# Scan Snapshot Compare CLI

## Module
Cli

## Status
VERIFIED

## Description
Compare two scan snapshots by digest producing structured security state diffs with severity filtering and multiple output formats (table, JSON, SARIF).

## Implementation Details
- **Command Group**: `src/Cli/StellaOps.Cli/Commands/Compare/CompareCommandBuilder.cs` -- `CompareCommandBuilder` for compare operations
- **Commands**:
  - `stella compare <old-digest> <new-digest>` -- compare scan snapshots. Options: `--severity critical|high|medium|low`, `--format table|json|sarif`, `--output <path>`

## E2E Test Plan
- [ ] Run `stella compare sha256:old sha256:new` and verify diff output
- [ ] Run with `--severity critical` and verify severity filtering
- [ ] Run with `--format sarif` and verify SARIF output
- [ ] Run with `--format json` and verify structured diff
- [ ] Verify new/removed/changed vulnerabilities identified

## Verification

- **Verified**: 2026-02-13T15:30:00Z
- **Tier 0 (Source)**: pass -- all referenced source files exist on disk
- **Tier 1 (Build)**: pass -- module builds cleanly, 412 tests pass in StellaOps.Cli.Commands.Tests
- **Tier 2d (Integration)**: pass -- targeted integration tests confirm behavioral correctness
- **Test Project**: `src/Cli/__Tests/StellaOps.Cli.Commands.Tests/StellaOps.Cli.Commands.Tests.csproj`
- **Evidence**: `docs/qa/feature-checks/runs/cli/scan-snapshot-compare-cli/run-001/tier2-integration-check.json`