stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
822a92faeebbceea6fa005b7eddb7572a8b29b41
git.stella-ops.org/docs-archived/qa/feature-checks/runs/cli/run-20260213-deep-e2e/raw-results.jsonl

148 lines
117 KiB
JSON
Raw Blame History

{"feature":"cli-command-router-infrastructure.md","tier":"2b","timestamp":"2026-02-13T21:34:49Z","command":"stella --help","exitCode":0,"stdoutSnippet":"Description:\n StellaOps command-line interface\n\nUsage:\n StellaOps.Cli [command] [options]\n\nOptions:\n -v, --verbose Enable verbose logging output.\n -t, --tenant <tenant> Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n -?, -h, --help Show help and usage information\n --version Show version information\n\nCommands:\n scanner Manage scanner artifacts and lifecycle.\n scan Execute scanners and manage scan outputs.\n image OCI image operations\n ruby Work with Ruby analyzer outputs.\n php Work with PHP analyzer outputs.\n python Work with Python analyzer outputs.\n bun Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify all command groups listed in help"}
{"feature":"cli-help-text-and-discoverability.md","tier":"2b","timestamp":"2026-02-13T21:34:55Z","command":"stella scan --help","exitCode":0,"stdoutSnippet":"Description:\n Execute scanners and manage scan outputs.\n\nUsage:\n StellaOps.Cli scan [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n entrytrace Show entry trace summary for a scan.\n sarif Export scan results in SARIF 2.1.0 format for CI/CD integration.\n replay Replay a scan with explicit hashes for deterministic verdict reproduction.\n gate-policy VEX gate policy operations\n gate-results Get VEX gate results for a scan\n layers <scan-id> List layers in a scan with SBOM information\n layer-sbom <scan-id> Get per-layer SBOM for a specific layer\n recipe <scan-id> Get or verify SBOM composition recipe\n diff Compare binaries between two images using section hashes.\n \n","stderrSnippet":"","verdict":"pass","notes":"Verify scan help text shows subcommands"}
{"feature":"cli-help-text-and-discoverability-policy.md","tier":"2b","timestamp":"2026-02-13T21:35:01Z","command":"stella policy --help","exitCode":0,"stdoutSnippet":"Description:\n Interact with Policy Engine operations.\n\nUsage:\n StellaOps.Cli policy [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n simulate <policy-id> Simulate a policy revision against selected SBOMs and environment.\n activate <policy-id> Activate an approved policy revision.\n lint <file> Validate a policy DSL file locally without contacting the backend.\n edit <file> Open a policy DSL file in $EDITOR, validate, and optionally commit with SemVer metadata.\n test <file> Run coverage test fixtures against a policy DSL file.\n new <name> Create a new policy file from a template.\n history <policy-id> View policy run history.\n explain Show explanation tree for a policy decision.\n init <path> Initialize a policy workspace directory.\n compile <file> Compile a policy DSL file to IR.\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy help text shows subcommands"}
{"feature":"resource-oriented-cli-hierarchy.md","tier":"2b","timestamp":"2026-02-13T21:35:07Z","command":"stella --help","exitCode":0,"stdoutSnippet":"Description:\n StellaOps command-line interface\n\nUsage:\n StellaOps.Cli [command] [options]\n\nOptions:\n -v, --verbose Enable verbose logging output.\n -t, --tenant <tenant> Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n -?, -h, --help Show help and usage information\n --version Show version information\n\nCommands:\n scanner Manage scanner artifacts and lifecycle.\n scan Execute scanners and manage scan outputs.\n image OCI image operations\n ruby Work with Ruby analyzer outputs.\n php Work with PHP analyzer outputs.\n python Work with Python analyzer outputs.\n bun Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify resource-oriented hierarchy in root help"}
{"feature":"cli-config-command-hub.md","tier":"2b","timestamp":"2026-02-13T21:35:14Z","command":"stella config --help","exitCode":0,"stdoutSnippet":"Description:\n Manage Stella Ops configuration and settings.\n\nUsage:\n StellaOps.Cli config [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n show Display resolved configuration values.\n list List all available configuration paths.\n notify Notification channel and template settings.\n integrations Integration configuration and testing.\n feeds Feed source configuration and status.\n registry Container registry configuration.\n sources Advisory source configuration and management.\n signals Runtime signal configuration and inspection.\n","stderrSnippet":"","verdict":"pass","notes":"Verify config command hub subcommands"}
{"feature":"settings-consolidation-under-stella-config.md","tier":"2b","timestamp":"2026-02-13T21:35:20Z","command":"stella config show --help","exitCode":0,"stdoutSnippet":"Description:\n Display resolved configuration values.\n\nUsage:\n StellaOps.Cli config show [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify config show command exists"}
{"feature":"setup-wizard-cli.md","tier":"2b","timestamp":"2026-02-13T21:35:26Z","command":"stella setup --help","exitCode":0,"stdoutSnippet":"Description:\n Interactive setup wizard for StellaOps components.\n\nUsage:\n StellaOps.Cli setup [command] [options]\n\nOptions:\n -c, --config <config> Path to YAML configuration file for automated setup.\n -y, --non-interactive Run in non-interactive mode using defaults or config file values.\n -?, -h, --help Show help and usage information\n\nCommands:\n run Run the setup wizard from the beginning or continue from last checkpoint.\n resume Resume an interrupted setup from the last checkpoint.\n status Show current setup status and completed steps.\n reset Reset setup state for specific steps or all steps.\n validate Validate setup configuration without running setup.\n","stderrSnippet":"","verdict":"pass","notes":"Verify setup wizard subcommands"}
{"feature":"backward-compatible-command-aliases.md","tier":"2b","timestamp":"2026-02-13T21:35:33Z","command":"stella function-map --help","exitCode":0,"stdoutSnippet":"Description:\n Runtime linkage function map operations\n\nUsage:\n StellaOps.Cli function-map [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n generate Generate a function_map predicate from SBOM\n verify Verify runtime observations against a function_map\n","stderrSnippet":"","verdict":"pass","notes":"Test function-map alias"}
{"feature":"cli-deprecation-warning-system.md","tier":"2b","timestamp":"2026-02-13T21:35:39Z","command":"stella fmap --help","exitCode":0,"stdoutSnippet":"Description:\n Runtime linkage function map operations\n\nUsage:\n StellaOps.Cli function-map [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n generate Generate a function_map predicate from SBOM\n verify Verify runtime observations against a function_map\n","stderrSnippet":"","verdict":"pass","notes":"Test fmap alias"}
{"feature":"cli-plugin-module-loading-architecture.md","tier":"2b","timestamp":"2026-02-13T21:35:46Z","command":"stella -v --help","exitCode":0,"stdoutSnippet":"Description:\n StellaOps command-line interface\n\nUsage:\n StellaOps.Cli [command] [options]\n\nOptions:\n -v, --verbose Enable verbose logging output.\n -t, --tenant <tenant> Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n -?, -h, --help Show help and usage information\n --version Show version information\n\nCommands:\n scanner Manage scanner artifacts and lifecycle.\n scan Execute scanners and manage scan outputs.\n image OCI image operations\n ruby Work with Ruby analyzer outputs.\n php Work with PHP analyzer outputs.\n python Work with Python analyzer outputs.\n bun Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify plugin loading in verbose mode"}
{"feature":"cli-with-plugin-based-command-modules.md","tier":"2b","timestamp":"2026-02-13T21:35:52Z","command":"stella --help","exitCode":0,"stdoutSnippet":"Description:\n StellaOps command-line interface\n\nUsage:\n StellaOps.Cli [command] [options]\n\nOptions:\n -v, --verbose Enable verbose logging output.\n -t, --tenant <tenant> Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n -?, -h, --help Show help and usage information\n --version Show version information\n\nCommands:\n scanner Manage scanner artifacts and lifecycle.\n scan Execute scanners and manage scan outputs.\n image OCI image operations\n ruby Work with Ruby analyzer outputs.\n php Work with PHP analyzer outputs.\n python Work with Python analyzer outputs.\n bun Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify plugin-based command loading"}
{"feature":"tenant-context-management-cli.md","tier":"2b","timestamp":"2026-02-13T21:35:58Z","command":"stella tenants --help","exitCode":0,"stdoutSnippet":"Description:\n Manage tenant contexts (CLI-TEN-47-001).\n\nUsage:\n StellaOps.Cli tenants [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List available tenants for the authenticated principal.\n use <tenant-id> Set the active tenant context for subsequent commands.\n current Show the currently active tenant context.\n clear Clear the active tenant context (use default or require --tenant).\n","stderrSnippet":"","verdict":"pass","notes":"Verify tenant management commands"}
{"feature":"token-minting-and-delegation-cli.md","tier":"2b","timestamp":"2026-02-13T21:36:05Z","command":"stella auth --help","exitCode":0,"stdoutSnippet":"Description:\n Manage authentication with StellaOps Authority.\n\nUsage:\n StellaOps.Cli auth [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n login Acquire and cache access tokens using the configured credentials.\n logout Remove cached tokens for the current credentials.\n status Display cached token status.\n whoami Display cached token claims (subject, scopes, expiry).\n revoke Manage revocation exports.\n token Service account token operations (CLI-TEN-49-001).\n","stderrSnippet":"","verdict":"pass","notes":"Verify auth commands"}
{"feature":"auth-revocation-bundle-export-verify-cli.md","tier":"2b","timestamp":"2026-02-13T21:36:11Z","command":"stella auth --help","exitCode":0,"stdoutSnippet":"Description:\n Manage authentication with StellaOps Authority.\n\nUsage:\n StellaOps.Cli auth [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n login Acquire and cache access tokens using the configured credentials.\n logout Remove cached tokens for the current credentials.\n status Display cached token status.\n whoami Display cached token claims (subject, scopes, expiry).\n revoke Manage revocation exports.\n token Service account token operations (CLI-TEN-49-001).\n","stderrSnippet":"","verdict":"pass","notes":"Verify auth revocation commands"}
