stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Stabilize U

Browse Source
This commit is contained in:
master
2026-02-16 07:33:20 +02:00
parent 45c0f1bb59
commit 70fdbfcf25
166 changed files with 20156 additions and 4833 deletions
Download Patch File Download Diff File Expand all files Collapse all files

266
docs/qa/feature-checks/state/authority.json
View File

@@ -1,6 +1,5 @@
{
"module": "authority",
"lastUpdated": "2026-02-13T00:00:00Z",
"featureCount": 13,
"summary": {
"passed": 13,
@@ -9,110 +8,215 @@
"done": 13
},
"buildNote": "Baseline: 14 test projects, 861 total tests (Authority.Core.Tests=46, Authority.Persistence.Tests=75, Authority.Timestamping.Tests=16, Authority.Timestamping.Abstractions.Tests=16, Authority.ConfigDiff.Tests=5, Authority.Tests=317, Auth.Abstractions.Tests=103, Auth.Client.Tests=28, Auth.ServerIntegration.Tests=27, Authority.Plugin.Ldap.Tests=75, Authority.Plugin.Oidc.Tests=44, Authority.Plugin.Saml.Tests=38, Authority.Plugin.Standard.Tests=39, Authority.Plugins.Abstractions.Tests=32). All 861 tests pass.",
"features": [
{
"name": "authority-identity-provider-registry",
"slug": "authority-identity-provider-registry",
"status": "passed",
"tier": "tier2d",
"features": {
"authority-identity-provider-registry": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/authority-identity-provider-registry/run-001/tier2-integration-check.json",
"notes": "Registry indexes providers, aggregates capabilities, AcquireAsync returns scoped instances, duplicate handling, selector routes by parameter. 7 targeted tests all pass."
"notes": [
"Registry indexes providers, aggregates capabilities, AcquireAsync returns scoped instances, duplicate handling, selector routes by parameter. 7 targeted tests all pass."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/authority-identity-provider-registry.md"
},
{
"name": "authority-module-with-oidc-oauth2-dpop-mtls",
"slug": "authority-module-with-oidc-oauth2-dpop-mtls",
"status": "passed",
"tier": "tier2d",
"authority-module-with-oidc-oauth2-dpop-mtls": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/authority-module-with-oidc-oauth2-dpop-mtls/run-001/tier2-integration-check.json",
"notes": "Full OIDC/OAuth2 flows with DPoP, mTLS, client credentials, password grant, refresh tokens, revocation, discovery, tamper inspection. 50+ targeted tests."
"notes": [
"Full OIDC/OAuth2 flows with DPoP, mTLS, client credentials, password grant, refresh tokens, revocation, discovery, tamper inspection. 50+ targeted tests."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/authority-module-with-oidc-oauth2-dpop-mtls.md"
},
{
"name": "authority-plugin-system",
"slug": "authority-plugin-system",
"status": "passed",
"tier": "tier2d",
"authority-plugin-system": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/authority-plugin-system/run-001/tier2-integration-check.json",
"notes": "Plugin loader, 5 concrete plugins (Standard=39, LDAP=75, OIDC=44, SAML=38 tests), assembly discovery, registration lifecycle. 196+ tests."
"notes": [
"Plugin loader, 5 concrete plugins (Standard=39, LDAP=75, OIDC=44, SAML=38 tests), assembly discovery, registration lifecycle. 196+ tests."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/authority-plugin-system.md"
},
{
"name": "authority-sealed-mode-evidence-validator",
"slug": "authority-sealed-mode-evidence-validator",
"status": "passed",
"tier": "tier2d",
"authority-sealed-mode-evidence-validator": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/authority-sealed-mode-evidence-validator/run-001/tier2-integration-check.json",
"notes": "Evidence freshness validation, missing file handling, stale evidence detection, airgap audit endpoints, offline kit audit. Meaningful assertions with specific failure codes."
"notes": [
"Evidence freshness validation, missing file handling, stale evidence detection, airgap audit endpoints, offline kit audit. Meaningful assertions with specific failure codes."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/authority-sealed-mode-evidence-validator.md"
},
{
"name": "cli-dpop-bound-authentication",
"slug": "cli-dpop-bound-authentication",
"status": "passed",
"tier": "tier2d",
"cli-dpop-bound-authentication": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/cli-dpop-bound-authentication/run-001/tier2-integration-check.json",
"notes": "28 Auth.Client tests cover DPoP proof generation, token binding, file/inmemory/messaging caches, bearer token handler, auth modes. Server-side DPoP validation in Authority.Tests."
"notes": [
"28 Auth.Client tests cover DPoP proof generation, token binding, file/inmemory/messaging caches, bearer token handler, auth modes. Server-side DPoP validation in Authority.Tests."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/cli-dpop-bound-authentication.md"
},
{
"name": "ldap-plugin-with-claims-enrichment-and-client-provisioning",
"slug": "ldap-plugin-with-claims-enrichment-and-client-provisioning",
"status": "passed",
"tier": "tier2d",
"ldap-plugin-with-claims-enrichment-and-client-provisioning": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/ldap-plugin-with-claims-enrichment-and-client-provisioning/run-001/tier2-integration-check.json",
"notes": "75 dedicated LDAP plugin tests: claims enrichment, client provisioning, capability probing, DN parsing, credential store, TLS, resilience, security, metrics."
"notes": [
"75 dedicated LDAP plugin tests: claims enrichment, client provisioning, capability probing, DN parsing, credential store, TLS, resilience, security, metrics."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/ldap-plugin-with-claims-enrichment-and-client-provisioning.md"
},
{
