5a480a3c2a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
Lighthouse CI / Lighthouse Audit (push) Has been cancelled
Lighthouse CI / Axe Accessibility Audit (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Reachability Corpus Validation / validate-corpus (push) Has been cancelled
Reachability Corpus Validation / validate-ground-truths (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Reachability Corpus Validation / determinism-check (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
- Introduced `all-edge-reasons.json` to test edge resolution reasons in .NET. - Added `all-visibility-levels.json` to validate method visibility levels in .NET. - Created `dotnet-aspnetcore-minimal.json` for a minimal ASP.NET Core application. - Included `go-gin-api.json` for a Go Gin API application structure. - Added `java-spring-boot.json` for the Spring PetClinic application in Java. - Introduced `legacy-no-schema.json` for legacy application structure without schema. - Created `node-express-api.json` for an Express.js API application structure.
1.3 KiB
1.3 KiB
stella offline — Command Guide
Overview
The stella offline command group manages air-gap “offline kits” locally, with verification (DSSE + optional Rekor receipt checks), monotonic version gating, and quarantine on validation failures.
Commands
offline import
stella offline import \
--bundle ./bundle-2025-12-14.tar.zst \
--verify-dsse \
--verify-rekor \
--trust-root /evidence/keys/roots/stella-root.pub
Notes
--verify-dssedefaults totrueand requires--trust-root.--force-activaterequires--force-reasonand records a non-monotonic activation override.--dry-runvalidates the kit without activating it.- Uses the configured kits directory (default
offline-kits/) for state (offline-kits/.state/) and quarantine (offline-kits/quarantine/).
offline status
stella offline status --output json
Displays the currently active kit (if any), staleness, and quarantined bundle count.
Exit codes
Offline exit codes are defined in src/Cli/StellaOps.Cli/Commands/OfflineExitCodes.cs (advisory A11), including:
0success1file not found2checksum mismatch5DSSE verification failed6Rekor verification failed8version non-monotonic (not force-activated)11validation failed130cancelled