stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
c65061602b61433a0aa28c8214a00d8bff78f075
git.stella-ops.org/src/StellaOps.Authority/TASKS.md
Vladimir Moushkov c65061602b
Some checks failed
Build Test Deploy / build-test (push) Has been cancelled
Details
Build Test Deploy / authority-container (push) Has been cancelled
Details
Build Test Deploy / docs (push) Has been cancelled
Details
Build Test Deploy / deploy (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
commit
2025-10-16 19:44:10 +03:00

5.8 KiB
Raw Blame History

Authority Host Task Board (UTC 2025-10-10)

ID Status Owner(s) Depends on Description Exit Criteria
CORE5B.DOC DONE (2025-10-12) Authority Core, Docs Guild CORE5 Document token persistence, revocation semantics, and enrichment expectations for resource servers/plugins. docs/11_AUTHORITY.md + plugin guide updated with claims + token store notes; Samples include revocation sync guidance.
CORE9.REVOCATION DONE (2025-10-12) Authority Core, Security Guild CORE5 Implement revocation list persistence + export hooks (API + CLI). Revoked tokens denied; Export endpoint/CLI returns manifest; Tests cover offline bundle flow.
CORE10.JWKS DONE (2025-10-12) Authority Core, DevOps CORE9.REVOCATION Provide JWKS rotation with pluggable key loader + documentation. Signing/encryption keys rotate without downtime; JWKS endpoint updates; Docs describe rotation SOP.
CORE8.RL DONE (2025-10-12) Authority Core CORE8 Deliver ASP.NET rate limiter plumbing (request metadata, dependency injection hooks) needed by Security Guild. /token & /authorize pipelines expose limiter hooks; Tests cover throttle behaviour baseline.
SEC2.HOST DONE (2025-10-12) Security Guild, Authority Core SEC2.A (audit contract) Hook audit logger into OpenIddict handlers and bootstrap endpoints. Audit events populated with correlationId, IP, client_id; Mongo login attempts persisted; Tests verify on success/failure/lockout.
SEC3.HOST DONE (2025-10-11) Security Guild CORE8.RL, SEC3.A (rate policy) Apply rate limiter policies (AddRateLimiter) to /token and /internal/* endpoints with configuration binding. Policies configurable via StellaOpsAuthorityOptions.Security.RateLimiting; Integration tests hit 429 after limit; Docs updated.
SEC4.HOST DONE (2025-10-12) Security Guild, DevOps SEC4.A (revocation schema) Implement CLI/HTTP surface to export revocation bundle + detached JWS using StellaOps.Cryptography. stellaops auth revoke export CLI/endpoint returns JSON + .jws; Verification script passes; Operator docs updated.
SEC4.KEY DONE (2025-10-12) Security Guild, DevOps SEC4.HOST Integrate signing keys with provider registry (initial ES256). Keys loaded via ICryptoProvider signer; Rotation SOP documented.
SEC5.HOST DONE (2025-10-14) Security Guild SEC5.A (threat model) Feed Authority-specific mitigations (rate limiting, audit, revocation) into threat model + backlog. Threat model updated; Backlog issues reference mitigations; Review sign-off captured.
SEC5.HOST-INVITES DONE (2025-10-14) Security Guild, Authority Core SEC5.D Implement bootstrap invite persistence, APIs, and background cleanup with audit coverage. Invite store + endpoints complete; Cleanup service expires unused invites; Audit events for create/consume/expire; Build/tests green.

Remark (2025-10-14): Background sweep emits invite expiry audits; integration test added. | SEC5.HOST-REPLAY | DONE (2025-10-14) | Security Guild, Zastava | SEC5.E | Persist token usage metadata and surface suspected replay heuristics. | Validation handlers record device metadata; Suspected replay flagged via audit/logs; Tests cover regression cases. | Remark (2025-10-14): Token validation handler logs suspected replay audits with device metadata; coverage via unit/integration tests. | SEC3.BUILD | DONE (2025-10-11) | Authority Core, Security Guild | SEC3.HOST, FEEDMERGE-COORD-02-900 | Track normalized-range dependency fallout and restore full test matrix once Feedser range primitives land. | Feedser normalized range libraries merged; Authority + Configuration test suites (dotnet test src/StellaOps.Authority.sln, dotnet test src/StellaOps.Configuration.Tests/StellaOps.Configuration.Tests.csproj) pass without Feedser compile failures; Status recorded here/Sprints (authority-core broadcast not available). | | AUTHCORE-BUILD-OPENIDDICT | DONE (2025-10-14) | Authority Core | SEC2.HOST | Adapt host/audit handlers for OpenIddict 6.4 API surface (no OpenIddictServerTransaction) and restore Authority solution build. | Build dotnet build src/StellaOps.Authority.sln succeeds; Audit correlation + tamper logging verified under new abstractions; Tests updated. | | AUTHCORE-STORAGE-DEVICE-TOKENS | DONE (2025-10-14) | Authority Core, Storage Guild | AUTHCORE-BUILD-OPENIDDICT | Reintroduce AuthorityTokenDeviceDocument + projections removed during refactor so storage layer compiles. | Document type restored with mappings/migrations; Storage tests cover device artifacts; Authority solution build green. | | AUTHCORE-BOOTSTRAP-INVITES | DONE (2025-10-14) | Authority Core, DevOps | AUTHCORE-STORAGE-DEVICE-TOKENS | Wire bootstrap invite cleanup service against restored document schema and re-enable lifecycle tests. | BootstrapInviteCleanupService passes integration tests; Operator guide updated if behavior changes; Build/test matrices green. | | AUTHSTORAGE-MONGO-08-001 | TODO | Authority Core & Storage Guild | — | Harden Mongo session usage with causal consistency for mutations and follow-up reads. | • Scoped middleware/service creates IClientSessionHandle with causal consistency + majority read/write concerns
• Stores accept optional session parameter and reuse it for write + immediate reads
• GraphQL/HTTP pipelines updated to flow session through post-mutation queries
• Replica-set integration test exercises primary election and verifies read-your-write guarantees |

Update status columns (TODO / DOING / DONE / BLOCKED) together with code changes. Always run dotnet test src/StellaOps.Authority.sln when touching host logic.