stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
ef4991cdd0e12880347c063ad3cce11bb3ccc99f
git.stella-ops.org/docs/features/checked/cli/token-minting-and-delegation-cli.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

1.6 KiB
Raw Blame History

Token Minting and Delegation CLI

Module

Cli

Status

VERIFIED

Description

Service account token minting with scope/expiry/tenant control, and token delegation to other principals with scope restriction and audit reasons.

Implementation Details

  • Command Group: src/Cli/StellaOps.Cli/Commands/AuthCommandGroup.cs -- auth token commands
  • Authority Console Client: src/Cli/StellaOps.Cli/Services/AuthorityConsoleClient.cs / IAuthorityConsoleClient.cs
  • Commands:
    • stella auth token mint --scope <scopes> --expiry <duration> --tenant <id> -- mint service account token
    • stella auth token delegate --to <principal> --scope <scopes> --reason <text> -- delegate token with scope restriction

E2E Test Plan

  • Run stella auth token mint --scope "read:policy" --expiry 24h and verify token minted
  • Run with --tenant <id> and verify tenant-scoped token
  • Run stella auth token delegate --to service-a --scope "read:evidence" --reason "CI pipeline" and verify delegation
  • Verify delegated token has restricted scopes
  • Verify audit reason recorded for delegation

Verification

  • Verified: 2026-02-13T15:30:00Z
  • Tier 0 (Source): pass -- all referenced source files exist on disk
  • Tier 1 (Build): pass -- module builds cleanly, 87 tests pass in StellaOps.Cli.Auth.Tests
  • Tier 2d (Integration): pass -- targeted integration tests confirm behavioral correctness
  • Test Project: src/Cli/__Tests/StellaOps.Cli.Auth.Tests/StellaOps.Cli.Auth.Tests.csproj
  • Evidence: docs/qa/feature-checks/runs/cli/token-minting-and-delegation-cli/run-001/tier2-integration-check.json