//
// SPDX-License-Identifier: AGPL-3.0-or-later
// Sprint: SPRINT_20260112_014_CLI_config_viewer (CLI-CONFIG-010)
//
namespace StellaOps.Cli.Commands;
///
/// Configuration path catalog entry.
///
public sealed record ConfigCatalogEntry(
string Path,
string SectionName,
string Category,
string Description,
IReadOnlyList Aliases,
string? ApiEndpoint = null);
///
/// Catalog of all StellaOps configuration paths.
/// Derived from SectionName constants across all modules.
///
public static class ConfigCatalog
{
private static readonly List Entries =
[
// Policy module
new("policy.determinization", "Determinization", "Policy",
"Determinization options (entropy thresholds, signal weights, reanalysis triggers)",
["pol.det", "determinization"],
"/api/policy/config/determinization"),
new("policy.exceptions", "Policy:Exceptions:Approval", "Policy",
"Exception approval settings",
["pol.exc", "exceptions"]),
new("policy.exceptions.expiry", "Policy:Exceptions:Expiry", "Policy",
"Exception expiry configuration",
["pol.exc.exp"]),
new("policy.gates", "PolicyGates", "Policy",
"Policy gate configuration",
["pol.gates", "gates"]),
new("policy.engine", "PolicyEngine", "Policy",
"Policy engine core settings",
["pol.engine"]),
new("policy.engine.evidenceweighted", "PolicyEngine:EvidenceWeightedScore", "Policy",
"Evidence-weighted score configuration",
["pol.ews"]),
new("policy.engine.tenancy", "PolicyEngine:Tenancy", "Policy",
"Policy engine tenancy settings",
["pol.tenancy"]),
new("policy.attestation", "PolicyDecisionAttestation", "Policy",
"Policy decision attestation settings",
["pol.attest"]),
new("policy.confidenceweights", "ConfidenceWeights", "Policy",
"Confidence weight configuration",
["pol.cw"]),
new("policy.reachability", "ReachabilitySignals", "Policy",
"Reachability signal settings",
["pol.reach"]),
new("policy.smartdiff", "SmartDiff:Gates", "Policy",
"SmartDiff gate configuration",
["pol.smartdiff"]),
new("policy.toollattice", "ToolLattice", "Policy",
"Tool lattice configuration",
["pol.lattice"]),
new("policy.unknownbudgets", "UnknownBudgets", "Policy",
"Unknown budgets configuration",
["pol.budgets"]),
new("policy.vexsigning", "VexSigning", "Policy",
"VEX signing configuration",
["pol.vexsign"]),
new("policy.gatebypass", "Policy:GateBypassAudit", "Policy",
"Gate bypass audit settings",
["pol.bypass"]),
new("policy.ratelimiting", "RateLimiting", "Policy",
"Rate limiting configuration",
["pol.rate"]),
// Scanner module
new("scanner", "scanner", "Scanner",
"Scanner core configuration",
["scan"]),
new("scanner.epss", "Epss", "Scanner",
"EPSS scoring configuration",
["scan.epss"]),
new("scanner.epss.enrichment", "Epss:Enrichment", "Scanner",
"EPSS enrichment settings",
["scan.epss.enrich"]),
new("scanner.epss.ingest", "Epss:Ingest", "Scanner",
"EPSS ingest configuration",
["scan.epss.ing"]),
new("scanner.epss.signal", "Epss:Signal", "Scanner",
"EPSS signal configuration",
["scan.epss.sig"]),
new("scanner.reachability", "Scanner:ReachabilitySubgraph", "Scanner",
"Reachability subgraph settings",
["scan.reach"]),
new("scanner.reachability.witness", "Scanner:ReachabilityWitness", "Scanner",
"Reachability witness configuration",
["scan.reach.wit"]),
new("scanner.reachability.prgate", "Scanner:Reachability:PrGate", "Scanner",
"PR gate reachability settings",
["scan.reach.pr"]),
new("scanner.analyzers.native", "Scanner:Analyzers:Native", "Scanner",
"Native analyzer configuration",
["scan.native"]),
new("scanner.analyzers.secrets", "Scanner:Analyzers:Secrets", "Scanner",
