
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Http.Resilience;
@@ -8,6 +6,9 @@ using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Polly;
 using StellaOps.AirGap.Policy;
+using System;
+using System.Net;
+using System.Net.Http;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/StellaOpsApiAuthenticationOptions.cs

@@ -1,5 +1,6 @@
-using System;
+
 using StellaOps.Auth.Abstractions;
+using System;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/StellaOpsAuthClientOptions.cs

@@ -1,7 +1,8 @@
+
+using StellaOps.Auth.Abstractions;
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using StellaOps.Auth.Abstractions;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/StellaOpsBearerTokenHandler.cs

@@ -1,11 +1,12 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/StellaOpsDiscoveryCache.cs

@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System;
 using System.Net.Http;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/StellaOpsJwksCache.cs

@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
 using System;
 using System.Net.Http;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Tokens;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.Client/StellaOpsTokenClient.cs

@@ -1,3 +1,7 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
@@ -8,9 +12,6 @@ using System.Text.Json;
 using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Tokens;
 
 namespace StellaOps.Auth.Client;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/ServiceCollectionExtensions.cs

@@ -1,5 +1,4 @@
-using System;
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -7,6 +6,8 @@ using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
 using StellaOps.Auth.Abstractions;
+using System;
+using System.Security.Claims;
 
 namespace StellaOps.Auth.ServerIntegration;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsAuthorityConfigurationManager.cs

@@ -1,12 +1,13 @@
-using System;
-using System.Net.Http;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
+using System;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace StellaOps.Auth.ServerIntegration;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsAuthorizationPolicyBuilderExtensions.cs

@@ -1,7 +1,8 @@
-using System;
+
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.DependencyInjection;
 using StellaOps.Auth.Abstractions;
+using System;
 
 namespace StellaOps.Auth.ServerIntegration;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsBypassEvaluator.cs

@@ -1,8 +1,9 @@
-using System;
-using System.Collections.Generic;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using System;
+using System.Collections.Generic;
 
 namespace StellaOps.Auth.ServerIntegration;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsResourceServerOptions.cs

@@ -1,7 +1,8 @@
+
+using StellaOps.Auth.Abstractions;
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using StellaOps.Auth.Abstractions;
 
 namespace StellaOps.Auth.ServerIntegration;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsResourceServerPolicies.cs

@@ -1,6 +1,7 @@
-using System;
+
 using Microsoft.AspNetCore.Authorization;
 using StellaOps.Auth.Abstractions;
+using System;
 
 namespace StellaOps.Auth.ServerIntegration;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsScopeAuthorizationHandler.cs

@@ -1,3 +1,11 @@
+
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using OpenIddict.Abstractions;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -6,13 +14,6 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Auth.Abstractions;
-using StellaOps.Cryptography.Audit;
-using OpenIddict.Abstractions;
 
 namespace StellaOps.Auth.ServerIntegration;
 

src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/StellaOpsScopeRequirement.cs

@@ -1,8 +1,9 @@
+
+using Microsoft.AspNetCore.Authorization;
+using StellaOps.Auth.Abstractions;
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.AspNetCore.Authorization;
-using StellaOps.Auth.Abstractions;
 
 namespace StellaOps.Auth.ServerIntegration;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/Claims/LdapClaimsEnricher.cs

@@ -1,3 +1,8 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Authority.Plugin.Ldap.Connections;
+using StellaOps.Authority.Plugins.Abstractions;
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -5,10 +10,6 @@ using System.Security.Claims;
 using System.Text.RegularExpressions;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Authority.Plugin.Ldap.Connections;
-using StellaOps.Authority.Plugins.Abstractions;
 
 namespace StellaOps.Authority.Plugin.Ldap.Claims;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/ClientProvisioning/LdapCapabilityProbe.cs

@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Authority.Plugin.Ldap.Connections;
+using StellaOps.Authority.Plugin.Ldap.Security;
 using System;
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using StellaOps.Authority.Plugin.Ldap.Connections;
-using StellaOps.Authority.Plugin.Ldap.Security;
 
 namespace StellaOps.Authority.Plugin.Ldap.ClientProvisioning;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/ClientProvisioning/LdapClientProvisioningStore.cs

@@ -1,17 +1,18 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Authority.InMemoryDriver;
+using StellaOps.Authority.Persistence.Documents;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Plugin.Ldap.Connections;
+using StellaOps.Authority.Plugin.Ldap.Security;
+using StellaOps.Authority.Plugins.Abstractions;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Authority.InMemoryDriver;
-using StellaOps.Authority.Plugin.Ldap.Connections;
-using StellaOps.Authority.Plugin.Ldap.Security;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Authority.Persistence.InMemory.Stores;
-using StellaOps.Auth.Abstractions;
 
 namespace StellaOps.Authority.Plugin.Ldap.ClientProvisioning;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/Connections/DirectoryServicesLdapConnectionFactory.cs

