stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5593212b414864ab213082c8945a267451b99901
git.stella-ops.org/docs/features/unchecked/cli/function-map-cli.md

1.5 KiB
Raw Blame History

Function Map CLI

Module

Cli

Status

IMPLEMENTED

Description

Runtime linkage verification workflow: generate function_map predicates from SBOMs defining expected runtime call paths and hot functions, then verify actual runtime observations against the map with DSSE signing and Rekor attestation.

Implementation Details

  • Command Group: src/Cli/StellaOps.Cli/Commands/FunctionMap/FunctionMapCommandGroup.cs -- FunctionMapCommandGroup
  • Commands:
    • stella function-map generate <sbom> -- generate function_map predicate from SBOM
    • stella function-map verify <map> --observations <file> -- verify runtime observations against function map
    • stella function-map sign <map> -- DSSE-sign the function map
    • stella function-map attest <map> -- submit function map to Rekor
  • Proof Commands: src/Cli/StellaOps.Cli/Commands/Proof/FuncProofCommandGroup.cs -- function proof generation
  • Proof Handlers: src/Cli/StellaOps.Cli/Commands/Proof/FuncProofCommandHandlers.cs -- function proof handlers

E2E Test Plan

  • Run stella function-map generate ./sbom.json and verify function_map predicate generated
  • Run stella function-map verify ./map.json --observations ./runtime.json and verify verification results
  • Verify mismatch detection when runtime observations differ from expected map
  • Run stella function-map sign ./map.json and verify DSSE signing
  • Run stella function-map attest ./map.json and verify Rekor submission
  • Verify --format json output