# CLI Verify Command for Attestation Chain Validation ## Module Cli ## Status VERIFIED ## Description CLI verify commands validate attestation chains for images with determinism testing and golden output verification. ## Implementation Details - **Command Group**: `src/Cli/StellaOps.Cli/Commands/VerifyCommandGroup.cs` -- `VerifyCommandGroup` for `stella verify` commands - **Image Verification**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyImage.cs` -- image verification handlers - **Bundle Verification**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyBundle.cs` -- bundle verification handlers - **Offline Verification**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyOffline.cs` -- offline verification handlers - **Image Attestation Verifier**: `src/Cli/StellaOps.Cli/Services/ImageAttestationVerifier.cs` / `IImageAttestationVerifier.cs` - **Tests**: `src/Cli/__Tests/StellaOps.Cli.Tests/GoldenOutput/VerifyCommandGoldenTests.cs`, `VerifyCommandGoldenOutputTests.cs`, `VerifyImageCommandTests.cs`, `VerifyImageHandlerTests.cs` - **Commands**: - `stella verify attestation ` -- verify attestation chain for an artifact - `stella verify image ` -- verify image attestations - `stella verify bundle ` -- verify evidence bundle integrity - `stella verify offline ` -- offline verification mode - **Integration tests**: `src/Cli/__Tests/StellaOps.Cli.Tests/Integration/VerificationConsolidationTests.cs` ## E2E Test Plan - [ ] Run `stella verify attestation sha256:abc123` and verify attestation chain validated - [ ] Run `stella verify image myregistry/app:v1.0` and verify image attestation check - [ ] Run `stella verify bundle ./evidence-bundle/` and verify bundle integrity - [ ] Run `stella verify offline sha256:abc123` and verify offline verification without network - [ ] Verify golden output tests pass deterministically - [ ] Verify exit code 0 for valid chains, non-zero for broken chains - [ ] Verify `--format json` provides structured verification results ## Verification - **Verified**: 2026-02-13T15:30:00Z - **Tier 0 (Source)**: pass -- all referenced source files exist on disk - **Tier 1 (Build)**: pass -- module builds cleanly, 412 tests pass in StellaOps.Cli.Commands.Tests - **Tier 2d (Integration)**: pass -- targeted integration tests confirm behavioral correctness - **Test Project**: `src/Cli/__Tests/StellaOps.Cli.Commands.Tests/StellaOps.Cli.Commands.Tests.csproj` - **Evidence**: `docs/qa/feature-checks/runs/cli/cli-verify-command-for-attestation-chain-validation/run-001/tier2-integration-check.json`