@@ -1,5 +1,11 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Authority.Plugin.Ldap.Monitoring;
+using StellaOps.Authority.Plugin.Ldap.Security;
 using System;
 using System.Collections.Generic;
+using System.DirectoryServices.Protocols;
 using System.Globalization;
 using System.Linq;
 using System.Net;
@@ -7,11 +13,6 @@ using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Authority.Plugin.Ldap.Monitoring;
-using StellaOps.Authority.Plugin.Ldap.Security;
-using System.DirectoryServices.Protocols;
 
 namespace StellaOps.Authority.Plugin.Ldap.Connections;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/Credentials/LdapCredentialStore.cs

@@ -1,19 +1,20 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Authority.Persistence.Documents;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Plugin.Ldap.ClientProvisioning;
+using StellaOps.Authority.Plugin.Ldap.Connections;
+using StellaOps.Authority.Plugin.Ldap.Monitoring;
+using StellaOps.Authority.Plugin.Ldap.Security;
+using StellaOps.Authority.Plugins.Abstractions;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Authority.Plugin.Ldap.ClientProvisioning;
-using StellaOps.Authority.Plugin.Ldap.Connections;
-using StellaOps.Authority.Plugin.Ldap.Monitoring;
-using StellaOps.Authority.Plugin.Ldap.Security;
-using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Authority.Persistence.InMemory.Stores;
-using StellaOps.Cryptography.Audit;
 
 namespace StellaOps.Authority.Plugin.Ldap.Credentials;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/LdapIdentityProviderPlugin.cs

@@ -1,15 +1,16 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using StellaOps.Authority.Plugin.Ldap.Claims;
+using StellaOps.Authority.Plugin.Ldap.ClientProvisioning;
+using StellaOps.Authority.Plugin.Ldap.Connections;
+using StellaOps.Authority.Plugin.Ldap.Credentials;
+using StellaOps.Authority.Plugin.Ldap.Security;
+using StellaOps.Authority.Plugins.Abstractions;
 using System;
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Authority.Plugin.Ldap.ClientProvisioning;
-using StellaOps.Authority.Plugin.Ldap.Claims;
-using StellaOps.Authority.Plugin.Ldap.Connections;
-using StellaOps.Authority.Plugin.Ldap.Credentials;
-using StellaOps.Authority.Plugin.Ldap.Security;
 
 namespace StellaOps.Authority.Plugin.Ldap;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/LdapPluginRegistrar.cs

@@ -1,15 +1,16 @@
+
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Authority.Plugin.Ldap.ClientProvisioning;
+using StellaOps.Authority.Persistence.InMemory.Stores;
 using StellaOps.Authority.Plugin.Ldap.Claims;
+using StellaOps.Authority.Plugin.Ldap.ClientProvisioning;
 using StellaOps.Authority.Plugin.Ldap.Connections;
 using StellaOps.Authority.Plugin.Ldap.Credentials;
 using StellaOps.Authority.Plugin.Ldap.Monitoring;
 using StellaOps.Authority.Plugin.Ldap.Security;
-using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Plugins.Abstractions;
 
 namespace StellaOps.Authority.Plugin.Ldap;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/Properties/AssemblyInfo.cs

@@ -1,5 +1,6 @@
-using System.Runtime.CompilerServices;
+
 using StellaOps.Plugin.Versioning;
+using System.Runtime.CompilerServices;
 
 [assembly: InternalsVisibleTo("StellaOps.Authority.Plugin.Ldap.Tests")]
 [assembly: StellaPluginVersion("1.0.0", MinimumHostVersion = "1.0.0", MaximumHostVersion = "1.99.99")]

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/Claims/OidcClaimsEnricher.cs

@@ -3,10 +3,11 @@
 // Claims enricher for OIDC-authenticated principals.
 // -----------------------------------------------------------------------------
 
-using System.Security.Claims;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Authority.Plugins.Abstractions;
+using System.Security.Claims;
 
 namespace StellaOps.Authority.Plugin.Oidc.Claims;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/Credentials/OidcCredentialStore.cs

@@ -3,18 +3,19 @@
 // Credential store for validating OIDC tokens.
 // -----------------------------------------------------------------------------
 
-using System.Globalization;
-using System.IdentityModel.Tokens.Jwt;
-using System.Security.Claims;
+
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using System.Net.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Cryptography.Audit;
+using System.Globalization;
+using System.IdentityModel.Tokens.Jwt;
+using System.Net.Http;
+using System.Security.Claims;
 
 namespace StellaOps.Authority.Plugin.Oidc.Credentials;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/OidcIdentityProviderPlugin.cs

@@ -3,12 +3,13 @@
 // OIDC identity provider plugin implementation.
 // -----------------------------------------------------------------------------
 
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using System.Net.Http;
-using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Authority.Plugin.Oidc.Claims;
 using StellaOps.Authority.Plugin.Oidc.Credentials;
+using StellaOps.Authority.Plugins.Abstractions;
+using System.Net.Http;
 
 namespace StellaOps.Authority.Plugin.Oidc;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/OidcPluginRegistrar.cs

