stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d519782a8f0b30f425c9b6ae0f316b19259972a2
git.stella-ops.org/docs/modules/excititor/prep/2025-11-20-console-cache-rbac-prep.md
master d519782a8f
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
prep docs and service updates
2025-11-21 06:56:36 +00:00

1.5 KiB
Raw Blame History

Console Cache & RBAC Prep — PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-001

Status: Draft (2025-11-20) Owners: Excititor WebService Guild Scope: Capture caching, RBAC, and precedence-context requirements for console VEX lookups once the base contract (23-001) is defined.

Pending decisions

  • Tenant scoping contract from Authority (AUTH-TEN-47-001) alignment: whether to propagate tenant_ids[] or single tenant_id per request.
  • Caching TTLs and cache key shape: proposed key = hash of (tenant_id, advisory_id, component_purl, version_range, include_precedence); TTL to follow Policy overlay freshness once defined.
  • Precedence trace payload (links to Policy Engine overlays) depends on POLICY-ENGINE-30-001/002.

Proposed endpoints (draft)

  • GET /console/vex/cache/entries?tenant_id=&component_purl=&advisory_id= → returns cache metadata (ttl_seconds, hits, last_refresh_at, materialization_version).
  • DELETE /console/vex/cache/entries/{materialization_version} → force eviction for specific tenant/advisory/component.

RBAC sketch

  • Roles: console.viewer, console.operator, console.admin.
  • Permissions:
    • viewer: read-only to /console/vex + counters.
    • operator: can invalidate cache and request refresh.
    • admin: can set cache policy per tenant/project.

Handoff

This document is the prep artefact for PREP-EXCITITOR-CONSOLE-23-003-DEPENDS-ON-23-001. Fill in TTLs, cache key fields, and precedence trace format once 23-001 and Policy overlay schemas land, then finalize and move task to DONE.