Align AOC tasks for Excititor and Concelier

docs/modules/authority/README.md

@@ -1,40 +1,40 @@
-# StellaOps Authority
-
-Authority is the platform OIDC/OAuth2 control plane that mints short-lived, sender-constrained operational tokens (OpToks) for every StellaOps service and tool.
-
-## Responsibilities
-- Expose device-code, auth-code, and client-credential flows with DPoP or mTLS binding.
-- Manage signing keys, JWKS rotation, and PoE integration for plan enforcement.
-- Emit structured audit events and enforce tenant-aware scope policies.
-- Provide plugin surface for custom identity providers and credential validators.
-
-## Key components
-- `StellaOps.Authority` web host.
-- `StellaOps.Authority.Plugin.*` extensions for secret stores, identity bridges, and OpTok validation.
-- Telemetry and audit pipeline feeding Security/Observability stacks.
-
-## Integrations & dependencies
-- Signer/Attestor for PoE and OpTok introspection.
-- CLI/UI for login flows and token management.
-- Scheduler/Scanner for machine-to-machine scope enforcement.
-
-## Operational notes
-- MongoDB for tenant, client, and token state.
-- Key material in KMS/HSM with rotation runbooks (see ./operations/key-rotation.md).
-- Grafana/Prometheus dashboards for auth latency/issuance.
-
-## Related resources
-- ./operations/backup-restore.md
-- ./operations/key-rotation.md
-- ./operations/monitoring.md
-- ./operations/grafana-dashboard.json
-
-## Backlog references
-- DOCS-SEC-62-001 (scope hardening doc) in ../../TASKS.md.
-- AUTH-POLICY-20-001/002 follow-ups in src/Authority/StellaOps.Authority/TASKS.md.
-
-## Epic alignment
-- **Epic 1 – AOC enforcement:** enforce OpTok scopes and guardrails supporting raw ingestion boundaries.
-- **Epic 2 – Policy Engine & Editor:** supply policy evaluation/principal scopes and short-lived tokens for evaluator workflows.
-- **Epic 4 – Policy Studio:** integrate approval/promotion signatures and policy registry access controls.
-- **Epic 14 – Identity & Tenancy:** deliver tenant isolation, RBAC hierarchies, and governance tooling for authentication.
+# StellaOps Authority
+
+Authority is the platform OIDC/OAuth2 control plane that mints short-lived, sender-constrained operational tokens (OpToks) for every StellaOps service and tool.
+
+## Responsibilities
+- Expose device-code, auth-code, and client-credential flows with DPoP or mTLS binding.
+- Manage signing keys, JWKS rotation, and PoE integration for plan enforcement.
+- Emit structured audit events and enforce tenant-aware scope policies.
+- Provide plugin surface for custom identity providers and credential validators.
+
+## Key components
+- `StellaOps.Authority` web host.
+- `StellaOps.Authority.Plugin.*` extensions for secret stores, identity bridges, and OpTok validation.
+- Telemetry and audit pipeline feeding Security/Observability stacks.
+
+## Integrations & dependencies
+- Signer/Attestor for PoE and OpTok introspection.
+- CLI/UI for login flows and token management.
+- Scheduler/Scanner for machine-to-machine scope enforcement.
+
+## Operational notes
+- MongoDB for tenant, client, and token state.
+- Key material in KMS/HSM with rotation runbooks (see ./operations/key-rotation.md).
+- Grafana/Prometheus dashboards for auth latency/issuance.
+
+## Related resources
+- ./operations/backup-restore.md
+- ./operations/key-rotation.md
+- ./operations/monitoring.md
+- ./operations/grafana-dashboard.json
+
+## Backlog references
+- DOCS-SEC-62-001 (scope hardening doc) in ../../TASKS.md.
+- AUTH-POLICY-20-001/002 follow-ups in src/Authority/StellaOps.Authority/TASKS.md.
+
+## Epic alignment
+- **Epic 1 – AOC enforcement:** enforce OpTok scopes and guardrails supporting raw ingestion boundaries.
+- **Epic 2 – Policy Engine & Editor:** supply policy evaluation/principal scopes and short-lived tokens for evaluator workflows.
+- **Epic 4 – Policy Studio:** integrate approval/promotion signatures and policy registry access controls.
+- **Epic 14 – Identity & Tenancy:** deliver tenant isolation, RBAC hierarchies, and governance tooling for authentication.