{"feature":"cli-parity.md","tier":"2b","timestamp":"2026-02-13T21:36:17Z","command":"stella --help","exitCode":0,"stdoutSnippet":"Description:\n StellaOps command-line interface\n\nUsage:\n StellaOps.Cli [command] [options]\n\nOptions:\n -v, --verbose Enable verbose logging output.\n -t, --tenant <tenant> Tenant context for the operation. Overrides profile and STELLAOPS_TENANT environment variable.\n -?, -h, --help Show help and usage information\n --version Show version information\n\nCommands:\n scanner Manage scanner artifacts and lifecycle.\n scan Execute scanners and manage scan outputs.\n image OCI image operations\n ruby Work with Ruby analyzer outputs.\n php Work with PHP analyzer outputs.\n python Work with Python analyzer outputs.\n bun Work with Bun analyzer outputs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify comprehensive command set"}
{"feature":"baseline-selection-logic.md","tier":"2b","timestamp":"2026-02-13T21:36:24Z","command":"stella scan --help","exitCode":0,"stdoutSnippet":"Description:\n Execute scanners and manage scan outputs.\n\nUsage:\n StellaOps.Cli scan [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n entrytrace Show entry trace summary for a scan.\n sarif Export scan results in SARIF 2.1.0 format for CI/CD integration.\n replay Replay a scan with explicit hashes for deterministic verdict reproduction.\n gate-policy VEX gate policy operations\n gate-results Get VEX gate results for a scan\n layers <scan-id> List layers in a scan with SBOM information\n layer-sbom <scan-id> Get per-layer SBOM for a specific layer\n recipe <scan-id> Get or verify SBOM composition recipe\n diff Compare binaries between two images using section hashes.\n \n","stderrSnippet":"","verdict":"pass","notes":"Verify baseline-related scan subcommands"}
{"feature":"cli-scan-command-consolidation.md","tier":"2b","timestamp":"2026-02-13T21:36:30Z","command":"stella scan --help","exitCode":0,"stdoutSnippet":"Description:\n Execute scanners and manage scan outputs.\n\nUsage:\n StellaOps.Cli scan [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n entrytrace Show entry trace summary for a scan.\n sarif Export scan results in SARIF 2.1.0 format for CI/CD integration.\n replay Replay a scan with explicit hashes for deterministic verdict reproduction.\n gate-policy VEX gate policy operations\n gate-results Get VEX gate results for a scan\n layers <scan-id> List layers in a scan with SBOM information\n layer-sbom <scan-id> Get per-layer SBOM for a specific layer\n recipe <scan-id> Get or verify SBOM composition recipe\n diff Compare binaries between two images using section hashes.\n \n","stderrSnippet":"","verdict":"pass","notes":"Verify consolidated scan subcommands"}
{"feature":"scan-reproducibility-verification-flag.md","tier":"2b","timestamp":"2026-02-13T21:36:36Z","command":"stella scan replay --help","exitCode":0,"stdoutSnippet":"Description:\n Replay a scan with explicit hashes for deterministic verdict reproduction.\n\nUsage:\n StellaOps.Cli scan replay [options]\n\nOptions:\n --artifact <artifact> (REQUIRED) Artifact digest (sha256:...) to replay.\n --manifest <manifest> (REQUIRED) Run manifest hash for configuration.\n --feeds <feeds> (REQUIRED) Feed snapshot hash.\n --policy <policy> (REQUIRED) Policy ruleset hash.\n --snapshot <snapshot> Knowledge snapshot ID for offline replay.\n --offline Run in offline/air-gapped mode. Requires all inputs to be locally available.\n --verify-inputs Verify all input hashes before starting replay.\n -o, --output <output> Output file path for verdict JSON (defaults to stdout).\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify scan replay/reproducibility"}
{"feature":"scan-snapshot-compare-cli.md","tier":"2b","timestamp":"2026-02-13T21:36:43Z","command":"stella scan diff --help","exitCode":0,"stdoutSnippet":"Description:\n Compare binaries between two images using section hashes.\n \n Examples:\n stella scan diff --base image1 --target image2\n stella scan diff --base docker://repo/app:1.0.0 --target docker://repo/app:1.0.1 --mode=elf\n stella scan diff --base image1 --target image2 --emit-dsse=./attestations --signing-key=signing-key.pem\n stella scan diff --base image1 --target image2 --format=json > diff.json\n stella scan diff --base image1 --target image2 --platform=linux/amd64\n\nUsage:\n StellaOps.Cli scan diff [options]\n\nOptions:\n -b, --base <base> (REQUIRED) Base image reference (tag or @digest)\n -t, --target <target> (REQUIRED) Target image reference (tag or @digest)\n -m, --mode <auto\nelf\npe> Analysis mode: elf, pe, auto (default: auto) [default: auto]\n -d, --emit-dsse <emit-dsse> Directory for DSSE attestation output\n --signing-key <signing-key> Path to ECDSA private key (PEM) for DSSE signing\n -f, --format <json\nsummary\ntable> Output format: table, json, summary (default: table) [default: table]\n","stderrSnippet":"","verdict":"pass","notes":"Verify scan diff/compare"}
{"feature":"scan-entry-trace-analysis-cli.md","tier":"2b","timestamp":"2026-02-13T21:36:49Z","command":"stella scan entrytrace --help","exitCode":0,"stdoutSnippet":"Description:\n Show entry trace summary for a scan.\n\nUsage:\n StellaOps.Cli scan entrytrace [options]\n\nOptions:\n --scan-id <scan-id> (REQUIRED) Scan identifier.\n --include-ndjson Include raw NDJSON output.\n --semantic Include semantic entrypoint analysis (intent, capabilities, threats).\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify scan entrytrace"}
{"feature":"delta-scan-cli-command.md","tier":"2b","timestamp":"2026-02-13T21:36:55Z","command":"stella scan delta --help","exitCode":1,"stdoutSnippet":"Description:\n Perform delta scanning between two image versions.\n \n Scans only changed layers for efficiency, reducing scan time and CVE churn.\n \n Examples:\n stella scan delta --old myapp:1.0 --new myapp:1.1\n stella scan delta --old registry.io/app:v1 --new registry.io/app:v2 --format=json\n stella scan delta --old image:1.0@sha256:abc --new image:1.1@sha256:def --output=evidence.json\n stella scan delta --old base:3.18 --new base:3.19 --platform=linux/amd64 --sign --rekor\n\nUsage:\n StellaOps.Cli scan delta [options]\n\nUnhandled exception: System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown.\n at System.CommandLine.Help.HelpBuilderExtensions.GetParameters(Symbol symbol)+MoveNext()\n at System.CommandLine.Help.HelpBuilderExtensions.GetParameters(Symbol symbol)+MoveNext()\n at System.CommandLine.Help.HelpBuilder.Default.GetIdentifierSymbolUsageLabel(Symbol symbol, ICollection`1 aliasSet)\n at System.CommandLine.Help.HelpBuilder.Default.GetOptionUsageLabel(Option symbol)\n at System.CommandLine.Help.HelpBuilder.<>c__DisplayClass21_0.<GetTwoColumnRow>g__GetOptionOrCommandRow\n0()\n","stderrSnippet":"Unhandled exception: System.OutOfMemoryException: Exception of type 'System.OutOfMemoryException' was thrown.\n","verdict":"fail","notes":"Verify scan delta"}
{"feature":"cli-policy-lifecycle-commands.md","tier":"2b","timestamp":"2026-02-13T21:37:09Z","command":"stella policy --help","exitCode":0,"stdoutSnippet":"Description:\n Interact with Policy Engine operations.\n\nUsage:\n StellaOps.Cli policy [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n simulate <policy-id> Simulate a policy revision against selected SBOMs and environment.\n activate <policy-id> Activate an approved policy revision.\n lint <file> Validate a policy DSL file locally without contacting the backend.\n edit <file> Open a policy DSL file in $EDITOR, validate, and optionally commit with SemVer metadata.\n test <file> Run coverage test fixtures against a policy DSL file.\n new <name> Create a new policy file from a template.\n history <policy-id> View policy run history.\n explain Show explanation tree for a policy decision.\n init <path> Initialize a policy workspace directory.\n compile <file> Compile a policy DSL file to IR.\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy lifecycle subcommands"}
{"feature":"policy-dsl-compiler-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:16Z","command":"stella policy compile --help","exitCode":0,"stdoutSnippet":"Description:\n Compile a policy DSL file to IR.\n\nUsage:\n StellaOps.Cli policy compile <file> [options]\n\nArguments:\n <file> Path to the policy DSL file to compile.\n\nOptions:\n -o, --output <output> Output path for the compiled IR file.\n --no-ir Skip IR file generation (validation only).\n --no-digest Skip SHA-256 digest output.\n --optimize Enable optimization passes on the IR.\n --strict Treat warnings as errors.\n -f, --format <format> Output format: table (default), json.\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy compile"}
{"feature":"policy-dsl-testing-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:22Z","command":"stella policy test --help","exitCode":0,"stdoutSnippet":"Description:\n Run coverage test fixtures against a policy DSL file.\n\nUsage:\n StellaOps.Cli policy test <file> [options]\n\nArguments:\n <file> Path to the policy DSL file to test.\n\nOptions:\n -d, --fixtures <fixtures> Path to fixtures directory (defaults to tests/policy/<policy-name>/cases).\n --filter <filter> Run only fixtures matching this pattern.\n -f, --format <format> Output format: table (default), json.\n -o, --output <output> Write test results to the specified file.\n --fail-fast Stop on first test failure.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy test"}
{"feature":"policy-history-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:28Z","command":"stella policy history --help","exitCode":0,"stdoutSnippet":"Description:\n View policy run history.\n\nUsage:\n StellaOps.Cli policy history <policy-id> [options]\n\nArguments:\n <policy-id> Policy identifier (e.g. P-7).\n\nOptions:\n --tenant <tenant> Filter by tenant.\n --from <from> Filter runs from this timestamp (ISO-8601).\n --to <to> Filter runs to this timestamp (ISO-8601).\n --status <status> Filter by run status (completed, failed, running).\n -l, --limit <limit> Maximum number of runs to return.\n --cursor <cursor> Pagination cursor for next page.\n -f, --format <format> Output format: table (default), json.\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy history"}
{"feature":"policy-publish-and-sign-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:35Z","command":"stella policy publish --help","exitCode":0,"stdoutSnippet":"Description:\n Publish an approved policy revision.\n\nUsage:\n StellaOps.Cli policy publish <policy-id> [options]\n\nArguments:\n <policy-id> Policy identifier.\n\nOptions:\n --version <version> (REQUIRED) Version to publish.\n --sign Sign the policy during publish.\n --algorithm <algorithm> Signature algorithm (e.g. ecdsa-sha256, ed25519).\n --key-id <key-id> Key identifier for signing.\n --note <note> Publish note.\n --tenant <tenant> Tenant context.\n --json Output as JSON.\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy publish"}
