stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
6bee1fdcf58fe6c2fd8dae6201f5f71eb504710f
git.stella-ops.org/docs/modules/cli/guides/parity-matrix.md
StellaOps Bot 6bee1fdcf5
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
work
2025-11-25 08:01:23 +02:00

2.3 KiB
Raw Blame History

stella CLI — Parity Matrix

Use this matrix to verify that CLI surfaces match the corresponding service APIs, schemas, and offline behaviours. Every row must stay deterministic and aggregation-only.

Area Server/API CLI command(s) Output contract Offline support Notes
Policy eval/simulate Policy Engine /policy/eval /policy/simulate stella policy eval, stella policy simulate Stable JSON/NDJSON; includes correlationId, policyVersion, rationaleIds Must run with cached bundles when --offline No verdict inference beyond engine response.
VEX consensus VexLens /vex/consensus stella vex consensus Deterministic pagination; weights/issuers/rationale echoed Cached consensus snapshots permitted Uses aggregation-only contract.
Vulnerability list/detail Vuln Explorer /vuln stella vuln list, stella vuln get Sorted by vulnId; includes provenance pointers; no missing fields inferred Must respect --offline using cached snapshots
Export/mirror bundles Export Service /export/* stella export mirror, stella export verify Emits manifest + checksums; verification errors are deterministic Yes (air-gap bundles) All paths must be relative and normalized.
Air-gap import/export AirGap /airgap/* stella airgap import, stella airgap export Returns sealed bundle IDs, provenance hashes Yes; network calls forbidden when --offline or sealed mode
Task Runner TaskRunner /runs stella task-runner run, stella task-runner logs Monotonic log stream; stable ordering by sequence Local/log-only when offline; remote requires connectivity
Attestations Attestor /attest/* stella attest verify, stella attest list Verification results include DSSE status, signature details; no risk scoring Yes, using cached trust roots/bundles
SBOM Scanner /sbom/* stella sbom generate, stella sbom compose Emits SPDX/CycloneDX + hashes; preserves ordering Yes; reads local images/files when offline

Validation checklist:

  • Commands echo correlation/trace IDs on errors (verbose mode) to match server logs.
  • Exit codes follow the contract in output-and-exit-codes.md.
  • When a server feature is unavailable offline, the CLI must fail with exit code 5 and an actionable message.