stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
534aabfa2a8c9264f2479541a5c11e48de7b97fa
git.stella-ops.org/docs/features/checked/cli/cli-verify-command-for-attestation-chain-validation.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.5 KiB
Raw Blame History

CLI Verify Command for Attestation Chain Validation

Module

Cli

Status

VERIFIED

Description

CLI verify commands validate attestation chains for images with determinism testing and golden output verification.

Implementation Details

  • Command Group: src/Cli/StellaOps.Cli/Commands/VerifyCommandGroup.cs -- VerifyCommandGroup for stella verify commands
  • Image Verification: src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyImage.cs -- image verification handlers
  • Bundle Verification: src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyBundle.cs -- bundle verification handlers
  • Offline Verification: src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyOffline.cs -- offline verification handlers
  • Image Attestation Verifier: src/Cli/StellaOps.Cli/Services/ImageAttestationVerifier.cs / IImageAttestationVerifier.cs
  • Tests: src/Cli/__Tests/StellaOps.Cli.Tests/GoldenOutput/VerifyCommandGoldenTests.cs, VerifyCommandGoldenOutputTests.cs, VerifyImageCommandTests.cs, VerifyImageHandlerTests.cs
  • Commands:
    • stella verify attestation <digest> -- verify attestation chain for an artifact
    • stella verify image <image> -- verify image attestations
    • stella verify bundle <path> -- verify evidence bundle integrity
    • stella verify offline <digest> -- offline verification mode
  • Integration tests: src/Cli/__Tests/StellaOps.Cli.Tests/Integration/VerificationConsolidationTests.cs

E2E Test Plan

  • Run stella verify attestation sha256:abc123 and verify attestation chain validated
  • Run stella verify image myregistry/app:v1.0 and verify image attestation check
  • Run stella verify bundle ./evidence-bundle/ and verify bundle integrity
  • Run stella verify offline sha256:abc123 and verify offline verification without network
  • Verify golden output tests pass deterministically
  • Verify exit code 0 for valid chains, non-zero for broken chains
  • Verify --format json provides structured verification results

Verification

  • Verified: 2026-02-13T15:30:00Z
  • Tier 0 (Source): pass -- all referenced source files exist on disk
  • Tier 1 (Build): pass -- module builds cleanly, 412 tests pass in StellaOps.Cli.Commands.Tests
  • Tier 2d (Integration): pass -- targeted integration tests confirm behavioral correctness
  • Test Project: src/Cli/__Tests/StellaOps.Cli.Commands.Tests/StellaOps.Cli.Commands.Tests.csproj
  • Evidence: docs/qa/feature-checks/runs/cli/cli-verify-command-for-attestation-chain-validation/run-001/tier2-integration-check.json