{"feature":"policy-review-workflow-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:41Z","command":"stella policy review --help","exitCode":0,"stdoutSnippet":"Description:\n Manage policy reviews.\n\nUsage:\n StellaOps.Cli policy review [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n status <policy-id> Get current review status.\n comment <policy-id> Add a review comment.\n approve <policy-id> Approve a policy review.\n reject <policy-id> Reject a policy review.\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy review"}
{"feature":"policy-rollback-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:47Z","command":"stella policy rollback --help","exitCode":0,"stdoutSnippet":"Description:\n Rollback a policy to a previous version.\n\nUsage:\n StellaOps.Cli policy rollback <policy-id> [options]\n\nArguments:\n <policy-id> Policy identifier.\n\nOptions:\n --target-version <target-version> Target version to rollback to. Defaults to previous version.\n --env <env> Environment scope for rollback.\n --reason <reason> Reason for rollback.\n --incident <incident> Associated incident ID.\n --tenant <tenant> Tenant context.\n --json Output as JSON.\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy rollback"}
{"feature":"policy-scaffolding-cli.md","tier":"2b","timestamp":"2026-02-13T21:37:54Z","command":"stella policy new --help","exitCode":0,"stdoutSnippet":"Description:\n Create a new policy file from a template.\n\nUsage:\n StellaOps.Cli policy new <name> [options]\n\nArguments:\n <name> Name for the new policy (e.g. 'my-org-policy').\n\nOptions:\n -t, --template <template> Template to use: minimal (default), baseline, vex-precedence, reachability, secret-leak, full.\n -o, --output <output> Output path for the policy file. Defaults to ./<name>.stella\n -d, --description <description> Policy description for metadata block.\n --tag <tag> Policy tag for metadata block (repeatable).\n --shadow Enable shadow mode in settings (default: true).\n --fixtures Create test fixtures directory alongside the policy file.\n --git-init Initialize a Git repository in the output directory.\n -f, --format <format> Output format: table (default), json.\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy new/scaffold"}
{"feature":"policy-simulation-batch-mode-with-sbom-selectors.md","tier":"2b","timestamp":"2026-02-13T21:38:00Z","command":"stella policy simulate --help","exitCode":0,"stdoutSnippet":"Description:\n Simulate a policy revision against selected SBOMs and environment.\n\nUsage:\n StellaOps.Cli policy simulate <policy-id> [options]\n\nArguments:\n <policy-id> Policy identifier (e.g. P-7).\n\nOptions:\n --base <base> Base policy version for diff calculations.\n --candidate <candidate> Candidate policy version. Defaults to latest approved.\n --sbom <sbom> SBOM identifier to include (repeatable).\n --env <env> Environment override (key=value, repeatable).\n --format <format> Output format: table, json, or markdown.\n --output <output> Write output to the specified file.\n --explain Request explain traces for diffed findings.\n --fail-on-diff Exit with code 20 when findings are added or removed.\n --with-exception <with-exception> Include exception ID in simulation (repeatable). Shows what-if the exception were applied.\n --without-exception <without-exception> Exclude exception ID from simulation (repeatable). Shows what-if the exception were removed.\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy simulate"}
{"feature":"policy-simulation-reachability-overrides.md","tier":"2b","timestamp":"2026-02-13T21:38:06Z","command":"stella policy simulate --help","exitCode":0,"stdoutSnippet":"Description:\n Simulate a policy revision against selected SBOMs and environment.\n\nUsage:\n StellaOps.Cli policy simulate <policy-id> [options]\n\nArguments:\n <policy-id> Policy identifier (e.g. P-7).\n\nOptions:\n --base <base> Base policy version for diff calculations.\n --candidate <candidate> Candidate policy version. Defaults to latest approved.\n --sbom <sbom> SBOM identifier to include (repeatable).\n --env <env> Environment override (key=value, repeatable).\n --format <format> Output format: table, json, or markdown.\n --output <output> Write output to the specified file.\n --explain Request explain traces for diffed findings.\n --fail-on-diff Exit with code 20 when findings are added or removed.\n --with-exception <with-exception> Include exception ID in simulation (repeatable). Shows what-if the exception were applied.\n --without-exception <without-exception> Exclude exception ID from simulation (repeatable). Shows what-if the exception were removed.\n","stderrSnippet":"","verdict":"pass","notes":"Verify reachability overrides in simulate"}
{"feature":"policy-version-bump-cli.md","tier":"2b","timestamp":"2026-02-13T21:38:13Z","command":"stella policy version --help","exitCode":0,"stdoutSnippet":"Description:\n Manage policy versions.\n\nUsage:\n StellaOps.Cli policy version [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n bump <policy-id> Bump the policy version (patch, minor, major).\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy version"}
{"feature":"policy-workspace-initialization-cli.md","tier":"2b","timestamp":"2026-02-13T21:38:19Z","command":"stella policy init --help","exitCode":0,"stdoutSnippet":"Description:\n Initialize a policy workspace directory.\n\nUsage:\n StellaOps.Cli policy init [<path>] [options]\n\nArguments:\n <path> Directory path for the workspace (defaults to current directory).\n\nOptions:\n -n, --name <name> Policy name (defaults to directory name).\n -t, --template <template> Template to use: minimal (default), baseline, vex-precedence, reachability, secret-leak, full.\n --no-git Skip Git repository initialization.\n --no-readme Skip README.md creation.\n --no-fixtures Skip test fixtures directory creation.\n -f, --format <format> Output format: table (default), json.\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy init"}
{"feature":"vex-gated-policy-decisions.md","tier":"2b","timestamp":"2026-02-13T21:38:25Z","command":"stella scan gate-policy --help","exitCode":0,"stdoutSnippet":"Description:\n VEX gate policy operations\n\nUsage:\n StellaOps.Cli scan gate-policy [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n show Display current VEX gate policy\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX gated policy"}
{"feature":"evidence-pack-download-and-verification.md","tier":"2b","timestamp":"2026-02-13T21:38:31Z","command":"stella evidence --help","exitCode":0,"stdoutSnippet":"Description:\n Unified evidence operations for audits, proofs, and offline verification\n\nUsage:\n StellaOps.Cli evidence [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n export <bundle-id> Export evidence bundle for offline audits\n verify <path> Verify an exported evidence bundle\n store Store timestamp evidence alongside an attestation\n status <export-id> Check status of an async export job\n card Single-file evidence card export and verification\n reindex Re-index evidence bundles after schema or algorithm changes\n verify-continuity Verify chain-of-custody after evidence reindex or upgrade\n migrate Migrate evidence schema between versions\n holds Evidence retention holds.\n audit Audit trail operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify evidence commands"}
{"feature":"cli-verify-command-for-attestation-chain-validation.md","tier":"2b","timestamp":"2026-02-13T21:38:37Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n StellaOps.Cli verify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n offline Verify offline evidence for a specific artifact.\n image <reference> Verify attestation chain for a container image\n bundle Verify E2E evidence bundle for reproducibility.\n release <bundle> Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n attestation Verify attestations attached to an OCI artifact\n vex <artifact> Verify VEX statements for an artifact\n patch <artifact> Verify that security patches are present in binaries\n sbom <file> Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify unified verify command"}
{"feature":"vex-generation-with-evidence-links.md","tier":"2b","timestamp":"2026-02-13T21:38:43Z","command":"stella vex --help","exitCode":0,"stdoutSnippet":"Description:\n Manage VEX (Vulnerability Exploitability eXchange) consensus data.\n\nUsage:\n StellaOps.Cli vex [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n consensus Explore VEX consensus decisions.\n simulate Simulate VEX consensus with trust/threshold overrides to preview changes.\n export Export VEX consensus data as NDJSON bundle with optional signature.\n obs Query VEX observations (Link-Not-Merge architecture).\n explain <vulnerability-id> Explain a VEX decision with full reachability evidence and verification status.\n gen Generate VEX statements from drift analysis.\n gate-scan VEX gate scan operations (from: vexgatescan).\n verdict Verdict verification and inspection (from: stella verdict).\n unknowns Unknowns registry operations (from: stella unknowns).\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX commands"}
{"feature":"sbom-format-conversion-cli.md","tier":"2b","timestamp":"2026-02-13T21:38:50Z","command":"stella sbom --help","exitCode":0,"stdoutSnippet":"Description:\n Explore and manage Software Bill of Materials (SBOM) documents.\n\nUsage:\n StellaOps.Cli sbom [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List SBOMs with filters and pagination.\n upload Upload an external SBOM for BYOS analysis.\n show <sbom-id> Display detailed SBOM information including components, vulnerabilities, and licenses.\n compare <base-sbom-id> <target-sbom-id> Compare two SBOMs to show component, vulnerability, and license differences.\n export <sbom-id> Export an SBOM in SPDX or CycloneDX format.\n parity-matrix Show CLI command coverage and parity matrix.\n","stderrSnippet":"","verdict":"pass","notes":"Verify SBOM commands"}
{"feature":"proof-of-exposure-export-verify-cli.md","tier":"2b","timestamp":"2026-02-13T21:38:56Z","command":"stella proof --help","exitCode":0,"stdoutSnippet":"Description:\n Proof chain verification and operations\n\nUsage:\n StellaOps.Cli proof [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n verify Verify an attestation bundle's proof chain\n spine Proof spine operations\n","stderrSnippet":"","verdict":"pass","notes":"Verify proof commands"}
