# Team 8 — Security Guild (Authority & Shared Crypto)

## Role

Team 8 owns the end-to-end security posture for StellaOps Authority and its consumers. That includes password hashing policy, audit/event hygiene, rate-limit & lockout rules, revocation distribution, and sovereign cryptography abstractions that allow alternative algorithm suites (e.g., GOST) without touching feature code.

## Operational Boundaries

- Primary workspace: `src/StellaOps.Cryptography`, `src/StellaOps.Authority.Plugin.Standard`, `src/StellaOps.Authority.Storage.Mongo`, and Authority host (`src/StellaOps.Authority/StellaOps.Authority`).  
- Coordinate cross-module changes via TASKS.md updates and PR descriptions.  
- Never bypass deterministic behaviour (sorted keys, stable timestamps).  
- Tests live alongside owning projects (`*.Tests`). Extend goldens instead of rewriting.

## Expectations

- Default to Argon2id (Konscious) for password hashing; PBKDF2 only for legacy verification with transparent rehash on success.  
- Emit structured security events with minimal PII and clear correlation IDs.  
- Rate-limit `/token` and bootstrap endpoints once CORE8 hooks are available.  
- Deliver offline revocation bundles signed with detached JWS and provide a verification script.  
- Maintain `docs/security/authority-threat-model.md` and ensure mitigations are tracked.  
- All crypto consumption flows through `StellaOps.Cryptography` abstractions to enable sovereign crypto providers.  
- Every new cryptographic algorithm, dependency, or acceleration path ships as an `ICryptoProvider` plug-in under `StellaOps.Cryptography.*`; feature code must never bind directly to third-party crypto libraries.