{ "module": "authority", "featureCount": 13, "summary": { "passed": 13, "failed": 0, "blocked": 0, "done": 13 }, "buildNote": "Baseline: 14 test projects, 861 total tests (Authority.Core.Tests=46, Authority.Persistence.Tests=75, Authority.Timestamping.Tests=16, Authority.Timestamping.Abstractions.Tests=16, Authority.ConfigDiff.Tests=5, Authority.Tests=317, Auth.Abstractions.Tests=103, Auth.Client.Tests=28, Auth.ServerIntegration.Tests=27, Authority.Plugin.Ldap.Tests=75, Authority.Plugin.Oidc.Tests=44, Authority.Plugin.Saml.Tests=38, Authority.Plugin.Standard.Tests=39, Authority.Plugins.Abstractions.Tests=32). All 861 tests pass.", "features": { "authority-identity-provider-registry": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/authority-identity-provider-registry/run-001/tier2-integration-check.json", "notes": [ "Registry indexes providers, aggregates capabilities, AcquireAsync returns scoped instances, duplicate handling, selector routes by parameter. 7 targeted tests all pass." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/authority-identity-provider-registry.md" }, "authority-module-with-oidc-oauth2-dpop-mtls": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/authority-module-with-oidc-oauth2-dpop-mtls/run-001/tier2-integration-check.json", "notes": [ "Full OIDC/OAuth2 flows with DPoP, mTLS, client credentials, password grant, refresh tokens, revocation, discovery, tamper inspection. 50+ targeted tests." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/authority-module-with-oidc-oauth2-dpop-mtls.md" }, "authority-plugin-system": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/authority-plugin-system/run-001/tier2-integration-check.json", "notes": [ "Plugin loader, 5 concrete plugins (Standard=39, LDAP=75, OIDC=44, SAML=38 tests), assembly discovery, registration lifecycle. 196+ tests." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/authority-plugin-system.md" }, "authority-sealed-mode-evidence-validator": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/authority-sealed-mode-evidence-validator/run-001/tier2-integration-check.json", "notes": [ "Evidence freshness validation, missing file handling, stale evidence detection, airgap audit endpoints, offline kit audit. Meaningful assertions with specific failure codes." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/authority-sealed-mode-evidence-validator.md" }, "cli-dpop-bound-authentication": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/cli-dpop-bound-authentication/run-001/tier2-integration-check.json", "notes": [ "28 Auth.Client tests cover DPoP proof generation, token binding, file/inmemory/messaging caches, bearer token handler, auth modes. Server-side DPoP validation in Authority.Tests." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/cli-dpop-bound-authentication.md" }, "ldap-plugin-with-claims-enrichment-and-client-provisioning": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/ldap-plugin-with-claims-enrichment-and-client-provisioning/run-001/tier2-integration-check.json", "notes": [ "75 dedicated LDAP plugin tests: claims enrichment, client provisioning, capability probing, DN parsing, credential store, TLS, resilience, security, metrics." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/ldap-plugin-with-claims-enrichment-and-client-provisioning.md" }, "local-rbac-policy-fallback-with-break-glass-access": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/local-rbac-policy-fallback-with-break-glass-access/run-001/tier2-integration-check.json", "notes": [ "File-based policy store, role inheritance, subject lifecycle, break-glass configuration, fallback mode transitions, Postgres-backed primary store." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/local-rbac-policy-fallback-with-break-glass-access.md" }, "multi-tenant-scope-based-authorization": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/multi-tenant-scope-based-authorization/run-001/tier2-integration-check.json", "notes": [ "130+ tests: scope definitions, authorization policies, tenant header filter, tenant catalog, tenant repository. 103 abstractions + 27 server integration tests." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/multi-tenant-scope-based-authorization.md" }, "pack-rbac-roles-and-cli-profiles": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/pack-rbac-roles-and-cli-profiles/run-001/tier2-integration-check.json", "notes": [ "Pack scope definitions, AddPacksResourcePolicies, RequireScope/RequireAnyScope extensions, CLI profile configuration, per-profile token caching." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/pack-rbac-roles-and-cli-profiles.md" }, "plugin-sdk-plugin-architecture": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/plugin-sdk-plugin-architecture/run-001/tier2-integration-check.json", "notes": [ "32 SDK abstractions tests + plugin loader tests. Plugin contracts, registration context, credential audit, secret hasher, client metadata keys. 5 concrete registrars." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/plugin-sdk-plugin-architecture.md" }, "postgres-backend-store-prototype-for-authority-tokens": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/postgres-backend-store-prototype-for-authority-tokens/run-001/tier2-integration-check.json", "notes": [ "75 persistence tests + adapter tests. Token CRUD, refresh token rotation, InMemory parity, session persistence, EF Core migrations, ID generation, clock integration." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/postgres-backend-store-prototype-for-authority-tokens.md" }, "rfc-3161-tsa-client-for-ci-cd-timestamping": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/rfc-3161-tsa-client-for-ci-cd-timestamping/run-001/tier2-integration-check.json", "notes": [ "32 tests: ASN.1 encoding/decoding, token verification, provider registry with priority/health, response caching, abstraction contracts. CI/CD hooks documented as planned enhancements." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/rfc-3161-tsa-client-for-ci-cd-timestamping.md" }, "trust-root-and-certificate-chain-verification": { "status": "done", "tier": 2, "evidence": "docs/qa/feature-checks/runs/authority/trust-root-and-certificate-chain-verification/run-001/tier2-integration-check.json", "notes": [ "Token verifier with imprint/nonce mismatch detection, key rotation with JWKS continuity, RSA sign/verify roundtrip, KMS and file key sources, DSSE signing." ], "retryCount": 0, "sourceVerified": true, "buildVerified": true, "e2eVerified": true, "skipReason": null, "lastRunId": "run-001", "lastUpdatedUtc": "2026-02-13T00:00:00Z", "featureFile": "docs/features/checked/authority/trust-root-and-certificate-chain-verification.md" } }, "lastUpdatedUtc": "2026-02-13T00:00:00Z" }