{"feature":"cli-command-router-infrastructure.md","tier":"2b","timestamp":"2026-02-13T21:34:49Z","command":"stella --help","exitCode":0,"stdoutSnippet":"Description:\n  StellaOps command-line interface\n\nUsage:\n  StellaOps.Cli [command] [options]\n\nOptions:\n  -v, --verbose          Enable verbose logging output.\n  -t, --tenant <tenant>  Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n  -?, -h, --help         Show help and usage information\n  --version              Show version information\n\nCommands:\n  scanner               Manage scanner artifacts and lifecycle.\n  scan                  Execute scanners and manage scan outputs.\n  image                 OCI image operations\n  ruby                  Work with Ruby analyzer outputs.\n  php                   Work with PHP analyzer outputs.\n  python                Work with Python analyzer outputs.\n  bun                   Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify all command groups listed in help"}
{"feature":"cli-help-text-and-discoverability.md","tier":"2b","timestamp":"2026-02-13T21:34:55Z","command":"stella scan --help","exitCode":0,"stdoutSnippet":"Description:\n  Execute scanners and manage scan outputs.\n\nUsage:\n  StellaOps.Cli scan [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  entrytrace            Show entry trace summary for a scan.\n  sarif                 Export scan results in SARIF 2.1.0 format for CI/CD integration.\n  replay                Replay a scan with explicit hashes for deterministic verdict reproduction.\n  gate-policy           VEX gate policy operations\n  gate-results          Get VEX gate results for a scan\n  layers <scan-id>      List layers in a scan with SBOM information\n  layer-sbom <scan-id>  Get per-layer SBOM for a specific layer\n  recipe <scan-id>      Get or verify SBOM composition recipe\n  diff                  Compare binaries between two images using section hashes.\n  \n","stderrSnippet":"","verdict":"pass","notes":"Verify scan help text shows subcommands"}
{"feature":"cli-help-text-and-discoverability-policy.md","tier":"2b","timestamp":"2026-02-13T21:35:01Z","command":"stella policy --help","exitCode":0,"stdoutSnippet":"Description:\n  Interact with Policy Engine operations.\n\nUsage:\n  StellaOps.Cli policy [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  simulate <policy-id>          Simulate a policy revision against selected SBOMs and environment.\n  activate <policy-id>          Activate an approved policy revision.\n  lint <file>                   Validate a policy DSL file locally without contacting the backend.\n  edit <file>                   Open a policy DSL file in $EDITOR, validate, and optionally commit with SemVer metadata.\n  test <file>                   Run coverage test fixtures against a policy DSL file.\n  new <name>                    Create a new policy file from a template.\n  history <policy-id>           View policy run history.\n  explain                       Show explanation tree for a policy decision.\n  init <path>                   Initialize a policy workspace directory.\n  compile <file>                Compile a policy DSL file to IR.\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy help text shows subcommands"}
{"feature":"resource-oriented-cli-hierarchy.md","tier":"2b","timestamp":"2026-02-13T21:35:07Z","command":"stella --help","exitCode":0,"stdoutSnippet":"Description:\n  StellaOps command-line interface\n\nUsage:\n  StellaOps.Cli [command] [options]\n\nOptions:\n  -v, --verbose          Enable verbose logging output.\n  -t, --tenant <tenant>  Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n  -?, -h, --help         Show help and usage information\n  --version              Show version information\n\nCommands:\n  scanner               Manage scanner artifacts and lifecycle.\n  scan                  Execute scanners and manage scan outputs.\n  image                 OCI image operations\n  ruby                  Work with Ruby analyzer outputs.\n  php                   Work with PHP analyzer outputs.\n  python                Work with Python analyzer outputs.\n  bun                   Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify resource-oriented hierarchy in root help"}
{"feature":"cli-config-command-hub.md","tier":"2b","timestamp":"2026-02-13T21:35:14Z","command":"stella config --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage Stella Ops configuration and settings.\n\nUsage:\n  StellaOps.Cli config [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  show          Display resolved configuration values.\n  list          List all available configuration paths.\n  notify        Notification channel and template settings.\n  integrations  Integration configuration and testing.\n  feeds         Feed source configuration and status.\n  registry      Container registry configuration.\n  sources       Advisory source configuration and management.\n  signals       Runtime signal configuration and inspection.\n","stderrSnippet":"","verdict":"pass","notes":"Verify config command hub subcommands"}
{"feature":"settings-consolidation-under-stella-config.md","tier":"2b","timestamp":"2026-02-13T21:35:20Z","command":"stella config show --help","exitCode":0,"stdoutSnippet":"Description:\n  Display resolved configuration values.\n\nUsage:\n  StellaOps.Cli config show [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify config show command exists"}
{"feature":"setup-wizard-cli.md","tier":"2b","timestamp":"2026-02-13T21:35:26Z","command":"stella setup --help","exitCode":0,"stdoutSnippet":"Description:\n  Interactive setup wizard for StellaOps components.\n\nUsage:\n  StellaOps.Cli setup [command] [options]\n\nOptions:\n  -c, --config <config>  Path to YAML configuration file for automated setup.\n  -y, --non-interactive  Run in non-interactive mode using defaults or config file values.\n  -?, -h, --help         Show help and usage information\n\nCommands:\n  run       Run the setup wizard from the beginning or continue from last checkpoint.\n  resume    Resume an interrupted setup from the last checkpoint.\n  status    Show current setup status and completed steps.\n  reset     Reset setup state for specific steps or all steps.\n  validate  Validate setup configuration without running setup.\n","stderrSnippet":"","verdict":"pass","notes":"Verify setup wizard subcommands"}
{"feature":"backward-compatible-command-aliases.md","tier":"2b","timestamp":"2026-02-13T21:35:33Z","command":"stella function-map --help","exitCode":0,"stdoutSnippet":"Description:\n  Runtime linkage function map operations\n\nUsage:\n  StellaOps.Cli function-map [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  generate  Generate a function_map predicate from SBOM\n  verify    Verify runtime observations against a function_map\n","stderrSnippet":"","verdict":"pass","notes":"Test function-map alias"}
{"feature":"cli-deprecation-warning-system.md","tier":"2b","timestamp":"2026-02-13T21:35:39Z","command":"stella fmap --help","exitCode":0,"stdoutSnippet":"Description:\n  Runtime linkage function map operations\n\nUsage:\n  StellaOps.Cli function-map [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  generate  Generate a function_map predicate from SBOM\n  verify    Verify runtime observations against a function_map\n","stderrSnippet":"","verdict":"pass","notes":"Test fmap alias"}
{"feature":"cli-plugin-module-loading-architecture.md","tier":"2b","timestamp":"2026-02-13T21:35:46Z","command":"stella -v --help","exitCode":0,"stdoutSnippet":"Description:\n  StellaOps command-line interface\n\nUsage:\n  StellaOps.Cli [command] [options]\n\nOptions:\n  -v, --verbose          Enable verbose logging output.\n  -t, --tenant <tenant>  Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n  -?, -h, --help         Show help and usage information\n  --version              Show version information\n\nCommands:\n  scanner               Manage scanner artifacts and lifecycle.\n  scan                  Execute scanners and manage scan outputs.\n  image                 OCI image operations\n  ruby                  Work with Ruby analyzer outputs.\n  php                   Work with PHP analyzer outputs.\n  python                Work with Python analyzer outputs.\n  bun                   Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify plugin loading in verbose mode"}
{"feature":"cli-with-plugin-based-command-modules.md","tier":"2b","timestamp":"2026-02-13T21:35:52Z","command":"stella --help","exitCode":0,"stdoutSnippet":"Description:\n  StellaOps command-line interface\n\nUsage:\n  StellaOps.Cli [command] [options]\n\nOptions:\n  -v, --verbose          Enable verbose logging output.\n  -t, --tenant <tenant>  Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n  -?, -h, --help         Show help and usage information\n  --version              Show version information\n\nCommands:\n  scanner               Manage scanner artifacts and lifecycle.\n  scan                  Execute scanners and manage scan outputs.\n  image                 OCI image operations\n  ruby                  Work with Ruby analyzer outputs.\n  php                   Work with PHP analyzer outputs.\n  python                Work with Python analyzer outputs.\n  bun                   Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify plugin-based command loading"}
{"feature":"tenant-context-management-cli.md","tier":"2b","timestamp":"2026-02-13T21:35:58Z","command":"stella tenants --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage tenant contexts (CLI-TEN-47-001).\n\nUsage:\n  StellaOps.Cli tenants [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list             List available tenants for the authenticated principal.\n  use <tenant-id>  Set the active tenant context for subsequent commands.\n  current          Show the currently active tenant context.\n  clear            Clear the active tenant context (use default or require --tenant).\n","stderrSnippet":"","verdict":"pass","notes":"Verify tenant management commands"}
{"feature":"token-minting-and-delegation-cli.md","tier":"2b","timestamp":"2026-02-13T21:36:05Z","command":"stella auth --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage authentication with StellaOps Authority.\n\nUsage:\n  StellaOps.Cli auth [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  login   Acquire and cache access tokens using the configured credentials.\n  logout  Remove cached tokens for the current credentials.\n  status  Display cached token status.\n  whoami  Display cached token claims (subject, scopes, expiry).\n  revoke  Manage revocation exports.\n  token   Service account token operations (CLI-TEN-49-001).\n","stderrSnippet":"","verdict":"pass","notes":"Verify auth commands"}
{"feature":"auth-revocation-bundle-export-verify-cli.md","tier":"2b","timestamp":"2026-02-13T21:36:11Z","command":"stella auth --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage authentication with StellaOps Authority.\n\nUsage:\n  StellaOps.Cli auth [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  login   Acquire and cache access tokens using the configured credentials.\n  logout  Remove cached tokens for the current credentials.\n  status  Display cached token status.\n  whoami  Display cached token claims (subject, scopes, expiry).\n  revoke  Manage revocation exports.\n  token   Service account token operations (CLI-TEN-49-001).\n","stderrSnippet":"","verdict":"pass","notes":"Verify auth revocation commands"}
{"feature":"cli-parity.md","tier":"2b","timestamp":"2026-02-13T21:36:17Z","command":"stella --help","exitCode":0,"stdoutSnippet":"Description:\n  StellaOps command-line interface\n\nUsage:\n  StellaOps.Cli [command] [options]\n\nOptions:\n  -v, --verbose          Enable verbose logging output.\n  -t, --tenant <tenant>  Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n  -?, -h, --help         Show help and usage information\n  --version              Show version information\n\nCommands:\n  scanner               Manage scanner artifacts and lifecycle.\n  scan                  Execute scanners and manage scan outputs.\n  image                 OCI image operations\n  ruby                  Work with Ruby analyzer outputs.\n  php                   Work with PHP analyzer outputs.\n  python                Work with Python analyzer outputs.\n  bun                   Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify comprehensive command set"}
{"feature":"baseline-selection-logic.md","tier":"2b","timestamp":"2026-02-13T21:36:24Z","command":"stella scan --help","exitCode":0,"stdoutSnippet":"Description:\n  Execute scanners and manage scan outputs.\n\nUsage:\n  StellaOps.Cli scan [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  entrytrace            Show entry trace summary for a scan.\n  sarif                 Export scan results in SARIF 2.1.0 format for CI/CD integration.\n  replay                Replay a scan with explicit hashes for deterministic verdict reproduction.\n  gate-policy           VEX gate policy operations\n  gate-results          Get VEX gate results for a scan\n  layers <scan-id>      List layers in a scan with SBOM information\n  layer-sbom <scan-id>  Get per-layer SBOM for a specific layer\n  recipe <scan-id>      Get or verify SBOM composition recipe\n  diff                  Compare binaries between two images using section hashes.\n  \n","stderrSnippet":"","verdict":"pass","notes":"Verify baseline-related scan subcommands"}
{"feature":"cli-scan-command-consolidation.md","tier":"2b","timestamp":"2026-02-13T21:36:30Z","command":"stella scan --help","exitCode":0,"stdoutSnippet":"Description:\n  Execute scanners and manage scan outputs.\n\nUsage:\n  StellaOps.Cli scan [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  entrytrace            Show entry trace summary for a scan.\n  sarif                 Export scan results in SARIF 2.1.0 format for CI/CD integration.\n  replay                Replay a scan with explicit hashes for deterministic verdict reproduction.\n  gate-policy           VEX gate policy operations\n  gate-results          Get VEX gate results for a scan\n  layers <scan-id>      List layers in a scan with SBOM information\n  layer-sbom <scan-id>  Get per-layer SBOM for a specific layer\n  recipe <scan-id>      Get or verify SBOM composition recipe\n  diff                  Compare binaries between two images using section hashes.\n  \n","stderrSnippet":"","verdict":"pass","notes":"Verify consolidated scan subcommands"}