"Secrets analyzer configuration",
["scan.secrets"]),
new("scanner.analyzers.entrytrace", "Scanner:Analyzers:EntryTrace", "Scanner",
"Entry trace analyzer settings",
["scan.entry"]),
new("scanner.entrytrace.semantic", "Scanner:EntryTrace:Semantic", "Scanner",
"Semantic entry trace configuration",
["scan.entry.sem"]),
new("scanner.funcproof", "Scanner:FuncProof:Generation", "Scanner",
"Function proof generation settings",
["scan.funcproof"]),
new("scanner.funcproof.dsse", "Scanner:FuncProof:Dsse", "Scanner",
"Function proof DSSE configuration",
["scan.funcproof.dsse"]),
new("scanner.funcproof.oci", "Scanner:FuncProof:Oci", "Scanner",
"Function proof OCI settings",
["scan.funcproof.oci"]),
new("scanner.funcproof.transparency", "Scanner:FuncProof:Transparency", "Scanner",
"Function proof transparency log settings",
["scan.funcproof.tlog"]),
new("scanner.idempotency", "Scanner:Idempotency", "Scanner",
"Idempotency configuration",
["scan.idemp"]),
new("scanner.offlinekit", "Scanner:OfflineKit", "Scanner",
"Offline kit configuration",
["scan.offline"]),
new("scanner.proofspine", "scanner:proofSpine:dsse", "Scanner",
"Proof spine DSSE settings",
["scan.spine"]),
new("scanner.worker", "Scanner:Worker", "Scanner",
"Scanner worker configuration",
["scan.worker"]),
new("scanner.worker.nativeanalyzers", "Scanner:Worker:NativeAnalyzers", "Scanner",
"Worker native analyzer settings",
["scan.worker.native"]),
new("scanner.concelier", "scanner:concelier", "Scanner",
"Scanner Concelier integration",
["scan.concel"]),
new("scanner.drift", "DriftAttestation", "Scanner",
"Drift attestation settings",
["scan.drift"]),
new("scanner.validationgate", "ValidationGate", "Scanner",
"Validation gate configuration",
["scan.valgate"]),
new("scanner.vexgate", "VexGate", "Scanner",
"VEX gate configuration",
["scan.vexgate"]),
// Notifier module
new("notifier", "Notifier:Tenant", "Notifier",
"Notifier tenant configuration",
["notify", "notif"]),
new("notifier.channels", "ChannelAdapters", "Notifier",
"Channel adapter configuration",
["notify.chan"]),
new("notifier.inapp", "InAppChannel", "Notifier",
"In-app notification channel settings",
["notify.inapp"]),
new("notifier.ackbridge", "Notifier:AckBridge", "Notifier",
"Acknowledgment bridge configuration",
["notify.ack"]),
new("notifier.correlation", "Notifier:Correlation", "Notifier",
"Correlation settings",
["notify.corr"]),
new("notifier.digest", "Notifier:Digest", "Notifier",
"Digest notification settings",
["notify.digest"]),
new("notifier.digestschedule", "Notifier:DigestSchedule", "Notifier",
"Digest schedule configuration",
["notify.digest.sched"]),
new("notifier.fallback", "Notifier:Fallback", "Notifier",
"Fallback channel configuration",
["notify.fallback"]),
new("notifier.incidentmanager", "Notifier:IncidentManager", "Notifier",
"Incident manager settings",
["notify.incident"]),
new("notifier.integrations.opsgenie", "Notifier:Integrations:OpsGenie", "Notifier",
"OpsGenie integration settings",
["notify.opsgenie"]),
new("notifier.integrations.pagerduty", "Notifier:Integrations:PagerDuty", "Notifier",
"PagerDuty integration settings",
["notify.pagerduty"]),
new("notifier.localization", "Notifier:Localization", "Notifier",
"Localization settings",
["notify.l10n"]),
new("notifier.quiethours", "Notifier:QuietHours", "Notifier",
"Quiet hours configuration",
["notify.quiet"]),
new("notifier.stormbreaker", "Notifier:StormBreaker", "Notifier",
"Storm breaker settings",
["notify.storm"]),
new("notifier.throttler", "Notifier:Throttler", "Notifier",
"Throttler configuration",
