git.stella-ops.org/src/Authority/AGENTS.md

AGENTS - Authority Module

Working Directory

• src/Authority/** (Authority service, libraries, plugins, tests).
• src/Authority/StellaOps.IssuerDirectory/** (IssuerDirectory service, relocated by Sprint 216).
• src/Authority/__Libraries/StellaOps.IssuerDirectory.Client/ (shared client library).
• src/Authority/__Libraries/StellaOps.IssuerDirectory.Persistence/ (persistence layer, separate DbContext/schema).
• src/Authority/__Tests/StellaOps.IssuerDirectory.Persistence.Tests/ (persistence tests).

Required Reading

• docs/README.md
• docs/07_HIGH_LEVEL_ARCHITECTURE.md
• docs/modules/platform/architecture-overview.md
• docs/modules/authority/architecture.md
• docs/modules/authority/README.md

Engineering Rules

• Enforce authn/authz on every surface; default-deny for new endpoints.
• Preserve determinism for token/evidence workflows (stable ordering, UTC timestamps).
• No plaintext secrets in logs or storage.

Testing & Verification

• Authority tests live in src/Authority/__Tests/**.
• IssuerDirectory tests live in src/Authority/__Tests/StellaOps.IssuerDirectory.Persistence.Tests/** and src/Authority/StellaOps.IssuerDirectory/StellaOps.IssuerDirectory.Core.Tests/**.
• Cover authz policies, error handling, issuer resolution, caching, and offline behavior.

Sprint Discipline

• Record decisions and risks for security-sensitive changes in the sprint file.

Service Endpoints

• Development: https://localhost:10020, http://localhost:10021
• Local alias: https://authority.stella-ops.local, http://authority.stella-ops.local
• Env var: STELLAOPS_AUTHORITY_URL