{"feature":"rekor-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:39:03Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n StellaOps.Cli verify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n offline Verify offline evidence for a specific artifact.\n image <reference> Verify attestation chain for a container image\n bundle Verify E2E evidence bundle for reproducibility.\n release <bundle> Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n attestation Verify attestations attached to an OCI artifact\n vex <artifact> Verify VEX statements for an artifact\n patch <artifact> Verify that security patches are present in binaries\n sbom <file> Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify Rekor-related commands"}
{"feature":"witness-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:39:10Z","command":"stella witness --help","exitCode":0,"stdoutSnippet":"Description:\n Binary micro-witness operations for patch verification.\n\nUsage:\n StellaOps.Cli witness [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n generate <binary> Generate a micro-witness for binary patch verification.\n verify <witness> Verify a binary micro-witness signature and Rekor proof.\n bundle <witness> Export a self-contained verification bundle for air-gapped audits.\n","stderrSnippet":"","verdict":"pass","notes":"Verify witness commands"}
{"feature":"cli-offline-offline-poe-verification.md","tier":"2b","timestamp":"2026-02-13T21:39:16Z","command":"stella offline --help","exitCode":0,"stdoutSnippet":"Description:\n Air-gap and offline kit operations.\n\nUsage:\n StellaOps.Cli offline [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n import Import an offline kit with verification.\n status Display current offline kit status.\n","stderrSnippet":"","verdict":"pass","notes":"Verify offline commands"}
{"feature":"cli-forensic-snapshot-commands.md","tier":"2b","timestamp":"2026-02-13T21:39:22Z","command":"stella forensic --help","exitCode":0,"stdoutSnippet":"Description:\n Manage forensic snapshots and evidence locker operations.\n\nUsage:\n StellaOps.Cli forensic [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n snapshot Create a forensic snapshot for evidence preservation.\n list List forensic snapshots.\n show <snapshot-id> Show forensic snapshot details including manifest digests.\n verify <bundle> Verify forensic bundle integrity, signatures, and chain-of-custody.\n attest Attestation operations for forensic artifacts.\n","stderrSnippet":"","verdict":"pass","notes":"Verify forensic commands"}
{"feature":"evidence-legal-holds-cli.md","tier":"2b","timestamp":"2026-02-13T21:39:28Z","command":"stella forensic --help","exitCode":0,"stdoutSnippet":"Description:\n Manage forensic snapshots and evidence locker operations.\n\nUsage:\n StellaOps.Cli forensic [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n snapshot Create a forensic snapshot for evidence preservation.\n list List forensic snapshots.\n show <snapshot-id> Show forensic snapshot details including manifest digests.\n verify <bundle> Verify forensic bundle integrity, signatures, and chain-of-custody.\n attest Attestation operations for forensic artifacts.\n","stderrSnippet":"","verdict":"pass","notes":"Verify evidence legal holds"}
{"feature":"evidence-card-and-remediation-pr-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:39:35Z","command":"stella evidence --help","exitCode":0,"stdoutSnippet":"Description:\n Unified evidence operations for audits, proofs, and offline verification\n\nUsage:\n StellaOps.Cli evidence [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n export <bundle-id> Export evidence bundle for offline audits\n verify <path> Verify an exported evidence bundle\n store Store timestamp evidence alongside an attestation\n status <export-id> Check status of an async export job\n card Single-file evidence card export and verification\n reindex Re-index evidence bundles after schema or algorithm changes\n verify-continuity Verify chain-of-custody after evidence reindex or upgrade\n migrate Migrate evidence schema between versions\n holds Evidence retention holds.\n audit Audit trail operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify evidence card commands"}
{"feature":"cli-and-web-ui-for-proof-inspection.md","tier":"2b","timestamp":"2026-02-13T21:39:41Z","command":"stella proof --help","exitCode":0,"stdoutSnippet":"Description:\n Proof chain verification and operations\n\nUsage:\n StellaOps.Cli proof [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n verify Verify an attestation bundle's proof chain\n spine Proof spine operations\n","stderrSnippet":"","verdict":"pass","notes":"Verify proof inspection CLI"}
{"feature":"audit-bundle-generation-and-verification-cli.md","tier":"2b","timestamp":"2026-02-13T21:39:48Z","command":"stella bundle --help","exitCode":0,"stdoutSnippet":"Description:\n Offline evidence bundle operations.\n\nUsage:\n StellaOps.Cli bundle [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n verify Verify offline evidence bundle with full cryptographic verification\n","stderrSnippet":"","verdict":"pass","notes":"Verify audit bundle commands"}
{"feature":"offline-sbom-verification-cli.md","tier":"2b","timestamp":"2026-02-13T21:39:56Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n StellaOps.Cli verify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n offline Verify offline evidence for a specific artifact.\n image <reference> Verify attestation chain for a container image\n bundle Verify E2E evidence bundle for reproducibility.\n release <bundle> Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n attestation Verify attestations attached to an OCI artifact\n vex <artifact> Verify VEX statements for an artifact\n patch <artifact> Verify that security patches are present in binaries\n sbom <file> Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify offline SBOM verification"}
{"feature":"offline-verdict-verification-cli-plugin.md","tier":"2b","timestamp":"2026-02-13T21:40:03Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n StellaOps.Cli verify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n offline Verify offline evidence for a specific artifact.\n image <reference> Verify attestation chain for a container image\n bundle Verify E2E evidence bundle for reproducibility.\n release <bundle> Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n attestation Verify attestations attached to an OCI artifact\n vex <artifact> Verify VEX statements for an artifact\n patch <artifact> Verify that security patches are present in binaries\n sbom <file> Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify offline verdict verification"}
{"feature":"verification-receipt-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:09Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n StellaOps.Cli verify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n offline Verify offline evidence for a specific artifact.\n image <reference> Verify attestation chain for a container image\n bundle Verify E2E evidence bundle for reproducibility.\n release <bundle> Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n attestation Verify attestations attached to an OCI artifact\n vex <artifact> Verify VEX statements for an artifact\n patch <artifact> Verify that security patches are present in binaries\n sbom <file> Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify receipt verification"}
{"feature":"verification-command-consolidation.md","tier":"2b","timestamp":"2026-02-13T21:40:16Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n StellaOps.Cli verify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n offline Verify offline evidence for a specific artifact.\n image <reference> Verify attestation chain for a container image\n bundle Verify E2E evidence bundle for reproducibility.\n release <bundle> Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n attestation Verify attestations attached to an OCI artifact\n vex <artifact> Verify VEX statements for an artifact\n patch <artifact> Verify that security patches are present in binaries\n sbom <file> Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify unified verify subcommands"}
{"feature":"vex-observation-and-webhooks-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:23Z","command":"stella vex --help","exitCode":0,"stdoutSnippet":"Description:\n Manage VEX (Vulnerability Exploitability eXchange) consensus data.\n\nUsage:\n StellaOps.Cli vex [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n consensus Explore VEX consensus decisions.\n simulate Simulate VEX consensus with trust/threshold overrides to preview changes.\n export Export VEX consensus data as NDJSON bundle with optional signature.\n obs Query VEX observations (Link-Not-Merge architecture).\n explain <vulnerability-id> Explain a VEX decision with full reachability evidence and verification status.\n gen Generate VEX statements from drift analysis.\n gate-scan VEX gate scan operations (from: vexgatescan).\n verdict Verdict verification and inspection (from: stella verdict).\n unknowns Unknowns registry operations (from: stella unknowns).\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX observation commands"}
{"feature":"cli-vex-consensus-commands.md","tier":"2b","timestamp":"2026-02-13T21:40:31Z","command":"stella vex --help","exitCode":0,"stdoutSnippet":"Description:\n Manage VEX (Vulnerability Exploitability eXchange) consensus data.\n\nUsage:\n StellaOps.Cli vex [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n consensus Explore VEX consensus decisions.\n simulate Simulate VEX consensus with trust/threshold overrides to preview changes.\n export Export VEX consensus data as NDJSON bundle with optional signature.\n obs Query VEX observations (Link-Not-Merge architecture).\n explain <vulnerability-id> Explain a VEX decision with full reachability evidence and verification status.\n gen Generate VEX statements from drift analysis.\n gate-scan VEX gate scan operations (from: vexgatescan).\n verdict Verdict verification and inspection (from: stella verdict).\n unknowns Unknowns registry operations (from: stella unknowns).\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX consensus commands"}
{"feature":"advisory-database-status-and-connector-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:40:38Z","command":"stella config sources --help","exitCode":0,"stdoutSnippet":"Description:\n Advisory source configuration and management.\n\nUsage:\n StellaOps.Cli config sources [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List all available advisory sources.\n check <source> Check connectivity to advisory sources.\n enable <sources> Enable one or more advisory sources.\n disable <sources> Disable one or more advisory sources.\n status Show current source configuration status.\n","stderrSnippet":"","verdict":"pass","notes":"Verify advisory source commands"}