["notify.throttle"]),
new("notifier.template", "TemplateRenderer", "Notifier",
"Template renderer settings",
["notify.template"]),
// Concelier module
new("concelier.cache", "Concelier:Cache", "Concelier",
"Concelier cache configuration",
["concel.cache"]),
new("concelier.epss", "Concelier:Epss", "Concelier",
"Concelier EPSS settings",
["concel.epss"]),
new("concelier.interest", "Concelier:Interest", "Concelier",
"Interest tracking configuration",
["concel.interest"]),
new("concelier.federation", "Federation", "Concelier",
"Federation settings",
["concel.fed"]),
// Attestor module
new("attestor.binarydiff", "Attestor:BinaryDiff", "Attestor",
"Binary diff attestation settings",
["attest.bindiff"]),
new("attestor.graphroot", "Attestor:GraphRoot", "Attestor",
"Graph root attestation configuration",
["attest.graph"]),
new("attestor.rekor", "Attestor:Rekor", "Attestor",
"Rekor transparency log settings",
["attest.rekor"]),
// BinaryIndex module
new("binaryindex.builders", "BinaryIndex:Builders", "BinaryIndex",
"Binary index builder configuration",
["binidx.build"]),
new("binaryindex.funcextraction", "BinaryIndex:FunctionExtraction", "BinaryIndex",
"Function extraction settings",
["binidx.func"]),
new("binaryindex.goldenset", "BinaryIndex:GoldenSet", "BinaryIndex",
"Golden set configuration",
["binidx.golden"]),
new("binaryindex.bsim", "BSim", "BinaryIndex",
"BSim configuration",
["binidx.bsim"]),
new("binaryindex.disassembly", "Disassembly", "BinaryIndex",
"Disassembly settings",
["binidx.disasm"]),
new("binaryindex.ghidra", "Ghidra", "BinaryIndex",
"Ghidra configuration",
["binidx.ghidra"]),
new("binaryindex.ghidriff", "Ghidriff", "BinaryIndex",
"Ghidriff settings",
["binidx.ghidriff"]),
new("binaryindex.resolution", "Resolution", "BinaryIndex",
"Resolution configuration",
["binidx.res"]),
// Signals module
new("signals", "Signals", "Signals",
"Signals core configuration",
["sig"]),
new("signals.evidencenorm", "EvidenceNormalization", "Signals",
"Evidence normalization settings",
["sig.evnorm"]),
new("signals.evidenceweighted", "EvidenceWeightedScore", "Signals",
"Evidence-weighted score settings",
["sig.ews"]),
new("signals.retention", "Signals:Retention", "Signals",
"Signal retention configuration",
["sig.ret"]),
new("signals.unknownsdecay", "Signals:UnknownsDecay", "Signals",
"Unknowns decay settings",
["sig.decay"]),
new("signals.unknownsrescan", "Signals:UnknownsRescan", "Signals",
"Unknowns rescan configuration",
["sig.rescan"]),
new("signals.unknownsscoring", "Signals:UnknownsScoring", "Signals",
"Unknowns scoring settings",
["sig.scoring"]),
// Signer module
new("signer.keyless", "Signer:Keyless", "Signer",
"Keyless signing configuration",
["sign.keyless"]),
new("signer.sigstore", "Sigstore", "Signer",
"Sigstore configuration",
["sign.sigstore"]),
// AdvisoryAI module
new("advisoryai.chat", "AdvisoryAI:Chat", "AdvisoryAI",
"Chat configuration",
["ai.chat"]),
new("advisoryai.inference", "AdvisoryAI:Inference:Offline", "AdvisoryAI",
"Offline inference settings",
["ai.inference"]),
new("advisoryai.llmproviders", "AdvisoryAI:LlmProviders", "AdvisoryAI",
"LLM provider configuration",
["ai.llm"]),
new("advisoryai.ratelimits", "AdvisoryAI:RateLimits", "AdvisoryAI",
"Rate limits for AI features",
["ai.rate"]),
// AirGap module
new("airgap.bundlesigning", "AirGap:BundleSigning", "AirGap",
"Bundle signing configuration",
["air.sign"]),
new("airgap.quarantine", "AirGap:Quarantine", "AirGap",
"Quarantine settings",
["air.quar"]),
// Excititor module
