# StellaOps Authority — Feedser Integration Team

> **Read first:** `AGENTS.md`, `StellaOps.Authority.TODOS.md`, and this plan. Update both TODO trackers as tasks progress.

## Mission
Adopt the new authority stack inside Feedser: configure authentication, enforce scopes, update configuration, and validate end-to-end flows.

## Task Timeline

| Order | Task IDs | Description | Dependencies | Acceptance |
|-------|----------|-------------|--------------|------------|
| 1 | FSR1 | Extend `etc/feedser.yaml` with Authority configuration block (issuer, client credentials, bypass masks, scopes). | DevEx FND4, LIB2 | Sample config + docs updated. |
| 2 | FSR2 | Update Feedser WebService startup to use `AddStellaOpsResourceServerAuthentication`; annotate endpoints with `[Authorize]` and scope policies. | LIB2 | **DONE (2025-10-10)** – Auth wiring is optional but enabled via config; `/jobs*` endpoints demand `feedser.jobs.trigger` and tests cover bypass mode. |
| 3 | FSR3 | Implement bypass mask handling for on-host cron jobs; log when mask used. | FSR2, LIB3 | Configurable via YAML; integration test ensures mask respected. |
| 4 | FSR4 | Refresh Feedser docs (quickstart, operator guide) to explain auth requirements + config knobs. | FSR1–FSR3 | Coordinate with Docs team for final wording. |
| 5 | FSR5 | Build integration test harness (Authority + Feedser docker-compose) verifying token issuance and job triggering. | CORE1–CORE5, LIB4 | CI job produces pass/fail artefact. |

## Implementation Notes
- Add feature flag to allow temporary anonymous mode for staged rollout (document sunset date).  
- Ensure CLI + API docs reference required scopes and sample client creation.  
- Logs should capture client ID, user ID, and scopes when jobs triggered for audit (without leaking secrets).  
- Avoid coupling tests to specific plugin implementations—use Standard plugin via configuration.  
- Share any new scopes/policies with Auth Libraries and Docs teams.

## Deliverables
- Updated Feedser configuration + startup code.  
- Documentation updates in `docs/10_FEEDSER_CLI_QUICKSTART.md` and `docs/11_AUTHORITY.md` (in partnership with Docs team).  
- Integration tests executed in CI (Authority + Feedser).  
- Rollout checklist for existing deployments (feature flag, config changes).

## Coordination
- Sync with Authority Core on policy naming (`feedser.jobs.trigger`, `feedser.merge`).  
- Coordinate with CLI team for shared sample configs.  
- Work closely with DevOps to integrate integration tests into pipeline.  
- Notify Security Guild once bypass masks implemented for review.