Tests fixes, audit progress, UI completions

src/__Libraries/StellaOps.Auth.Security/AGENTS.md

@@ -0,0 +1,23 @@
+# Auth Security AGENTS
+
+## Purpose & Scope
+- Working directory: `src/__Libraries/StellaOps.Auth.Security/`.
+- Roles: backend engineer, QA automation.
+- Focus: DPoP proof validation, nonce issuance/consumption, replay cache strategies, and security primitives.
+
+## Required Reading (treat as read before DOING)
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/platform/architecture-overview.md`
+- `docs/modules/authority/architecture.md`
+- Relevant sprint files.
+
+## Working Agreements
+- Keep validation deterministic (TimeProvider) and avoid nondeterministic RNG in tests.
+- Normalize inputs consistently across nonce stores; avoid mutable shared state.
+- Respect offline/air-gap posture and keep secrets out of logs.
+- Update `docs/implplan/SPRINT_*.md` and local `TASKS.md` when starting or completing work.
+
+## Testing
+- Use xUnit + FluentAssertions + TestKit.
+- Cover DPoP validation (algorithms, htm/htu/nonce, clock skew, replay), nonce stores, and replay cache behavior.

src/__Libraries/StellaOps.Auth.Security/TASKS.md

@@ -0,0 +1,10 @@
+# Auth Security Task Board
+
+This board mirrors active sprint tasks for this module.
+Source of truth: `docs/implplan/SPRINT_20251229_049_BE_csproj_audit_maint_tests.md`.
+
+| Task ID | Status | Notes |
+| --- | --- | --- |
+| AUDIT-0082-M | DONE | Maintainability audit for StellaOps.Auth.Security. |
+| AUDIT-0082-T | DONE | Test coverage audit for StellaOps.Auth.Security. |
+| AUDIT-0082-A | TODO | Pending approval for changes. |