stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
175b750e29e1208b974be76f69d63a4d25297326
git.stella-ops.org/docs/modules/authority/README.md
StellaOps Bot 175b750e29 Implement InMemory Transport Layer for StellaOps Router 
- Added InMemoryTransportOptions class for configuration settings including timeouts and latency.
- Developed InMemoryTransportServer class to handle connections, frame processing, and event management.
- Created ServiceCollectionExtensions for easy registration of InMemory transport services.
- Established project structure and dependencies for InMemory transport library.
- Implemented comprehensive unit tests for endpoint discovery, connection management, request/response flow, and streaming capabilities.
- Ensured proper handling of cancellation, heartbeat, and hello frames within the transport layer.
2025-12-05 01:00:10 +02:00

2.7 KiB
Raw Blame History

StellaOps Authority

Authority is the platform OIDC/OAuth2 control plane that mints short-lived, sender-constrained operational tokens (OpToks) for every StellaOps service and tool.

Latest updates (2025-12-04)

  • Added gap remediation package for AU1AU10 and RR1RR10 (31-Nov-2025 FINDINGS) under docs/modules/authority/gaps/; includes deliverable map + evidence layout.
  • Sprint tracker docs/implplan/SPRINT_0314_0001_0001_docs_modules_authority.md and module TASKS.md mirror status.
  • Monitoring/observability references consolidated; Grafana JSON remains offline import (operations/grafana-dashboard.json).
  • Prior content retained: OpTok/DPoP/mTLS responsibilities, backup/restore, key rotation.

Responsibilities

  • Expose device-code, auth-code, and client-credential flows with DPoP or mTLS binding.
  • Manage signing keys, JWKS rotation, and PoE integration for plan enforcement.
  • Emit structured audit events and enforce tenant-aware scope policies.
  • Provide plugin surface for custom identity providers and credential validators.

Key components

  • StellaOps.Authority web host.
  • StellaOps.Authority.Plugin.* extensions for secret stores, identity bridges, and OpTok validation.
  • Telemetry and audit pipeline feeding Security/Observability stacks.

Integrations & dependencies

  • Signer/Attestor for PoE and OpTok introspection.
  • CLI/UI for login flows and token management.
  • Scheduler/Scanner for machine-to-machine scope enforcement.

Operational notes

  • MongoDB for tenant, client, and token state.
  • Key material in KMS/HSM with rotation runbooks (operations/key-rotation.md).
  • Monitoring runbook (operations/monitoring.md) and offline-import Grafana JSON (operations/grafana-dashboard.json).

Related resources

  • ./operations/backup-restore.md
  • ./operations/key-rotation.md
  • ./operations/monitoring.md
  • ./operations/grafana-dashboard.json
  • ./gaps/2025-12-04-auth-gaps-au1-au10.md
  • ./gaps/2025-12-04-rekor-receipt-gaps-rr1-rr10.md
  • Sprint/status mirrors: docs/implplan/SPRINT_0314_0001_0001_docs_modules_authority.md, docs/modules/authority/TASKS.md

Backlog references

  • DOCS-SEC-62-001 (scope hardening doc) in ../../TASKS.md.
  • AUTH-POLICY-20-001/002 follow-ups in src/Authority/StellaOps.Authority/TASKS.md.

Epic alignment

  • Epic 1 AOC enforcement: enforce OpTok scopes and guardrails supporting raw ingestion boundaries.
  • Epic 2 Policy Engine & Editor: supply policy evaluation/principal scopes and short-lived tokens for evaluator workflows.
  • Epic 4 Policy Studio: integrate approval/promotion signatures and policy registry access controls.
  • Epic 14 Identity & Tenancy: deliver tenant isolation, RBAC hierarchies, and governance tooling for authentication.