stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
4e3e575db596a66f01b712f9504d762f2ef07ea2
git.stella-ops.org/docs/updates/2025-10-27-orch-operator-scope.md
master 4e3e575db5 feat: Implement console session management with tenant and profile handling 
- Add ConsoleSessionStore for managing console session state including tenants, profile, and token information.
- Create OperatorContextService to manage operator context for orchestrator actions.
- Implement OperatorMetadataInterceptor to enrich HTTP requests with operator context metadata.
- Develop ConsoleProfileComponent to display user profile and session details, including tenant information and access tokens.
- Add corresponding HTML and SCSS for ConsoleProfileComponent to enhance UI presentation.
- Write unit tests for ConsoleProfileComponent to ensure correct rendering and functionality.
2025-10-28 09:59:09 +02:00

1.1 KiB
Raw Blame History

2025-10-27 — Orchestrator operator scope & audit metadata

Summary

  • Introduced the orch:operate scope and Orch.Operator role in Authority to unlock Orchestrator control actions while keeping read-only access under Orch.Viewer.
  • Authority now enforces operator_reason and operator_ticket parameters on /token requests that include orch:operate; missing values yield invalid_request and no token is issued.
  • Client credentials audit events capture both fields (request.reason, request.ticket), giving SecOps traceability for every control action.

Next steps

Team Follow-up Target
Console Guild Wire UI control panels to request operator_reason/operator_ticket when exchanging tokens for orchestrator actions. Sprint 23 stand-up
CLI Guild Add flags to stella orch subcommands to pass reason/ticket metadata before enabling mutations. Sprint 23 stand-up
Orchestrator Service Enforce presence of X-Stella-Reason/X-Stella-Ticket (or equivalent metadata) on mutate endpoints and align audit logging. ORCH-SVC-33-001 implementation