@@ -3,14 +3,15 @@
 // Registrar for the OIDC identity provider plugin.
 // -----------------------------------------------------------------------------
 
+
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using System.Net.Http;
-using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Authority.Plugin.Oidc.Claims;
 using StellaOps.Authority.Plugin.Oidc.Credentials;
+using StellaOps.Authority.Plugins.Abstractions;
+using System.Net.Http;
 
 namespace StellaOps.Authority.Plugin.Oidc;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/Claims/SamlClaimsEnricher.cs

@@ -3,10 +3,11 @@
 // Claims enricher for SAML-authenticated principals.
 // -----------------------------------------------------------------------------
 
-using System.Security.Claims;
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Authority.Plugins.Abstractions;
+using System.Security.Claims;
 
 namespace StellaOps.Authority.Plugin.Saml.Claims;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/Credentials/SamlCredentialStore.cs

@@ -3,14 +3,7 @@
 // Credential store for validating SAML assertions.
 // -----------------------------------------------------------------------------
 
-using System.Globalization;
-using System.Security.Claims;
-using System.Security.Cryptography;
-using System.Security.Cryptography.X509Certificates;
-using System.Text;
-using System.IO;
-using System.Xml;
-using System.Net.Http;
+
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
@@ -19,6 +12,14 @@ using Microsoft.IdentityModel.Tokens.Saml2;
 using StellaOps.Authority.Plugin.Saml;
 using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Cryptography.Audit;
+using System.Globalization;
+using System.IO;
+using System.Net.Http;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Xml;
 
 namespace StellaOps.Authority.Plugin.Saml.Credentials;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/SamlIdentityProviderPlugin.cs

@@ -3,12 +3,13 @@
 // SAML identity provider plugin implementation.
 // -----------------------------------------------------------------------------
 
+
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using System.Net.Http;
-using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Authority.Plugin.Saml.Claims;
 using StellaOps.Authority.Plugin.Saml.Credentials;
+using StellaOps.Authority.Plugins.Abstractions;
+using System.Net.Http;
 
 namespace StellaOps.Authority.Plugin.Saml;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/SamlMetadataParser.cs

@@ -1,3 +1,4 @@
+
 using System;
 using System.IO;
 using System.Security.Cryptography.X509Certificates;

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/SamlPluginRegistrar.cs

@@ -3,14 +3,15 @@
 // Registrar for the SAML identity provider plugin.
 // -----------------------------------------------------------------------------
 
+
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using System.Net.Http;
-using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Authority.Plugin.Saml.Claims;
 using StellaOps.Authority.Plugin.Saml.Credentials;
+using StellaOps.Authority.Plugins.Abstractions;
+using System.Net.Http;
 
 namespace StellaOps.Authority.Plugin.Saml;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Bootstrap/StandardPluginBootstrapper.cs

@@ -1,10 +1,11 @@
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Authority.Plugin.Standard.Storage;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace StellaOps.Authority.Plugin.Standard.Bootstrap;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Properties/AssemblyInfo.cs

@@ -1,5 +1,6 @@
-using System.Runtime.CompilerServices;
+
 using StellaOps.Plugin.Versioning;
+using System.Runtime.CompilerServices;
 
 [assembly: InternalsVisibleTo("StellaOps.Authority.Plugin.Standard.Tests")]
 [assembly: StellaPluginVersion("1.0.0", MinimumHostVersion = "1.0.0", MaximumHostVersion = "1.99.99")]

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Security/IPasswordHasher.cs

@@ -1,5 +1,6 @@
-using System;
+
 using StellaOps.Cryptography;
+using System;
 
 namespace StellaOps.Authority.Plugin.Standard.Security;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Security/StandardCredentialAuditLogger.cs

@@ -1,9 +1,10 @@
-using System.Collections.Generic;
-using System.Collections.Immutable;
+
 using Microsoft.Extensions.Logging;
-using System.Linq;
 using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Cryptography.Audit;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Linq;
 
 namespace StellaOps.Authority.Plugin.Standard.Security;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardClaimsEnricher.cs

@@ -1,9 +1,10 @@
+
+using StellaOps.Authority.Plugins.Abstractions;
 using System;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Authority.Plugins.Abstractions;
 
 namespace StellaOps.Authority.Plugin.Standard;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardIdentityProviderPlugin.cs

@@ -1,9 +1,10 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Authority.Plugin.Standard.Storage;
+using StellaOps.Authority.Plugins.Abstractions;
 using System;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Authority.Plugin.Standard.Storage;
 
 namespace StellaOps.Authority.Plugin.Standard;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardPluginOptions.cs

@@ -1,6 +1,7 @@
+
+using StellaOps.Cryptography;
 using System;
 using System.IO;
-using StellaOps.Cryptography;
 
 namespace StellaOps.Authority.Plugin.Standard;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardPluginRegistrar.cs

