stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

Add Authority Advisory AI and API Lifecycle Configuration

Browse Source 
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.
This commit is contained in:
master
2025-11-02 13:40:38 +02:00
parent 66cb6c4b8a
commit f98cea3bcf
516 changed files with 68157 additions and 24754 deletions
Download Patch File Download Diff File Expand all files Collapse all files

767
out/analyzers/rust/StellaOps.Auth.Abstractions.xml Normal file
View File

@@ -0,0 +1,767 @@
<?xml version="1.0"?>
<doc>
<assembly>
<name>StellaOps.Auth.Abstractions</name>
</assembly>
<members>
<member name="T:StellaOps.Auth.AuthorityTelemetry">
<summary>
Canonical telemetry metadata for the StellaOps Authority stack.
</summary>
</member>
<member name="F:StellaOps.Auth.AuthorityTelemetry.ServiceName">
<summary>
service.name resource attribute recorded by Authority components.
</summary>
</member>
<member name="F:StellaOps.Auth.AuthorityTelemetry.ServiceNamespace">
<summary>
service.namespace resource attribute aligning Authority with other StellaOps services.
</summary>
</member>
<member name="F:StellaOps.Auth.AuthorityTelemetry.ActivitySourceName">
<summary>
Activity source identifier used by Authority instrumentation.
</summary>
</member>
<member name="F:StellaOps.Auth.AuthorityTelemetry.MeterName">
<summary>
Meter name used by Authority instrumentation.
</summary>
</member>
<member name="M:StellaOps.Auth.AuthorityTelemetry.BuildDefaultResourceAttributes(System.Reflection.Assembly)">
<summary>
Builds the default set of resource attributes (service name/namespace/version).
</summary>
<param name="assembly">Optional assembly used to resolve the service version.</param>
</member>
<member name="M:StellaOps.Auth.AuthorityTelemetry.ResolveServiceVersion(System.Reflection.Assembly)">
<summary>
Resolves the service version string from the provided assembly (defaults to the Authority telemetry assembly).
</summary>
</member>
<member name="T:StellaOps.Auth.Abstractions.NetworkMask">
<summary>
Represents an IP network expressed in CIDR notation.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.#ctor(System.Net.IPAddress,System.Int32)">
<summary>
Initialises a new <see cref="T:StellaOps.Auth.Abstractions.NetworkMask"/>.
</summary>
<param name="network">Canonical network address with host bits zeroed.</param>
<param name="prefixLength">Prefix length (0-32 for IPv4, 0-128 for IPv6).</param>
</member>
<member name="P:StellaOps.Auth.Abstractions.NetworkMask.Network">
<summary>
Canonical network address with host bits zeroed.
</summary>
</member>
<member name="P:StellaOps.Auth.Abstractions.NetworkMask.PrefixLength">
<summary>
Prefix length.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.Parse(System.String)">
<summary>
Attempts to parse the supplied value as CIDR notation or a single IP address.
</summary>
<exception cref="T:System.FormatException">Thrown when the input is not recognised.</exception>
</member>
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.TryParse(System.String,StellaOps.Auth.Abstractions.NetworkMask@)">
<summary>
Attempts to parse the supplied value as CIDR notation or a single IP address.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.Contains(System.Net.IPAddress)">
<summary>
Determines whether the provided address belongs to this network.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.ToString">
<inheritdoc />
</member>
<member name="T:StellaOps.Auth.Abstractions.NetworkMaskMatcher">
<summary>
Evaluates remote addresses against configured network masks.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.#ctor(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Creates a matcher from raw CIDR strings.
</summary>
<param name="values">Sequence of CIDR entries or IP addresses.</param>
<exception cref="T:System.FormatException">Thrown when a value cannot be parsed.</exception>
</member>
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.#ctor(System.Collections.Generic.IEnumerable{StellaOps.Auth.Abstractions.NetworkMask})">
<summary>
Creates a matcher from already parsed masks.
</summary>
<param name="masks">Sequence of network masks.</param>
</member>
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.AllowAll">
<summary>
Gets a matcher that allows every address.
</summary>
</member>
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.DenyAll">
<summary>
Gets a matcher that denies every address (no masks configured).
</summary>
</member>
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.IsEmpty">
<summary>
Indicates whether this matcher has no masks configured and does not allow all.
