stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
7600caea632e9e44571bc1661003948a5e1d22fb
git.stella-ops.org/docs/updates/2025-10-27-policy-scope-migration.md
root 68da90a11a
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Restructure solution layout by module
2025-10-28 15:10:40 +02:00

1.1 KiB
Raw Blame History

2025-10-27 — Policy scope migration guidance

Summary

  • Updated Authority defaults (etc/authority.yaml) to register a policy-cli client using the fine-grained scope set introduced by AUTH-POLICY-23-001 (policy:read, policy:author, policy:review, policy:simulate, findings:read).
  • Added release/CI documentation call-outs instructing operators to reissue tokens that previously relied on policy:write/policy:submit/policy:run scopes.
  • Introduced a repo verification script so future config changes fail CI when policy clients regress to the legacy scope bundles.

Next steps

Team Follow-up Target
Authority Core Rotate long-lived policy CLI tokens in staging to confirm new scope set before freezing release 2025.10. 2025-10-29
DevOps Guild Update automation secrets (CI/CD, offline kit) to point at the regenerated policy-cli credentials. Sprint 23 stand-up
Docs Guild Fold the broader scope matrix refresh into AUTH-POLICY-23-003 once the dual-approval workflow lands. Blocked on AUTH-POLICY-23-002