# 2025-11-01 · Authority adds Orch.Admin quota controls

**What changed**

- Introduced new `orch:quota` scope and `Orch.Admin` role for Orchestrator quota and burst adjustments.
- Client credential requests for `orch:quota` now require `quota_reason` (≤256 chars) and accept optional `quota_ticket` (≤128 chars). Authority records both values under `quota.reason` / `quota.ticket` audit properties.
- Tokens embedding `orch:quota` expose the reason/ticket claims so downstream services and audit tooling can trace quota increases or emergency backfills.
- Console, CLI, and configuration samples include the new role plus environment variables (`STELLAOPS_ORCH_QUOTA_REASON`, `STELLAOPS_ORCH_QUOTA_TICKET`) for automation.

**Why**

Quotas and replay backfills materially affect tenant isolation and platform capacity. Capturing explicit operator intent keeps change windows reviewable and aligns with platform audit requirements.

**Actions**

1. Update Authority configuration/offline bundles to seed `Orch.Admin` role for the handful of ops identities that manage quotas.
2. Adjust automation to pass `quota_reason`/`quota_ticket` when exchanging tokens for `orch:quota`.
3. Monitor `authority.client_credentials.grant` records for the new `quota.*` audit properties when reviewing change windows.