@@ -1,14 +1,15 @@
+
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
-using StellaOps.Authority.Plugins.Abstractions;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Persistence.Postgres.Repositories;
 using StellaOps.Authority.Plugin.Standard.Bootstrap;
 using StellaOps.Authority.Plugin.Standard.Security;
 using StellaOps.Authority.Plugin.Standard.Storage;
-using StellaOps.Authority.Persistence.InMemory.Stores;
-using StellaOps.Authority.Persistence.Postgres.Repositories;
+using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Cryptography;
 using StellaOps.Cryptography.DependencyInjection;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Storage/StandardClientProvisioningStore.cs

@@ -1,8 +1,9 @@
-using System.Collections.Generic;
-using System.Linq;
-using StellaOps.Authority.Plugins.Abstractions;
+
 using StellaOps.Authority.Persistence.Documents;
 using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Plugins.Abstractions;
+using System.Collections.Generic;
+using System.Linq;
 
 namespace StellaOps.Authority.Plugin.Standard.Storage;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/Storage/StandardUserCredentialStore.cs

@@ -1,3 +1,10 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Authority.Persistence.Postgres.Models;
+using StellaOps.Authority.Persistence.Postgres.Repositories;
+using StellaOps.Authority.Plugin.Standard.Security;
+using StellaOps.Authority.Plugins.Abstractions;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
@@ -5,12 +12,6 @@ using System.Linq;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Authority.Plugin.Standard.Security;
-using StellaOps.Authority.Persistence.Postgres.Repositories;
-using StellaOps.Authority.Persistence.Postgres.Models;
-using StellaOps.Cryptography.Audit;
 
 namespace StellaOps.Authority.Plugin.Standard.Storage;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Unified/AuthPluginAdapter.cs

@@ -1,5 +1,3 @@
-namespace StellaOps.Authority.Plugin.Unified;
-
 using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Plugin.Abstractions;
 using StellaOps.Plugin.Abstractions.Capabilities;
@@ -7,6 +5,9 @@ using StellaOps.Plugin.Abstractions.Context;
 using StellaOps.Plugin.Abstractions.Health;
 using StellaOps.Plugin.Abstractions.Lifecycle;
 
+namespace StellaOps.Authority.Plugin.Unified;
+
+
 /// <summary>
 /// Adapts an existing IIdentityProviderPlugin to the unified IPlugin and IAuthCapability interfaces.
 /// This enables gradual migration of Authority plugins to the unified plugin architecture.

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Unified/TASKS.md

@@ -0,0 +1,8 @@
+# StellaOps.Authority.Plugin.Unified Task Board
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_solid_review.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Unified/StellaOps.Authority.Plugin.Unified.md. |
+| REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthorityPluginContracts.cs

@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Configuration;
-using Microsoft.Extensions.DependencyInjection;
 
 namespace StellaOps.Authority.Plugins.Abstractions;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthorityPluginRegistrationContext.cs

@@ -1,6 +1,7 @@
-using System;
+
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using System;
 
 namespace StellaOps.Authority.Plugins.Abstractions;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/AuthoritySecretHasher.cs

@@ -1,8 +1,9 @@
+
+using StellaOps.Cryptography;
 using System;
 using System.Security.Cryptography;
 using System.Text;
 using System.Threading;
-using StellaOps.Cryptography;
 
 namespace StellaOps.Authority.Plugins.Abstractions;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/IdentityProviderContracts.cs

@@ -1,3 +1,6 @@
+
+using StellaOps.Auth.Abstractions;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Collections.ObjectModel;
@@ -5,8 +8,6 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading;
 using System.Threading.Tasks;
-using StellaOps.Cryptography.Audit;
-using StellaOps.Auth.Abstractions;
 
 namespace StellaOps.Authority.Plugins.Abstractions;
 

src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/Properties/AssemblyInfo.cs

@@ -1,5 +1,6 @@
-using System.Runtime.CompilerServices;
+
 using StellaOps.Plugin.Versioning;
+using System.Runtime.CompilerServices;
 
 [assembly: InternalsVisibleTo("StellaOps.Authority.Plugins.Abstractions.Tests")]
 [assembly: StellaPluginVersion("1.0.0", MinimumHostVersion = "1.0.0", MaximumHostVersion = "1.99.99")]

src/Authority/StellaOps.Authority/StellaOps.Authority/AGENTS.md

@@ -10,8 +10,8 @@
 - `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
 - `docs/modules/platform/architecture-overview.md`
 - `docs/modules/authority/architecture.md`
-- `docs/architecture/console-admin-rbac.md`
-- `docs/architecture/console-branding.md`
+- `docs/technical/architecture/console-admin-rbac.md`
+- `docs/technical/architecture/console-branding.md`
 - Relevant sprint files.
 
