# Local RBAC Policy Fallback with Break-Glass Access

## Module
Authority

## Status
IMPLEMENTED

## Description
File-based RBAC policy store providing authorization fallback when the database is unavailable, with break-glass session management enabling emergency admin access with auditable time-limited sessions.

## Implementation Details
- **File-Based Policy Store**: `src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/FileBasedPolicyStore.cs` -- implements `ILocalPolicyStore`; reads RBAC policies from JSON files on disk; used as fallback when the Postgres policy store is unavailable.
- **Policy Store Interface**: `src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/ILocalPolicyStore.cs` -- interface for local policy lookups (roles, permissions, scope bundles).
- **Policy Store Fallback**: `src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/PolicyStoreFallback.cs` -- orchestrates fallback: attempts database-backed policy store first, falls back to `FileBasedPolicyStore` on failure.
- **Break-Glass Session Manager**: `src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/BreakGlassSessionManager.cs` -- manages time-limited emergency admin sessions; creates auditable break-glass tokens with configurable TTL and scope restrictions.
- **Local Policy Models**: `src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/LocalPolicyModels.cs` -- data models for roles, permissions, and break-glass session records.
- **Policy Store Options**: `src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/LocalPolicyStoreOptions.cs` -- configuration: policy file path, fallback enabled flag, break-glass TTL.
- **Role Repository (Postgres primary)**: `src/Authority/__Libraries/StellaOps.Authority.Persistence/Postgres/Repositories/RoleRepository.cs` (implements `IRoleRepository`) -- primary RBAC store in PostgreSQL.
- **Permission Repository**: `src/Authority/__Libraries/StellaOps.Authority.Persistence/Postgres/Repositories/PermissionRepository.cs` (implements `IPermissionRepository`) -- permission grants in PostgreSQL.
- **Role Entity**: `src/Authority/__Libraries/StellaOps.Authority.Persistence/Postgres/Models/RoleEntity.cs` -- database entity for roles.
- **Tests**: `src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/LocalPolicy/FileBasedPolicyStoreTests.cs`, `FallbackPolicyStoreIntegrationTests.cs`; `src/Authority/__Tests/StellaOps.Authority.Persistence.Tests/RoleBasedAccessTests.cs`, `RoleRepositoryTests.cs`, `PermissionRepositoryTests.cs`

## E2E Test Plan
- [ ] Configure `FileBasedPolicyStore` with a JSON policy file defining three roles (viewer, operator, admin) and verify each role's permissions are correctly loaded
- [ ] Simulate database unavailability and verify `PolicyStoreFallback` switches to the file-based store and authorization continues to work
- [ ] Restore the database and verify the fallback returns to the primary Postgres store
- [ ] Initiate a break-glass session via `BreakGlassSessionManager` and verify a time-limited admin token is issued with audit metadata
- [ ] Verify break-glass TTL: wait for the session to expire and verify the token is rejected
- [ ] Verify break-glass audit: check that the session creation, actions during the session, and session expiry are all recorded in the audit log
- [ ] Modify the local policy JSON file and verify the `FileBasedPolicyStore` reflects the changes without restart