{"feature":"scan-reproducibility-verification-flag.md","tier":"2b","timestamp":"2026-02-13T21:36:36Z","command":"stella scan replay --help","exitCode":0,"stdoutSnippet":"Description:\n  Replay a scan with explicit hashes for deterministic verdict reproduction.\n\nUsage:\n  StellaOps.Cli scan replay [options]\n\nOptions:\n  --artifact <artifact> (REQUIRED)  Artifact digest (sha256:...) to replay.\n  --manifest <manifest> (REQUIRED)  Run manifest hash for configuration.\n  --feeds <feeds> (REQUIRED)        Feed snapshot hash.\n  --policy <policy> (REQUIRED)      Policy ruleset hash.\n  --snapshot <snapshot>             Knowledge snapshot ID for offline replay.\n  --offline                         Run in offline/air-gapped mode. Requires all inputs to be locally available.\n  --verify-inputs                   Verify all input hashes before starting replay.\n  -o, --output <output>             Output file path for verdict JSON (defaults to stdout).\n  -v, --verbose                     Enable verbose logging output.\n  -?, -h, --help                    Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify scan replay/reproducibility"}
{"feature":"scan-snapshot-compare-cli.md","tier":"2b","timestamp":"2026-02-13T21:36:43Z","command":"stella scan diff --help","exitCode":0,"stdoutSnippet":"Description:\n  Compare binaries between two images using section hashes.\n  \n  Examples:\n    stella scan diff --base image1 --target image2\n    stella scan diff --base docker://repo/app:1.0.0 --target docker://repo/app:1.0.1 --mode=elf\n    stella scan diff --base image1 --target image2 --emit-dsse=./attestations --signing-key=signing-key.pem\n    stella scan diff --base image1 --target image2 --format=json > diff.json\n    stella scan diff --base image1 --target image2 --platform=linux/amd64\n\nUsage:\n  StellaOps.Cli scan diff [options]\n\nOptions:\n  -b, --base <base> (REQUIRED)       Base image reference (tag or @digest)\n  -t, --target <target> (REQUIRED)   Target image reference (tag or @digest)\n  -m, --mode <auto\nelf\npe>           Analysis mode: elf, pe, auto (default: auto) [default: auto]\n  -d, --emit-dsse <emit-dsse>        Directory for DSSE attestation output\n  --signing-key <signing-key>        Path to ECDSA private key (PEM) for DSSE signing\n  -f, --format <json\nsummary\ntable>  Output format: table, json, summary (default: table) [default: table]\n","stderrSnippet":"","verdict":"pass","notes":"Verify scan diff/compare"}
{"feature":"scan-entry-trace-analysis-cli.md","tier":"2b","timestamp":"2026-02-13T21:36:49Z","command":"stella scan entrytrace --help","exitCode":0,"stdoutSnippet":"Description:\n  Show entry trace summary for a scan.\n\nUsage:\n  StellaOps.Cli scan entrytrace [options]\n\nOptions:\n  --scan-id <scan-id> (REQUIRED)  Scan identifier.\n  --include-ndjson                Include raw NDJSON output.\n  --semantic                      Include semantic entrypoint analysis (intent, capabilities, threats).\n  -?, -h, --help                  Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify scan entrytrace"}
{"feature":"delta-scan-cli-command.md","tier":"2b","timestamp":"2026-02-13T21:36:55Z","command":"stella scan delta --help","exitCode":1,"stdoutSnippet":"Description:\n  Perform delta scanning between two image versions.\n  \n  Scans only changed layers for efficiency, reducing scan time and CVE churn.\n  \n  Examples:\n    stella scan delta --old myapp:1.0 --new myapp:1.1\n    stella scan delta --old registry.io/app:v1 --new registry.io/app:v2 --format=json\n    stella scan delta --old image:1.0@sha256:abc --new image:1.1@sha256:def --output=evidence.json\n    stella scan delta --old base:3.18 --new base:3.19 --platform=linux/amd64 --sign --rekor\n\nUsage:\n  StellaOps.Cli scan delta [options]\n\nUnhandled exception: System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown.\n   at System.CommandLine.Help.HelpBuilderExtensions.GetParameters(Symbol symbol)+MoveNext()\n   at System.CommandLine.Help.HelpBuilderExtensions.GetParameters(Symbol symbol)+MoveNext()\n   at System.CommandLine.Help.HelpBuilder.Default.GetIdentifierSymbolUsageLabel(Symbol symbol, ICollection`1 aliasSet)\n   at System.CommandLine.Help.HelpBuilder.Default.GetOptionUsageLabel(Option symbol)\n   at System.CommandLine.Help.HelpBuilder.<>c__DisplayClass21_0.<GetTwoColumnRow>g__GetOptionOrCommandRow\n0()\n","stderrSnippet":"Unhandled exception: System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown.\n","verdict":"fail","notes":"Verify scan delta"}
{"feature":"cli-policy-lifecycle-commands.md","tier":"2b","timestamp":"2026-02-13T21:37:09Z","command":"stella policy --help","exitCode":0,"stdoutSnippet":"Description:\n  Interact with Policy Engine operations.\n\nUsage:\n  StellaOps.Cli policy [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  simulate <policy-id>          Simulate a policy revision against selected SBOMs and environment.\n  activate <policy-id>          Activate an approved policy revision.\n  lint <file>                   Validate a policy DSL file locally without contacting the backend.\n  edit <file>                   Open a policy DSL file in $EDITOR, validate, and optionally commit with SemVer metadata.\n  test <file>                   Run coverage test fixtures against a policy DSL file.\n  new <name>                    Create a new policy file from a template.\n  history <policy-id>           View policy run history.\n  explain                       Show explanation tree for a policy decision.\n  init <path>                   Initialize a policy workspace directory.\n  compile <file>                Compile a policy DSL file to IR.\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy lifecycle subcommands"}
{"feature":"policy-dsl-compiler-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:16Z","command":"stella policy compile --help","exitCode":0,"stdoutSnippet":"Description:\n  Compile a policy DSL file to IR.\n\nUsage:\n  StellaOps.Cli policy compile <file> [options]\n\nArguments:\n  <file>  Path to the policy DSL file to compile.\n\nOptions:\n  -o, --output <output>  Output path for the compiled IR file.\n  --no-ir                Skip IR file generation (validation only).\n  --no-digest            Skip SHA-256 digest output.\n  --optimize             Enable optimization passes on the IR.\n  --strict               Treat warnings as errors.\n  -f, --format <format>  Output format: table (default), json.\n  -v, --verbose          Enable verbose logging output.\n  -?, -h, --help         Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy compile"}
{"feature":"policy-dsl-testing-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:22Z","command":"stella policy test --help","exitCode":0,"stdoutSnippet":"Description:\n  Run coverage test fixtures against a policy DSL file.\n\nUsage:\n  StellaOps.Cli policy test <file> [options]\n\nArguments:\n  <file>  Path to the policy DSL file to test.\n\nOptions:\n  -d, --fixtures <fixtures>  Path to fixtures directory (defaults to tests/policy/<policy-name>/cases).\n  --filter <filter>          Run only fixtures matching this pattern.\n  -f, --format <format>      Output format: table (default), json.\n  -o, --output <output>      Write test results to the specified file.\n  --fail-fast                Stop on first test failure.\n  -?, -h, --help             Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy test"}
{"feature":"policy-history-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:28Z","command":"stella policy history --help","exitCode":0,"stdoutSnippet":"Description:\n  View policy run history.\n\nUsage:\n  StellaOps.Cli policy history <policy-id> [options]\n\nArguments:\n  <policy-id>  Policy identifier (e.g. P-7).\n\nOptions:\n  --tenant <tenant>      Filter by tenant.\n  --from <from>          Filter runs from this timestamp (ISO-8601).\n  --to <to>              Filter runs to this timestamp (ISO-8601).\n  --status <status>      Filter by run status (completed, failed, running).\n  -l, --limit <limit>    Maximum number of runs to return.\n  --cursor <cursor>      Pagination cursor for next page.\n  -f, --format <format>  Output format: table (default), json.\n  -v, --verbose          Enable verbose logging output.\n  -?, -h, --help         Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy history"}
{"feature":"policy-publish-and-sign-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:35Z","command":"stella policy publish --help","exitCode":0,"stdoutSnippet":"Description:\n  Publish an approved policy revision.\n\nUsage:\n  StellaOps.Cli policy publish <policy-id> [options]\n\nArguments:\n  <policy-id>  Policy identifier.\n\nOptions:\n  --version <version> (REQUIRED)  Version to publish.\n  --sign                          Sign the policy during publish.\n  --algorithm <algorithm>         Signature algorithm (e.g. ecdsa-sha256, ed25519).\n  --key-id <key-id>               Key identifier for signing.\n  --note <note>                   Publish note.\n  --tenant <tenant>               Tenant context.\n  --json                          Output as JSON.\n  -v, --verbose                   Enable verbose logging output.\n  -?, -h, --help                  Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy publish"}
{"feature":"policy-review-workflow-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:41Z","command":"stella policy review --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage policy reviews.\n\nUsage:\n  StellaOps.Cli policy review [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  status <policy-id>   Get current review status.\n  comment <policy-id>  Add a review comment.\n  approve <policy-id>  Approve a policy review.\n  reject <policy-id>   Reject a policy review.\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy review"}
{"feature":"policy-rollback-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:47Z","command":"stella policy rollback --help","exitCode":0,"stdoutSnippet":"Description:\n  Rollback a policy to a previous version.\n\nUsage:\n  StellaOps.Cli policy rollback <policy-id> [options]\n\nArguments:\n  <policy-id>  Policy identifier.\n\nOptions:\n  --target-version <target-version>  Target version to rollback to. Defaults to previous version.\n  --env <env>                        Environment scope for rollback.\n  --reason <reason>                  Reason for rollback.\n  --incident <incident>              Associated incident ID.\n  --tenant <tenant>                  Tenant context.\n  --json                             Output as JSON.\n  -v, --verbose                      Enable verbose logging output.\n  -?, -h, --help                     Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy rollback"}
{"feature":"policy-scaffolding-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:54Z","command":"stella policy new --help","exitCode":0,"stdoutSnippet":"Description:\n  Create a new policy file from a template.\n\nUsage:\n  StellaOps.Cli policy new <name> [options]\n\nArguments:\n  <name>  Name for the new policy (e.g. 'my-org-policy').\n\nOptions:\n  -t, --template <template>        Template to use: minimal (default), baseline, vex-precedence, reachability, secret-leak, full.\n  -o, --output <output>            Output path for the policy file. Defaults to ./<name>.stella\n  -d, --description <description>  Policy description for metadata block.\n  --tag <tag>                      Policy tag for metadata block (repeatable).\n  --shadow                         Enable shadow mode in settings (default: true).\n  --fixtures                       Create test fixtures directory alongside the policy file.\n  --git-init                       Initialize a Git repository in the output directory.\n  -f, --format <format>            Output format: table (default), json.\n  -v, --verbose                    Enable verbose logging output.\n  -?, -h, --help                   Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy new/scaffold"}
{"feature":"policy-simulation-batch-mode-with-sbom-selectors.md","tier":"2b","timestamp":"2026-02-13T21:38:00Z","command":"stella policy simulate --help","exitCode":0,"stdoutSnippet":"Description:\n  Simulate a policy revision against selected SBOMs and environment.\n\nUsage:\n  StellaOps.Cli policy simulate <policy-id> [options]\n\nArguments:\n  <policy-id>  Policy identifier (e.g. P-7).\n\nOptions:\n  --base <base>                              Base policy version for diff calculations.\n  --candidate <candidate>                    Candidate policy version. Defaults to latest approved.\n  --sbom <sbom>                              SBOM identifier to include (repeatable).\n  --env <env>                                Environment override (key=value, repeatable).\n  --format <format>                          Output format: table, json, or markdown.\n  --output <output>                          Write output to the specified file.\n  --explain                                  Request explain traces for diffed findings.\n  --fail-on-diff                             Exit with code 20 when findings are added or removed.\n  --with-exception <with-exception>          Include exception ID in simulation (repeatable). Shows what-if the exception were applied.\n  --without-exception <without-exception>    Exclude exception ID from simulation (repeatable). Shows what-if the exception were removed.\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy simulate"}
