44171930ff
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
- Introduced `ui_bench_driver.mjs` to read scenarios and fixture manifest, generating a deterministic run plan. - Created `ui_bench_plan.md` outlining the purpose, scope, and next steps for the benchmark. - Added `ui_bench_scenarios.json` containing various scenarios for graph UI interactions. - Implemented tests for CLI commands, ensuring bundle verification and telemetry defaults. - Developed schemas for orchestrator components, including replay manifests and event envelopes. - Added mock API for risk management, including listing and statistics functionalities. - Implemented models for risk profiles and query options to support the new API.
895 B
895 B
CLI Install & Update Integrity (v1) — 2025-12-01
Requirements
- Checksums: Every release publishes
stellaops-cli-$version.tar.zstwithSHA256SUMS+ detached.sig. - Verification:
stella installandstella self-updateruncosign verifyby default against pinned public key fingerprint;--skip-verifyprohibited. - Offline: Provide
install-offline.shthat reads from kit directory with checksum + signature checks only; no network fetches. - Buildx plugin: pin image digest (see
cli-spec-v1.yaml); rollback command included in help.
Failure modes
- Missing checksum/signature → command fails with exit code 21 and structured error.
- Digest mismatch → command fails with exit code 22; log path to offending file.
Artifacts
- Public key fingerprints recorded in
cli-spec-v1.yaml. - Example verify script to be bundled in release kit:
scripts/cli/verify-install.sh.