stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
f98cea3bcfb4730b238ab8605ce6d48c2998aa44
git.stella-ops.org/docs/updates/2025-11-01-orch-admin-scope.md
master f98cea3bcf Add Authority Advisory AI and API Lifecycle Configuration 
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings.
- Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations.
- Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration.
- Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options.
- Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations.
- Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client.
- Updated project file to include necessary package references for the new Issuer Directory Client library.
2025-11-02 13:50:25 +02:00

1.3 KiB
Raw Blame History

2025-11-01 · Authority adds Orch.Admin quota controls

What changed

  • Introduced new orch:quota scope and Orch.Admin role for Orchestrator quota and burst adjustments.
  • Client credential requests for orch:quota now require quota_reason (≤256 chars) and accept optional quota_ticket (≤128 chars). Authority records both values under quota.reason / quota.ticket audit properties.
  • Tokens embedding orch:quota expose the reason/ticket claims so downstream services and audit tooling can trace quota increases or emergency backfills.
  • Console, CLI, and configuration samples include the new role plus environment variables (STELLAOPS_ORCH_QUOTA_REASON, STELLAOPS_ORCH_QUOTA_TICKET) for automation.

Why

Quotas and replay backfills materially affect tenant isolation and platform capacity. Capturing explicit operator intent keeps change windows reviewable and aligns with platform audit requirements.

Actions

  1. Update Authority configuration/offline bundles to seed Orch.Admin role for the handful of ops identities that manage quotas.
  2. Adjust automation to pass quota_reason/quota_ticket when exchanging tokens for orch:quota.
  3. Monitor authority.client_credentials.grant records for the new quota.* audit properties when reviewing change windows.