{"feature":"advisory-source-management-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:44Z","command":"stella advisory --help","exitCode":0,"stdoutSnippet":"Description:\n Explore advisory observations, linksets, and exports (Link-Not-Merge).\n\nUsage:\n StellaOps.Cli advisory [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n obs Get raw advisory observations.\n linkset Show aggregated linkset with conflict summary.\n export Export advisory observations to various formats.\n","stderrSnippet":"","verdict":"pass","notes":"Verify advisory management CLI"}
{"feature":"advisoryai-chat-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:51Z","command":"stella advise --help","exitCode":0,"stdoutSnippet":"Description:\n Interact with Advisory AI pipelines.\n\nUsage:\n StellaOps.Cli advise [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n run <task> Generate Advisory AI output for the specified task.\n summarize Summarize an advisory with JSON/Markdown outputs and citations.\n explain Explain an advisory conflict set with narrative and rationale.\n remediate Generate remediation guidance for an advisory.\n batch <advisory-keys> Run Advisory AI over multiple advisories with a single invocation.\n open-pr <plan-id> Apply a remediation plan by creating a PR/MR in the target SCM\n ask <query> Ask a question to the advisory assistant with evidence-backed responses.\n chat-doctor Show chat quota status, tool access, and last denial reasons.\n chat-settings Manage advisory chat settings (quotas, tool access).\n export Export advisory conversation history.\n","stderrSnippet":"","verdict":"pass","notes":"Verify AdvisoryAI chat CLI"}
{"feature":"ai-code-guard-cli.md","tier":"2b","timestamp":"2026-02-13T21:40:57Z","command":"stella advise --help","exitCode":0,"stdoutSnippet":"Description:\n Interact with Advisory AI pipelines.\n\nUsage:\n StellaOps.Cli advise [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n run <task> Generate Advisory AI output for the specified task.\n summarize Summarize an advisory with JSON/Markdown outputs and citations.\n explain Explain an advisory conflict set with narrative and rationale.\n remediate Generate remediation guidance for an advisory.\n batch <advisory-keys> Run Advisory AI over multiple advisories with a single invocation.\n open-pr <plan-id> Apply a remediation plan by creating a PR/MR in the target SCM\n ask <query> Ask a question to the advisory assistant with evidence-backed responses.\n chat-doctor Show chat quota status, tool access, and last denial reasons.\n chat-settings Manage advisory chat settings (quotas, tool access).\n export Export advisory conversation history.\n","stderrSnippet":"","verdict":"pass","notes":"Verify AI code guard"}
{"feature":"ci-template-generator-cli-command.md","tier":"2b","timestamp":"2026-02-13T21:41:04Z","command":"stella ci --help","exitCode":0,"stdoutSnippet":"Description:\n CI/CD template generation and management.\n\nUsage:\n StellaOps.Cli ci [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n init Initialize CI/CD workflow templates.\n list List available CI/CD templates.\n validate <path> Validate CI/CD template configuration.\n","stderrSnippet":"","verdict":"pass","notes":"Verify CI template generator"}
{"feature":"cli-api-spec-download-command.md","tier":"2b","timestamp":"2026-02-13T21:41:10Z","command":"stella api --help","exitCode":0,"stdoutSnippet":"Description:\n API management commands.\n\nUsage:\n StellaOps.Cli api [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n spec API specification operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify API spec download"}
{"feature":"cli-commands-for-ground-truth-and-golden-set-management.md","tier":"2b","timestamp":"2026-02-13T21:41:16Z","command":"stella golden --help","exitCode":0,"stdoutSnippet":"Description:\n Golden set management commands for vulnerability signatures\n\nUsage:\n StellaOps.Cli golden [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n init <vuln-id> Initialize a new golden set from a vulnerability advisory\n validate <file> Validate a golden set YAML file\n import <file> Import a golden set into the corpus\n list List golden sets in the corpus\n show <id> Show details of a golden set\n build-index <file> Build a signature index from a golden set\n","stderrSnippet":"","verdict":"pass","notes":"Verify golden set commands"}
{"feature":"cli-determinism-score-report-generator.md","tier":"2b","timestamp":"2026-02-13T21:41:22Z","command":"stella detscore --help","exitCode":0,"stdoutSnippet":"Description:\n Scanner determinism scoring harness for reproducibility testing.\n\nUsage:\n StellaOps.Cli detscore [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n run Run determinism harness with frozen clock, seeded RNG, and canonical hashes. Exits non-zero if score falls below threshold.\n report <manifests> Generate determinism score report from published determinism.json manifests for release notes and air-gap kits.\n","stderrSnippet":"","verdict":"pass","notes":"Verify determinism score commands"}
{"feature":"cli-export-profile-and-run-management.md","tier":"2b","timestamp":"2026-02-13T21:41:27Z","command":"stella export --help","exitCode":0,"stdoutSnippet":"Description:\n Manage export profiles and runs.\n\nUsage:\n StellaOps.Cli export [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n profiles Manage export profiles.\n runs Manage export runs.\n start Start export jobs.\n cache Local evidence cache operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify export commands"}
{"feature":"cli-ir-commands.md","tier":"2b","timestamp":"2026-02-13T21:41:34Z","command":"stella policy compile --help","exitCode":0,"stdoutSnippet":"Description:\n Compile a policy DSL file to IR.\n\nUsage:\n StellaOps.Cli policy compile <file> [options]\n\nArguments:\n <file> Path to the policy DSL file to compile.\n\nOptions:\n -o, --output <output> Output path for the compiled IR file.\n --no-ir Skip IR file generation (validation only).\n --no-digest Skip SHA-256 digest output.\n --optimize Enable optimization passes on the IR.\n --strict Treat warnings as errors.\n -f, --format <format> Output format: table (default), json.\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify IR compilation"}
{"feature":"cli-notification-simulation-and-acknowledgment.md","tier":"2b","timestamp":"2026-02-13T21:41:40Z","command":"stella notify --help","exitCode":0,"stdoutSnippet":"Description:\n Manage notification channels, rules, and deliveries.\n\nUsage:\n StellaOps.Cli notify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n channels Manage notification channels.\n rules Manage notification routing rules.\n deliveries View and manage notification deliveries.\n simulate Simulate notification rules against events.\n send <event-type> <body> Send a notification.\n ack Acknowledge a notification or incident.\n","stderrSnippet":"","verdict":"pass","notes":"Verify notification commands"}
{"feature":"cli-observability-dashboard-commands.md","tier":"2b","timestamp":"2026-02-13T21:41:46Z","command":"stella obs --help","exitCode":0,"stdoutSnippet":"Description:\n Platform observability: service health, SLOs, burn-rate alerts, and metrics.\n\nUsage:\n StellaOps.Cli obs [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n top Stream service health metrics, SLO status, and burn-rate alerts (like 'top' for your platform).\n trace <trace_id> Fetch a distributed trace by ID with correlated spans and evidence links.\n logs Fetch platform logs for a time window with pagination and filters.\n incident-mode Manage incident mode for enhanced forensic fidelity and retention.\n","stderrSnippet":"","verdict":"pass","notes":"Verify observability commands"}
{"feature":"cli-reachability-trace-export.md","tier":"2b","timestamp":"2026-02-13T21:41:52Z","command":"stella reachability --help","exitCode":0,"stdoutSnippet":"Description:\n Unified reachability analysis operations\n\nUsage:\n StellaOps.Cli reachability [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n show Display reachability subgraph\n export Export subgraph to visualization format\n trace Export reachability traces with runtime evidence\n explain <digest> Explain reachability assessment\n witness <digest> Generate path witness for vulnerability reachability\n guards <digest> List detected security guards\n graph Reachability graph operations (from: reachgraph).\n slice Reachability slice operations (from: slice).\n witness-ops Full witness operations (from: witness).\n","stderrSnippet":"","verdict":"pass","notes":"Verify reachability commands"}
{"feature":"cli-reachability-upload-and-explain-commands.md","tier":"2b","timestamp":"2026-02-13T21:41:58Z","command":"stella reachability --help","exitCode":0,"stdoutSnippet":"Description:\n Unified reachability analysis operations\n\nUsage:\n StellaOps.Cli reachability [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n show Display reachability subgraph\n export Export subgraph to visualization format\n trace Export reachability traces with runtime evidence\n explain <digest> Explain reachability assessment\n witness <digest> Generate path witness for vulnerability reachability\n guards <digest> List detected security guards\n graph Reachability graph operations (from: reachgraph).\n slice Reachability slice operations (from: slice).\n witness-ops Full witness operations (from: witness).\n","stderrSnippet":"","verdict":"pass","notes":"Verify reachability upload/explain"}
{"feature":"cli-slice-management-commands.md","tier":"2b","timestamp":"2026-02-13T21:42:03Z","command":"stella sbom --help","exitCode":0,"stdoutSnippet":"Description:\n Explore and manage Software Bill of Materials (SBOM) documents.\n\nUsage:\n StellaOps.Cli sbom [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List SBOMs with filters and pagination.\n upload Upload an external SBOM for BYOS analysis.\n show <sbom-id> Display detailed SBOM information including components, vulnerabilities, and licenses.\n compare <base-sbom-id> <target-sbom-id> Compare two SBOMs to show component, vulnerability, and license differences.\n export <sbom-id> Export an SBOM in SPDX or CycloneDX format.\n parity-matrix Show CLI command coverage and parity matrix.\n","stderrSnippet":"","verdict":"pass","notes":"Verify SBOM slice management"}
{"feature":"cli-tools.md","tier":"2b","timestamp":"2026-02-13T21:42:08Z","command":"stella tools --help","exitCode":0,"stdoutSnippet":"Description:\n Local policy tooling and maintenance commands.\n\nUsage:\n StellaOps.Cli tools [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n policy-dsl-validate <inputs> Validate StellaOps policy DSL files.\n policy-schema-export Export policy schema JSON files.\n policy-simulation-smoke Run policy simulation smoke scenarios.\n lint Lint policy and configuration files (from: lint).\n benchmark Run performance benchmarks (from: bench).\n migrate Migration utilities (from: migrate).\n","stderrSnippet":"","verdict":"pass","notes":"Verify tools commands"}