{"feature":"policy-simulation-reachability-overrides.md","tier":"2b","timestamp":"2026-02-13T21:38:06Z","command":"stella policy simulate --help","exitCode":0,"stdoutSnippet":"Description:\n  Simulate a policy revision against selected SBOMs and environment.\n\nUsage:\n  StellaOps.Cli policy simulate <policy-id> [options]\n\nArguments:\n  <policy-id>  Policy identifier (e.g. P-7).\n\nOptions:\n  --base <base>                              Base policy version for diff calculations.\n  --candidate <candidate>                    Candidate policy version. Defaults to latest approved.\n  --sbom <sbom>                              SBOM identifier to include (repeatable).\n  --env <env>                                Environment override (key=value, repeatable).\n  --format <format>                          Output format: table, json, or markdown.\n  --output <output>                          Write output to the specified file.\n  --explain                                  Request explain traces for diffed findings.\n  --fail-on-diff                             Exit with code 20 when findings are added or removed.\n  --with-exception <with-exception>          Include exception ID in simulation (repeatable). Shows what-if the exception were applied.\n  --without-exception <without-exception>    Exclude exception ID from simulation (repeatable). Shows what-if the exception were removed.\n","stderrSnippet":"","verdict":"pass","notes":"Verify reachability overrides in simulate"}
{"feature":"policy-version-bump-cli.md","tier":"2b","timestamp":"2026-02-13T21:38:13Z","command":"stella policy version --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage policy versions.\n\nUsage:\n  StellaOps.Cli policy version [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  bump <policy-id>  Bump the policy version (patch, minor, major).\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy version"}
{"feature":"policy-workspace-initialization-cli.md","tier":"2b","timestamp":"2026-02-13T21:38:19Z","command":"stella policy init --help","exitCode":0,"stdoutSnippet":"Description:\n  Initialize a policy workspace directory.\n\nUsage:\n  StellaOps.Cli policy init [<path>] [options]\n\nArguments:\n  <path>  Directory path for the workspace (defaults to current directory).\n\nOptions:\n  -n, --name <name>          Policy name (defaults to directory name).\n  -t, --template <template>  Template to use: minimal (default), baseline, vex-precedence, reachability, secret-leak, full.\n  --no-git                   Skip Git repository initialization.\n  --no-readme                Skip README.md creation.\n  --no-fixtures              Skip test fixtures directory creation.\n  -f, --format <format>      Output format: table (default), json.\n  -v, --verbose              Enable verbose logging output.\n  -?, -h, --help             Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy init"}
{"feature":"vex-gated-policy-decisions.md","tier":"2b","timestamp":"2026-02-13T21:38:25Z","command":"stella scan gate-policy --help","exitCode":0,"stdoutSnippet":"Description:\n  VEX gate policy operations\n\nUsage:\n  StellaOps.Cli scan gate-policy [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  show  Display current VEX gate policy\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX gated policy"}
{"feature":"evidence-pack-download-and-verification.md","tier":"2b","timestamp":"2026-02-13T21:38:31Z","command":"stella evidence --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified evidence operations for audits, proofs, and offline verification\n\nUsage:\n  StellaOps.Cli evidence [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  export <bundle-id>  Export evidence bundle for offline audits\n  verify <path>       Verify an exported evidence bundle\n  store               Store timestamp evidence alongside an attestation\n  status <export-id>  Check status of an async export job\n  card                Single-file evidence card export and verification\n  reindex             Re-index evidence bundles after schema or algorithm changes\n  verify-continuity   Verify chain-of-custody after evidence reindex or upgrade\n  migrate             Migrate evidence schema between versions\n  holds               Evidence retention holds.\n  audit               Audit trail operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify evidence commands"}
{"feature":"cli-verify-command-for-attestation-chain-validation.md","tier":"2b","timestamp":"2026-02-13T21:38:37Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n  StellaOps.Cli verify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  offline            Verify offline evidence for a specific artifact.\n  image <reference>  Verify attestation chain for a container image\n  bundle             Verify E2E evidence bundle for reproducibility.\n  release <bundle>   Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n  attestation        Verify attestations attached to an OCI artifact\n  vex <artifact>     Verify VEX statements for an artifact\n  patch <artifact>   Verify that security patches are present in binaries\n  sbom <file>        Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify unified verify command"}
{"feature":"vex-generation-with-evidence-links.md","tier":"2b","timestamp":"2026-02-13T21:38:43Z","command":"stella vex --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage VEX (Vulnerability Exploitability eXchange) consensus data.\n\nUsage:\n  StellaOps.Cli vex [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  consensus                   Explore VEX consensus decisions.\n  simulate                    Simulate VEX consensus with trust/threshold overrides to preview changes.\n  export                      Export VEX consensus data as NDJSON bundle with optional signature.\n  obs                         Query VEX observations (Link-Not-Merge architecture).\n  explain <vulnerability-id>  Explain a VEX decision with full reachability evidence and verification status.\n  gen                         Generate VEX statements from drift analysis.\n  gate-scan                   VEX gate scan operations (from: vexgatescan).\n  verdict                     Verdict verification and inspection (from: stella verdict).\n  unknowns                    Unknowns registry operations (from: stella unknowns).\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX commands"}
{"feature":"sbom-format-conversion-cli.md","tier":"2b","timestamp":"2026-02-13T21:38:50Z","command":"stella sbom --help","exitCode":0,"stdoutSnippet":"Description:\n  Explore and manage Software Bill of Materials (SBOM) documents.\n\nUsage:\n  StellaOps.Cli sbom [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list                                     List SBOMs with filters and pagination.\n  upload                                   Upload an external SBOM for BYOS analysis.\n  show <sbom-id>                           Display detailed SBOM information including components, vulnerabilities, and licenses.\n  compare <base-sbom-id> <target-sbom-id>  Compare two SBOMs to show component, vulnerability, and license differences.\n  export <sbom-id>                         Export an SBOM in SPDX or CycloneDX format.\n  parity-matrix                            Show CLI command coverage and parity matrix.\n","stderrSnippet":"","verdict":"pass","notes":"Verify SBOM commands"}
{"feature":"proof-of-exposure-export-verify-cli.md","tier":"2b","timestamp":"2026-02-13T21:38:56Z","command":"stella proof --help","exitCode":0,"stdoutSnippet":"Description:\n  Proof chain verification and operations\n\nUsage:\n  StellaOps.Cli proof [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  verify  Verify an attestation bundle's proof chain\n  spine   Proof spine operations\n","stderrSnippet":"","verdict":"pass","notes":"Verify proof commands"}
{"feature":"rekor-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:39:03Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n  StellaOps.Cli verify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  offline            Verify offline evidence for a specific artifact.\n  image <reference>  Verify attestation chain for a container image\n  bundle             Verify E2E evidence bundle for reproducibility.\n  release <bundle>   Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n  attestation        Verify attestations attached to an OCI artifact\n  vex <artifact>     Verify VEX statements for an artifact\n  patch <artifact>   Verify that security patches are present in binaries\n  sbom <file>        Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify Rekor-related commands"}
{"feature":"witness-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:39:10Z","command":"stella witness --help","exitCode":0,"stdoutSnippet":"Description:\n  Binary micro-witness operations for patch verification.\n\nUsage:\n  StellaOps.Cli witness [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  generate <binary>  Generate a micro-witness for binary patch verification.\n  verify <witness>   Verify a binary micro-witness signature and Rekor proof.\n  bundle <witness>   Export a self-contained verification bundle for air-gapped audits.\n","stderrSnippet":"","verdict":"pass","notes":"Verify witness commands"}
{"feature":"cli-offline-offline-poe-verification.md","tier":"2b","timestamp":"2026-02-13T21:39:16Z","command":"stella offline --help","exitCode":0,"stdoutSnippet":"Description:\n  Air-gap and offline kit operations.\n\nUsage:\n  StellaOps.Cli offline [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  import  Import an offline kit with verification.\n  status  Display current offline kit status.\n","stderrSnippet":"","verdict":"pass","notes":"Verify offline commands"}
{"feature":"cli-forensic-snapshot-commands.md","tier":"2b","timestamp":"2026-02-13T21:39:22Z","command":"stella forensic --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage forensic snapshots and evidence locker operations.\n\nUsage:\n  StellaOps.Cli forensic [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  snapshot            Create a forensic snapshot for evidence preservation.\n  list                List forensic snapshots.\n  show <snapshot-id>  Show forensic snapshot details including manifest digests.\n  verify <bundle>     Verify forensic bundle integrity, signatures, and chain-of-custody.\n  attest              Attestation operations for forensic artifacts.\n","stderrSnippet":"","verdict":"pass","notes":"Verify forensic commands"}
{"feature":"evidence-legal-holds-cli.md","tier":"2b","timestamp":"2026-02-13T21:39:28Z","command":"stella forensic --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage forensic snapshots and evidence locker operations.\n\nUsage:\n  StellaOps.Cli forensic [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  snapshot            Create a forensic snapshot for evidence preservation.\n  list                List forensic snapshots.\n  show <snapshot-id>  Show forensic snapshot details including manifest digests.\n  verify <bundle>     Verify forensic bundle integrity, signatures, and chain-of-custody.\n  attest              Attestation operations for forensic artifacts.\n","stderrSnippet":"","verdict":"pass","notes":"Verify evidence legal holds"}
{"feature":"evidence-card-and-remediation-pr-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:39:35Z","command":"stella evidence --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified evidence operations for audits, proofs, and offline verification\n\nUsage:\n  StellaOps.Cli evidence [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  export <bundle-id>  Export evidence bundle for offline audits\n  verify <path>       Verify an exported evidence bundle\n  store               Store timestamp evidence alongside an attestation\n  status <export-id>  Check status of an async export job\n  card                Single-file evidence card export and verification\n  reindex             Re-index evidence bundles after schema or algorithm changes\n  verify-continuity   Verify chain-of-custody after evidence reindex or upgrade\n  migrate             Migrate evidence schema between versions\n  holds               Evidence retention holds.\n  audit               Audit trail operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify evidence card commands"}
{"feature":"cli-and-web-ui-for-proof-inspection.md","tier":"2b","timestamp":"2026-02-13T21:39:41Z","command":"stella proof --help","exitCode":0,"stdoutSnippet":"Description:\n  Proof chain verification and operations\n\nUsage:\n  StellaOps.Cli proof [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  verify  Verify an attestation bundle's proof chain\n  spine   Proof spine operations\n","stderrSnippet":"","verdict":"pass","notes":"Verify proof inspection CLI"}
{"feature":"audit-bundle-generation-and-verification-cli.md","tier":"2b","timestamp":"2026-02-13T21:39:48Z","command":"stella bundle --help","exitCode":0,"stdoutSnippet":"Description:\n  Offline evidence bundle operations.\n\nUsage:\n  StellaOps.Cli bundle [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  verify  Verify offline evidence bundle with full cryptographic verification\n","stderrSnippet":"","verdict":"pass","notes":"Verify audit bundle commands"}
{"feature":"offline-sbom-verification-cli.md","tier":"2b","timestamp":"2026-02-13T21:39:56Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n  StellaOps.Cli verify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  offline            Verify offline evidence for a specific artifact.\n  image <reference>  Verify attestation chain for a container image\n  bundle             Verify E2E evidence bundle for reproducibility.\n  release <bundle>   Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n  attestation        Verify attestations attached to an OCI artifact\n  vex <artifact>     Verify VEX statements for an artifact\n  patch <artifact>   Verify that security patches are present in binaries\n  sbom <file>        Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify offline SBOM verification"}
