# CLI Replay Prep — PREP-CLI-REPLAY-187-002 (Draft)

Status: Draft (2025-11-20)
Owners: DevEx/CLI Guild
Scope: Define inputs/outputs and offline behaviour needed for CLI replay commands (`scan --record`, `verify`, `replay`, `diff`).

## Command surface (proposed)
- `stella scan --record <image>` → emits replay record NDJSON to stdout or `--out bundle.ndjson`.
- `stella replay --bundle <bundle.ndjson>` → re-run verification offline; accepts `--policy-bundle` to pin policy version.
- `stella diff --bundle <a> --bundle <b>` → compare findings/signals with deterministic ordering; output NDJSON.
- `stella verify --bundle <bundle.ndjson>` → signature/hash verification of replay bundle.

## Inputs
- Replay record schema v1 from Evidence Locker (see `docs/modules/evidence-locker/replay-payload-contract.md`).
- Policy export bundle contract (see `docs/modules/policy/design/export-console-bundle-contract.md`) for policy pinning.

## Outputs
- Deterministic NDJSON; file names content-addressed (`sha256` of payload).
- Exit codes: 0 success, 2 validation error, 3 signature mismatch.

## Offline/air-gap considerations
- No network fetch; all references resolve to local bundle paths.
- Trust roots loaded from CLI config or `--trust-root` file; DSSE verification optional flag `--no-verify` default false.

## Open decisions
- Exact flag names for trust root and policy bundle; align with CLI UX guidelines.
- Where to persist cache/metadata (if any) in offline mode.

## Handoff
Treat this as the prep artefact for PREP-CLI-REPLAY-187-002. Update once replay record schema is finalized.