# CLI Vulnerability Workflow Commands

## Module
Cli

## Status
IMPLEMENTED

## Description
Complete vulnerability triage CLI commands (`stella vuln list/show/assign/comment/accept-risk/verify-fix/target-fix/reopen/simulate/export/bundle verify`) enabling full vulnerability lifecycle management from the command line.

## Implementation Details
- **Command Handlers**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.cs` -- vulnerability workflow handlers
- **Watchlist Commands**: `src/Cli/StellaOps.Cli/Commands/WatchlistCommandGroup.cs` -- `WatchlistCommandGroup` with `Watchlist/` subdirectory
- **CVSS Client**: `src/Cli/StellaOps.Cli/Services/CvssClient.cs` / `ICvssClient.cs` -- CVSS scoring client
- **Tests**: `src/Cli/__Tests/StellaOps.Cli.Tests/Commands/WatchlistCommandGoldenTests.cs`
- **Commands**:
  - `stella vuln list` -- list vulnerabilities with filtering. Options: `--severity`, `--status`, `--limit`
  - `stella vuln show <cve>` -- show vulnerability details
  - `stella vuln assign <cve> --to <user>` -- assign for triage
  - `stella vuln comment <cve> --message <text>` -- add triage comment
  - `stella vuln accept-risk <cve> --reason <text>` -- accept risk with justification
  - `stella vuln verify-fix <cve>` -- verify fix applied
  - `stella vuln target-fix <cve> --version <ver>` -- set target fix version
  - `stella vuln reopen <cve>` -- reopen a closed vulnerability
  - `stella vuln simulate <cve>` -- simulate policy impact
  - `stella vuln export` -- export vulnerability data
  - `stella vuln bundle verify <path>` -- verify vulnerability bundle

## E2E Test Plan
- [ ] Run `stella vuln list --severity critical` and verify filtered vulnerability listing
- [ ] Run `stella vuln show CVE-2024-1234` and verify detailed vulnerability info
- [ ] Run `stella vuln assign CVE-2024-1234 --to admin` and verify assignment
- [ ] Run `stella vuln comment CVE-2024-1234 --message "Investigating"` and verify comment added
- [ ] Run `stella vuln accept-risk CVE-2024-1234 --reason "Mitigated by WAF"` and verify risk acceptance
- [ ] Run `stella vuln verify-fix CVE-2024-1234` and verify fix verification
- [ ] Run `stella vuln export --format json` and verify JSON export
- [ ] Verify full lifecycle: assign -> comment -> target-fix -> verify-fix