stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
docs/features/checked/cli/cli-verify-command-for-attestation-chain-validation.md Normal file
View File

@@ -0,0 +1,42 @@
# CLI Verify Command for Attestation Chain Validation
## Module
Cli
## Status
VERIFIED
## Description
CLI verify commands validate attestation chains for images with determinism testing and golden output verification.
## Implementation Details
- **Command Group**: `src/Cli/StellaOps.Cli/Commands/VerifyCommandGroup.cs` -- `VerifyCommandGroup` for `stella verify` commands
- **Image Verification**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyImage.cs` -- image verification handlers
- **Bundle Verification**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyBundle.cs` -- bundle verification handlers
- **Offline Verification**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyOffline.cs` -- offline verification handlers
- **Image Attestation Verifier**: `src/Cli/StellaOps.Cli/Services/ImageAttestationVerifier.cs` / `IImageAttestationVerifier.cs`
- **Tests**: `src/Cli/__Tests/StellaOps.Cli.Tests/GoldenOutput/VerifyCommandGoldenTests.cs`, `VerifyCommandGoldenOutputTests.cs`, `VerifyImageCommandTests.cs`, `VerifyImageHandlerTests.cs`
- **Commands**:
- `stella verify attestation <digest>` -- verify attestation chain for an artifact
- `stella verify image <image>` -- verify image attestations
- `stella verify bundle <path>` -- verify evidence bundle integrity
- `stella verify offline <digest>` -- offline verification mode
- **Integration tests**: `src/Cli/__Tests/StellaOps.Cli.Tests/Integration/VerificationConsolidationTests.cs`
## E2E Test Plan
- [ ] Run `stella verify attestation sha256:abc123` and verify attestation chain validated
- [ ] Run `stella verify image myregistry/app:v1.0` and verify image attestation check
- [ ] Run `stella verify bundle ./evidence-bundle/` and verify bundle integrity
- [ ] Run `stella verify offline sha256:abc123` and verify offline verification without network
- [ ] Verify golden output tests pass deterministically
- [ ] Verify exit code 0 for valid chains, non-zero for broken chains
- [ ] Verify `--format json` provides structured verification results
## Verification
- **Verified**: 2026-02-13T15:30:00Z
- **Tier 0 (Source)**: pass -- all referenced source files exist on disk
- **Tier 1 (Build)**: pass -- module builds cleanly, 412 tests pass in StellaOps.Cli.Commands.Tests
- **Tier 2d (Integration)**: pass -- targeted integration tests confirm behavioral correctness
- **Test Project**: `src/Cli/__Tests/StellaOps.Cli.Commands.Tests/StellaOps.Cli.Commands.Tests.csproj`
- **Evidence**: `docs/qa/feature-checks/runs/cli/cli-verify-command-for-attestation-chain-validation/run-001/tier2-integration-check.json`