stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docs/features/unchecked/cli/audit-bundle-generation-and-verification-cli.md Normal file
View File

@@ -0,0 +1,33 @@
# Audit Bundle Generation and Verification CLI
## Module
Cli
## Status
IMPLEMENTED
## Description
CLI command `stella audit bundle <digest>` that generates self-contained, auditor-ready evidence packages containing verdict, evidence, policy snapshot, and replay instructions in directory/tar.gz/zip formats, plus `stella audit verify` for bundle integrity verification with manifest hash checking and optional DSSE signature verification.
## Implementation Details
- **Command Group**: `src/Cli/StellaOps.Cli/Commands/AuditCommandGroup.cs` -- `AuditCommandGroup` (internal static class)
- **Audit Verify**: `src/Cli/StellaOps.Cli/Commands/AuditVerifyCommand.cs` -- standalone audit verify command
- **Command Handlers**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.Audit.cs` -- `CommandHandlers` partial class with audit handlers
- **Bundle Service**: `src/Cli/StellaOps.Cli/Audit/AuditBundleService.cs` / `IAuditBundleService.cs` -- bundle generation and verification logic
- **Bundle Verifier**: `src/Cli/StellaOps.Cli/Services/AttestationBundleVerifier.cs` / `IAttestationBundleVerifier.cs`
- **Sprint**: SPRINT_20260117_027_CLI
- **Commands**:
- `stella audit bundle <digest>` -- generate audit bundle for an artifact digest. Options: `--output <path>`, `--format dir|tar.gz|zip`
- `stella audit verify <bundle-path>` -- verify bundle integrity (manifest hash, DSSE signature)
- **Tests**: `src/Cli/__Tests/StellaOps.Cli.Tests/Commands/VerifyBundleCommandTests.cs`
## E2E Test Plan
- [ ] Run `stella audit bundle sha256:abc123 --output ./audit-bundle` and verify directory created with verdict, evidence, policy snapshot, replay instructions
- [ ] Run `stella audit bundle sha256:abc123 --format tar.gz` and verify tar.gz archive created
- [ ] Run `stella audit bundle sha256:abc123 --format zip` and verify zip archive created
- [ ] Run `stella audit verify ./audit-bundle` and verify manifest hash checking passes for valid bundle
- [ ] Run `stella audit verify ./audit-bundle` with tampered content and verify integrity failure detected
- [ ] Verify DSSE signature verification when `--verify-signature` flag is used
- [ ] Verify bundle contains replay instructions that can reproduce the verdict
- [ ] Verify exit code 0 for valid bundle verification, non-zero for failures
- [ ] Verify error handling for non-existent digests or bundle paths