master
4d8a48a05f
Sprint 7+8: Journey UX fixes + identity envelope shared middleware
Sprint 7 — Deep journey fixes:
S7-T01: Trust & Signing empty state with "Go to Signing Keys" CTA
S7-T02: Notifications 3-step setup guide (channel→rule→test)
S7-T03: Topology validate step skip — "Skip Validation" when API fails,
with validateSkipped signal matching agentSkipped pattern
S7-T04: VEX export note on Risk Report tab linking to VEX Ledger
Sprint 8 — Identity envelope shared middleware (ARCHITECTURE):
S8-T01: New UseIdentityEnvelopeAuthentication() extension in
StellaOps.Router.AspNet. Reads X-StellaOps-Identity-Envelope headers,
verifies HMAC-SHA256 via GatewayIdentityEnvelopeCodec, creates
ClaimsPrincipal with sub/tenant/scopes/roles. 5min clock skew.
S8-T02: Concelier refactored — removed 78 lines of inline impl,
now uses shared one-liner
S8-T03: Scanner — UseIdentityEnvelopeAuthentication() added
S8-T04: JobEngine — UseIdentityEnvelopeAuthentication() added
S8-T05: Timeline — UseIdentityEnvelopeAuthentication() added
S8-T06: Integrations — UseIdentityEnvelopeAuthentication() added
S8-T07: docs/modules/router/IDENTITY_ENVELOPE_MIDDLEWARE.md
All services now authenticate ReverseProxy requests via gateway envelope.
Scanner scan submit should now work with authenticated identity.
Angular: 0 errors. .NET (6 services): 0 errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 18:27:46 +02:00
..
2026-02-01 21:37:40 +02:00
2026-02-18 15:01:04 +02:00
2026-03-16 02:05:38 +02:00
2026-03-16 08:12:39 +02:00
2026-01-25 19:11:36 +02:00
2026-02-01 21:37:40 +02:00
2025-12-13 00:20:26 +02:00
2026-03-16 18:27:46 +02:00
2026-03-05 03:54:22 +02:00
2026-03-05 03:54:22 +02:00
2026-03-05 03:54:22 +02:00
2026-03-05 03:54:22 +02:00
2026-03-05 03:54:22 +02:00
2026-02-03 23:40:04 +02:00
2026-03-05 03:54:22 +02:00