stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Repair live watchlist frontdoor routing

Browse Source
This commit is contained in:
master
2026-03-10 00:25:34 +02:00
parent 359fafa9da
commit ac544c0064
11 changed files with 474 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/modules/attestor/architecture.md
View File

@@ -927,11 +927,13 @@ The Attestor provides proactive monitoring for signing identities appearing in t
### Scope Hierarchy
| Scope | Visibility | Who Can Create |
|-------|------------|----------------|
| `tenant` | Owning tenant only | Tenant admins |
| `global` | All tenants | Platform admins |
| `system` | All tenants (read-only) | System bootstrap |
| Scope | Visibility | Who Can Create |
|-------|------------|----------------|
| `tenant` | Owning tenant only | Operators with `trust:write` |
| `global` | All tenants | Platform admins with `trust:admin` |
| `system` | All tenants (read-only) | System bootstrap |
Authorization for the live watchlist surface follows the canonical trust scope family (`trust:read`, `trust:write`, `trust:admin`). The service still accepts legacy `watchlist:*` aliases for backward compatibility, but new clients and UI sessions should rely on the trust scopes.
### Event Flow