</summary>
</member>
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.Masks">
<summary>
Returns the configured masks.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.IsAllowed(System.Net.IPAddress)">
<summary>
Checks whether the provided address matches any of the configured masks.
</summary>
<param name="address">Remote address to test.</param>
<returns><c>true</c> when the address is allowed.</returns>
</member>
<member name="T:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults">
<summary>
Default authentication constants used by StellaOps resource servers and clients.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.AuthenticationScheme">
<summary>
Default authentication scheme for StellaOps bearer tokens.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.AuthenticationType">
<summary>
Logical authentication type attached to <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.PolicyPrefix">
<summary>
Policy prefix applied to named authorization policies.
</summary>
</member>
<member name="T:StellaOps.Auth.Abstractions.StellaOpsClaimTypes">
<summary>
Canonical claim type identifiers used across StellaOps services.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Subject">
<summary>
Subject identifier claim (maps to <c>sub</c> in JWTs).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Tenant">
<summary>
StellaOps tenant identifier claim (multi-tenant deployments).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Project">
<summary>
StellaOps project identifier claim (optional project scoping within a tenant).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.ClientId">
<summary>
OAuth2/OIDC client identifier claim (maps to <c>client_id</c>).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.TokenId">
<summary>
Unique token identifier claim (maps to <c>jti</c>).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.AuthenticationMethod">
<summary>
Authentication method reference claim (<c>amr</c>).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Scope">
<summary>
Space separated scope list (<c>scope</c>).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.ScopeItem">
<summary>
Individual scope items (<c>scp</c>).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Audience">
<summary>
OAuth2 resource audiences (<c>aud</c>).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.IdentityProvider">
<summary>
Identity provider hint for downstream services.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.OperatorReason">
<summary>
Operator reason supplied when issuing orchestrator control tokens.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.OperatorTicket">
<summary>
Operator ticket supplied when issuing orchestrator control tokens.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.QuotaReason">
<summary>
Quota change reason supplied when issuing Orchestrator quota tokens.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.QuotaTicket">
<summary>
Quota change ticket/incident reference supplied when issuing Orchestrator quota tokens.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.IncidentReason">
<summary>
Incident activation reason recorded when issuing observability incident tokens.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.SessionId">
<summary>
Session identifier claim (<c>sid</c>).
</summary>
</member>
<member name="T:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder">
<summary>
Fluent helper used to construct <see cref="T:System.Security.Claims.ClaimsPrincipal"/> instances that follow StellaOps conventions.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithSubject(System.String)">
<summary>
Adds or replaces the canonical subject identifier.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithClientId(System.String)">
<summary>
Adds or replaces the canonical client identifier.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithTenant(System.String)">
<summary>
Adds or replaces the tenant identifier claim.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithName(System.String)">
<summary>
Adds or replaces the user display name claim.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithIdentityProvider(System.String)">
<summary>
Adds or replaces the identity provider claim.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithSessionId(System.String)">
<summary>
Adds or replaces the session identifier claim.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithTokenId(System.String)">
<summary>
Adds or replaces the token identifier claim.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAuthenticationMethod(System.String)">
<summary>
Adds or replaces the authentication method reference claim.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithNameClaimType(System.String)">
<summary>
Sets the name claim type appended when building the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithRoleClaimType(System.String)">
<summary>
Sets the role claim type appended when building the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAuthenticationType(System.String)">
<summary>
Sets the authentication type stamped on the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithScopes(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Registers the supplied scopes (normalised to lower-case, deduplicated, sorted).
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAudiences(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Registers the supplied audiences (trimmed, deduplicated, sorted).
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAudience(System.String)">
<summary>
Adds a single audience.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.AddClaim(System.String,System.String,System.String)">
<summary>
Adds an arbitrary claim (no deduplication is performed).
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.AddClaims(System.Collections.Generic.IEnumerable{System.Security.Claims.Claim})">
<summary>
Adds multiple claims (incoming claims are cloned to enforce value trimming).
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithIssuedAt(System.DateTimeOffset)">
<summary>
Adds an <c>iat</c> (issued at) claim using Unix time seconds.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithNotBefore(System.DateTimeOffset)">
<summary>
Adds an <c>nbf</c> (not before) claim using Unix time seconds.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithExpires(System.DateTimeOffset)">
<summary>
Adds an <c>exp</c> (expires) claim using Unix time seconds.
</summary>
</member>
<member name="P:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.NormalizedScopes">
<summary>
Returns the normalised scope list (deduplicated + sorted).
