stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
7943cfb3afd97bd90c578d5e8138315a4c1a7ff8
git.stella-ops.org/docs/modules/cli/guides/commands/db.md
master 7943cfb3af chore(docs+devops): cross-module doc sync + sprint archival moves + compose updates 
Bundled pre-session doc + ops work:
- docs/modules/**: sync across advisory-ai, airgap, cli, excititor,
  export-center, findings-ledger, notifier, notify, platform, router,
  sbom-service, ui, web (architectural + operational updates)
- docs/features/**: updates to checked excititor vex pipeline,
  developer workspace, quick verify drawer
- docs top-level: README, quickstart, API_CLI_REFERENCE, UI_GUIDE,
  code-of-conduct/TESTING_PRACTICES updates
- docs/qa/feature-checks/: FLOW.md + excititor state update
- docs/implplan/: remaining sprint updates + new Concelier source
  credentials sprint (SPRINT_20260422_003)
- docs-archived/implplan/: 30 sprint archival moves (ElkSharp series,
  misc completed sprints)
- devops/compose: .env + services compose + env example + router gateway
  config updates

File-level granularity preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 16:06:39 +03:00

3.2 KiB
Raw Blame History

stella db - Command Guide

The stella db command group triggers Concelier database operations via backend jobs and advisory-source management APIs.

These commands are operational: they typically require Authority authentication and appropriate Concelier scopes.

Commands

db connectors configure

Inspect or update persisted advisory source configuration.

stella db connectors configure ghsa --server https://concelier.example.internal

stella db connectors configure ghsa \
  --server https://concelier.example.internal \
  --set apiToken=github_pat_xxx

stella db connectors configure cisco \
  --server https://concelier.example.internal \
  --set clientId=... \
  --set clientSecret=...

stella db connectors configure microsoft \
  --server https://concelier.example.internal \
  --set tenantId=... \
  --set clientId=... \
  --set clientSecret=...

stella db connectors configure oracle \
  --server https://concelier.example.internal \
  --set calendarUris=https://www.oracle.com/security-alerts/,https://mirror.example.internal/oracle/

stella db connectors configure adobe \
  --server https://concelier.example.internal \
  --set indexUri=https://mirror.example.internal/adobe/security-bulletin.html

stella db connectors configure chromium \
  --server https://concelier.example.internal \
  --set feedUri=https://mirror.example.internal/chromium/atom.xml

Options:

  • --set key=value: set a field value. Repeat for multiple fields.
  • --clear <field>: clear a stored field. Repeat for multiple fields.
  • --server: Concelier API base URL.
  • --tenant, -t: tenant override.
  • --format, -f: text or json.

Notes:

  • Sensitive fields are returned as retained or not-set markers, not plaintext values.
  • Multi-value URI fields accept comma-, semicolon-, or newline-separated absolute URIs.
  • The current CLI path sends literal values on the command line. Use the Web UI path if command-history exposure is unacceptable for a secret.

db fetch

Trigger a connector stage (fetch, parse, or map) for a given source.

stella db fetch --source osv --stage fetch
stella db fetch --source osv --stage parse
stella db fetch --source osv --stage map

Options:

  • --source (required): connector identifier such as osv, redhat, ghsa, or cisco
  • --stage (optional): fetch, parse, or map (defaults to fetch)
  • --mode (optional): connector-specific mode such as init, resume, or cursor

db merge

Run canonical merge reconciliation.

stella db merge

db export

Run Concelier export jobs.

stella db export --format json
stella db export --format trivy-db --delta

Options:

  • --format (optional): json or trivy-db
  • --delta (optional): request a delta export when supported
  • --publish-full or --publish-delta (optional): override publish behavior
  • --bundle-full or --bundle-delta (optional): override offline bundle behavior

Common setup

Point the CLI at the Concelier base URL:

export STELLAOPS_BACKEND_URL="https://concelier.example.internal"

Authenticate:

stella auth login

See docs/CONCELIER_CLI_QUICKSTART.md and docs/modules/concelier/operations/authority-audit-runbook.md.