"name": "local-rbac-policy-fallback-with-break-glass-access",
"slug": "local-rbac-policy-fallback-with-break-glass-access",
"status": "passed",
"tier": "tier2d",
"local-rbac-policy-fallback-with-break-glass-access": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/local-rbac-policy-fallback-with-break-glass-access/run-001/tier2-integration-check.json",
"notes": "File-based policy store, role inheritance, subject lifecycle, break-glass configuration, fallback mode transitions, Postgres-backed primary store."
"notes": [
"File-based policy store, role inheritance, subject lifecycle, break-glass configuration, fallback mode transitions, Postgres-backed primary store."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/local-rbac-policy-fallback-with-break-glass-access.md"
},
{
"name": "multi-tenant-scope-based-authorization",
"slug": "multi-tenant-scope-based-authorization",
"status": "passed",
"tier": "tier2d",
"multi-tenant-scope-based-authorization": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/multi-tenant-scope-based-authorization/run-001/tier2-integration-check.json",
"notes": "130+ tests: scope definitions, authorization policies, tenant header filter, tenant catalog, tenant repository. 103 abstractions + 27 server integration tests."
"notes": [
"130+ tests: scope definitions, authorization policies, tenant header filter, tenant catalog, tenant repository. 103 abstractions + 27 server integration tests."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/multi-tenant-scope-based-authorization.md"
},
{
"name": "pack-rbac-roles-and-cli-profiles",
"slug": "pack-rbac-roles-and-cli-profiles",
"status": "passed",
"tier": "tier2d",
"pack-rbac-roles-and-cli-profiles": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/pack-rbac-roles-and-cli-profiles/run-001/tier2-integration-check.json",
"notes": "Pack scope definitions, AddPacksResourcePolicies, RequireScope/RequireAnyScope extensions, CLI profile configuration, per-profile token caching."
"notes": [
"Pack scope definitions, AddPacksResourcePolicies, RequireScope/RequireAnyScope extensions, CLI profile configuration, per-profile token caching."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/pack-rbac-roles-and-cli-profiles.md"
},
{
"name": "plugin-sdk-plugin-architecture",
"slug": "plugin-sdk-plugin-architecture",
"status": "passed",
"tier": "tier2d",
"plugin-sdk-plugin-architecture": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/plugin-sdk-plugin-architecture/run-001/tier2-integration-check.json",
"notes": "32 SDK abstractions tests + plugin loader tests. Plugin contracts, registration context, credential audit, secret hasher, client metadata keys. 5 concrete registrars."
"notes": [
"32 SDK abstractions tests + plugin loader tests. Plugin contracts, registration context, credential audit, secret hasher, client metadata keys. 5 concrete registrars."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/plugin-sdk-plugin-architecture.md"
},
{
"name": "postgres-backend-store-prototype-for-authority-tokens",
"slug": "postgres-backend-store-prototype-for-authority-tokens",
"status": "passed",
"tier": "tier2d",
"postgres-backend-store-prototype-for-authority-tokens": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/postgres-backend-store-prototype-for-authority-tokens/run-001/tier2-integration-check.json",
"notes": "75 persistence tests + adapter tests. Token CRUD, refresh token rotation, InMemory parity, session persistence, EF Core migrations, ID generation, clock integration."
"notes": [
"75 persistence tests + adapter tests. Token CRUD, refresh token rotation, InMemory parity, session persistence, EF Core migrations, ID generation, clock integration."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/postgres-backend-store-prototype-for-authority-tokens.md"
},
{
"name": "rfc-3161-tsa-client-for-ci-cd-timestamping",
"slug": "rfc-3161-tsa-client-for-ci-cd-timestamping",
"status": "passed",
"tier": "tier2d",
"rfc-3161-tsa-client-for-ci-cd-timestamping": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/rfc-3161-tsa-client-for-ci-cd-timestamping/run-001/tier2-integration-check.json",
"notes": "32 tests: ASN.1 encoding/decoding, token verification, provider registry with priority/health, response caching, abstraction contracts. CI/CD hooks documented as planned enhancements."
"notes": [
"32 tests: ASN.1 encoding/decoding, token verification, provider registry with priority/health, response caching, abstraction contracts. CI/CD hooks documented as planned enhancements."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/rfc-3161-tsa-client-for-ci-cd-timestamping.md"
},
{
"name": "trust-root-and-certificate-chain-verification",
"slug": "trust-root-and-certificate-chain-verification",
"status": "passed",
"tier": "tier2d",
"trust-root-and-certificate-chain-verification": {
"status": "done",
"tier": 2,
"evidence": "docs/qa/feature-checks/runs/authority/trust-root-and-certificate-chain-verification/run-001/tier2-integration-check.json",
"notes": "Token verifier with imprint/nonce mismatch detection, key rotation with JWKS continuity, RSA sign/verify roundtrip, KMS and file key sources, DSSE signing."
"notes": [
"Token verifier with imprint/nonce mismatch detection, key rotation with JWKS continuity, RSA sign/verify roundtrip, KMS and file key sources, DSSE signing."
],
"retryCount": 0,
"sourceVerified": true,
"buildVerified": true,
"e2eVerified": true,
"skipReason": null,
"lastRunId": "run-001",
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
"featureFile": "docs/features/checked/authority/trust-root-and-certificate-chain-verification.md"
}
]
},
"lastUpdatedUtc": "2026-02-13T00:00:00Z"
}