</summary>
</member>
<member name="P:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.Audiences">
<summary>
Returns the normalised audience list (deduplicated + sorted).
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.Build">
<summary>
Builds the immutable <see cref="T:System.Security.Claims.ClaimsPrincipal"/> instance based on the registered data.
</summary>
</member>
<member name="T:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory">
<summary>
Factory helpers for returning RFC 7807 problem responses using StellaOps conventions.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.AuthenticationRequired(System.String,System.String)">
<summary>
Produces a 401 problem response indicating authentication is required.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.InvalidToken(System.String,System.String)">
<summary>
Produces a 401 problem response for invalid, expired, or revoked tokens.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.Forbidden(System.String,System.String)">
<summary>
Produces a 403 problem response when access is denied.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.InsufficientScope(System.Collections.Generic.IReadOnlyCollection{System.String},System.Collections.Generic.IReadOnlyCollection{System.String},System.String)">
<summary>
Produces a 403 problem response for insufficient scopes.
</summary>
</member>
<member name="T:StellaOps.Auth.Abstractions.StellaOpsScopes">
<summary>
Canonical scope names supported by StellaOps services.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ConcelierJobsTrigger">
<summary>
Scope required to trigger Concelier jobs.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ConcelierMerge">
<summary>
Scope required to manage Concelier merge operations.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityUsersManage">
<summary>
Scope granting administrative access to Authority user management.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityClientsManage">
<summary>
Scope granting administrative access to Authority client registrations.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityAuditRead">
<summary>
Scope granting read-only access to Authority audit logs.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.Bypass">
<summary>
Synthetic scope representing trusted network bypass.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.UiRead">
<summary>
Scope granting read-only access to console UX features.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ExceptionsApprove">
<summary>
Scope granting permission to approve exceptions.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryRead">
<summary>
Scope granting read-only access to raw advisory ingestion data.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryIngest">
<summary>
Scope granting write access for raw advisory ingestion.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryAiView">
<summary>
Scope granting read-only access to Advisory AI artefacts (summaries, remediation exports).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryAiOperate">
<summary>
Scope permitting Advisory AI inference requests and workflow execution.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryAiAdmin">
<summary>
Scope granting administrative control over Advisory AI configuration and profiles.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.VexRead">
<summary>
Scope granting read-only access to raw VEX ingestion data.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.VexIngest">
<summary>
Scope granting write access for raw VEX ingestion.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AocVerify">
<summary>
Scope granting permission to execute aggregation-only contract verification.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.SignalsRead">
<summary>
Scope granting read-only access to reachability signals.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.SignalsWrite">
<summary>
Scope granting permission to write reachability signals.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.SignalsAdmin">
<summary>
Scope granting administrative access to reachability signal ingestion.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AirgapSeal">
<summary>
Scope granting permission to seal or unseal an installation in air-gapped mode.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AirgapImport">
<summary>
Scope granting permission to import offline bundles while in air-gapped mode.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AirgapStatusRead">
<summary>
Scope granting read-only access to air-gap status and sealing state endpoints.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyWrite">
<summary>
Scope granting permission to create or edit policy drafts.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyAuthor">
<summary>
Scope granting permission to author Policy Studio workspaces.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyEdit">
<summary>
Scope granting permission to edit policy configurations.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyRead">
<summary>
Scope granting read-only access to policy metadata.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyReview">
<summary>
Scope granting permission to review Policy Studio drafts.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicySubmit">
<summary>
Scope granting permission to submit drafts for review.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyApprove">
<summary>
Scope granting permission to approve or reject policies.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyOperate">
<summary>
Scope granting permission to operate Policy Studio promotions and runs.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyAudit">
<summary>
Scope granting permission to audit Policy Studio activity.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyRun">
<summary>
Scope granting permission to trigger policy runs and activation workflows.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyActivate">
<summary>
Scope granting permission to activate policies.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.FindingsRead">
<summary>
Scope granting read-only access to effective findings materialised by Policy Engine.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicySimulate">
<summary>
Scope granting permission to run Policy Studio simulations.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.EffectiveWrite">
<summary>
Scope granted to Policy Engine service identity for writing effective findings.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.GraphRead">
