fix(infra): repair gateway route ownership and add JobEngine/pack-registry scopes

- Route /api/v1/jobengine to jobengine service (was orchestrator) - Route /api/v1/sources and /api/v1/witnesses to scanner service - Add orch:quota and pack-registry scopes to platform OIDC token - Align compose-local manifests with gateway appsettings.json Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 07:52:46 +02:00
parent 841add4f27
commit 69923b648c
5 changed files with 13 additions and 12 deletions
--- a/devops/compose/envsettings-override.json
+++ b/devops/compose/envsettings-override.json
@@ -6,7 +6,7 @@
                      "tokenEndpoint":  "https://stella-ops.local/connect/token",
                      "redirectUri":  "https://stella-ops.local/auth/callback",
                      "postLogoutRedirectUri":  "https://stella-ops.local/",
-                      "scope":  "openid profile email offline_access ui.read ui.admin ui.preferences.read ui.preferences.write authority:tenants.read authority:users.read authority:roles.read authority:clients.read authority:tokens.read authority:branding.read authority.audit.read graph:read sbom:read scanner:read policy:read policy:simulate policy:author policy:review policy:approve policy:run policy:activate policy:audit policy:edit policy:operate policy:publish airgap:seal airgap:status:read orch:read analytics.read advisory:read advisory-ai:view advisory-ai:operate vex:read vexhub:read exceptions:read exceptions:approve aoc:verify findings:read release:read scheduler:read scheduler:operate notify.viewer notify.operator notify.admin notify.escalate evidence:read export.viewer export.operator export.admin vuln:view vuln:investigate vuln:operate vuln:audit platform.context.read platform.context.write doctor:run doctor:admin ops.health integration:read integration:write integration:operate registry.admin timeline:read timeline:write",
+                      "scope":  "openid profile email offline_access ui.read ui.admin ui.preferences.read ui.preferences.write authority:tenants.read authority:users.read authority:roles.read authority:clients.read authority:tokens.read authority:branding.read authority.audit.read graph:read sbom:read scanner:read policy:read policy:simulate policy:author policy:review policy:approve policy:run policy:activate policy:audit policy:edit policy:operate policy:publish airgap:seal airgap:status:read orch:read orch:quota analytics.read advisory:read advisory-ai:view advisory-ai:operate vex:read vexhub:read exceptions:read exceptions:approve aoc:verify findings:read release:read scheduler:read scheduler:operate notify.viewer notify.operator notify.admin notify.escalate evidence:read export.viewer export.operator export.admin vuln:view vuln:investigate vuln:operate vuln:audit platform.context.read platform.context.write doctor:run doctor:admin ops.health integration:read integration:write integration:operate packs.read packs.write packs.run packs.approve registry.admin timeline:read timeline:write",
                      "audience":  "stella-ops-api",
                      "dpopAlgorithms":  [
                                             "ES256"