audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration

2026-01-14 10:48:00 +02:00
parent d7be6ba34b
commit 95d5898650
379 changed files with 40695 additions and 19041 deletions
--- a/docs/API_CLI_REFERENCE.md
+++ b/docs/API_CLI_REFERENCE.md
@@ -124,6 +124,30 @@ attestations/

 See also: `docs/modules/scanner/binary-diff-attestation.md`.

+## stella guard run
+
+Run AI code guard checks on a change set (planned).
+
+### Synopsis
+
+```bash
+stella guard run --policy <path> [options]
+```
+
+### Options
+
+| Option | Description |
+| --- | --- |
+| `--policy` | Path to `.stellaops.yml` policy file. |
+| `--format` | Output format: `json`, `sarif`, `gitlab`. |
+| `--out` | Write output to file. |
+
+### Examples
+
+```bash
+stella guard run --policy .stellaops.yml --format sarif --out guard.sarif
+```
+
 ## stella image inspect

 Inspect OCI image manifests and layers.
@@ -168,3 +192,196 @@ stella image inspect http://localhost:5000/myapp:1.0.0
 | `0` | Success |
 | `1` | Image not found |
 | `2` | Error (auth, network, invalid input, timeout) |
+
+## stella setup
+
+Interactive setup wizard for configuring StellaOps components.
+
+### Synopsis
+
+```bash
+stella setup [options]
+stella setup --step <step-id> [options]
+```
+
+### Options
+
+| Option | Description |
+| --- | --- |
+| `--step`, `-s` | Run a specific setup step (e.g., `llm`, `notify`, `authority`). |
+| `--non-interactive` | Run in non-interactive mode using config values. |
+| `--dry-run` | Preview changes without applying them. |
+| `--config`, `-c` | Path to YAML configuration file. |
+| `--verbose`, `-v` | Enable verbose output. |
+
+### Available Steps
+
+| Step ID | Name | Required | Description |
+| --- | --- | --- | --- |
+| `authority` | Authentication Provider | Yes | Configure authentication (Standard/LDAP). |
+| `users` | User Management | Yes | Create super user and additional users. |
+| `database` | PostgreSQL Database | Yes | Configure database connection. |
+| `cache` | Valkey/Redis Cache | Yes | Configure cache connection. |
+| `vault` | Secrets Vault | No | Configure secrets management (Vault/AWS/Azure). |
+| `settingsstore` | Settings Store | No | Configure settings backend (Consul/etcd). |
+| `registry` | Container Registry | No | Configure registry authentication. |
+| `telemetry` | OpenTelemetry | No | Configure observability. |
+| `notify` | Notifications | No | Configure notification channels. |
+| `llm` | AI/LLM Provider | No | Configure LLM for AdvisoryAI. |
+
+### Examples
+
+```bash
+# Run full setup wizard
+stella setup
+
+# Configure LLM provider only
+stella setup --step llm
+
+# Preview database configuration
+stella setup --step database --dry-run
+
+# Non-interactive with config file
+stella setup --step llm --non-interactive --config ./setup.yaml
+```
+
+See also: `docs/modules/advisory-ai/llm-setup-guide.md` for LLM configuration details.
+
+## stella advise ask
+
+Ask questions to the AdvisoryAI assistant.
+
+### Synopsis
+
+```bash
+stella advise ask <query> [options]
+```
+
+### Options
+
+| Option | Description |
+| --- | --- |
+| `--image`, `-i` | Container image reference to scope the query. |
+| `--digest`, `-d` | Artifact digest to scope the query. |
+| `--environment`, `-e` | Environment context (e.g., production, staging). |
+| `--conversation-id`, `-c` | Conversation ID for follow-up queries. |
+| `--no-action`, `-n` | Suppress proposed actions (read-only mode). |
+| `--evidence` | Include evidence links and citations. |
+| `--format`, `-f` | Output format: `table`, `json`, `markdown`. |
+| `--output`, `-o` | Write output to file. |
+| `--tenant` | Tenant context. |
+| `--user` | User context. |
+| `--verbose`, `-v` | Enable verbose output. |
+
+### Prerequisites
+
+An LLM provider must be configured. If not configured, the command will display:
+
+```
+Error: AI/LLM provider not configured.
+
+AdvisoryAI features require an LLM provider to be configured.
+Run 'stella setup --step llm' to configure an LLM provider.
+
+Alternatively, set one of these environment variables:
+  - OPENAI_API_KEY      for OpenAI
+  - ANTHROPIC_API_KEY   for Claude (Anthropic)
+  - GEMINI_API_KEY      for Google Gemini
+  - GOOGLE_API_KEY      for Google Gemini
+
+Or configure Ollama for local LLM inference.
+```
+
+### Examples
+
+```bash
+# Basic query
+stella advise ask "What vulnerabilities affect CVE-2024-1234?"
+
+# Scoped to an image
+stella advise ask "Is this image safe for production?" --image myapp:1.0.0
+
+# With evidence citations
+stella advise ask "Explain the risk of log4j in this artifact" \
+  --digest sha256:abc123... --evidence
+
+# JSON output for automation
+stella advise ask "List critical vulnerabilities" --format json > report.json
+```
+
+## stella advise chat-doctor
+
+Check AdvisoryAI chat quota and configuration status.
+
+### Synopsis
+
+```bash
+stella advise chat-doctor [options]
+```
+
+### Options
+
+| Option | Description |
+| --- | --- |
+| `--format`, `-f` | Output format: `table`, `json`. |
+| `--output`, `-o` | Write output to file. |
+| `--tenant` | Tenant context. |
+| `--user` | User context. |
+| `--verbose`, `-v` | Enable verbose output. |
+
+### Examples
+
+```bash
+# Check configuration status
+stella advise chat-doctor
+
+# JSON output
+stella advise chat-doctor --format json
+```
+
+## stella advise chat-settings
+
+Manage AdvisoryAI chat settings and quotas.
+
+### Synopsis
+
+```bash
+stella advise chat-settings get [options]
+stella advise chat-settings update [options]
+stella advise chat-settings clear [options]
+```
+
+### Get Options
+
+| Option | Description |
+| --- | --- |
+| `--scope`, `-s` | Settings scope: `effective`, `user`, `tenant`. |
+| `--format`, `-f` | Output format: `table`, `json`. |
+
+### Update Options
+
+| Option | Description |
+| --- | --- |
+| `--scope`, `-s` | Settings scope: `user`, `tenant`. |
+| `--requests-per-minute` | Set requests per minute quota. |
+| `--requests-per-day` | Set requests per day quota. |
+| `--tokens-per-day` | Set tokens per day quota. |
+| `--tool-calls-per-day` | Set tool calls per day quota. |
+| `--allow-all-tools` | Allow all tools (true/false). |
+| `--allowed-tools` | Set allowed tools (comma-separated). |
+
+### Examples
+
+```bash
+# View effective settings
+stella advise chat-settings get
+
+# View user-level settings
+stella advise chat-settings get --scope user
+
+# Update quotas
+stella advise chat-settings update --requests-per-day 100
+
+# Clear user overrides
+stella advise chat-settings clear --scope user
+```