{"feature":"offline-verdict-verification-cli-plugin.md","tier":"2b","timestamp":"2026-02-13T21:40:03Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n  StellaOps.Cli verify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  offline            Verify offline evidence for a specific artifact.\n  image <reference>  Verify attestation chain for a container image\n  bundle             Verify E2E evidence bundle for reproducibility.\n  release <bundle>   Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n  attestation        Verify attestations attached to an OCI artifact\n  vex <artifact>     Verify VEX statements for an artifact\n  patch <artifact>   Verify that security patches are present in binaries\n  sbom <file>        Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify offline verdict verification"}
{"feature":"verification-receipt-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:09Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n  StellaOps.Cli verify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  offline            Verify offline evidence for a specific artifact.\n  image <reference>  Verify attestation chain for a container image\n  bundle             Verify E2E evidence bundle for reproducibility.\n  release <bundle>   Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n  attestation        Verify attestations attached to an OCI artifact\n  vex <artifact>     Verify VEX statements for an artifact\n  patch <artifact>   Verify that security patches are present in binaries\n  sbom <file>        Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify receipt verification"}
{"feature":"verification-command-consolidation.md","tier":"2b","timestamp":"2026-02-13T21:40:16Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n  StellaOps.Cli verify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  offline            Verify offline evidence for a specific artifact.\n  image <reference>  Verify attestation chain for a container image\n  bundle             Verify E2E evidence bundle for reproducibility.\n  release <bundle>   Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n  attestation        Verify attestations attached to an OCI artifact\n  vex <artifact>     Verify VEX statements for an artifact\n  patch <artifact>   Verify that security patches are present in binaries\n  sbom <file>        Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify unified verify subcommands"}
{"feature":"vex-observation-and-webhooks-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:23Z","command":"stella vex --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage VEX (Vulnerability Exploitability eXchange) consensus data.\n\nUsage:\n  StellaOps.Cli vex [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  consensus                   Explore VEX consensus decisions.\n  simulate                    Simulate VEX consensus with trust/threshold overrides to preview changes.\n  export                      Export VEX consensus data as NDJSON bundle with optional signature.\n  obs                         Query VEX observations (Link-Not-Merge architecture).\n  explain <vulnerability-id>  Explain a VEX decision with full reachability evidence and verification status.\n  gen                         Generate VEX statements from drift analysis.\n  gate-scan                   VEX gate scan operations (from: vexgatescan).\n  verdict                     Verdict verification and inspection (from: stella verdict).\n  unknowns                    Unknowns registry operations (from: stella unknowns).\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX observation commands"}
{"feature":"cli-vex-consensus-commands.md","tier":"2b","timestamp":"2026-02-13T21:40:31Z","command":"stella vex --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage VEX (Vulnerability Exploitability eXchange) consensus data.\n\nUsage:\n  StellaOps.Cli vex [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  consensus                   Explore VEX consensus decisions.\n  simulate                    Simulate VEX consensus with trust/threshold overrides to preview changes.\n  export                      Export VEX consensus data as NDJSON bundle with optional signature.\n  obs                         Query VEX observations (Link-Not-Merge architecture).\n  explain <vulnerability-id>  Explain a VEX decision with full reachability evidence and verification status.\n  gen                         Generate VEX statements from drift analysis.\n  gate-scan                   VEX gate scan operations (from: vexgatescan).\n  verdict                     Verdict verification and inspection (from: stella verdict).\n  unknowns                    Unknowns registry operations (from: stella unknowns).\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX consensus commands"}
{"feature":"advisory-database-status-and-connector-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:40:38Z","command":"stella config sources --help","exitCode":0,"stdoutSnippet":"Description:\n  Advisory source configuration and management.\n\nUsage:\n  StellaOps.Cli config sources [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list               List all available advisory sources.\n  check <source>     Check connectivity to advisory sources.\n  enable <sources>   Enable one or more advisory sources.\n  disable <sources>  Disable one or more advisory sources.\n  status             Show current source configuration status.\n","stderrSnippet":"","verdict":"pass","notes":"Verify advisory source commands"}
{"feature":"advisory-source-management-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:44Z","command":"stella advisory --help","exitCode":0,"stdoutSnippet":"Description:\n  Explore advisory observations, linksets, and exports (Link-Not-Merge).\n\nUsage:\n  StellaOps.Cli advisory [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  obs      Get raw advisory observations.\n  linkset  Show aggregated linkset with conflict summary.\n  export   Export advisory observations to various formats.\n","stderrSnippet":"","verdict":"pass","notes":"Verify advisory management CLI"}
{"feature":"advisoryai-chat-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:51Z","command":"stella advise --help","exitCode":0,"stdoutSnippet":"Description:\n  Interact with Advisory AI pipelines.\n\nUsage:\n  StellaOps.Cli advise [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  run <task>             Generate Advisory AI output for the specified task.\n  summarize              Summarize an advisory with JSON/Markdown outputs and citations.\n  explain                Explain an advisory conflict set with narrative and rationale.\n  remediate              Generate remediation guidance for an advisory.\n  batch <advisory-keys>  Run Advisory AI over multiple advisories with a single invocation.\n  open-pr <plan-id>      Apply a remediation plan by creating a PR/MR in the target SCM\n  ask <query>            Ask a question to the advisory assistant with evidence-backed responses.\n  chat-doctor            Show chat quota status, tool access, and last denial reasons.\n  chat-settings          Manage advisory chat settings (quotas, tool access).\n  export                 Export advisory conversation history.\n","stderrSnippet":"","verdict":"pass","notes":"Verify AdvisoryAI chat CLI"}
{"feature":"ai-code-guard-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:57Z","command":"stella advise --help","exitCode":0,"stdoutSnippet":"Description:\n  Interact with Advisory AI pipelines.\n\nUsage:\n  StellaOps.Cli advise [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  run <task>             Generate Advisory AI output for the specified task.\n  summarize              Summarize an advisory with JSON/Markdown outputs and citations.\n  explain                Explain an advisory conflict set with narrative and rationale.\n  remediate              Generate remediation guidance for an advisory.\n  batch <advisory-keys>  Run Advisory AI over multiple advisories with a single invocation.\n  open-pr <plan-id>      Apply a remediation plan by creating a PR/MR in the target SCM\n  ask <query>            Ask a question to the advisory assistant with evidence-backed responses.\n  chat-doctor            Show chat quota status, tool access, and last denial reasons.\n  chat-settings          Manage advisory chat settings (quotas, tool access).\n  export                 Export advisory conversation history.\n","stderrSnippet":"","verdict":"pass","notes":"Verify AI code guard"}
{"feature":"ci-template-generator-cli-command.md","tier":"2b","timestamp":"2026-02-13T21:41:04Z","command":"stella ci --help","exitCode":0,"stdoutSnippet":"Description:\n  CI/CD template generation and management.\n\nUsage:\n  StellaOps.Cli ci [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  init             Initialize CI/CD workflow templates.\n  list             List available CI/CD templates.\n  validate <path>  Validate CI/CD template configuration.\n","stderrSnippet":"","verdict":"pass","notes":"Verify CI template generator"}
{"feature":"cli-api-spec-download-command.md","tier":"2b","timestamp":"2026-02-13T21:41:10Z","command":"stella api --help","exitCode":0,"stdoutSnippet":"Description:\n  API management commands.\n\nUsage:\n  StellaOps.Cli api [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  spec  API specification operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify API spec download"}
{"feature":"cli-commands-for-ground-truth-and-golden-set-management.md","tier":"2b","timestamp":"2026-02-13T21:41:16Z","command":"stella golden --help","exitCode":0,"stdoutSnippet":"Description:\n  Golden set management commands for vulnerability signatures\n\nUsage:\n  StellaOps.Cli golden [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  init <vuln-id>      Initialize a new golden set from a vulnerability advisory\n  validate <file>     Validate a golden set YAML file\n  import <file>       Import a golden set into the corpus\n  list                List golden sets in the corpus\n  show <id>           Show details of a golden set\n  build-index <file>  Build a signature index from a golden set\n","stderrSnippet":"","verdict":"pass","notes":"Verify golden set commands"}
{"feature":"cli-determinism-score-report-generator.md","tier":"2b","timestamp":"2026-02-13T21:41:22Z","command":"stella detscore --help","exitCode":0,"stdoutSnippet":"Description:\n  Scanner determinism scoring harness for reproducibility testing.\n\nUsage:\n  StellaOps.Cli detscore [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  run                 Run determinism harness with frozen clock, seeded RNG, and canonical hashes. Exits non-zero if score falls below threshold.\n  report <manifests>  Generate determinism score report from published determinism.json manifests for release notes and air-gap kits.\n","stderrSnippet":"","verdict":"pass","notes":"Verify determinism score commands"}
{"feature":"cli-export-profile-and-run-management.md","tier":"2b","timestamp":"2026-02-13T21:41:27Z","command":"stella export --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage export profiles and runs.\n\nUsage:\n  StellaOps.Cli export [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  profiles  Manage export profiles.\n  runs      Manage export runs.\n  start     Start export jobs.\n  cache     Local evidence cache operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify export commands"}
{"feature":"cli-ir-commands.md","tier":"2b","timestamp":"2026-02-13T21:41:34Z","command":"stella policy compile --help","exitCode":0,"stdoutSnippet":"Description:\n  Compile a policy DSL file to IR.\n\nUsage:\n  StellaOps.Cli policy compile <file> [options]\n\nArguments:\n  <file>  Path to the policy DSL file to compile.\n\nOptions:\n  -o, --output <output>  Output path for the compiled IR file.\n  --no-ir                Skip IR file generation (validation only).\n  --no-digest            Skip SHA-256 digest output.\n  --optimize             Enable optimization passes on the IR.\n  --strict               Treat warnings as errors.\n  -f, --format <format>  Output format: table (default), json.\n  -v, --verbose          Enable verbose logging output.\n  -?, -h, --help         Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify IR compilation"}
{"feature":"cli-notification-simulation-and-acknowledgment.md","tier":"2b","timestamp":"2026-02-13T21:41:40Z","command":"stella notify --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage notification channels, rules, and deliveries.\n\nUsage:\n  StellaOps.Cli notify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  channels                  Manage notification channels.\n  rules                     Manage notification routing rules.\n  deliveries                View and manage notification deliveries.\n  simulate                  Simulate notification rules against events.\n  send <event-type> <body>  Send a notification.\n  ack                       Acknowledge a notification or incident.\n","stderrSnippet":"","verdict":"pass","notes":"Verify notification commands"}
{"feature":"cli-observability-dashboard-commands.md","tier":"2b","timestamp":"2026-02-13T21:41:46Z","command":"stella obs --help","exitCode":0,"stdoutSnippet":"Description:\n  Platform observability: service health, SLOs, burn-rate alerts, and metrics.\n\nUsage:\n  StellaOps.Cli obs [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  top               Stream service health metrics, SLO status, and burn-rate alerts (like 'top' for your platform).\n  trace <trace_id>  Fetch a distributed trace by ID with correlated spans and evidence links.\n  logs              Fetch platform logs for a time window with pagination and filters.\n  incident-mode     Manage incident mode for enhanced forensic fidelity and retention.\n","stderrSnippet":"","verdict":"pass","notes":"Verify observability commands"}
