todays product advirories implemented

2026-01-16 23:30:47 +02:00
parent 91ba600722
commit 77ff029205
174 changed files with 30173 additions and 1383 deletions
--- a/docs/modules/cli/guides/commands/binary.md
+++ b/docs/modules/cli/guides/commands/binary.md
@@ -0,0 +1,50 @@
+# Binary Analysis CLI Commands
+
+_Last updated: 2026-01-16_
+
+This guide documents the CLI-first binary analysis commands exposed by Stella Ops.
+
+---
+
+## `stella binary fingerprint export`
+
+Export a deterministic binary fingerprint (function hashes, section hashes, symbol table).
+
+### Usage
+
+```bash
+stella binary fingerprint export <artifact> \
+  --format json \
+  --output ./fingerprint.json
+```
+
+### Notes
+- Supported formats: `json`, `yaml`
+- Output is deterministic for identical inputs.
+- Use `--output` for offline workflows and evidence bundles.
+
+---
+
+## `stella binary diff`
+
+Compare two binaries and emit a function/symbol-level delta report.
+
+### Usage
+
+```bash
+stella binary diff <base> <candidate> \
+  --format table \
+  --scope function
+```
+
+### Notes
+- Supported formats: `json`, `table`
+- Scopes: `file`, `section`, `function`
+- Use `--format json` for automation and CI pipelines.
+
+---
+
+## Output contracts
+
+- All JSON outputs follow the CLI standard envelope (stable ordering, camelCase keys).
+- When used in evidence workflows, prefer `--format json` plus `--output` for deterministic artifacts.
--- a/docs/modules/cli/guides/commands/policy.md
+++ b/docs/modules/cli/guides/commands/policy.md
@@ -78,7 +78,7 @@ stella policy review status <policy-id> [--version <ver>]
 stella policy publish <policy-id> [--version <ver>] [--sign] [--attestation-type <type>] [--dry-run]

 # Promote policy to environment
-stella policy promote <policy-id> [--version <ver>] --env <environment> [--canary <percentage>] [--dry-run]
+stella policy promote <policy-id> --from <env> --to <env> [--dry-run] [--format json|table] [--output <path>]

 # Rollback policy
 stella policy rollback <policy-id> [--to-version <ver>] [--reason <text>] [--force]
@@ -100,6 +100,26 @@ stella policy history <policy-id> [--limit <num>] [--since <date>] [--until <dat
 stella policy explain <policy-id> [--version <ver>] [--finding-id <id>] [--verbose]
 ```

+### Policy Lattice Explain (PEN-001)
+
+```bash
+# Explain policy lattice structure
+stella policy lattice explain [--format json|mermaid] [--output <path>]
+```
+
+### Policy Verdicts Export (PEN-002)
+
+```bash
+# Export policy verdict history
+stella policy verdicts export \
+  [--from <timestamp>] \
+  [--to <timestamp>] \
+  [--policy <id>] \
+  [--outcome pass|fail|warn] \
+  [--format json|csv] \
+  [--output <path>]
+```
+
 ### Policy Activation

 ```bash
--- a/docs/modules/cli/guides/commands/reference.md
+++ b/docs/modules/cli/guides/commands/reference.md
@@ -962,11 +962,13 @@ stella reachability analyze --scan <path> --code <path> [--output <path>]

 ### stella graph

-Visualize dependency graphs.
+Call graph evidence and lineage commands.

 **Usage:**
 ```bash
-stella graph --sbom <path> [--output <path>] [--format svg|png|dot]
+stella graph explain --graph-id <id> [--vuln-id <id>] [--purl <purl>] [--json]
+stella graph verify --hash <blake3:...> [--format text|json|markdown]
+stella graph lineage show <digest|purl> [--format json|graphson|mermaid] [--output <path>]
 ```

 ---
@@ -993,6 +995,20 @@ stella notify --scan <path> --channel slack --webhook <url>

 ---

+### stella issuer
+
+Manage issuer keys for signing and verification.
+
+**Usage:**
+```bash
+stella issuer keys list --format json
+stella issuer keys create --type ecdsa --name primary --format json
+stella issuer keys rotate <id> --format json
+stella issuer keys revoke <id> --format json
+```
+
+---
+
 ## Language-Specific Commands

 ### stella ruby
--- a/docs/modules/cli/guides/commands/vex.md
+++ b/docs/modules/cli/guides/commands/vex.md
@@ -5,6 +5,8 @@
 - `stella vex consensus --query <filter> [--output json|ndjson|table] [--offline]`
 - `stella vex get --id <consensusId> [--offline]`
 - `stella vex simulate --input <vexDocs> --policy <policyConfig> [--offline]`
+- `stella vex evidence export <target> [--format json|openvex] [--output <path>]`
+- `stella vex webhooks list|add|remove [--format json]`
 - `stella vex gen --from-drift --image <IMAGE> [--baseline <SEAL_ID>] [--output <PATH>]`

 ## Flags (common)
@@ -26,6 +28,39 @@

 ---

+## stella vex evidence export
+
+Export deterministic VEX evidence for a digest or component identifier.
+
+### Usage
+
+```bash
+stella vex evidence export <target> [--format json|openvex] [--output <path>]
+```
+
+### Examples
+
+```bash
+stella vex evidence export sha256:abc --format json
+stella vex evidence export pkg:npm/lodash@4.17.21 --format openvex --output vex-evidence.json
+```
+
+---
+
+## stella vex webhooks
+
+Manage VEX webhook subscriptions.
+
+### Usage
+
+```bash
+stella vex webhooks list --format json
+stella vex webhooks add --url <url> --events vex.created vex.updated --format json
+stella vex webhooks remove <id> --format json
+```
+
+---
+
 ## stella vex gen --from-drift

 **Sprint:** SPRINT_20260105_002_004_CLI