stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

docs consolidation work

Browse Source
This commit is contained in:
StellaOps Bot
2025-12-25 18:48:11 +02:00
parent 2a06f780cf
commit 82a49f6743
102 changed files with 3550 additions and 1679 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/modules/registry/README.md
View File

@@ -25,6 +25,33 @@ It exchanges an Authority-issued access token for a registry-compatible JWT afte
- File: `etc/registry-token.yaml`
- Environment variables: `REGISTRY_TOKEN_*`
## Implementation Status
### Current Objectives
- Maintain deterministic behaviour and offline parity across releases
- Keep documentation, telemetry, and runbooks aligned with latest sprint outcomes
### Epic Milestones
- Epic 10 Export Center: signed registry token bundles for mirror/Offline Kit workflows (planned)
- Epic 14 Identity & Tenancy: tenant-aware scope validation, revocation, audit trails (planned)
### Core Capabilities
- Docker registry token exchange with Authority validation
- Plan/license constraint enforcement via claims inspection
- Short-lived JWT tokens (default 5 minutes) signed by local RSA key
- Revocation support via deny list and stellaops:license claim
### Technical Decisions
- Token lifetime bounded to 5 minutes to minimize exposure window
- Local RSA key signing avoids external dependencies
- Plan catalogue enforcement ensures license compliance
- Integration with Authority for caller identity and scope validation
### Coordination Approach
- Review AGENTS.md before starting new work
- Sync with cross-cutting teams via docs/implplan/SPRINT_*.md
- Track follow-ups in ../../TASKS.md and src/Registry/TASKS.md
## Related docs
- Architecture: `docs/modules/registry/architecture.md`

20
docs/modules/registry/implementation_plan.md
View File

@@ -1,20 +0,0 @@
# Implementation plan — Registry Token Service
## Current objectives
- Maintain deterministic behaviour and offline parity across releases.
- Keep documentation, telemetry, and runbooks aligned with the latest sprint outcomes.
## Workstreams
- Backlog grooming: reconcile open stories in ../../TASKS.md with this module's roadmap.
- Implementation: collaborate with service owners to land feature work defined in SPRINTS/EPIC docs.
- Validation: extend tests/fixtures to preserve determinism and provenance requirements.
## Epic milestones
- **Epic 10 Export Center:** deliver signed registry token bundles supporting mirror/Offline Kit workflows.
- **Epic 14 Identity & Tenancy:** integrate tenant-aware scope validation, revocation, and audit trails.
- Track follow-ups in ../../TASKS.md and src/Registry/TASKS.md.
## Coordination
- Review ./AGENTS.md before picking up new work.
- Sync with cross-cutting teams noted in `/docs/implplan/SPRINT_*.md`.
- Update this plan whenever scope, dependencies, or guardrails change.