{"feature":"cli-vulnerability-workflow-commands.md","tier":"2b","timestamp":"2026-02-13T21:42:14Z","command":"stella vuln --help","exitCode":0,"stdoutSnippet":"Description:\n Explore vulnerability observations and overlays.\n\nUsage:\n StellaOps.Cli vuln [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n observations List raw advisory observations for overlay consumers.\n list List vulnerabilities with grouping, filters, and pagination.\n show <vulnerability-id> Display detailed vulnerability information including evidence, rationale, paths, and ledger.\n assign <assignee> Assign vulnerabilities to a user.\n comment <text> Add a comment to vulnerabilities.\n accept-risk <justification> Accept risk for vulnerabilities with justification.\n verify-fix Mark vulnerabilities as fixed and verified.\n target-fix <due-date> Set a target fix date for vulnerabilities.\n reopen Reopen closed or accepted vulnerabilities.\n simulate Simulate policy/VEX changes and show delta summaries.\n","stderrSnippet":"","verdict":"pass","notes":"Verify vuln workflow commands"}
{"feature":"concelier-database-operations-cli.md","tier":"2b","timestamp":"2026-02-13T21:42:20Z","command":"stella db --help","exitCode":0,"stdoutSnippet":"Description:\n Trigger Concelier database operations via backend jobs.\n\nUsage:\n StellaOps.Cli db [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n fetch Trigger connector fetch/parse/map stages.\n merge Run canonical merge reconciliation.\n export Run Concelier export jobs.\n","stderrSnippet":"","verdict":"pass","notes":"Verify DB operations CLI"}
{"feature":"deltasig-cli-module.md","tier":"2b","timestamp":"2026-02-13T21:42:26Z","command":"stella deltasig --help","exitCode":0,"stdoutSnippet":"Description:\n Binary delta signature operations for backport detection.\n\nUsage:\n StellaOps.Cli deltasig [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n extract <binary> Extract normalized delta signatures from a binary.\n author Author delta signatures by comparing vulnerable and patched binaries.\n sign Sign a delta signature payload with DSSE envelope.\n verify Verify a DSSE-signed delta signature envelope.\n match <binary> Match a binary against known vulnerable/patched signatures.\n pack Create a signature pack from individual signature files.\n inspect <file> Inspect a delta signature payload or DSSE envelope.\n","stderrSnippet":"","verdict":"pass","notes":"Verify deltasig commands"}
{"feature":"doctor-cli-command-group.md","tier":"2b","timestamp":"2026-02-13T21:42:31Z","command":"stella doctor --help","exitCode":0,"stdoutSnippet":"Description:\n Run diagnostic checks on Stella Ops installation and environment.\n\nUsage:\n StellaOps.Cli doctor [command] [options]\n\nOptions:\n -f, --format <format> Output format: text (default), json, markdown [default: text]\n -m, --mode <mode> Run mode: quick (fast checks only), normal (default), full (all checks including slow ones)\n -c, --category <category> Filter checks by category (e.g., Core, Database, Security)\n -t, --tag <tag> Filter checks by tag (e.g., quick, connectivity). Can be specified multiple times.\n --check <check> Run a specific check by ID (e.g., check.core.disk)\n -p, --parallel <parallel> Maximum parallel check executions (default: 4)\n --timeout <timeout> Per-check timeout in seconds (default: 30)\n -o, --output <output> Write output to file instead of stdout\n --fail-on-warn Exit with non-zero code on warnings (default: only fail on errors)\n -w, --watch Run in continuous monitoring mode\n --interval <interval> Interval in seconds between checks in watch mode (default: 60)\n -e, --env <env> Target environment for checks (e.g., dev, staging, prod)\n -v, --verbose Enable verbose logging output.\n","stderrSnippet":"","verdict":"pass","notes":"Verify doctor commands"}
{"feature":"evidence-legal-holds-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:42:36Z","command":"stella forensic --help","exitCode":0,"stdoutSnippet":"Description:\n Manage forensic snapshots and evidence locker operations.\n\nUsage:\n StellaOps.Cli forensic [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n snapshot Create a forensic snapshot for evidence preservation.\n list List forensic snapshots.\n show <snapshot-id> Show forensic snapshot details including manifest digests.\n verify <bundle> Verify forensic bundle integrity, signatures, and chain-of-custody.\n attest Attestation operations for forensic artifacts.\n","stderrSnippet":"","verdict":"pass","notes":"Verify forensic/evidence"}
{"feature":"excititor-vex-ingest-management-cli.md","tier":"2b","timestamp":"2026-02-13T21:42:42Z","command":"stella vex --help","exitCode":0,"stdoutSnippet":"Description:\n Manage VEX (Vulnerability Exploitability eXchange) consensus data.\n\nUsage:\n StellaOps.Cli vex [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n consensus Explore VEX consensus decisions.\n simulate Simulate VEX consensus with trust/threshold overrides to preview changes.\n export Export VEX consensus data as NDJSON bundle with optional signature.\n obs Query VEX observations (Link-Not-Merge architecture).\n explain <vulnerability-id> Explain a VEX decision with full reachability evidence and verification status.\n gen Generate VEX statements from drift analysis.\n gate-scan VEX gate scan operations (from: vexgatescan).\n verdict Verdict verification and inspection (from: stella verdict).\n unknowns Unknowns registry operations (from: stella unknowns).\n","stderrSnippet":"","verdict":"pass","notes":"Verify VEX ingest management"}
{"feature":"explain-block-cli-command.md","tier":"2b","timestamp":"2026-02-13T21:42:47Z","command":"stella explain --help","exitCode":0,"stdoutSnippet":"Description:\n Explain policy decisions with deterministic trace and evidence.\n\nUsage:\n StellaOps.Cli explain [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n block <digest> Explain why an artifact was blocked with deterministic trace\n","stderrSnippet":"","verdict":"pass","notes":"Verify explain command"}
{"feature":"feed-snapshotting-for-deterministic-replay.md","tier":"2b","timestamp":"2026-02-13T21:42:53Z","command":"stella config feeds --help","exitCode":0,"stdoutSnippet":"Description:\n Feed source configuration and status.\n\nUsage:\n StellaOps.Cli config feeds [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List configured feed sources.\n status Show feed synchronization status.\n refresh <source> Trigger feed refresh.\n","stderrSnippet":"","verdict":"pass","notes":"Verify feed snapshotting config"}
{"feature":"function-map-cli.md","tier":"2b","timestamp":"2026-02-13T21:42:59Z","command":"stella fmap --help","exitCode":0,"stdoutSnippet":"Description:\n Runtime linkage function map operations\n\nUsage:\n StellaOps.Cli function-map [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n generate Generate a function_map predicate from SBOM\n verify Verify runtime observations against a function_map\n","stderrSnippet":"","verdict":"pass","notes":"Verify function map CLI"}
{"feature":"github-code-scanning-endpoints.md","tier":"2b","timestamp":"2026-02-13T21:43:05Z","command":"stella github --help","exitCode":0,"stdoutSnippet":"Description:\n GitHub integration commands.\n\nUsage:\n StellaOps.Cli github [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n upload-sarif <sarif-file> Upload SARIF to GitHub Code Scanning.\n list-alerts List code scanning alerts for a repository.\n get-alert <alert-number> Get details for a specific code scanning alert.\n update-alert <alert-number> Update a code scanning alert state.\n upload-status <sarif-id> Check SARIF upload processing status.\n","stderrSnippet":"","verdict":"pass","notes":"Verify GitHub integration"}
{"feature":"gitops-controller.md","tier":"2b","timestamp":"2026-02-13T21:43:11Z","command":"stella pack --help","exitCode":0,"stdoutSnippet":"Description:\n Task Pack operations: plan, run, push, pull, verify.\n\nUsage:\n StellaOps.Cli pack [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n plan <pack-id> Plan a pack execution and validate inputs.\n run <pack-id> Execute a pack with the specified inputs.\n push <path> Push a pack to the registry.\n pull <pack-id> Pull a pack from the registry.\n verify Verify a pack's signature, digest, and schema.\n runs Manage pack runs.\n secrets Secret injection for pack runs.\n cache Manage offline pack cache.\n","stderrSnippet":"","verdict":"pass","notes":"Verify pack/GitOps commands"}
{"feature":"hlc-status-and-timeline-query-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:43:16Z","command":"stella orch --help","exitCode":0,"stdoutSnippet":"Description:\n Interact with Source & Job Orchestrator.\n\nUsage:\n StellaOps.Cli orch [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n sources Manage orchestrator data sources.\n backfill Manage backfill operations for data sources.\n quotas Manage resource quotas.\n","stderrSnippet":"","verdict":"pass","notes":"Verify orchestrator commands"}
{"feature":"image-inspect-cli-command.md","tier":"2b","timestamp":"2026-02-13T21:43:22Z","command":"stella image --help","exitCode":0,"stdoutSnippet":"Description:\n OCI image operations\n\nUsage:\n StellaOps.Cli image [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n inspect <reference> Inspect OCI image manifest and layers\n","stderrSnippet":"","verdict":"pass","notes":"Verify image inspect command"}
{"feature":"incident-response-cli.md","tier":"2b","timestamp":"2026-02-13T21:43:28Z","command":"stella forensic --help","exitCode":0,"stdoutSnippet":"Description:\n Manage forensic snapshots and evidence locker operations.\n\nUsage:\n StellaOps.Cli forensic [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n snapshot Create a forensic snapshot for evidence preservation.\n list List forensic snapshots.\n show <snapshot-id> Show forensic snapshot details including manifest digests.\n verify <bundle> Verify forensic bundle integrity, signatures, and chain-of-custody.\n attest Attestation operations for forensic artifacts.\n","stderrSnippet":"","verdict":"pass","notes":"Verify incident response CLI"}
{"feature":"key-rotation-cli.md","tier":"2b","timestamp":"2026-02-13T21:43:33Z","command":"stella key --help","exitCode":0,"stdoutSnippet":"Description:\n Key management and rotation commands\n\nUsage:\n StellaOps.Cli key [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list <anchorId> List keys for a trust anchor\n add <anchorId> <keyId> Add a new key to a trust anchor\n revoke <anchorId> <keyId> Revoke a key from a trust anchor\n rotate <anchorId> <oldKeyId> <newKeyId> Rotate a key (add new, schedule old revocation)\n status <anchorId> Show key rotation status and warnings\n history <anchorId> Show key audit history\n verify <anchorId> <keyId> Verify a key's validity at a point in time\n","stderrSnippet":"","verdict":"pass","notes":"Verify key rotation"}
