stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
d870da18ce194c6a5f1a6d71abea36205d9fb276
git.stella-ops.org/src/IssuerDirectory/StellaOps.IssuerDirectory/AGENTS.md
master d870da18ce Restructure solution layout by module
2025-10-28 15:10:40 +02:00

1.1 KiB
Raw Blame History

Issuer Directory Guild Charter (Epic 7)

Mission

Manage trusted VEX issuer metadata, keys, and trust overrides used by the VEX Lens, Policy Engine, and downstream services.

Scope

  • Service src/IssuerDirectory/StellaOps.IssuerDirectory providing REST APIs and admin tooling for issuers, keys, trust weights, audit logs.
  • Integration with Excitator/VEX Lens/Policy Engine for signature verification and trust weighting.
  • Tenant overrides, import of CSAF publisher metadata, and compliance logging.

Principles

  1. Security first enforce least privilege, key expiry, rotation, and audit logs.
  2. Tenant awareness global issuer defaults with per-tenant overrides.
  3. Deterministic trust weights reproducible; changes logged.
  4. Audit ready all modifications recorded with actor, reason, signature.
  5. API-first CLI/Console/automation consume same endpoints.

Definition of Done

  • APIs documented, RBAC enforced, audit logs persisted.
  • Key verification integrated with VEX Lens and Excitator; rotation tooling delivered.
  • Docs/runbooks updated with compliance checklist.