stela ops usage fixes roles propagation and timoeut, one account to support multi tenants, migrations consolidation, search to support documentation, doctor and open api vector db search

2026-02-22 19:27:54 +02:00
parent a29f438f53
commit bd8fee6ed8
373 changed files with 832097 additions and 3369 deletions
--- a/src/Authority/__Libraries/StellaOps.Authority.Persistence/Migrations/S001_demo_seed.sql
+++ b/src/Authority/__Libraries/StellaOps.Authority.Persistence/Migrations/S001_demo_seed.sql
@@ -78,9 +78,24 @@ ON CONFLICT (tenant_id, name) DO NOTHING;

 INSERT INTO authority.clients (id, client_id, display_name, description, enabled, redirect_uris, allowed_scopes, allowed_grant_types, require_client_secret, require_pkce)
 VALUES
-    ('demo-client-ui', 'stellaops-console', 'Stella Ops Console', 'Web UI application', true,
-     ARRAY['https://stella-ops.local/callback', 'https://stella-ops.local/silent-renew'],
-     ARRAY['openid', 'profile', 'email', 'stellaops.api'],
+    ('demo-client-ui', 'stella-ops-ui', 'Stella Ops Console', 'Web UI application', true,
+     ARRAY['https://stella-ops.local/auth/callback', 'https://stella-ops.local/auth/silent-refresh'],
+     ARRAY['openid', 'profile', 'email', 'offline_access',
+            'ui.read', 'ui.admin',
+            'authority:tenants.read', 'authority:users.read', 'authority:roles.read',
+            'authority:clients.read', 'authority:tokens.read', 'authority:branding.read',
+            'authority.audit.read',
+            'graph:read', 'sbom:read', 'scanner:read',
+            'policy:read', 'policy:simulate', 'policy:author', 'policy:review', 'policy:approve',
+            'orch:read', 'analytics.read', 'advisory:read', 'vex:read',
+            'exceptions:read', 'exceptions:approve', 'aoc:verify', 'findings:read',
+            'release:read', 'scheduler:read', 'scheduler:operate',
+            'notify.viewer', 'notify.operator', 'notify.admin', 'notify.escalate',
+            'evidence:read',
+            'export.viewer', 'export.operator', 'export.admin',
+            'vuln:view', 'vuln:investigate', 'vuln:operate', 'vuln:audit',
+            'platform.context.read', 'platform.context.write',
+            'doctor:run', 'doctor:admin'],
     ARRAY['authorization_code', 'refresh_token'],
     false, true),
    ('demo-client-cli', 'stellaops-cli', 'Stella Ops CLI', 'Command-line client', true,