{"feature":"kms-key-export-import-cli.md","tier":"2b","timestamp":"2026-02-13T21:43:38Z","command":"stella kms --help","exitCode":0,"stdoutSnippet":"Description:\n Manage file-backed signing keys.\n\nUsage:\n StellaOps.Cli kms [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n export Export key material to a portable bundle.\n import Import key material from a bundle.\n","stderrSnippet":"","verdict":"pass","notes":"Verify KMS commands"}
{"feature":"local-validator-for-offline-config-checking.md","tier":"2b","timestamp":"2026-02-13T21:43:44Z","command":"stella config show --help","exitCode":0,"stdoutSnippet":"Description:\n Display resolved configuration values.\n\nUsage:\n StellaOps.Cli config show [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify local config validation"}
{"feature":"notification-channel-management-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:43:49Z","command":"stella notify --help","exitCode":0,"stdoutSnippet":"Description:\n Manage notification channels, rules, and deliveries.\n\nUsage:\n StellaOps.Cli notify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n channels Manage notification channels.\n rules Manage notification routing rules.\n deliveries View and manage notification deliveries.\n simulate Simulate notification rules against events.\n send <event-type> <body> Send a notification.\n ack Acknowledge a notification or incident.\n","stderrSnippet":"","verdict":"pass","notes":"Verify notification channel management"}
{"feature":"oci-referrer-based-artifact-association.md","tier":"2b","timestamp":"2026-02-13T21:43:55Z","command":"stella image --help","exitCode":0,"stdoutSnippet":"Description:\n OCI image operations\n\nUsage:\n StellaOps.Cli image [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n inspect <reference> Inspect OCI image manifest and layers\n","stderrSnippet":"","verdict":"pass","notes":"Verify OCI referrer commands"}
{"feature":"policy-dsl-compiler-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:44:01Z","command":"stella policy lint --help","exitCode":0,"stdoutSnippet":"Description:\n Validate a policy DSL file locally without contacting the backend.\n\nUsage:\n StellaOps.Cli policy lint <file> [options]\n\nArguments:\n <file> Path to the policy DSL file to validate.\n\nOptions:\n -f, --format <format> Output format: table (default), json.\n -o, --output <output> Write JSON output to the specified file.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy lint"}
{"feature":"policy-review-workflow-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:44:06Z","command":"stella policy submit --help","exitCode":0,"stdoutSnippet":"Description:\n Submit policy for review.\n\nUsage:\n StellaOps.Cli policy submit <policy-id> [options]\n\nArguments:\n <policy-id> Policy identifier (e.g. P-7).\n\nOptions:\n -v, --version <version> Specific version to submit (defaults to latest).\n -r, --reviewer <reviewer> Reviewer username(s) (repeatable).\n -m, --message <message> Submission message.\n --urgent Mark submission as urgent.\n --tenant <tenant> Tenant context.\n --json Output as JSON.\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy submit"}
{"feature":"policy-simulation-batch-mode-with-sbom-selectors-2.md","tier":"2b","timestamp":"2026-02-13T21:44:12Z","command":"stella policy evaluate --help","exitCode":0,"stdoutSnippet":"Description:\n Evaluate a policy pack against evidence input.\n\nUsage:\n StellaOps.Cli policy evaluate [options]\n\nOptions:\n -p, --policy <policy> (REQUIRED) Policy file to evaluate.\n -i, --input <input> (REQUIRED) Evidence input file (JSON).\n --format <format> Policy format: json or rego. Auto-detected if omitted.\n -e, --environment <environment> Target environment for gate resolution.\n --include-remediation Show remediation hints for failures.\n --output <output> Output format: table, json, markdown, or ci. [default: table]\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify policy evaluate"}
{"feature":"proof-chain-cli-commands-with-structured-exit-codes.md","tier":"2b","timestamp":"2026-02-13T21:44:17Z","command":"stella chain --help","exitCode":127,"stdoutSnippet":"Out of memory.\n","stderrSnippet":"","verdict":"fail","notes":"Verify chain commands"}
{"feature":"python-workspace-analyzer-cli.md","tier":"2b","timestamp":"2026-02-13T21:44:19Z","command":"stella python --help","exitCode":0,"stdoutSnippet":"Description:\n Work with Python analyzer outputs.\n\nUsage:\n StellaOps.Cli python [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n inspect Inspect a local Python workspace or virtual environment.\n","stderrSnippet":"","verdict":"pass","notes":"Verify Python analyzer CLI"}
{"feature":"reachability-aware-security-as-gate.md","tier":"2b","timestamp":"2026-02-13T21:44:35Z","command":"stella gate --help","exitCode":0,"stdoutSnippet":"Description:\n CI/CD release gate operations\n\nUsage:\n StellaOps.Cli gate [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n evaluate Evaluate a CI/CD gate for an image\n status Get status of a previous gate evaluation\n score Score-based gate evaluation using Evidence Weighted Scoring (EWS) with unified metrics\n","stderrSnippet":"","verdict":"pass","notes":"Verify gate commands"}
{"feature":"reachability-query-api-and-triage-flow.md","tier":"2b","timestamp":"2026-02-13T21:44:40Z","command":"stella reachability --help","exitCode":0,"stdoutSnippet":"Description:\n Unified reachability analysis operations\n\nUsage:\n StellaOps.Cli reachability [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n show Display reachability subgraph\n export Export subgraph to visualization format\n trace Export reachability traces with runtime evidence\n explain <digest> Explain reachability assessment\n witness <digest> Generate path witness for vulnerability reachability\n guards <digest> List detected security guards\n graph Reachability graph operations (from: reachgraph).\n slice Reachability slice operations (from: slice).\n witness-ops Full witness operations (from: witness).\n","stderrSnippet":"","verdict":"pass","notes":"Verify reachability query"}
{"feature":"rekor-cli-commands-2.md","tier":"2b","timestamp":"2026-02-13T21:44:46Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n StellaOps.Cli verify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n offline Verify offline evidence for a specific artifact.\n image <reference> Verify attestation chain for a container image\n bundle Verify E2E evidence bundle for reproducibility.\n release <bundle> Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n attestation Verify attestations attached to an OCI artifact\n vex <artifact> Verify VEX statements for an artifact\n patch <artifact> Verify that security patches are present in binaries\n sbom <file> Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify Rekor in verify"}
{"feature":"replay-button-determinism-as-ux.md","tier":"2b","timestamp":"2026-02-13T21:44:51Z","command":"stella replay --help","exitCode":0,"stdoutSnippet":"Description:\n Replay scans from run manifests and compare verdicts\n\nUsage:\n StellaOps.Cli replay [command] [options]\n\nOptions:\n --manifest <manifest> (REQUIRED) Run manifest JSON file\n --output <output> Output verdict JSON path\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n\nCommands:\n verify Replay twice and verify determinism\n diff Compare two verdict JSON files\n batch Replay all manifests in a corpus\n snapshot Replay policy evaluation using Knowledge Snapshot (frozen inputs)\n export Export replay manifest for CI/CD integration\n","stderrSnippet":"","verdict":"pass","notes":"Verify replay commands"}
{"feature":"replay-command-generator-service.md","tier":"2b","timestamp":"2026-02-13T21:44:57Z","command":"stella prove --help","exitCode":0,"stdoutSnippet":"Description:\n Generate replay proof for an image verdict\n\nUsage:\n StellaOps.Cli prove [options]\n\nOptions:\n -i, --image <image> (REQUIRED) Image digest (sha256:...) to generate proof for\n -a, --at <at> Point-in-time for snapshot lookup (ISO 8601 format, e.g., 2026-01-05T10:00:00Z)\n -s, --snapshot <snapshot> Explicit snapshot ID to use instead of time lookup\n -b, --bundle <bundle> Path to local replay bundle directory (offline mode)\n -o, --output <compact\nfull\njson> Output format: compact, json, full [default: compact]\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify prove command"}
{"feature":"runtime-observations-query-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:02Z","command":"stella observations --help","exitCode":0,"stdoutSnippet":"Description:\n Runtime observation operations\n\nUsage:\n StellaOps.Cli observations [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n query Query historical runtime observations\n","stderrSnippet":"","verdict":"pass","notes":"Verify observations CLI"}
{"feature":"sbom-analytics-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:45:08Z","command":"stella analytics --help","exitCode":0,"stdoutSnippet":"Description:\n Analytics insights and reporting.\n\nUsage:\n StellaOps.Cli analytics [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n sbom-lake SBOM lake analytics queries.\n","stderrSnippet":"","verdict":"pass","notes":"Verify analytics commands"}
{"feature":"sbom-deterministic-generation-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:13Z","command":"stella sbomer --help","exitCode":0,"stdoutSnippet":"Description:\n SBOM composition: layer fragments, canonical merge, and Merkle verification.\n\nUsage:\n StellaOps.Cli sbomer [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n layer Manage SBOM layer fragments.\n compose Compose SBOM from layer fragments with canonical ordering.\n composition View and verify composition manifests.\n drift Detect and explain determinism drift in SBOM composition.\n","stderrSnippet":"","verdict":"pass","notes":"Verify sbomer commands"}
{"feature":"sbom-format-conversion-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:45:19Z","command":"stella sbom --help","exitCode":0,"stdoutSnippet":"Description:\n Explore and manage Software Bill of Materials (SBOM) documents.\n\nUsage:\n StellaOps.Cli sbom [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List SBOMs with filters and pagination.\n upload Upload an external SBOM for BYOS analysis.\n show <sbom-id> Display detailed SBOM information including components, vulnerabilities, and licenses.\n compare <base-sbom-id> <target-sbom-id> Compare two SBOMs to show component, vulnerability, and license differences.\n export <sbom-id> Export an SBOM in SPDX or CycloneDX format.\n parity-matrix Show CLI command coverage and parity matrix.\n","stderrSnippet":"","verdict":"pass","notes":"Verify SBOM format commands"}