 ## Working Agreements
@@ -23,3 +23,4 @@
 ## Testing
 - Use xUnit + FluentAssertions + TestKit.
 - Cover OpenIddict handlers, auth audit sinks, storage adapters, and policy enforcement.
+

src/Authority/StellaOps.Authority/StellaOps.Authority/AdvisoryAi/AuthorityAdvisoryAiConsentEvaluator.cs

@@ -1,8 +1,9 @@
+
+using Microsoft.Extensions.Options;
+using StellaOps.Configuration;
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Extensions.Options;
-using StellaOps.Configuration;
 
 namespace StellaOps.Authority.AdvisoryAi;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Airgap/AirgapAuditEndpointExtensions.cs

@@ -1,15 +1,16 @@
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Net.Mime;
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using OpenIddict.Abstractions;
 using StellaOps.Auth.Abstractions;
-using StellaOps.Authority.Console;
-using System.Linq;
 using StellaOps.Auth.ServerIntegration;
+using StellaOps.Authority.Console;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
+using System.Net.Mime;
+using System.Security.Claims;
 
 namespace StellaOps.Authority.Airgap;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Airgap/AuthorityAirgapAuditService.cs

@@ -1,8 +1,9 @@
+
+using StellaOps.Authority.Persistence.Documents;
+using StellaOps.Authority.Persistence.InMemory.Stores;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.Linq;
-using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Authority.Persistence.InMemory.Stores;
 
 namespace StellaOps.Authority.Airgap;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Airgap/AuthoritySealedModeEvidenceValidator.cs

@@ -1,13 +1,14 @@
+
+using Microsoft.Extensions.Caching.Memory;
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+using StellaOps.Configuration;
 using System;
 using System.Globalization;
 using System.IO;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Caching.Memory;
-using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Logging;
-using StellaOps.Configuration;
 
 namespace StellaOps.Authority.Airgap;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Audit/AuthorityAuditSink.cs

@@ -1,13 +1,14 @@
+
+using Microsoft.Extensions.Logging;
+using StellaOps.Authority.Persistence.Documents;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Authority.Persistence.InMemory.Stores;
-using StellaOps.Cryptography.Audit;
 
 namespace StellaOps.Authority.Audit;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Audit/AuthorityCredentialAuditContextAccessor.cs

@@ -1,6 +1,7 @@
+
+using StellaOps.Authority.Plugins.Abstractions;
 using System;
 using System.Threading;
-using StellaOps.Authority.Plugins.Abstractions;
 
 namespace StellaOps.Authority.Audit;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityIdentityProviderRegistry.cs

@@ -1,11 +1,12 @@
+
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using StellaOps.Authority.Plugins.Abstractions;
 using System.Collections.ObjectModel;
 using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
-using StellaOps.Authority.Plugins.Abstractions;
 
 namespace StellaOps.Authority;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityPluginRegistry.cs

@@ -1,8 +1,9 @@
+
+using StellaOps.Authority.Plugins.Abstractions;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 using System.Linq;
-using StellaOps.Authority.Plugins.Abstractions;
 
 namespace StellaOps.Authority;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityRateLimiter.cs

@@ -1,13 +1,14 @@
-using System;
-using System.Globalization;
-using System.Net;
-using System.Threading.RateLimiting;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.RateLimiting;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using StellaOps.Authority.RateLimiting;
 using StellaOps.Configuration;
+using System;
+using System.Globalization;
+using System.Net;
+using System.Threading.RateLimiting;
 
 namespace StellaOps.Authority;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityTelemetryConfiguration.cs

@@ -1,7 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Diagnostics.Metrics;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
 using OpenTelemetry.Extensions.Hosting;
@@ -9,6 +6,10 @@ using OpenTelemetry.Metrics;
 using OpenTelemetry.Resources;
 using OpenTelemetry.Trace;
 using StellaOps.Auth;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Diagnostics.Metrics;
 
 namespace StellaOps.Authority;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Bootstrap/BootstrapInviteCleanupService.cs

@@ -1,11 +1,12 @@
+
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+using StellaOps.Authority.Persistence.Documents;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Globalization;
-using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Logging;
-using StellaOps.Authority.Persistence.InMemory.Stores;
-using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Cryptography.Audit;
 
 namespace StellaOps.Authority.Bootstrap;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Console/Admin/ConsoleAdminEndpointExtensions.cs

@@ -1,9 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Globalization;
-using System.Linq;
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -13,6 +8,12 @@ using StellaOps.Auth.ServerIntegration;
 using StellaOps.Authority.Persistence.Documents;
 using StellaOps.Authority.Tenants;
 using StellaOps.Cryptography.Audit;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Globalization;
+using System.Linq;
+using System.Security.Claims;
 
 namespace StellaOps.Authority.Console.Admin;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Console/Admin/ConsoleBrandingEndpointExtensions.cs

@@ -1,3 +1,12 @@
+
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using OpenIddict.Abstractions;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Auth.ServerIntegration;
+using StellaOps.Authority.Tenants;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -7,14 +16,6 @@ using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Mvc;
-using OpenIddict.Abstractions;
-using StellaOps.Auth.Abstractions;
-using StellaOps.Auth.ServerIntegration;
-using StellaOps.Authority.Tenants;
-using StellaOps.Cryptography.Audit;
 
 namespace StellaOps.Authority.Console.Admin;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Console/ConsoleEndpointExtensions.cs

