stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add Authority Advisory AI and API Lifecycle Configuration

Browse Source 
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.
This commit is contained in:
master
2025-11-02 13:40:38 +02:00
parent 66cb6c4b8a
commit f98cea3bcf
516 changed files with 68157 additions and 24754 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
src/Api/StellaOps.Api.OpenApi/authority/openapi.yaml
View File

@@ -29,15 +29,32 @@ components:
password:
tokenUrl: /token
refreshUrl: /token
scopes:
advisory:ingest: Submit advisory ingestion payloads.
advisory:read: Read advisory ingestion data.
aoc:verify: Execute Aggregation-Only Contract verification workflows.
authority.audit.read: Read Authority audit logs.
authority.clients.manage: Manage Authority client registrations.
authority.users.manage: Manage Authority users.
authority:tenants.read: Read the Authority tenant catalog.
concelier.jobs.trigger: Trigger Concelier aggregation jobs.
scopes:
attestor.write: Submit attestation bundles and Rekor entries.
attestor.verify: Invoke attestation verification APIs.
attestor.read: Fetch attestation entries and proofs.
advisory:ingest: Submit advisory ingestion payloads.
advisory:read: Read advisory ingestion data.
advisory-ai:view: View Advisory AI artefacts and cached outputs.
advisory-ai:operate: Submit Advisory AI inference and remediation requests.
advisory-ai:admin: Administer Advisory AI configuration, profiles, and remote execution.
aoc:verify: Execute Aggregation-Only Contract verification workflows.
airgap:seal: Seal or unseal an air-gapped installation.
airgap:import: Import offline bundles and mirror artifacts while air-gapped.
airgap:status:read: Read air-gap sealing status and staleness indicators.
obs:read: Read observability dashboards, SLO digests, and incident overlays.
timeline:read: Read incident timeline entries and annotations.
timeline:write: Append deterministic incident timeline events and annotations.
evidence:create: Create evidence items, upload artefacts, and link attestations.
evidence:read: Read evidence items, artefacts, and linkage metadata.
evidence:hold: Apply or release legal holds on evidence items.
attest:read: Read attestation records, DSSE bundles, and verification proofs.
obs:incident: Toggle incident mode, extend retention, enable emergency telemetry.
authority.audit.read: Read Authority audit logs.
authority.clients.manage: Manage Authority client registrations.
authority.users.manage: Manage Authority users.
authority:tenants.read: Read the Authority tenant catalog.
concelier.jobs.trigger: Trigger Concelier aggregation jobs.
concelier.merge: Manage Concelier merge operations.
effective:write: Write effective findings (Policy Engine service identity only).
email: Access email claim data.
@@ -72,17 +89,34 @@ components:
vex:ingest: Submit VEX ingestion payloads.
vex:read: Read VEX ingestion data.
vuln:read: Read vulnerability permalinks and overlays.
authorizationCode:
authorizationUrl: /authorize
tokenUrl: /token
refreshUrl: /token
scopes:
advisory:ingest: Submit advisory ingestion payloads.
advisory:read: Read advisory ingestion data.
aoc:verify: Execute Aggregation-Only Contract verification workflows.
authority.audit.read: Read Authority audit logs.
authority.clients.manage: Manage Authority client registrations.
authority.users.manage: Manage Authority users.
authorizationCode:
authorizationUrl: /authorize
tokenUrl: /token
refreshUrl: /token
scopes:
attestor.write: Submit attestation bundles and Rekor entries.
attestor.verify: Invoke attestation verification APIs.
attestor.read: Fetch attestation entries and proofs.
advisory:ingest: Submit advisory ingestion payloads.
advisory:read: Read advisory ingestion data.
advisory-ai:view: View Advisory AI artefacts and cached outputs.
advisory-ai:operate: Submit Advisory AI inference and remediation requests.
advisory-ai:admin: Administer Advisory AI configuration, profiles, and remote execution.
aoc:verify: Execute Aggregation-Only Contract verification workflows.
airgap:seal: Seal or unseal an air-gapped installation.
airgap:import: Import offline bundles and mirror artifacts while air-gapped.
airgap:status:read: Read air-gap sealing status and staleness indicators.
obs:read: Read observability dashboards, SLO digests, and incident overlays.
timeline:read: Read incident timeline entries and annotations.
timeline:write: Append deterministic incident timeline events and annotations.
evidence:create: Create evidence items, upload artefacts, and link attestations.
evidence:read: Read evidence items, artefacts, and linkage metadata.
evidence:hold: Apply or release legal holds on evidence items.
attest:read: Read attestation records, DSSE bundles, and verification proofs.
obs:incident: Toggle incident mode, extend retention, enable emergency telemetry.
authority.audit.read: Read Authority audit logs.
authority.clients.manage: Manage Authority client registrations.
authority.users.manage: Manage Authority users.
authority:tenants.read: Read the Authority tenant catalog.
concelier.jobs.trigger: Trigger Concelier aggregation jobs.
concelier.merge: Manage Concelier merge operations.
@@ -125,11 +159,25 @@ components:
flows:
clientCredentials:
tokenUrl: /token
scopes:
advisory:ingest: Submit advisory ingestion payloads.
advisory:read: Read advisory ingestion data.
aoc:verify: Execute Aggregation-Only Contract verification workflows.
authority.audit.read: Read Authority audit logs.
scopes:
attestor.write: Submit attestation bundles and Rekor entries.
attestor.verify: Invoke attestation verification APIs.
attestor.read: Fetch attestation entries and proofs.
advisory:ingest: Submit advisory ingestion payloads.
advisory:read: Read advisory ingestion data.
advisory-ai:view: View Advisory AI artefacts and cached outputs.
advisory-ai:operate: Submit Advisory AI inference and remediation requests.
advisory-ai:admin: Administer Advisory AI configuration, profiles, and remote execution.
aoc:verify: Execute Aggregation-Only Contract verification workflows.
obs:read: Read observability dashboards, SLO digests, and incident overlays.
timeline:read: Read incident timeline entries and annotations.
timeline:write: Append deterministic incident timeline events and annotations.
evidence:create: Create evidence items, upload artefacts, and link attestations.
evidence:read: Read evidence items, artefacts, and linkage metadata.
evidence:hold: Apply or release legal holds on evidence items.
attest:read: Read attestation records, DSSE bundles, and verification proofs.
obs:incident: Toggle incident mode, extend retention, enable emergency telemetry.
authority.audit.read: Read Authority audit logs.
authority.clients.manage: Manage Authority client registrations.
authority.users.manage: Manage Authority users.
authority:tenants.read: Read the Authority tenant catalog.