<summary>
Scope granting read-only access to graph queries and overlays.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.VulnRead">
<summary>
Scope granting read-only access to Vuln Explorer resources and permalinks.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ObservabilityRead">
<summary>
Scope granting read-only access to observability dashboards and overlays.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.TimelineRead">
<summary>
Scope granting read-only access to incident timelines and chronology data.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.TimelineWrite">
<summary>
Scope granting permission to append events to incident timelines.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.EvidenceCreate">
<summary>
Scope granting permission to create evidence packets in the evidence locker.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.EvidenceRead">
<summary>
Scope granting read-only access to stored evidence packets.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.EvidenceHold">
<summary>
Scope granting permission to place or release legal holds on evidence packets.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AttestRead">
<summary>
Scope granting read-only access to attestation records and observer feeds.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ObservabilityIncident">
<summary>
Scope granting permission to activate or resolve observability incident mode controls.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ExportViewer">
<summary>
Scope granting read-only access to export center runs and bundles.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ExportOperator">
<summary>
Scope granting permission to operate export center scheduling and run execution.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ExportAdmin">
<summary>
Scope granting administrative control over export center retention, encryption keys, and scheduling policies.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.NotifyViewer">
<summary>
Scope granting read-only access to notifier channels, rules, and delivery history.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.NotifyOperator">
<summary>
Scope permitting notifier rule management, delivery actions, and channel operations.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.NotifyAdmin">
<summary>
Scope granting administrative control over notifier secrets, escalations, and platform-wide settings.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.IssuerDirectoryRead">
<summary>
Scope granting read-only access to issuer directory catalogues.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.IssuerDirectoryWrite">
<summary>
Scope permitting creation and modification of issuer directory entries.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.IssuerDirectoryAdmin">
<summary>
Scope granting administrative control over issuer directory resources (delete, audit bypass).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.NotifyEscalate">
<summary>
Scope required to issue or honour escalation actions for notifications.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PacksRead">
<summary>
Scope granting read-only access to Task Packs catalogues and manifests.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PacksWrite">
<summary>
Scope permitting publication or updates to Task Packs in the registry.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PacksRun">
<summary>
Scope granting permission to execute Task Packs via CLI or Task Runner.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PacksApprove">
<summary>
Scope granting permission to fulfil Task Pack approval gates.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.GraphWrite">
<summary>
Scope granting permission to enqueue or mutate graph build jobs.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.GraphExport">
<summary>
Scope granting permission to export graph artefacts (GraphML/JSONL/etc.).
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.GraphSimulate">
<summary>
Scope granting permission to trigger what-if simulations on graphs.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.OrchRead">
<summary>
Scope granting read-only access to Orchestrator job state and telemetry.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.OrchOperate">
<summary>
Scope granting permission to execute Orchestrator control actions.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.OrchQuota">
<summary>
Scope granting permission to manage Orchestrator quotas and elevated backfill tooling.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityTenantsRead">
<summary>
Scope granting read-only access to Authority tenant catalog APIs.
</summary>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsScopes.Normalize(System.String)">
<summary>
Normalises a scope string (trim/convert to lower case).
</summary>
<param name="scope">Scope raw value.</param>
<returns>Normalised scope or <c>null</c> when the input is blank.</returns>
</member>
<member name="M:StellaOps.Auth.Abstractions.StellaOpsScopes.IsKnown(System.String)">
<summary>
Checks whether the provided scope is registered as a built-in StellaOps scope.
</summary>
</member>
<member name="P:StellaOps.Auth.Abstractions.StellaOpsScopes.All">
<summary>
Returns the full set of built-in scopes.
</summary>
</member>
<member name="T:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities">
<summary>
Canonical identifiers for StellaOps service principals.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities.PolicyEngine">
<summary>
Service identity used by Policy Engine when materialising effective findings.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities.Cartographer">
<summary>
Service identity used by Cartographer when constructing and maintaining graph projections.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities.VulnExplorer">
<summary>
Service identity used by Vuln Explorer when issuing scoped permalink requests.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities.Signals">
<summary>
Service identity used by Signals components when managing reachability facts.
</summary>
</member>
<member name="T:StellaOps.Auth.Abstractions.StellaOpsTenancyDefaults">
<summary>
Shared tenancy default values used across StellaOps services.
</summary>
</member>
<member name="F:StellaOps.Auth.Abstractions.StellaOpsTenancyDefaults.AnyProject">
<summary>
Sentinel value indicating the token is not scoped to a specific project.
</summary>
</member>
</members>
</doc>