@@ -1,9 +1,4 @@
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Globalization;
-using System.Net;
-using System.Security.Claims;
-using System.Linq;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -11,8 +6,14 @@ using Microsoft.Extensions.Primitives;
 using OpenIddict.Abstractions;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Auth.ServerIntegration;
-using StellaOps.Cryptography.Audit;
 using StellaOps.Authority.Tenants;
+using StellaOps.Cryptography.Audit;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Globalization;
+using System.Linq;
+using System.Net;
+using System.Security.Claims;
 
 namespace StellaOps.Authority.Console;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Console/ConsoleWorkspaceSampleService.cs

@@ -1,9 +1,10 @@
+
 using System;
 using System.Collections.Generic;
 using System.Collections.Immutable;
+using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
-using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Console/TenantHeaderFilter.cs

@@ -1,7 +1,8 @@
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Primitives;
 using StellaOps.Auth.Abstractions;
+using System.Security.Claims;
 
 namespace StellaOps.Authority.Console;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/LegacyAuthDeprecationMiddleware.cs

@@ -1,7 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Globalization;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
@@ -9,6 +6,10 @@ using Microsoft.Extensions.Options;
 using Microsoft.Net.Http.Headers;
 using StellaOps.Configuration;
 using StellaOps.Cryptography.Audit;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Globalization;
 
 namespace StellaOps.Authority;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/BreakGlassSessionManager.cs

@@ -5,11 +5,12 @@
 // Description: Break-glass session management with timeout and audit.
 // -----------------------------------------------------------------------------
 
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System.Collections.Concurrent;
 using System.Collections.Immutable;
 using System.Security.Cryptography;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
 
 namespace StellaOps.Authority.LocalPolicy;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/FileBasedPolicyStore.cs

@@ -5,13 +5,14 @@
 // Description: File-based implementation of ILocalPolicyStore.
 // -----------------------------------------------------------------------------
 
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using System.Collections.Immutable;
 using System.Globalization;
 using System.Security.Cryptography;
 using System.Text;
 using System.Text.Json;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
 using YamlDotNet.Serialization;
 using YamlDotNet.Serialization.NamingConventions;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Notifications/Ack/AckTokenPayload.cs

@@ -1,3 +1,4 @@
+
 using System;
 using System.Buffers;
 using System.Collections.Generic;

src/Authority/StellaOps.Authority/StellaOps.Authority/Notifications/Ack/AckTokenSigningUtilities.cs

@@ -1,3 +1,4 @@
+
 using System;
 using System.Buffers.Binary;
 using System.IO;

src/Authority/StellaOps.Authority/StellaOps.Authority/Notifications/Ack/AuthorityAckTokenIssuer.cs

@@ -1,14 +1,15 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using StellaOps.Authority.Storage;
+using StellaOps.Configuration;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Tokens;
-using StellaOps.Configuration;
-using StellaOps.Authority.Storage;
 
 namespace StellaOps.Authority.Notifications.Ack;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Notifications/Ack/AuthorityAckTokenKeyManager.cs

@@ -1,12 +1,13 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
+
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using StellaOps.Authority.Signing;
 using StellaOps.Configuration;
 using StellaOps.Cryptography;
+using System;
+using System.Collections.Generic;
+using System.Linq;
 
 namespace StellaOps.Authority.Notifications.Ack;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Notifications/Ack/AuthorityAckTokenVerifier.cs

@@ -1,10 +1,11 @@
+
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using StellaOps.Configuration;
 using System;
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Tokens;
-using StellaOps.Configuration;
 
 namespace StellaOps.Authority.Notifications.Ack;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Notifications/AuthorityWebhookAllowlistEvaluator.cs

@@ -1,8 +1,9 @@
+
+using Microsoft.Extensions.Options;
+using StellaOps.Configuration;
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Extensions.Options;
-using StellaOps.Configuration;
 
 namespace StellaOps.Authority.Notifications;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Observability/IncidentAuditEndpointExtensions.cs

@@ -1,9 +1,4 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net.Mime;
-using System.Threading;
-using System.Threading.Tasks;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -12,6 +7,12 @@ using StellaOps.Auth.ServerIntegration;
 using StellaOps.Authority.Console;
 using StellaOps.Authority.Persistence.Documents;
 using StellaOps.Authority.Persistence.InMemory.Stores;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Mime;
+using System.Threading;
+using System.Threading.Tasks;
 
 namespace StellaOps.Authority.Observability;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenApi/AuthorityOpenApiDocumentProvider.cs

@@ -1,14 +1,15 @@
+
+using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
+using StellaOps.Cryptography;
 using System.Collections.Generic;
-using System.IO;
 using System.Globalization;
+using System.IO;
 using System.Linq;
 using System.Reflection;
-using StellaOps.Cryptography;
 using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Logging;
 using YamlDotNet.Core;
 using YamlDotNet.RepresentationModel;
 using YamlDotNet.Serialization;

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenApi/OpenApiDiscoveryEndpointExtensions.cs