{"feature":"cli-reachability-trace-export.md","tier":"2b","timestamp":"2026-02-13T21:41:52Z","command":"stella reachability --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified reachability analysis operations\n\nUsage:\n  StellaOps.Cli reachability [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  show              Display reachability subgraph\n  export            Export subgraph to visualization format\n  trace             Export reachability traces with runtime evidence\n  explain <digest>  Explain reachability assessment\n  witness <digest>  Generate path witness for vulnerability reachability\n  guards <digest>   List detected security guards\n  graph             Reachability graph operations (from: reachgraph).\n  slice             Reachability slice operations (from: slice).\n  witness-ops       Full witness operations (from: witness).\n","stderrSnippet":"","verdict":"pass","notes":"Verify reachability commands"}
{"feature":"cli-reachability-upload-and-explain-commands.md","tier":"2b","timestamp":"2026-02-13T21:41:58Z","command":"stella reachability --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified reachability analysis operations\n\nUsage:\n  StellaOps.Cli reachability [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  show              Display reachability subgraph\n  export            Export subgraph to visualization format\n  trace             Export reachability traces with runtime evidence\n  explain <digest>  Explain reachability assessment\n  witness <digest>  Generate path witness for vulnerability reachability\n  guards <digest>   List detected security guards\n  graph             Reachability graph operations (from: reachgraph).\n  slice             Reachability slice operations (from: slice).\n  witness-ops       Full witness operations (from: witness).\n","stderrSnippet":"","verdict":"pass","notes":"Verify reachability upload/explain"}
{"feature":"cli-slice-management-commands.md","tier":"2b","timestamp":"2026-02-13T21:42:03Z","command":"stella sbom --help","exitCode":0,"stdoutSnippet":"Description:\n  Explore and manage Software Bill of Materials (SBOM) documents.\n\nUsage:\n  StellaOps.Cli sbom [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list                                     List SBOMs with filters and pagination.\n  upload                                   Upload an external SBOM for BYOS analysis.\n  show <sbom-id>                           Display detailed SBOM information including components, vulnerabilities, and licenses.\n  compare <base-sbom-id> <target-sbom-id>  Compare two SBOMs to show component, vulnerability, and license differences.\n  export <sbom-id>                         Export an SBOM in SPDX or CycloneDX format.\n  parity-matrix                            Show CLI command coverage and parity matrix.\n","stderrSnippet":"","verdict":"pass","notes":"Verify SBOM slice management"}
{"feature":"cli-tools.md","tier":"2b","timestamp":"2026-02-13T21:42:08Z","command":"stella tools --help","exitCode":0,"stdoutSnippet":"Description:\n  Local policy tooling and maintenance commands.\n\nUsage:\n  StellaOps.Cli tools [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  policy-dsl-validate <inputs>  Validate StellaOps policy DSL files.\n  policy-schema-export          Export policy schema JSON files.\n  policy-simulation-smoke       Run policy simulation smoke scenarios.\n  lint                          Lint policy and configuration files (from: lint).\n  benchmark                     Run performance benchmarks (from: bench).\n  migrate                       Migration utilities (from: migrate).\n","stderrSnippet":"","verdict":"pass","notes":"Verify tools commands"}
{"feature":"cli-vulnerability-workflow-commands.md","tier":"2b","timestamp":"2026-02-13T21:42:14Z","command":"stella vuln --help","exitCode":0,"stdoutSnippet":"Description:\n  Explore vulnerability observations and overlays.\n\nUsage:\n  StellaOps.Cli vuln [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  observations                 List raw advisory observations for overlay consumers.\n  list                         List vulnerabilities with grouping, filters, and pagination.\n  show <vulnerability-id>      Display detailed vulnerability information including evidence, rationale, paths, and ledger.\n  assign <assignee>            Assign vulnerabilities to a user.\n  comment <text>               Add a comment to vulnerabilities.\n  accept-risk <justification>  Accept risk for vulnerabilities with justification.\n  verify-fix                   Mark vulnerabilities as fixed and verified.\n  target-fix <due-date>        Set a target fix date for vulnerabilities.\n  reopen                       Reopen closed or accepted vulnerabilities.\n  simulate                     Simulate policy/VEX changes and show delta summaries.\n","stderrSnippet":"","verdict":"pass","notes":"Verify vuln workflow commands"}
{"feature":"concelier-database-operations-cli.md","tier":"2b","timestamp":"2026-02-13T21:42:20Z","command":"stella db --help","exitCode":0,"stdoutSnippet":"Description:\n  Trigger Concelier database operations via backend jobs.\n\nUsage:\n  StellaOps.Cli db [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  fetch   Trigger connector fetch/parse/map stages.\n  merge   Run canonical merge reconciliation.\n  export  Run Concelier export jobs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify DB operations CLI"}
{"feature":"deltasig-cli-module.md","tier":"2b","timestamp":"2026-02-13T21:42:26Z","command":"stella deltasig --help","exitCode":0,"stdoutSnippet":"Description:\n  Binary delta signature operations for backport detection.\n\nUsage:\n  StellaOps.Cli deltasig [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  extract <binary>  Extract normalized delta signatures from a binary.\n  author            Author delta signatures by comparing vulnerable and patched binaries.\n  sign              Sign a delta signature payload with DSSE envelope.\n  verify            Verify a DSSE-signed delta signature envelope.\n  match <binary>    Match a binary against known vulnerable/patched signatures.\n  pack              Create a signature pack from individual signature files.\n  inspect <file>    Inspect a delta signature payload or DSSE envelope.\n","stderrSnippet":"","verdict":"pass","notes":"Verify deltasig commands"}
{"feature":"doctor-cli-command-group.md","tier":"2b","timestamp":"2026-02-13T21:42:31Z","command":"stella doctor --help","exitCode":0,"stdoutSnippet":"Description:\n  Run diagnostic checks on Stella Ops installation and environment.\n\nUsage:\n  StellaOps.Cli doctor [command] [options]\n\nOptions:\n  -f, --format <format>      Output format: text (default), json, markdown [default: text]\n  -m, --mode <mode>          Run mode: quick (fast checks only), normal (default), full (all checks including slow ones)\n  -c, --category <category>  Filter checks by category (e.g., Core, Database, Security)\n  -t, --tag <tag>            Filter checks by tag (e.g., quick, connectivity). Can be specified multiple times.\n  --check <check>            Run a specific check by ID (e.g., check.core.disk)\n  -p, --parallel <parallel>  Maximum parallel check executions (default: 4)\n  --timeout <timeout>        Per-check timeout in seconds (default: 30)\n  -o, --output <output>      Write output to file instead of stdout\n  --fail-on-warn             Exit with non-zero code on warnings (default: only fail on errors)\n  -w, --watch                Run in continuous monitoring mode\n  --interval <interval>      Interval in seconds between checks in watch mode (default: 60)\n  -e, --env <env>            Target environment for checks (e.g., dev, staging, prod)\n  -v, --verbose              Enable verbose logging output.\n","stderrSnippet":"","verdict":"pass","notes":"Verify doctor commands"}
{"feature":"evidence-legal-holds-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:42:36Z","command":"stella forensic --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage forensic snapshots and evidence locker operations.\n\nUsage:\n  StellaOps.Cli forensic [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  snapshot            Create a forensic snapshot for evidence preservation.\n  list                List forensic snapshots.\n  show <snapshot-id>  Show forensic snapshot details including manifest digests.\n  verify <bundle>     Verify forensic bundle integrity, signatures, and chain-of-custody.\n  attest              Attestation operations for forensic artifacts.\n","stderrSnippet":"","verdict":"pass","notes":"Verify forensic/evidence"}
{"feature":"excititor-vex-ingest-management-cli.md","tier":"2b","timestamp":"2026-02-13T21:42:42Z","command":"stella vex --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage VEX (Vulnerability Exploitability eXchange) consensus data.\n\nUsage:\n  StellaOps.Cli vex [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  consensus                   Explore VEX consensus decisions.\n  simulate                    Simulate VEX consensus with trust/threshold overrides to preview changes.\n  export                      Export VEX consensus data as NDJSON bundle with optional signature.\n  obs                         Query VEX observations (Link-Not-Merge architecture).\n  explain <vulnerability-id>  Explain a VEX decision with full reachability evidence and verification status.\n  gen                         Generate VEX statements from drift analysis.\n  gate-scan                   VEX gate scan operations (from: vexgatescan).\n  verdict                     Verdict verification and inspection (from: stella verdict).\n  unknowns                    Unknowns registry operations (from: stella unknowns).\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX ingest management"}
{"feature":"explain-block-cli-command.md","tier":"2b","timestamp":"2026-02-13T21:42:47Z","command":"stella explain --help","exitCode":0,"stdoutSnippet":"Description:\n  Explain policy decisions with deterministic trace and evidence.\n\nUsage:\n  StellaOps.Cli explain [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  block <digest>  Explain why an artifact was blocked with deterministic trace\n","stderrSnippet":"","verdict":"pass","notes":"Verify explain command"}
{"feature":"feed-snapshotting-for-deterministic-replay.md","tier":"2b","timestamp":"2026-02-13T21:42:53Z","command":"stella config feeds --help","exitCode":0,"stdoutSnippet":"Description:\n  Feed source configuration and status.\n\nUsage:\n  StellaOps.Cli config feeds [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list              List configured feed sources.\n  status            Show feed synchronization status.\n  refresh <source>  Trigger feed refresh.\n","stderrSnippet":"","verdict":"pass","notes":"Verify feed snapshotting config"}
{"feature":"function-map-cli.md","tier":"2b","timestamp":"2026-02-13T21:42:59Z","command":"stella fmap --help","exitCode":0,"stdoutSnippet":"Description:\n  Runtime linkage function map operations\n\nUsage:\n  StellaOps.Cli function-map [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  generate  Generate a function_map predicate from SBOM\n  verify    Verify runtime observations against a function_map\n","stderrSnippet":"","verdict":"pass","notes":"Verify function map CLI"}
{"feature":"github-code-scanning-endpoints.md","tier":"2b","timestamp":"2026-02-13T21:43:05Z","command":"stella github --help","exitCode":0,"stdoutSnippet":"Description:\n  GitHub integration commands.\n\nUsage:\n  StellaOps.Cli github [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  upload-sarif <sarif-file>    Upload SARIF to GitHub Code Scanning.\n  list-alerts                  List code scanning alerts for a repository.\n  get-alert <alert-number>     Get details for a specific code scanning alert.\n  update-alert <alert-number>  Update a code scanning alert state.\n  upload-status <sarif-id>     Check SARIF upload processing status.\n","stderrSnippet":"","verdict":"pass","notes":"Verify GitHub integration"}
{"feature":"gitops-controller.md","tier":"2b","timestamp":"2026-02-13T21:43:11Z","command":"stella pack --help","exitCode":0,"stdoutSnippet":"Description:\n  Task Pack operations: plan, run, push, pull, verify.\n\nUsage:\n  StellaOps.Cli pack [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  plan <pack-id>  Plan a pack execution and validate inputs.\n  run <pack-id>   Execute a pack with the specified inputs.\n  push <path>     Push a pack to the registry.\n  pull <pack-id>  Pull a pack from the registry.\n  verify          Verify a pack's signature, digest, and schema.\n  runs            Manage pack runs.\n  secrets         Secret injection for pack runs.\n  cache           Manage offline pack cache.\n","stderrSnippet":"","verdict":"pass","notes":"Verify pack/GitOps commands"}
{"feature":"hlc-status-and-timeline-query-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:43:16Z","command":"stella orch --help","exitCode":0,"stdoutSnippet":"Description:\n  Interact with Source & Job Orchestrator.\n\nUsage:\n  StellaOps.Cli orch [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  sources   Manage orchestrator data sources.\n  backfill  Manage backfill operations for data sources.\n  quotas    Manage resource quotas.\n","stderrSnippet":"","verdict":"pass","notes":"Verify orchestrator commands"}
{"feature":"image-inspect-cli-command.md","tier":"2b","timestamp":"2026-02-13T21:43:22Z","command":"stella image --help","exitCode":0,"stdoutSnippet":"Description:\n  OCI image operations\n\nUsage:\n  StellaOps.Cli image [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  inspect <reference>  Inspect OCI image manifest and layers\n","stderrSnippet":"","verdict":"pass","notes":"Verify image inspect command"}
{"feature":"incident-response-cli.md","tier":"2b","timestamp":"2026-02-13T21:43:28Z","command":"stella forensic --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage forensic snapshots and evidence locker operations.\n\nUsage:\n  StellaOps.Cli forensic [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  snapshot            Create a forensic snapshot for evidence preservation.\n  list                List forensic snapshots.\n  show <snapshot-id>  Show forensic snapshot details including manifest digests.\n  verify <bundle>     Verify forensic bundle integrity, signatures, and chain-of-custody.\n  attest              Attestation operations for forensic artifacts.\n","stderrSnippet":"","verdict":"pass","notes":"Verify incident response CLI"}
