3.4 KiB
3.4 KiB
StellaOps Authority — Plugin Workstream
Read first:
AGENTS.md,StellaOps.Authority.TODOS.md, and this document. Sync status across all trackers.
Scope
Deliver the plugin abstraction layer and the default Mongo-backed identity plugin (StellaOps.Authority.Plugin.Standard), plus lay groundwork for future LDAP integration.
Task Plan
| Order | Task IDs | Description | Dependencies | Acceptance |
|---|---|---|---|---|
| 1 | PLG1 | Implement plugin abstractions: IIdentityProviderPlugin, IUserCredentialStore, IClaimsEnricher, IClientProvisioningStore, result models, constants. |
DevEx FND1 | DONE – Abstractions published with XML docs and unit tests covering success/failure factories. |
| 2 | PLG2 | Integrate abstractions with plugin host (DI registration via IAuthorityPluginRegistrar). Emit diagnostics for load failures. |
PLG1 | DONE – Authority host loads registrars, logs registration summary, and unit tests cover success/missing cases. |
| 3 | PLG3 | Build Mongo-backed Plugin.Standard implementing password auth, lockout, claim enrichment, admin seeding. |
CORE3 | DONE – Standard plugin binds options, enforces password policy/lockout, seeds bootstrap user, and ships integration/unit tests. |
| 4 | PLG4 | Define capability metadata (supportsPassword, supportsMfa, supportsClientProvisioning). Update plugin registration to publish metadata. | PLG3 | DONE (2025-10-10) – Capability descriptors validated; Standard plugin enforces password flag and registry exposes aggregated metadata to the host. |
| 5 | PLG5 (support) | Collaborate with DevEx on plugin config schema (etc/authority.plugins/*.yaml). Implement config parser + validation. |
DevEx PLG5 | Provide typed options class + tests. |
| 6 | PLG6 | Author plugin developer guide (structure, packaging, capability flags, logging expectations). | PLG1–PLG5 | READY FOR DOCS REVIEW (2025-10-10) – Guide finalised, includes capability metadata usage, ops alignment, and packaging checklist; handoff blocked only on Docs copy-edit + diagram export. |
| 7 | PLG7 (backlog design) | Produce technical RFC for future Plugin.Ldap (data flows, dependencies, TODO list). |
PLG1–PLG4 | RFC DRAFTED (2025-10-10) – docs/rfcs/authority-plugin-ldap.md outlines architecture, configuration schema, implementation plan; awaiting guild review & sign-off. |
Implementation Notes
- Mongo plugin must support offline bootstrap: optional JSON file with initial users/clients hashed offline.
- Provide extensibility points for password hashing algorithm (allow Security team to swap Argon2).
- Ensure plugin logging leverages Authority logger, no console writes.
- Document expected configuration keys for plugin settings (
passwordPolicy,seedUsers, etc.). - Validate plugin configuration early at startup; fail fast with actionable errors.
Deliverables
StellaOps.Authority.Plugins.Abstractionsproject.StellaOps.Authority.Plugin.Standardproject with tests + seed data sample.- Plugin dev documentation + sample configuration files.
- Diagnostic logging verifying plugin load, capabilities, configuration.
- Future plugin RFC for LDAP integration.
Coordination
- Coordinate with Authority Core for capability usage in handlers.
- Work with Security Guild on password hash settings/lockout thresholds.
- Notify DevEx when configuration schema changes.
- Review Docs PR for plugin developer guide.