@@ -1,12 +1,13 @@
-using System.Collections.Generic;
-using System.Globalization;
-using System.Linq;
+
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Linq;
 
 namespace StellaOps.Authority.OpenApi;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/AuthorityIdentityProviderSelector.cs

@@ -1,6 +1,7 @@
-using System.Linq;
+
 using OpenIddict.Abstractions;
 using StellaOps.Authority.Plugins.Abstractions;
+using System.Linq;
 
 namespace StellaOps.Authority.OpenIddict;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/AuthoritySenderConstraintHelper.cs

@@ -1,11 +1,12 @@
+
+using OpenIddict.Extensions;
+using OpenIddict.Server;
+using StellaOps.Authority.Security;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Text.Json;
-using OpenIddict.Extensions;
-using OpenIddict.Server;
-using StellaOps.Authority.Security;
 
 namespace StellaOps.Authority.OpenIddict;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/ClientCredentialsAuditHelper.cs

@@ -1,13 +1,14 @@
+
+using OpenIddict.Abstractions;
+using OpenIddict.Server;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Authority.RateLimiting;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.Globalization;
 using System.Linq;
-using OpenIddict.Abstractions;
-using OpenIddict.Server;
-using StellaOps.Authority.RateLimiting;
-using StellaOps.Cryptography.Audit;
-using StellaOps.Auth.Abstractions;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/ClientCredentialsHandlers.cs

@@ -1,12 +1,4 @@
-using System.Collections.Generic;
-using System.Collections.Immutable;
-using System.Diagnostics;
-using System.Globalization;
-using System.Linq;
-using System.Security.Claims;
-using System.Security.Cryptography;
-using System.Text.Json;
-using System.Text.RegularExpressions;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using OpenIddict.Abstractions;
@@ -16,14 +8,23 @@ using OpenIddict.Server.AspNetCore;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Authority.Airgap;
 using StellaOps.Authority.OpenIddict;
-using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Authority.Persistence.Sessions;
 using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Persistence.Sessions;
+using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Authority.RateLimiting;
 using StellaOps.Authority.Security;
 using StellaOps.Configuration;
 using StellaOps.Cryptography.Audit;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Diagnostics;
+using System.Globalization;
+using System.Linq;
+using System.Security.Claims;
+using System.Security.Cryptography;
+using System.Text.Json;
+using System.Text.RegularExpressions;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/DiscoveryHandlers.cs

@@ -1,13 +1,14 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using System.Text.Json;
+
 using Microsoft.Extensions.Options;
 using OpenIddict.Abstractions;
 using OpenIddict.Server;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Configuration;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text.Json;
+using System.Threading.Tasks;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/DpopHandlers.cs

@@ -1,3 +1,23 @@
+
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http.Extensions;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Primitives;
+using Microsoft.IdentityModel.Tokens;
+using OpenIddict.Abstractions;
+using OpenIddict.Extensions;
+using OpenIddict.Server;
+using OpenIddict.Server.AspNetCore;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Auth.Security.Dpop;
+using StellaOps.Authority.OpenIddict;
+using StellaOps.Authority.Persistence.Documents;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Plugins.Abstractions;
+using StellaOps.Authority.RateLimiting;
+using StellaOps.Authority.Security;
+using StellaOps.Configuration;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -5,25 +25,6 @@ using System.Diagnostics.Metrics;
 using System.Globalization;
 using System.Linq;
 using System.Text.Json;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Extensions;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Primitives;
-using OpenIddict.Abstractions;
-using OpenIddict.Extensions;
-using OpenIddict.Server;
-using OpenIddict.Server.AspNetCore;
-using StellaOps.Configuration;
-using StellaOps.Auth.Security.Dpop;
-using StellaOps.Authority.OpenIddict;
-using StellaOps.Auth.Abstractions;
-using StellaOps.Authority.RateLimiting;
-using StellaOps.Authority.Security;
-using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Authority.Persistence.InMemory.Stores;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Cryptography.Audit;
-using Microsoft.IdentityModel.Tokens;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/PasswordGrantHandlers.cs

@@ -1,9 +1,4 @@
-using System.Collections.Generic;
-using System.Collections.Immutable;
-using System.Diagnostics;
-using System.Globalization;
-using System.Linq;
-using System.Security.Claims;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using OpenIddict.Abstractions;
@@ -13,11 +8,17 @@ using OpenIddict.Server.AspNetCore;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Authority.Airgap;
 using StellaOps.Authority.OpenIddict;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Authority.RateLimiting;
 using StellaOps.Authority.Persistence.Documents;
 using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Plugins.Abstractions;
+using StellaOps.Authority.RateLimiting;
 using StellaOps.Cryptography.Audit;
+using System.Collections.Generic;
+using System.Collections.Immutable;
+using System.Diagnostics;
+using System.Globalization;
+using System.Linq;
+using System.Security.Claims;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/RefreshTokenHandlers.cs