{"feature":"key-rotation-cli.md","tier":"2b","timestamp":"2026-02-13T21:43:33Z","command":"stella key --help","exitCode":0,"stdoutSnippet":"Description:\n  Key management and rotation commands\n\nUsage:\n  StellaOps.Cli key [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list <anchorId>                          List keys for a trust anchor\n  add <anchorId> <keyId>                   Add a new key to a trust anchor\n  revoke <anchorId> <keyId>                Revoke a key from a trust anchor\n  rotate <anchorId> <oldKeyId> <newKeyId>  Rotate a key (add new, schedule old revocation)\n  status <anchorId>                        Show key rotation status and warnings\n  history <anchorId>                       Show key audit history\n  verify <anchorId> <keyId>                Verify a key's validity at a point in time\n","stderrSnippet":"","verdict":"pass","notes":"Verify key rotation"}
{"feature":"kms-key-export-import-cli.md","tier":"2b","timestamp":"2026-02-13T21:43:38Z","command":"stella kms --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage file-backed signing keys.\n\nUsage:\n  StellaOps.Cli kms [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  export  Export key material to a portable bundle.\n  import  Import key material from a bundle.\n","stderrSnippet":"","verdict":"pass","notes":"Verify KMS commands"}
{"feature":"local-validator-for-offline-config-checking.md","tier":"2b","timestamp":"2026-02-13T21:43:44Z","command":"stella config show --help","exitCode":0,"stdoutSnippet":"Description:\n  Display resolved configuration values.\n\nUsage:\n  StellaOps.Cli config show [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify local config validation"}
{"feature":"notification-channel-management-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:43:49Z","command":"stella notify --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage notification channels, rules, and deliveries.\n\nUsage:\n  StellaOps.Cli notify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  channels                  Manage notification channels.\n  rules                     Manage notification routing rules.\n  deliveries                View and manage notification deliveries.\n  simulate                  Simulate notification rules against events.\n  send <event-type> <body>  Send a notification.\n  ack                       Acknowledge a notification or incident.\n","stderrSnippet":"","verdict":"pass","notes":"Verify notification channel management"}
{"feature":"oci-referrer-based-artifact-association.md","tier":"2b","timestamp":"2026-02-13T21:43:55Z","command":"stella image --help","exitCode":0,"stdoutSnippet":"Description:\n  OCI image operations\n\nUsage:\n  StellaOps.Cli image [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  inspect <reference>  Inspect OCI image manifest and layers\n","stderrSnippet":"","verdict":"pass","notes":"Verify OCI referrer commands"}
{"feature":"policy-dsl-compiler-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:44:01Z","command":"stella policy lint --help","exitCode":0,"stdoutSnippet":"Description:\n  Validate a policy DSL file locally without contacting the backend.\n\nUsage:\n  StellaOps.Cli policy lint <file> [options]\n\nArguments:\n  <file>  Path to the policy DSL file to validate.\n\nOptions:\n  -f, --format <format>  Output format: table (default), json.\n  -o, --output <output>  Write JSON output to the specified file.\n  -?, -h, --help         Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy lint"}
{"feature":"policy-review-workflow-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:44:06Z","command":"stella policy submit --help","exitCode":0,"stdoutSnippet":"Description:\n  Submit policy for review.\n\nUsage:\n  StellaOps.Cli policy submit <policy-id> [options]\n\nArguments:\n  <policy-id>  Policy identifier (e.g. P-7).\n\nOptions:\n  -v, --version <version>    Specific version to submit (defaults to latest).\n  -r, --reviewer <reviewer>  Reviewer username(s) (repeatable).\n  -m, --message <message>    Submission message.\n  --urgent                   Mark submission as urgent.\n  --tenant <tenant>          Tenant context.\n  --json                     Output as JSON.\n  -v, --verbose              Enable verbose logging output.\n  -?, -h, --help             Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy submit"}
{"feature":"policy-simulation-batch-mode-with-sbom-selectors-2.md","tier":"2b","timestamp":"2026-02-13T21:44:12Z","command":"stella policy evaluate --help","exitCode":0,"stdoutSnippet":"Description:\n  Evaluate a policy pack against evidence input.\n\nUsage:\n  StellaOps.Cli policy evaluate [options]\n\nOptions:\n  -p, --policy <policy> (REQUIRED)  Policy file to evaluate.\n  -i, --input <input> (REQUIRED)    Evidence input file (JSON).\n  --format <format>                 Policy format: json or rego. Auto-detected if omitted.\n  -e, --environment <environment>   Target environment for gate resolution.\n  --include-remediation             Show remediation hints for failures.\n  --output <output>                 Output format: table, json, markdown, or ci. [default: table]\n  -v, --verbose                     Enable verbose logging output.\n  -?, -h, --help                    Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy evaluate"}
{"feature":"proof-chain-cli-commands-with-structured-exit-codes.md","tier":"2b","timestamp":"2026-02-13T21:44:17Z","command":"stella chain --help","exitCode":127,"stdoutSnippet":"Out of memory.\n","stderrSnippet":"","verdict":"fail","notes":"Verify chain commands"}
{"feature":"python-workspace-analyzer-cli.md","tier":"2b","timestamp":"2026-02-13T21:44:19Z","command":"stella python --help","exitCode":0,"stdoutSnippet":"Description:\n  Work with Python analyzer outputs.\n\nUsage:\n  StellaOps.Cli python [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  inspect  Inspect a local Python workspace or virtual environment.\n","stderrSnippet":"","verdict":"pass","notes":"Verify Python analyzer CLI"}
{"feature":"reachability-aware-security-as-gate.md","tier":"2b","timestamp":"2026-02-13T21:44:35Z","command":"stella gate --help","exitCode":0,"stdoutSnippet":"Description:\n  CI/CD release gate operations\n\nUsage:\n  StellaOps.Cli gate [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  evaluate  Evaluate a CI/CD gate for an image\n  status    Get status of a previous gate evaluation\n  score     Score-based gate evaluation using Evidence Weighted Scoring (EWS) with unified metrics\n","stderrSnippet":"","verdict":"pass","notes":"Verify gate commands"}
{"feature":"reachability-query-api-and-triage-flow.md","tier":"2b","timestamp":"2026-02-13T21:44:40Z","command":"stella reachability --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified reachability analysis operations\n\nUsage:\n  StellaOps.Cli reachability [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  show              Display reachability subgraph\n  export            Export subgraph to visualization format\n  trace             Export reachability traces with runtime evidence\n  explain <digest>  Explain reachability assessment\n  witness <digest>  Generate path witness for vulnerability reachability\n  guards <digest>   List detected security guards\n  graph             Reachability graph operations (from: reachgraph).\n  slice             Reachability slice operations (from: slice).\n  witness-ops       Full witness operations (from: witness).\n","stderrSnippet":"","verdict":"pass","notes":"Verify reachability query"}
{"feature":"rekor-cli-commands-2.md","tier":"2b","timestamp":"2026-02-13T21:44:46Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n  StellaOps.Cli verify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  offline            Verify offline evidence for a specific artifact.\n  image <reference>  Verify attestation chain for a container image\n  bundle             Verify E2E evidence bundle for reproducibility.\n  release <bundle>   Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n  attestation        Verify attestations attached to an OCI artifact\n  vex <artifact>     Verify VEX statements for an artifact\n  patch <artifact>   Verify that security patches are present in binaries\n  sbom <file>        Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify Rekor in verify"}
{"feature":"replay-button-determinism-as-ux.md","tier":"2b","timestamp":"2026-02-13T21:44:51Z","command":"stella replay --help","exitCode":0,"stdoutSnippet":"Description:\n  Replay scans from run manifests and compare verdicts\n\nUsage:\n  StellaOps.Cli replay [command] [options]\n\nOptions:\n  --manifest <manifest> (REQUIRED)  Run manifest JSON file\n  --output <output>                 Output verdict JSON path\n  -v, --verbose                     Enable verbose logging output.\n  -?, -h, --help                    Show help and usage information\n\nCommands:\n  verify    Replay twice and verify determinism\n  diff      Compare two verdict JSON files\n  batch     Replay all manifests in a corpus\n  snapshot  Replay policy evaluation using Knowledge Snapshot (frozen inputs)\n  export    Export replay manifest for CI/CD integration\n","stderrSnippet":"","verdict":"pass","notes":"Verify replay commands"}
{"feature":"replay-command-generator-service.md","tier":"2b","timestamp":"2026-02-13T21:44:57Z","command":"stella prove --help","exitCode":0,"stdoutSnippet":"Description:\n  Generate replay proof for an image verdict\n\nUsage:\n  StellaOps.Cli prove [options]\n\nOptions:\n  -i, --image <image> (REQUIRED)    Image digest (sha256:...) to generate proof for\n  -a, --at <at>                     Point-in-time for snapshot lookup (ISO 8601 format, e.g., 2026-01-05T10:00:00Z)\n  -s, --snapshot <snapshot>         Explicit snapshot ID to use instead of time lookup\n  -b, --bundle <bundle>             Path to local replay bundle directory (offline mode)\n  -o, --output <compact\nfull\njson>  Output format: compact, json, full [default: compact]\n  -v, --verbose                     Enable verbose logging output.\n  -?, -h, --help                    Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify prove command"}
{"feature":"runtime-observations-query-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:02Z","command":"stella observations --help","exitCode":0,"stdoutSnippet":"Description:\n  Runtime observation operations\n\nUsage:\n  StellaOps.Cli observations [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  query  Query historical runtime observations\n","stderrSnippet":"","verdict":"pass","notes":"Verify observations CLI"}
{"feature":"sbom-analytics-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:45:08Z","command":"stella analytics --help","exitCode":0,"stdoutSnippet":"Description:\n  Analytics insights and reporting.\n\nUsage:\n  StellaOps.Cli analytics [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  sbom-lake  SBOM lake analytics queries.\n","stderrSnippet":"","verdict":"pass","notes":"Verify analytics commands"}
{"feature":"sbom-deterministic-generation-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:13Z","command":"stella sbomer --help","exitCode":0,"stdoutSnippet":"Description:\n  SBOM composition: layer fragments, canonical merge, and Merkle verification.\n\nUsage:\n  StellaOps.Cli sbomer [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  layer        Manage SBOM layer fragments.\n  compose      Compose SBOM from layer fragments with canonical ordering.\n  composition  View and verify composition manifests.\n  drift        Detect and explain determinism drift in SBOM composition.\n","stderrSnippet":"","verdict":"pass","notes":"Verify sbomer commands"}
{"feature":"sbom-format-conversion-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:45:19Z","command":"stella sbom --help","exitCode":0,"stdoutSnippet":"Description:\n  Explore and manage Software Bill of Materials (SBOM) documents.\n\nUsage:\n  StellaOps.Cli sbom [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list                                     List SBOMs with filters and pagination.\n  upload                                   Upload an external SBOM for BYOS analysis.\n  show <sbom-id>                           Display detailed SBOM information including components, vulnerabilities, and licenses.\n  compare <base-sbom-id> <target-sbom-id>  Compare two SBOMs to show component, vulnerability, and license differences.\n  export <sbom-id>                         Export an SBOM in SPDX or CycloneDX format.\n  parity-matrix                            Show CLI command coverage and parity matrix.\n","stderrSnippet":"","verdict":"pass","notes":"Verify SBOM format commands"}
{"feature":"scan-reproducibility-verification-flag-2.md","tier":"2b","timestamp":"2026-02-13T21:45:24Z","command":"stella detscore --help","exitCode":0,"stdoutSnippet":"Description:\n  Scanner determinism scoring harness for reproducibility testing.\n\nUsage:\n  StellaOps.Cli detscore [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  run                 Run determinism harness with frozen clock, seeded RNG, and canonical hashes. Exits non-zero if score falls below threshold.\n  report <manifests>  Generate determinism score report from published determinism.json manifests for release notes and air-gap kits.\n","stderrSnippet":"","verdict":"pass","notes":"Verify detscore reproducibility"}
{"feature":"scan-snapshot-compare-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:45:30Z","command":"stella change-trace --help","exitCode":0,"stdoutSnippet":"Description:\n  Build and export change traces between scans\n\nUsage:\n  StellaOps.Cli change-trace [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  build          Build a change trace comparing two scans or binaries\n  export         Export a change trace in various formats\n  verify <file>  Verify a change trace file\n","stderrSnippet":"","verdict":"pass","notes":"Verify change-trace commands"}
