feat: Implement IsolatedReplayContext for deterministic audit replay

- Added IsolatedReplayContext class to provide an isolated environment for replaying audit bundles without external calls. - Introduced methods for initializing the context, verifying input digests, and extracting inputs for policy evaluation. - Created supporting interfaces and options for context configuration. feat: Create ReplayExecutor for executing policy re-evaluation and verdict comparison - Developed ReplayExecutor class to handle the execution of replay processes, including input verification and verdict comparison. - Implemented detailed drift detection and error handling during replay execution. - Added interfaces for policy evaluation and replay execution options. feat: Add ScanSnapshotFetcher for fetching scan data and snapshots - Introduced ScanSnapshotFetcher class to retrieve necessary scan data and snapshots for audit bundle creation. - Implemented methods to fetch scan metadata, advisory feeds, policy snapshots, and VEX statements. - Created supporting interfaces for scan data, feed snapshots, and policy snapshots.
2025-12-23 07:46:34 +02:00
parent e47627cfff
commit 7e384ab610
77 changed files with 153346 additions and 209 deletions
--- a/src/Cli/StellaOps.Cli/Commands/Binary/BinaryCommandGroup.cs
+++ b/src/Cli/StellaOps.Cli/Commands/Binary/BinaryCommandGroup.cs
@@ -220,13 +220,13 @@ internal static class BinaryCommandGroup
        var graphOption = new Option<string>("--graph", new[] { "-g" })
        {
            Description = "Path to graph file.",
-            IsRequired = true
+            Required = true
        };

        var dsseOption = new Option<string>("--dsse", new[] { "-d" })
        {
            Description = "Path to DSSE envelope.",
-            IsRequired = true
+            Required = true
        };

        var publicKeyOption = new Option<string?>("--public-key", new[] { "-k" })