%% Authority plug-in lifecycle sequence diagram (Mermaid)
flowchart LR
    manifest[[Plugin Manifest<br/>etc/authority.plugins/*.yaml]]
    loader[AuthorityPluginConfigurationLoader<br/>binds and validates options]
    scanner[PluginHost Assembly Scan<br/>StellaOps.Authority.Plugin.*]
    registrar[IAuthorityPluginRegistrar<br/>registers services & health checks]
    runtime[Identity Provider Plugin<br/>IIdentityProviderPlugin surface]
    capabilities{Capability Metadata<br/>password/mfa/bootstrap/clientProvisioning}
    storage[(Credential Store<br/>Mongo collections or custom backend)]
    telemetry[[Structured Logs & Metrics<br/>authority.*]]

    manifest --> loader --> scanner --> registrar --> runtime --> storage
    scanner --> capabilities
    capabilities --> runtime
    runtime --> telemetry
    loader -. emits deterministic config hashes .-> telemetry
    storage -. readiness probes .-> runtime