stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Add Authority Advisory AI and API Lifecycle Configuration

Browse Source 
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.
This commit is contained in:
master
2025-11-02 13:40:38 +02:00
parent 66cb6c4b8a
commit f98cea3bcf
516 changed files with 68157 additions and 24754 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docs/modules/notify/architecture.md
View File

@@ -313,17 +313,28 @@ Internal tooling can hit `/internal/notify/<entity>/normalize` to upgrade legacy
* `GET /deliveries/{id}` → detail (redacted body + metadata)
* `POST /deliveries/{id}/retry` → force retry (admin, future sprint)
* **Admin**
* `GET /stats` (per tenant counts, last hour/day)
* `GET /healthz|readyz` (liveness)
* `POST /locks/acquire` | `POST /locks/release` worker coordination primitives (short TTL).
* `POST /digests` | `GET /digests/{actionKey}` | `DELETE /digests/{actionKey}` manage open digest windows.
* `POST /audit` | `GET /audit?since=&limit=` append/query structured audit trail entries.
**Ingestion**: workers do **not** expose public ingestion; they **subscribe** to the internal bus. (Optional `/events/test` for integration testing, adminonly.)
---
* **Admin**
* `GET /stats` (per tenant counts, last hour/day)
* `GET /healthz|readyz` (liveness)
* `POST /locks/acquire` | `POST /locks/release` worker coordination primitives (short TTL).
* `POST /digests` | `GET /digests/{actionKey}` | `DELETE /digests/{actionKey}` manage open digest windows.
* `POST /audit` | `GET /audit?since=&limit=` append/query structured audit trail entries.
### 8.1 Ack tokens & escalation workflows
To support one-click acknowledgements from chat/email, the Notify WebService mints **DSSE ack tokens** via Authority:
* `POST /notify/ack-tokens/issue` → returns a DSSE envelope (payload type `application/vnd.stellaops.notify-ack-token+json`) describing the tenant, notification/delivery ids, channel, webhook URL, nonce, permitted actions, and TTL. Requires `notify.operator`; requesting escalation requires the caller to hold `notify.escalate` (and `notify.admin` when configured). Issuance enforces the Authority-side webhook allowlist (`notifications.webhooks.allowedHosts`) before minting tokens.
* `POST /notify/ack-tokens/verify` → verifies the DSSE signature, enforces expiry/tenant/action constraints, and emits audit events (`notify.ack.verified`, `notify.ack.escalated`). Scope: `notify.operator` (+`notify.escalate` for escalation).
* `POST /notify/ack-tokens/rotate` → rotates the signing key used for ack tokens, requires `notify.admin`, and emits `notify.ack.key_rotated`/`notify.ack.key_rotation_failed` audit events. Operators must supply the new key material (file/KMS/etc. depending on `notifications.ackTokens.keySource`); Authority updates JWKS entries with `use: "notify-ack"` and retires the previous key.
* `POST /internal/notifications/ack-tokens/rotate` → legacy bootstrap path (API-key protected) retained for air-gapped initial provisioning; it forwards to the same rotation pipeline as the public endpoint.
Authority signs ack tokens using keys configured under `notifications.ackTokens`. Public JWKS responses expose these keys with `use: "notify-ack"` and `status: active|retired`, enabling offline verification by the worker/UI/CLI.
**Ingestion**: workers do **not** expose public ingestion; they **subscribe** to the internal bus. (Optional `/events/test` for integration testing, admin-only.)
---
## 9) Delivery pipeline (worker)