stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
02e384a7d64ebbc66fcde3c206f5b9e7f87e4b17
git.stella-ops.org/docs/modules/registry/README.md
master 7b5bdcf4d3 feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules 
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes.
- Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes.
- Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables.
- Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
2025-10-30 00:09:39 +02:00

35 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# StellaOps Registry Token Service
The registry module issues scoped pull tokens for mirrored container registries while enforcing plan and licence constraints.
## Responsibilities
- Validate Authority-issued OpToks and tenant scopes before issuance.
- Mint time-bound registry tokens and record issuance ledgers.
- Expose revocation and audit endpoints for security teams.
- Integrate with Offline Kit for deterministic token manifests.
## Key components
- `StellaOps.Registry.TokenService` minimal API host.
- Mongo-backed issuance ledger.
- Tests under `src/Registry/__Tests`.
## Integrations & dependencies
- Authority for identity & scope verification.
- Export Center/Offline Kit for distribution.
- DevOps runbooks for deployment and rotation.
## Operational notes
- Operational guide at ./operations/token-service.md.
- Telemetry dashboards pending (see ../../TASKS.md).
## Related resources
- ./operations/token-service.md
## Backlog references
- DEVOPS-REGISTRY items in ../../TASKS.md (future work).
- Registry automation stories tracked in src/Registry/TASKS.md if present.
## Epic alignment
- **Epic 10 Export Center:** provide signed, auditable registry token bundles for mirror distribution.
- **Epic 14 Identity & Tenancy:** enforce tenant-aware scopes, PoE alignment, and revocation policies.
Reference in New Issue View Git Blame Copy Permalink