{"feature":"stella-admin-cli-command-group.md","tier":"2b","timestamp":"2026-02-13T21:45:36Z","command":"stella admin --help","exitCode":0,"stdoutSnippet":"Description:\n  Administrative operations for platform management\n\nUsage:\n  StellaOps.Cli admin [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  policy       Policy management commands\n  users        User management commands\n  feeds        Advisory feed management commands\n  system       System management commands\n  tenants      Tenant management (from: tenant).\n  audit        Audit log management (from: auditlog).\n  diagnostics  System diagnostics (from: diagnostics).\n","stderrSnippet":"","verdict":"pass","notes":"Verify admin commands"}
{"feature":"symbol-ingestion-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:41Z","command":"stella symbols --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage symbol bundles for air-gapped installations.\n\nUsage:\n  StellaOps.Cli symbols [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  bundle   Build a deterministic symbol bundle.\n  verify   Verify a symbol bundle's integrity and signatures.\n  extract  Extract symbols from a bundle.\n  inspect  Inspect bundle contents without extracting.\n","stderrSnippet":"","verdict":"pass","notes":"Verify symbols commands"}
{"feature":"system-database-migrations-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:46Z","command":"stella system --help","exitCode":0,"stdoutSnippet":"Description:\n  System operations (migrations).\n\nUsage:\n  StellaOps.Cli system [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  migrations-run     Run migrations for the selected module(s).\n  migrations-status  Show migration status for the selected module(s).\n  migrations-verify  Verify migration checksums for the selected module(s).\n","stderrSnippet":"","verdict":"pass","notes":"Verify system commands"}
{"feature":"trust-anchor-management-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:52Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n  Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n  StellaOps.Cli verify [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  offline            Verify offline evidence for a specific artifact.\n  image <reference>  Verify attestation chain for a container image\n  bundle             Verify E2E evidence bundle for reproducibility.\n  release <bundle>   Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n  attestation        Verify attestations attached to an OCI artifact\n  vex <artifact>     Verify VEX statements for an artifact\n  patch <artifact>   Verify that security patches are present in binaries\n  sbom <file>        Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify trust anchor in verify"}
{"feature":"unknowns-export-artifacts.md","tier":"2b","timestamp":"2026-02-13T21:45:58Z","command":"stella unknowns --help","exitCode":0,"stdoutSnippet":"Description:\n  Unknowns registry operations for unmatched vulnerabilities\n\nUsage:\n  StellaOps.Cli unknowns [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list      List unknowns from the registry\n  escalate  Escalate an unknown for immediate attention\n  resolve   Resolve an unknown\n  budget    Unknowns budget operations for CI gates\n  summary   Show unknowns summary by band with counts and fingerprints\n  show      Show detailed unknown info including fingerprint, triggers, and next actions\n  proof     Get evidence proof for an unknown (fingerprint, triggers, evidence refs)\n  export    Export unknowns with fingerprints and triggers for offline analysis\n  triage    Apply manual triage decision to an unknown (grey queue adjudication)\n","stderrSnippet":"","verdict":"pass","notes":"Verify unknowns commands"}
{"feature":"verdict-ladder-ui.md","tier":"2b","timestamp":"2026-02-13T21:46:03Z","command":"stella score --help","exitCode":0,"stdoutSnippet":"Description:\n  Score computation and replay operations\n\nUsage:\n  StellaOps.Cli score [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  replay            Replay a score computation for a scan\n  bundle            Get the proof bundle for a scan\n  verify            Verify a score bundle\n  explain <digest>  Explain the risk score breakdown for a digest\n","stderrSnippet":"","verdict":"pass","notes":"Verify score commands"}
{"feature":"zastava-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:09Z","command":"stella risk-profile --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage risk profile schemas and validation.\n\nUsage:\n  StellaOps.Cli risk-profile [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  validate  Validate a risk profile JSON file against the schema.\n  schema    Display or export the risk profile JSON schema.\n","stderrSnippet":"","verdict":"pass","notes":"Verify risk-profile/zastava commands"}
{"feature":"sdk-management.md","tier":"2b","timestamp":"2026-02-13T21:46:15Z","command":"stella sdk --help","exitCode":0,"stdoutSnippet":"Description:\n  SDK management commands.\n\nUsage:\n  StellaOps.Cli sdk [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  update  Check for SDK updates and fetch latest manifests/changelogs.\n  list    List installed SDK versions.\n","stderrSnippet":"","verdict":"pass","notes":"Verify SDK commands"}
{"feature":"mirror-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:21Z","command":"stella mirror --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage air-gap mirror bundles for offline distribution.\n\nUsage:\n  StellaOps.Cli mirror [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  create  Create an air-gap mirror bundle.\n","stderrSnippet":"","verdict":"pass","notes":"Verify mirror commands"}
{"feature":"airgap-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:27Z","command":"stella airgap --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage air-gapped environment operations.\n\nUsage:\n  StellaOps.Cli airgap [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  import           Import an air-gap mirror bundle into the local data store.\n  seal             Seal the environment for air-gapped operation.\n  export-evidence  Export portable evidence packages for audit and compliance.\n","stderrSnippet":"","verdict":"pass","notes":"Verify airgap commands"}
{"feature":"trust-profile-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:33Z","command":"stella trust-profile --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage trust profiles for offline verification.\n\nUsage:\n  StellaOps.Cli trust-profile [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list                List available trust profiles\n  show <profile-id>   Show trust profile details\n  apply <profile-id>  Apply a trust profile to a local trust store\n","stderrSnippet":"","verdict":"pass","notes":"Verify trust-profile commands"}
{"feature":"devportal-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:39Z","command":"stella devportal --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage DevPortal offline operations.\n\nUsage:\n  StellaOps.Cli devportal [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  verify  Verify integrity of a DevPortal/evidence bundle before import.\n","stderrSnippet":"","verdict":"pass","notes":"Verify devportal commands"}
{"feature":"delta-verdict-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:46Z","command":"stella delta --help","exitCode":0,"stdoutSnippet":"Description:\n  Delta verdict operations\n\nUsage:\n  StellaOps.Cli delta [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  compute  Compute delta between two verdicts\n  check    Check delta against risk budget\n  attach   Prepare OCI attachment metadata for delta verdict\n  verify   Verify delta verdict signature\n  push     Push delta verdict to OCI registry as referrer\n","stderrSnippet":"","verdict":"pass","notes":"Verify delta commands"}
{"feature":"budget-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:52Z","command":"stella budget --help","exitCode":0,"stdoutSnippet":"Description:\n  Risk budget management for release gates\n\nUsage:\n  StellaOps.Cli budget [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  status   Show current risk budget status for a service\n  consume  Manually consume risk budget points\n  check    Check if a release would exceed risk budget\n  history  Show risk budget consumption history\n  list     List all service risk budgets\n","stderrSnippet":"","verdict":"pass","notes":"Verify budget commands"}
{"feature":"watchlist-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:58Z","command":"stella watchlist --help","exitCode":0,"stdoutSnippet":"Description:\n  Identity watchlist management for transparency log monitoring\n\nUsage:\n  StellaOps.Cli watchlist [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  add          Add a new watchlist entry\n  list         List watchlist entries\n  get <id>     Get a specific watchlist entry\n  update <id>  Update an existing watchlist entry\n  remove <id>  Remove a watchlist entry\n  test <id>    Test if a sample identity matches a watchlist entry\n  alerts       List recent watchlist alerts\n","stderrSnippet":"","verdict":"pass","notes":"Verify watchlist commands"}
{"feature":"exception-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:05Z","command":"stella exception --help","exitCode":0,"stdoutSnippet":"Description:\n  Exception approval workflow operations\n\nUsage:\n  StellaOps.Cli exception [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  request  Create a new exception approval request\n  approve  Approve an exception request\n  reject   Reject an exception request\n  list     List exception approval requests\n  status   Get status of an exception request\n","stderrSnippet":"","verdict":"pass","notes":"Verify exception commands"}
{"feature":"exceptions-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:11Z","command":"stella exceptions --help","exitCode":0,"stdoutSnippet":"Description:\n  Exception governance: list, show, create, promote, revoke, import, export.\n\nUsage:\n  StellaOps.Cli exceptions [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  list                    List exceptions with filters.\n  show <exception-id>     Show exception details.\n  create                  Create a new exception.\n  promote <exception-id>  Promote exception to next lifecycle stage.\n  revoke <exception-id>   Revoke an active exception.\n  import <file>           Import exceptions from NDJSON file.\n  export                  Export exceptions to file.\n","stderrSnippet":"","verdict":"pass","notes":"Verify exceptions commands"}
{"feature":"feedser-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:18Z","command":"stella feedser --help","exitCode":0,"stdoutSnippet":"Description:\n  Federation bundle operations for multi-site sync.\n\nUsage:\n  StellaOps.Cli feedser [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  bundle  Federation bundle operations.\n  sites   Federation site management.\n","stderrSnippet":"","verdict":"pass","notes":"Verify feedser commands"}
{"feature":"cvss-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:24Z","command":"stella cvss --help","exitCode":0,"stdoutSnippet":"Description:\n  CVSS v4.0 receipt operations (score, show, history, export).\n\nUsage:\n  StellaOps.Cli cvss [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  score                 Create a CVSS v4 receipt for a vulnerability.\n  show <receipt-id>     Fetch a CVSS receipt by ID.\n  history <receipt-id>  Show receipt amendment history.\n  export <receipt-id>   Export a CVSS receipt to JSON (pdf not yet supported).\n","stderrSnippet":"","verdict":"pass","notes":"Verify CVSS commands"}
{"feature":"risk-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:30Z","command":"stella risk --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage risk profiles, scoring, and bundle verification.\n\nUsage:\n  StellaOps.Cli risk [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  profile   Manage risk profiles.\n  simulate  Simulate risk scoring against an SBOM or asset.\n  results   Get risk evaluation results.\n  bundle    Risk bundle operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify risk commands"}
{"feature":"graph-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:37Z","command":"stella graph --help","exitCode":0,"stdoutSnippet":"Description:\n  Call graph evidence commands.\n\nUsage:\n  StellaOps.Cli graph [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  explain  Explain call graph reachability with signed evidence.\n  lineage  Lineage graph commands.\n  verify   Verify a reachability graph DSSE attestation.\n  bundles  List edge bundles for a graph.\n","stderrSnippet":"","verdict":"pass","notes":"Verify graph commands"}
{"feature":"binary-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:43Z","command":"stella binary --help","exitCode":0,"stdoutSnippet":"Description:\n  Binary reachability analysis operations.\n\nUsage:\n  StellaOps.Cli binary [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  submit                   Submit binary graph for reachability analysis.\n  info <hash>              Display binary graph information.\n  symbols <hash>           List symbols from binary graph.\n  verify                   Verify binary graph attestation.\n  inspect <file>           Inspect binary identity (Build-ID, hashes, architecture).\n  lookup <build-id>        Look up vulnerabilities by Build-ID.\n  fingerprint              Generate or export fingerprint for a binary.\n  callgraph <file>         Extract call graph and compute deterministic digest.\n  ops                      BinaryIndex operations and diagnostics.\n  delta-sig                Binary delta signature operations for patch verification.\n","stderrSnippet":"","verdict":"pass","notes":"Verify binary commands"}
