stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
223843f1d1296ed7bf11f505c5e506dcf4d041c6
git.stella-ops.org/docs/modules/cli/guides/commands/aoc.md
StellaOps Bot deb82b4f03 docs consolidation work
2025-12-25 10:54:10 +02:00

2.7 KiB
Raw Blame History

stella aoc — Command Guide

Audience: DevOps engineers, compliance teams, and CI authors working with AOC verification. Scope: Commands for verifying Aggregation-Only Contract compliance.

Commands

  • stella aoc verify --since <ref> --postgres <conn> [options]

1. stella aoc verify

Synopsis

stella aoc verify \
  --since <git-sha|timestamp> \
  --postgres <connection-string> \
  [--output <path>] \
  [--ndjson <path>] \
  [--tenant <id>] \
  [--dry-run] \
  [--verbose]

Description

Verifies AOC compliance by comparing git history against database records. Detects violations where data was modified or deleted in violation of the append-only contract.

Options

Option Description
--since, -s Git commit SHA or ISO timestamp to verify from (required)
--postgres, -p PostgreSQL connection string (required)
--output, -o Path for JSON output report
--ndjson, -n Path for NDJSON output (one violation per line)
--tenant, -t Filter by tenant ID
--dry-run Validate configuration without querying database
--verbose, -v Enable verbose output

Exit Codes

Code Meaning
0 Verification passed - no violations
1 Violations detected
2 Configuration or connection error

Examples

Daily verification:

stella aoc verify \
  --since 24h \
  --postgres "Host=localhost;Database=stellaops;Username=verifier;Password=..."

CI pipeline verification from last commit:

stella aoc verify \
  --since ${{ github.event.before }} \
  --postgres "$POSTGRES_CONN" \
  --output artifacts/aoc-verify.json

Tenant-scoped verification:

stella aoc verify \
  --since 2025-01-01T00:00:00Z \
  --postgres "$POSTGRES_CONN" \
  --tenant acme-corp \
  --ndjson violations.ndjson

Offline/Air-Gap Notes

  • Connect to local PostgreSQL instances included in Offline Kit deployments.
  • Use --output to generate reports for transfer to connected environments.
  • Verification is read-only and does not modify any data.

Migration from stella-aoc

The standalone stella-aoc CLI is deprecated and will be removed on 2025-07-01.

Old Command New Command
stella-aoc verify ... stella aoc verify ...

See the CLI Consolidation Migration Guide for details.

Related Documentation

Last updated: 2025-12-23 (Sprint 5100).