new("excititor.autovex", "AutoVex:Downgrade", "Excititor",
"Auto VEX downgrade settings",
["exc.autovex"]),
new("excititor.airgap", "Excititor:Airgap", "Excititor",
"Excititor airgap configuration",
["exc.airgap"]),
new("excititor.evidence", "Excititor:Evidence:Linking", "Excititor",
"Evidence linking settings",
["exc.evidence"]),
new("excititor.mirror", "Excititor:Mirror", "Excititor",
"Mirror configuration",
["exc.mirror"]),
new("excititor.vexverify", "VexSignatureVerification", "Excititor",
"VEX signature verification settings",
["exc.vexverify"]),
// ExportCenter module
new("exportcenter", "ExportCenter", "ExportCenter",
"Export center core configuration",
["export"]),
new("exportcenter.trivy", "ExportCenter:Adapters:Trivy", "ExportCenter",
"Trivy adapter settings",
["export.trivy"]),
new("exportcenter.oci", "ExportCenter:Distribution:Oci", "ExportCenter",
"OCI distribution configuration",
["export.oci"]),
new("exportcenter.encryption", "ExportCenter:Encryption", "ExportCenter",
"Encryption settings",
["export.encrypt"]),
// Orchestrator module
new("orchestrator", "Orchestrator", "Orchestrator",
"Orchestrator core configuration",
["orch"]),
new("orchestrator.firstsignal", "FirstSignal", "Orchestrator",
"First signal configuration",
["orch.first"]),
new("orchestrator.incidentmode", "Orchestrator:IncidentMode", "Orchestrator",
"Incident mode settings",
["orch.incident"]),
new("orchestrator.stream", "Orchestrator:Stream", "Orchestrator",
"Stream processing configuration",
["orch.stream"]),
// Scheduler module
new("scheduler.hlc", "Scheduler:HlcOrdering", "Scheduler",
"HLC ordering configuration",
["sched.hlc"]),
// VexLens module
new("vexlens", "VexLens", "VexLens",
"VexLens core configuration",
["lens"]),
new("vexlens.noisegate", "VexLens:NoiseGate", "VexLens",
"Noise gate configuration",
["lens.noise"]),
// Zastava module
new("zastava.agent", "zastava:agent", "Zastava",
"Zastava agent configuration",
["zast.agent"]),
new("zastava.observer", "zastava:observer", "Zastava",
"Observer configuration",
["zast.obs"]),
new("zastava.runtime", "zastava:runtime", "Zastava",
"Runtime configuration",
["zast.runtime"]),
new("zastava.webhook", "zastava:webhook", "Zastava",
"Webhook configuration",
["zast.webhook"]),
// Platform module
new("platform", "Platform", "Platform",
"Platform core configuration",
["plat"]),
// Authority module
new("authority", "Authority", "Authority",
"Authority core configuration",
["auth"]),
new("authority.plugins", "Authority:Plugins", "Authority",
"Authority plugins configuration",
["auth.plugins"]),
new("authority.passwordpolicy", "Authority:PasswordPolicy", "Authority",
"Password policy configuration",
["auth.password"]),
// Setup prefixes
new("setup.database", "database", "Setup",
"Database connection settings",
["db"]),
new("setup.cache", "cache", "Setup",
"Cache configuration",
["cache"]),
new("setup.registry", "registry", "Setup",
"Registry configuration",
["reg"])
];
///
/// Gets all catalog entries.
///
public static IReadOnlyList GetAll() => Entries;
///
/// Finds a catalog entry by path or alias.
///
public static ConfigCatalogEntry? Find(string pathOrAlias)
{
var normalized = pathOrAlias.Replace(':', '.').ToLowerInvariant();
return Entries.FirstOrDefault(e =>
e.Path.Equals(normalized, StringComparison.OrdinalIgnoreCase) ||
e.Aliases.Any(a => a.Equals(normalized, StringComparison.OrdinalIgnoreCase)));
}
///
/// Gets all categories.
///
public static IReadOnlyList GetCategories() =>
Entries.Select(e => e.Category).Distinct().OrderBy(c => c).ToList();
}