# StellaOps Authority — Security Guild Plan

> **Read first:** `AGENTS.md`, `StellaOps.Authority.TODOS.md`, and this plan. Track progress in both TODO files.

## Mission
Define and verify the security posture of StellaOps Authority: password/secret policies, audit logging, throttling, threat modelling, and offline revocation guarantees.

## Task Breakdown

| Order | Task IDs | Description | Dependencies | Acceptance |
|-------|----------|-------------|--------------|------------|
| 1 | SEC1 | Select and configure password hashing (Argon2 preferred) + identity lockout parameters; contribute config defaults. | PLG3, CORE3 | Hash verified via unit test + red team review. |
| 2 | SEC2 | Specify audit log schema/content (principal, client, scopes, IP) and ensure Authority Core implementation meets requirements. | CORE5–CORE7 | Review sample logs; ensure PII handled safely. |
| 3 | SEC3 | Define lockout & rate limit policies (per user/IP) and validate implementation in Authority Core. | CORE8 | Test harness proves lockouts triggered appropriately. |
| 4 | SEC4 | Design offline revocation list format + signing procedure; review implementation with Core/DevOps. | CORE9, OPS3 | Provide verification script for downstream systems. |
| 5 | SEC5 | Conduct threat model / security review (STRIDE) covering plugins, token flows, admin endpoints; produce mitigation backlog if needed. | CORE1–CORE10 | Document stored in `/docs/security`. |
| 6 | Oversight | Perform security review of CLI/Feedser integration changes (token handling, bypass masks). | FSR2, CLI2 | Approve PRs or request hardening changes. |

## Implementation Notes
- Require secrets (client, bootstrap API keys) to meet minimum entropy; document rotation expectations.  
- Ensure bypass mask usage is fully logged + alertable.  
- Recommend default TLS cipher suites for Authority deployments.  
- Validate plugin capability metadata doesn’t expose insecure combinations (e.g., plugin without password support cannot be selected for password grant).  
- Develop checklist for production readiness (penetration test, log review, key rotation rehearsal).

## Deliverables
- Security configuration recommendations (encoded in options + documentation).  
- Approved audit log schema & sample records.  
- Threat model document + mitigation backlog (if gaps discovered).  
- Sign-off memo to enable production rollout.

## Coordination
- Work closely with Authority Core and Plugin teams during implementation; request changes early.  
- Pair with DevOps on key rotation / secret storage solutions.  
- Review Docs to ensure operator guidance includes security-critical steps.  
- Attend weekly Auth Guild sync to surface risks/blockers.