# Triage CLI Reference **Sprint:** SPRINT_3600_0001_0001 **Task:** TRI-MASTER-0008 - Update CLI documentation with offline commands ## Overview The Triage CLI provides commands for vulnerability triage, decision management, and offline workflows. It supports evidence-based decision making and audit-ready replay tokens. ## Commands ### stellaops triage list List findings for triage. ```bash stellaops triage list [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--scan-id ` | Filter by scan ID | - | | `--status ` | Filter: `untriaged`, `affected`, `not_affected`, `wont_fix`, `false_positive` | all | | `--priority-min ` | Minimum priority (0-1) | 0 | | `--priority-max ` | Maximum priority (0-1) | 1 | | `--sort ` | Sort: `priority`, `vuln`, `component`, `created` | `priority` | | `--format ` | Output: `table`, `json`, `csv` | `table` | | `--limit ` | Max results | 50 | | `--workspace ` | Offline workspace | - | #### Examples ```bash # List untriaged high-priority findings stellaops triage list \ --scan-id scan-12345678 \ --status untriaged \ --priority-min 0.7 # Export for review stellaops triage list \ --scan-id scan-12345678 \ --format json > findings.json ``` ### stellaops triage show Show finding details with evidence. ```bash stellaops triage show [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--show-evidence` | Include full evidence | `false` | | `--evidence-first` | Lead with evidence summary | `false` | | `--show-history` | Show decision history | `false` | | `--format ` | Output: `text`, `json`, `yaml` | `text` | | `--workspace ` | Offline workspace | - | #### Example ```bash # Show with evidence stellaops triage show CVE-2024-1234 \ --show-evidence \ --evidence-first # Output: # ═══════════════════════════════════════════ # CVE-2024-1234 · pkg:npm/lodash@4.17.20 # ═══════════════════════════════════════════ # # EVIDENCE # ──────── # Reachability: TAINTED_SINK (tier 3/3) # └─ api.js:42 → utils.js:15 → lodash/merge # # Call Stack: # 1. api.js:42 handleUserInput() # 2. utils.js:15 processData() # 3. lodash:merge # # VEX: No statement # EPSS: 0.67 (High) # KEV: No # # VULNERABILITY # ───────────── # CVE-2024-1234: Prototype Pollution in lodash # CVSS: 7.5 (High) # CWE: CWE-1321 # # STATUS: untriaged ``` ### stellaops triage decide Record a triage decision. ```bash stellaops triage decide [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--status ` | Required: `affected`, `not_affected`, `wont_fix`, `false_positive` | - | | `--justification ` | Decision justification | - | | `--reviewer ` | Reviewer identifier | current user | | `--vex-emit` | Emit VEX statement | `false` | | `--workspace ` | Offline workspace | - | #### Examples ```bash # Mark as not affected stellaops triage decide CVE-2024-1234 \ --status not_affected \ --justification "Feature gated, unreachable in production" # Mark affected and emit VEX stellaops triage decide CVE-2024-5678 \ --status affected \ --justification "In use, remediation planned" \ --vex-emit ``` ### stellaops triage batch Interactive batch triage mode. ```bash stellaops triage batch [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--scan-id ` | Scan to triage | - | | `--query ` | Filter expression | - | | `--input ` | Offline bundle | - | | `--workspace ` | Offline workspace | - | #### Keyboard Shortcuts | Key | Action | |-----|--------| | `j` / `↓` | Next finding | | `k` / `↑` | Previous finding | | `a` | Mark affected | | `n` | Mark not affected | | `w` | Mark won't fix | | `f` | Mark false positive | | `e` | Show full evidence | | `g` | Show graph context | | `u` | Undo last decision | | `/` | Search findings | | `?` | Show help | | `q` | Save and quit | #### Example ```bash # Interactive triage stellaops triage batch \ --scan-id scan-12345678 \ --query "priority>=0.5" ``` ### stellaops triage export Export findings for offline triage. ```bash stellaops triage export [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--scan-id ` | Scan to export | required | | `--findings ` | Specific finding IDs (comma-separated) | - | | `--all-findings` | Export all findings | `false` | | `--include-evidence` | Include evidence data | `true` | | `--include-graph` | Include dependency graph | `true` | | `--output ` | Output path (.stella.bundle.tgz) | required | | `--sign` | Sign the bundle | `true` | #### Example ```bash # Export specific findings stellaops triage export \ --scan-id scan-12345678 \ --findings CVE-2024-1234,CVE-2024-5678 \ --output triage-bundle.stella.bundle.tgz ``` ### stellaops triage import Import offline bundle for triage. ```bash stellaops triage import [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--input ` | Bundle path | required | | `--workspace ` | Target workspace | `~/.stellaops/triage` | | `--verify` | Verify signature | `true` | | `--public-key ` | Public key for verification | - | ### stellaops triage export-decisions Export decisions for sync. ```bash stellaops triage export-decisions [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--workspace ` | Workspace path | required | | `--output ` | Output path | required | | `--format ` | Format: `json`, `ndjson` | `json` | | `--sign` | Sign output | `true` | ### stellaops triage import-decisions Import and apply decisions. ```bash stellaops triage import-decisions [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--input ` | Decisions file | required | | `--verify` | Verify signatures | `true` | | `--apply` | Apply to server | `false` | | `--dry-run` | Preview only | `false` | | `--conflict-mode ` | Conflict handling: `keep-local`, `keep-server`, `newest`, `review` | `review` | ### stellaops triage verify-bundle Verify bundle integrity. ```bash stellaops triage verify-bundle [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--input ` | Bundle path | required | | `--public-key ` | Public key | required | | `--strict` | Fail on warnings | `false` | ### stellaops triage show-token Display replay token details. ```bash stellaops triage show-token ``` ### stellaops triage verify-token Verify replay token. ```bash stellaops triage verify-token [OPTIONS] ``` #### Options | Option | Description | Default | |--------|-------------|---------| | `--public-key ` | Public key | required | ## Exit Codes | Code | Meaning | |------|---------| | 0 | Success | | 1 | Findings require attention | | 10 | Invalid arguments | | 11 | Resource not found | | 20 | Verification failed | | 21 | Signature invalid | | 30 | Conflict detected | | 99 | Internal error | ## Environment Variables | Variable | Description | |----------|-------------| | `STELLAOPS_OFFLINE` | Enable offline mode | | `STELLAOPS_TRIAGE_WORKSPACE` | Default workspace | | `STELLAOPS_REVIEWER` | Default reviewer name | ## Related Documentation - [Triage Air-Gap Workflows](../airgap/triage-airgap-workflows.md) - [Keyboard Shortcuts](./keyboard-shortcuts.md) - [Triage API Reference](../api/triage-api.md)