{"feature":"attest-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:49Z","command":"stella attest --help","exitCode":0,"stdoutSnippet":"Description:\n  Verify and inspect DSSE attestations.\n\nUsage:\n  StellaOps.Cli attest [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  sign        Create and sign a DSSE attestation envelope.\n  verify      Verify a DSSE envelope offline against policy and trust roots.\n  list        List attestations from local storage or backend.\n  show        Display details for a specific attestation.\n  fetch       Download attestation envelopes and payloads to disk.\n  key         Manage attestation signing keys.\n  bundle      Build and verify attestation bundles.\n  attach      Attach a DSSE attestation to an OCI artifact\n  oci-list    List attestations attached to an OCI artifact in registry\n  oci-verify  Verify attestations attached to an OCI artifact in registry\n","stderrSnippet":"","verdict":"pass","notes":"Verify attest commands"}
{"feature":"promotion-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:56Z","command":"stella promotion --help","exitCode":0,"stdoutSnippet":"Description:\n  Build and manage promotion attestations.\n\nUsage:\n  StellaOps.Cli promotion [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  assemble <image>    Assemble promotion attestation resolving image digests, hashing SBOM/VEX, and emitting stella.ops/promotion@v1 JSON.\n  attest <predicate>  Sign a promotion predicate and produce a DSSE bundle via Signer or cosign.\n  verify <bundle>     Verify a promotion attestation bundle offline against trusted checkpoints.\n","stderrSnippet":"","verdict":"pass","notes":"Verify promotion commands"}
{"feature":"seal-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:02Z","command":"stella seal --help","exitCode":0,"stdoutSnippet":"Description:\n  Create facet seal for an image. Seals capture the cryptographic state of image facets for drift detection.\n\nUsage:\n  StellaOps.Cli seal <image> [options]\n\nArguments:\n  <image>  Image reference or digest to seal.\n\nOptions:\n  -o, --output <output>  Output file path for seal (default: stdout).\n  --store                Store seal in remote API.\n  --sign                 Sign seal with DSSE.\n  -k, --key <key>        Private key path for signing (default: use configured key).\n  -f, --facets <facets>  Specific facets to seal (default: all). Comma-separated list.\n  --format <format>      Output format: json, yaml, compact. [default: json]\n  -v, --verbose          Enable verbose logging output.\n  -?, -h, --help         Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify seal commands"}
{"feature":"drift-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:09Z","command":"stella drift --help","exitCode":0,"stdoutSnippet":"Description:\n  Analyze facet drift against baseline seal. Compares current image state to sealed baseline.\n\nUsage:\n  StellaOps.Cli drift <image> [options]\n\nArguments:\n  <image>  Image reference or digest to analyze.\n\nOptions:\n  -b, --baseline <baseline>  Baseline seal ID (default: latest for image).\n  --format <format>          Output format: table, json, yaml. [default: table]\n  --verbose-files            Show detailed file changes.\n  --fail-on-breach           Exit with error code if quota breached.\n  -o, --output <output>      Output file path (default: stdout).\n  -v, --verbose              Enable verbose logging output.\n  -?, -h, --help             Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify drift commands"}
{"feature":"verify-fix-command.md","tier":"2b","timestamp":"2026-02-13T21:48:15Z","command":"stella verify-fix --help","exitCode":0,"stdoutSnippet":"Description:\n  Verify that a patch fixes a vulnerability\n\nUsage:\n  StellaOps.Cli verify-fix <vuln-id> [options]\n\nArguments:\n  <vuln-id>  Vulnerability identifier (CVE-YYYY-NNNNN)\n\nOptions:\n  -p, --pre <pre> (REQUIRED)       Pre-patch (vulnerable) binary path\n  -P, --post <post> (REQUIRED)     Post-patch (patched) binary path\n  -g, --golden-set <golden-set>    Path to golden set YAML (auto-resolved from corpus if not specified)\n  --corpus <corpus>                Corpus directory for golden set lookup\n  -o, --output <json\nsarif\ntable>  Output format: table (default), json, sarif [default: table]\n  --attest                         Generate FixChain attestation on successful verification\n  --sbom <sbom>                    Path to SBOM for attestation (required if --attest)\n  -v, --verbose                    Enable verbose logging output.\n  -?, -h, --help                   Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify verify-fix command"}
{"feature":"ts-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:22Z","command":"stella ts --help","exitCode":0,"stdoutSnippet":"Description:\n  RFC-3161 timestamp operations\n\nUsage:\n  StellaOps.Cli ts [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  rfc3161  Request an RFC-3161 timestamp token\n  verify   Verify an RFC-3161 timestamp token\n  info     Display metadata for an RFC-3161 timestamp token\n","stderrSnippet":"","verdict":"pass","notes":"Verify timestamp commands"}
{"feature":"license-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:28Z","command":"stella license --help","exitCode":0,"stdoutSnippet":"Description:\n  License detection and compliance commands\n\nUsage:\n  StellaOps.Cli license [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  detect <path>          Detect licenses in a directory or file\n  categorize <spdx-id>   Show category and obligations for a license\n  validate <expression>  Validate an SPDX license expression\n  extract <file>         Extract license text and copyright from a file\n  summary <path>         Show aggregated license statistics for a directory [default: .]\n","stderrSnippet":"","verdict":"pass","notes":"Verify license commands"}
{"feature":"findings-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:34Z","command":"stella findings --help","exitCode":0,"stdoutSnippet":"Description:\n  Inspect policy findings.\n\nUsage:\n  StellaOps.Cli findings [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  ls                    List effective findings that match the provided filters.\n  get <finding-id>      Retrieve a specific finding.\n  explain <finding-id>  Fetch explain trace for a finding.\n","stderrSnippet":"","verdict":"pass","notes":"Verify findings commands"}
{"feature":"scanner-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:41Z","command":"stella scanner --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage scanner artifacts and lifecycle.\n\nUsage:\n  StellaOps.Cli scanner [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  download  Download the latest scanner bundle.\n  workers   Configure scanner worker settings.\n","stderrSnippet":"","verdict":"pass","notes":"Verify scanner commands"}
{"feature":"ruby-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:48Z","command":"stella ruby --help","exitCode":0,"stdoutSnippet":"Description:\n  Work with Ruby analyzer outputs.\n\nUsage:\n  StellaOps.Cli ruby [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  inspect  Inspect a local Ruby workspace.\n  resolve  Fetch Ruby packages for a completed scan.\n","stderrSnippet":"","verdict":"pass","notes":"Verify ruby commands"}
{"feature":"php-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:54Z","command":"stella php --help","exitCode":0,"stdoutSnippet":"Description:\n  Work with PHP analyzer outputs.\n\nUsage:\n  StellaOps.Cli php [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  inspect  Inspect a local PHP workspace.\n","stderrSnippet":"","verdict":"pass","notes":"Verify PHP commands"}
{"feature":"bun-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:01Z","command":"stella bun --help","exitCode":0,"stdoutSnippet":"Description:\n  Work with Bun analyzer outputs.\n\nUsage:\n  StellaOps.Cli bun [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  inspect  Inspect a local Bun workspace.\n  resolve  Fetch Bun packages for a completed scan.\n","stderrSnippet":"","verdict":"pass","notes":"Verify bun commands"}
{"feature":"sources-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:07Z","command":"stella sources --help","exitCode":0,"stdoutSnippet":"Description:\n  Interact with source ingestion workflows.\n\nUsage:\n  StellaOps.Cli sources [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  ingest             Validate source documents before ingestion.\n  list               List all available advisory sources.\n  check <source>     Check connectivity to advisory sources.\n  enable <sources>   Enable one or more advisory sources.\n  disable <sources>  Disable one or more advisory sources.\n  status             Show current source configuration status.\n","stderrSnippet":"","verdict":"pass","notes":"Verify sources commands"}
{"feature":"aoc-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:13Z","command":"stella aoc --help","exitCode":0,"stdoutSnippet":"Description:\n  Aggregation-Only Contract verification commands.\n\nUsage:\n  StellaOps.Cli aoc [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  verify  Verify stored raw documents against AOC guardrails.\n","stderrSnippet":"","verdict":"pass","notes":"Verify AOC commands"}
{"feature":"task-runner-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:19Z","command":"stella task-runner --help","exitCode":0,"stdoutSnippet":"Description:\n  Interact with Task Runner operations.\n\nUsage:\n  StellaOps.Cli task-runner [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  simulate  Simulate a task pack and inspect the execution graph.\n","stderrSnippet":"","verdict":"pass","notes":"Verify task-runner commands"}
{"feature":"issuer-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:24Z","command":"stella issuer --help","exitCode":0,"stdoutSnippet":"Description:\n  Issuer key management commands.\n\nUsage:\n  StellaOps.Cli issuer [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  keys  Manage issuer keys.\n","stderrSnippet":"","verdict":"pass","notes":"Verify issuer commands"}
{"feature":"decision-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:29Z","command":"stella decision --help","exitCode":0,"stdoutSnippet":"Description:\n  Manage VEX decisions with DSSE signing and Rekor transparency.\n\nUsage:\n  StellaOps.Cli decision [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  export                   Export VEX decisions as OpenVEX documents with optional DSSE signing.\n  verify <file>            Verify DSSE signature and optional Rekor inclusion proof of a VEX decision document.\n  compare <base> <target>  Compare two VEX decision documents and show differences.\n","stderrSnippet":"","verdict":"pass","notes":"Verify decision commands"}
{"feature":"crypto-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:35Z","command":"stella crypto --help","exitCode":0,"stdoutSnippet":"Description:\n  Cryptographic operations (sign, verify, profiles)\n\nUsage:\n  StellaOps.Cli crypto [command] [options]\n\nOptions:\n  -?, -h, --help  Show help and usage information\n\nCommands:\n  sign       Sign artifacts using configured crypto provider\n  verify     Verify signatures using configured crypto provider\n  profiles   Manage crypto profiles\n  plugins    Manage crypto plugins\n  keys       Key management operations (from: sigstore, cosign).\n  encrypt    Encrypt data with a key or certificate.\n  decrypt    Decrypt data with a key or certificate.\n  hash       Compute cryptographic hash of files.\n  providers  List registered crypto providers and keys.\n","stderrSnippet":"","verdict":"pass","notes":"Verify crypto commands"}
{"feature":"doctor-run.md","tier":"2b","timestamp":"2026-02-13T21:49:40Z","command":"stella doctor run --help","exitCode":0,"stdoutSnippet":"Description:\n  Execute diagnostic checks.\n\nUsage:\n  StellaOps.Cli doctor run [options]\n\nOptions:\n  -f, --format <format>      Output format: text (default), json, markdown [default: text]\n  -m, --mode <mode>          Run mode: quick (fast checks only), normal (default), full (all checks including slow ones)\n  -c, --category <category>  Filter checks by category (e.g., Core, Database, Security)\n  -t, --tag <tag>            Filter checks by tag (e.g., quick, connectivity). Can be specified multiple times.\n  --check <check>            Run a specific check by ID (e.g., check.core.disk)\n  -p, --parallel <parallel>  Maximum parallel check executions (default: 4)\n  --timeout <timeout>        Per-check timeout in seconds (default: 30)\n  -o, --output <output>      Write output to file instead of stdout\n  --fail-on-warn             Exit with non-zero code on warnings (default: only fail on errors)\n  -w, --watch                Run in continuous monitoring mode\n  --interval <interval>      Interval in seconds between checks in watch mode (default: 60)\n  -e, --env <env>            Target environment for checks (e.g., dev, staging, prod)\n  -v, --verbose              Enable verbose logging output.\n","stderrSnippet":"","verdict":"pass","notes":"Verify doctor run subcommand"}
{"feature":"config-show.md","tier":"2b","timestamp":"2026-02-13T21:49:46Z","command":"stella config show","exitCode":0,"stdoutSnippet":"Backend URL: <not configured>\nConcelier URL: <not configured>\nAPI Key: <not configured>\nScanner Cache: scanners\nResults Directory: results\nDefault Runner: docker\nAuthority URL: <not configured>\nAuthority Client ID: <not configured>\nAuthority Client Secret: <not configured>\nAuthority Username: <not configured>\nAuthority Password: <not configured>\nAuthority Scope: concelier.jobs.trigger\nAuthority Token Cache: C:\Users\VladimirMoushkov\.stellaops\tokens\n","stderrSnippet":"","verdict":"pass","notes":"Actually run config show"}
{"feature":"version-check.md","tier":"2b","timestamp":"2026-02-13T21:49:52Z","command":"stella --version","exitCode":0,"stdoutSnippet":"1.0.0+9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6\n","stderrSnippet":"","verdict":"pass","notes":"Verify version output"}