@@ -1,8 +1,4 @@
-using System;
-using System.Globalization;
-using System.Linq;
-using System.Security.Claims;
-using System.Threading.Tasks;
+
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using OpenIddict.Abstractions;
@@ -10,9 +6,14 @@ using OpenIddict.Extensions;
 using OpenIddict.Server;
 using StellaOps.Auth.Abstractions;
 using StellaOps.Authority.Airgap;
-using StellaOps.Authority.Security;
 using StellaOps.Authority.Persistence.Documents;
 using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Security;
+using System;
+using System.Globalization;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/RevocationHandlers.cs

@@ -1,13 +1,14 @@
+
+using Microsoft.Extensions.Logging;
+using OpenIddict.Abstractions;
+using OpenIddict.Server;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Persistence.Sessions;
 using System;
 using System.Diagnostics;
 using System.Text;
 using System.Text.Json;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using OpenIddict.Abstractions;
-using OpenIddict.Server;
-using StellaOps.Authority.Persistence.Sessions;
-using StellaOps.Authority.Persistence.InMemory.Stores;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/TokenPersistenceHandlers.cs

@@ -1,3 +1,12 @@
+
+using Microsoft.Extensions.Logging;
+using OpenIddict.Abstractions;
+using OpenIddict.Extensions;
+using OpenIddict.Server;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Authority.Persistence.Documents;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Persistence.Sessions;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -7,14 +16,6 @@ using System.Security.Claims;
 using System.Text.Json;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using OpenIddict.Abstractions;
-using OpenIddict.Extensions;
-using OpenIddict.Server;
-using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Authority.Persistence.Sessions;
-using StellaOps.Authority.Persistence.InMemory.Stores;
-using StellaOps.Auth.Abstractions;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/Handlers/TokenValidationHandlers.cs

@@ -1,3 +1,18 @@
+
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using OpenIddict.Abstractions;
+using OpenIddict.Extensions;
+using OpenIddict.Server;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Authority.OpenIddict;
+using StellaOps.Authority.Persistence.Documents;
+using StellaOps.Authority.Persistence.InMemory.Stores;
+using StellaOps.Authority.Persistence.Sessions;
+using StellaOps.Authority.Plugins.Abstractions;
+using StellaOps.Authority.RateLimiting;
+using StellaOps.Authority.Security;
+using StellaOps.Cryptography.Audit;
 using System;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -6,20 +21,6 @@ using System.Globalization;
 using System.Security.Claims;
 using System.Security.Cryptography;
 using System.Text.Json;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Logging;
-using OpenIddict.Abstractions;
-using OpenIddict.Extensions;
-using OpenIddict.Server;
-using StellaOps.Auth.Abstractions;
-using StellaOps.Authority.OpenIddict;
-using StellaOps.Authority.Plugins.Abstractions;
-using StellaOps.Authority.RateLimiting;
-using StellaOps.Authority.Persistence.Documents;
-using StellaOps.Authority.Persistence.Sessions;
-using StellaOps.Authority.Persistence.InMemory.Stores;
-using StellaOps.Cryptography.Audit;
-using StellaOps.Authority.Security;
 
 namespace StellaOps.Authority.OpenIddict.Handlers;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/OpenIddict/TokenRequestTamperInspector.cs

@@ -1,6 +1,7 @@
+
+using OpenIddict.Abstractions;
 using System.Collections.Generic;
 using System.Linq;
-using OpenIddict.Abstractions;
 
 namespace StellaOps.Authority.OpenIddict;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Permalinks/VulnPermalinkService.cs

@@ -1,3 +1,11 @@
+
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Tokens;
+using StellaOps.Auth.Abstractions;
+using StellaOps.Authority.Storage;
+using StellaOps.Configuration;
+using StellaOps.Cryptography;
 using System;
 using System.Collections.Generic;
 using System.Text;
@@ -5,13 +13,6 @@ using System.Text.Json;
 using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
-using Microsoft.Extensions.Logging;
-using Microsoft.Extensions.Options;
-using Microsoft.IdentityModel.Tokens;
-using StellaOps.Auth.Abstractions;
-using StellaOps.Configuration;
-using StellaOps.Cryptography;
-using StellaOps.Authority.Storage;
 
 namespace StellaOps.Authority.Permalinks;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginLoader.cs

@@ -1,13 +1,14 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Reflection;
+
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using StellaOps.Authority.Plugins.Abstractions;
 using StellaOps.Plugin.DependencyInjection;
 using StellaOps.Plugin.Hosting;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Reflection;
 
 namespace StellaOps.Authority.Plugins;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/RateLimiting/AuthorityRateLimiterMetadata.cs

@@ -1,5 +1,6 @@
-using System.Collections.Generic;
+
 using StellaOps.Auth.Abstractions;
+using System.Collections.Generic;
 
 namespace StellaOps.Authority.RateLimiting;
 

src/Authority/StellaOps.Authority/StellaOps.Authority/RateLimiting/AuthorityRateLimiterMetadataAccessor.cs

@@ -1,6 +1,7 @@
-using System;
+
 using Microsoft.AspNetCore.Http;
 using StellaOps.Auth.Abstractions;
+using System;
 
 namespace StellaOps.Authority.RateLimiting;