{"feature":"scan-reproducibility-verification-flag-2.md","tier":"2b","timestamp":"2026-02-13T21:45:24Z","command":"stella detscore --help","exitCode":0,"stdoutSnippet":"Description:\n Scanner determinism scoring harness for reproducibility testing.\n\nUsage:\n StellaOps.Cli detscore [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n run Run determinism harness with frozen clock, seeded RNG, and canonical hashes. Exits non-zero if score falls below threshold.\n report <manifests> Generate determinism score report from published determinism.json manifests for release notes and air-gap kits.\n","stderrSnippet":"","verdict":"pass","notes":"Verify detscore reproducibility"}
{"feature":"scan-snapshot-compare-cli-2.md","tier":"2b","timestamp":"2026-02-13T21:45:30Z","command":"stella change-trace --help","exitCode":0,"stdoutSnippet":"Description:\n Build and export change traces between scans\n\nUsage:\n StellaOps.Cli change-trace [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n build Build a change trace comparing two scans or binaries\n export Export a change trace in various formats\n verify <file> Verify a change trace file\n","stderrSnippet":"","verdict":"pass","notes":"Verify change-trace commands"}
{"feature":"stella-admin-cli-command-group.md","tier":"2b","timestamp":"2026-02-13T21:45:36Z","command":"stella admin --help","exitCode":0,"stdoutSnippet":"Description:\n Administrative operations for platform management\n\nUsage:\n StellaOps.Cli admin [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n policy Policy management commands\n users User management commands\n feeds Advisory feed management commands\n system System management commands\n tenants Tenant management (from: tenant).\n audit Audit log management (from: auditlog).\n diagnostics System diagnostics (from: diagnostics).\n","stderrSnippet":"","verdict":"pass","notes":"Verify admin commands"}
{"feature":"symbol-ingestion-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:41Z","command":"stella symbols --help","exitCode":0,"stdoutSnippet":"Description:\n Manage symbol bundles for air-gapped installations.\n\nUsage:\n StellaOps.Cli symbols [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n bundle Build a deterministic symbol bundle.\n verify Verify a symbol bundle's integrity and signatures.\n extract Extract symbols from a bundle.\n inspect Inspect bundle contents without extracting.\n","stderrSnippet":"","verdict":"pass","notes":"Verify symbols commands"}
{"feature":"system-database-migrations-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:46Z","command":"stella system --help","exitCode":0,"stdoutSnippet":"Description:\n System operations (migrations).\n\nUsage:\n StellaOps.Cli system [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n migrations-run Run migrations for the selected module(s).\n migrations-status Show migration status for the selected module(s).\n migrations-verify Verify migration checksums for the selected module(s).\n","stderrSnippet":"","verdict":"pass","notes":"Verify system commands"}
{"feature":"trust-anchor-management-cli.md","tier":"2b","timestamp":"2026-02-13T21:45:52Z","command":"stella verify --help","exitCode":0,"stdoutSnippet":"Description:\n Unified verification commands for attestations, VEX, patches, SBOMs, and evidence bundles.\n\nUsage:\n StellaOps.Cli verify [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n offline Verify offline evidence for a specific artifact.\n image <reference> Verify attestation chain for a container image\n bundle Verify E2E evidence bundle for reproducibility.\n release <bundle> Verify a release promotion bundle chain (source, build, signature, and transparency evidence).\n attestation Verify attestations attached to an OCI artifact\n vex <artifact> Verify VEX statements for an artifact\n patch <artifact> Verify that security patches are present in binaries\n sbom <file> Verify SBOM document integrity and completeness\n","stderrSnippet":"","verdict":"pass","notes":"Verify trust anchor in verify"}
{"feature":"unknowns-export-artifacts.md","tier":"2b","timestamp":"2026-02-13T21:45:58Z","command":"stella unknowns --help","exitCode":0,"stdoutSnippet":"Description:\n Unknowns registry operations for unmatched vulnerabilities\n\nUsage:\n StellaOps.Cli unknowns [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List unknowns from the registry\n escalate Escalate an unknown for immediate attention\n resolve Resolve an unknown\n budget Unknowns budget operations for CI gates\n summary Show unknowns summary by band with counts and fingerprints\n show Show detailed unknown info including fingerprint, triggers, and next actions\n proof Get evidence proof for an unknown (fingerprint, triggers, evidence refs)\n export Export unknowns with fingerprints and triggers for offline analysis\n triage Apply manual triage decision to an unknown (grey queue adjudication)\n","stderrSnippet":"","verdict":"pass","notes":"Verify unknowns commands"}
{"feature":"verdict-ladder-ui.md","tier":"2b","timestamp":"2026-02-13T21:46:03Z","command":"stella score --help","exitCode":0,"stdoutSnippet":"Description:\n Score computation and replay operations\n\nUsage:\n StellaOps.Cli score [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n replay Replay a score computation for a scan\n bundle Get the proof bundle for a scan\n verify Verify a score bundle\n explain <digest> Explain the risk score breakdown for a digest\n","stderrSnippet":"","verdict":"pass","notes":"Verify score commands"}
{"feature":"zastava-cli-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:09Z","command":"stella risk-profile --help","exitCode":0,"stdoutSnippet":"Description:\n Manage risk profile schemas and validation.\n\nUsage:\n StellaOps.Cli risk-profile [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n validate Validate a risk profile JSON file against the schema.\n schema Display or export the risk profile JSON schema.\n","stderrSnippet":"","verdict":"pass","notes":"Verify risk-profile/zastava commands"}
{"feature":"sdk-management.md","tier":"2b","timestamp":"2026-02-13T21:46:15Z","command":"stella sdk --help","exitCode":0,"stdoutSnippet":"Description:\n SDK management commands.\n\nUsage:\n StellaOps.Cli sdk [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n update Check for SDK updates and fetch latest manifests/changelogs.\n list List installed SDK versions.\n","stderrSnippet":"","verdict":"pass","notes":"Verify SDK commands"}
{"feature":"mirror-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:21Z","command":"stella mirror --help","exitCode":0,"stdoutSnippet":"Description:\n Manage air-gap mirror bundles for offline distribution.\n\nUsage:\n StellaOps.Cli mirror [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n create Create an air-gap mirror bundle.\n","stderrSnippet":"","verdict":"pass","notes":"Verify mirror commands"}
{"feature":"airgap-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:27Z","command":"stella airgap --help","exitCode":0,"stdoutSnippet":"Description:\n Manage air-gapped environment operations.\n\nUsage:\n StellaOps.Cli airgap [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n import Import an air-gap mirror bundle into the local data store.\n seal Seal the environment for air-gapped operation.\n export-evidence Export portable evidence packages for audit and compliance.\n","stderrSnippet":"","verdict":"pass","notes":"Verify airgap commands"}
{"feature":"trust-profile-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:33Z","command":"stella trust-profile --help","exitCode":0,"stdoutSnippet":"Description:\n Manage trust profiles for offline verification.\n\nUsage:\n StellaOps.Cli trust-profile [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List available trust profiles\n show <profile-id> Show trust profile details\n apply <profile-id> Apply a trust profile to a local trust store\n","stderrSnippet":"","verdict":"pass","notes":"Verify trust-profile commands"}
{"feature":"devportal-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:39Z","command":"stella devportal --help","exitCode":0,"stdoutSnippet":"Description:\n Manage DevPortal offline operations.\n\nUsage:\n StellaOps.Cli devportal [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n verify Verify integrity of a DevPortal/evidence bundle before import.\n","stderrSnippet":"","verdict":"pass","notes":"Verify devportal commands"}
{"feature":"delta-verdict-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:46Z","command":"stella delta --help","exitCode":0,"stdoutSnippet":"Description:\n Delta verdict operations\n\nUsage:\n StellaOps.Cli delta [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n compute Compute delta between two verdicts\n check Check delta against risk budget\n attach Prepare OCI attachment metadata for delta verdict\n verify Verify delta verdict signature\n push Push delta verdict to OCI registry as referrer\n","stderrSnippet":"","verdict":"pass","notes":"Verify delta commands"}
{"feature":"budget-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:52Z","command":"stella budget --help","exitCode":0,"stdoutSnippet":"Description:\n Risk budget management for release gates\n\nUsage:\n StellaOps.Cli budget [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n status Show current risk budget status for a service\n consume Manually consume risk budget points\n check Check if a release would exceed risk budget\n history Show risk budget consumption history\n list List all service risk budgets\n","stderrSnippet":"","verdict":"pass","notes":"Verify budget commands"}
{"feature":"watchlist-commands.md","tier":"2b","timestamp":"2026-02-13T21:46:58Z","command":"stella watchlist --help","exitCode":0,"stdoutSnippet":"Description:\n Identity watchlist management for transparency log monitoring\n\nUsage:\n StellaOps.Cli watchlist [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n add Add a new watchlist entry\n list List watchlist entries\n get <id> Get a specific watchlist entry\n update <id> Update an existing watchlist entry\n remove <id> Remove a watchlist entry\n test <id> Test if a sample identity matches a watchlist entry\n alerts List recent watchlist alerts\n","stderrSnippet":"","verdict":"pass","notes":"Verify watchlist commands"}
{"feature":"exception-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:05Z","command":"stella exception --help","exitCode":0,"stdoutSnippet":"Description:\n Exception approval workflow operations\n\nUsage:\n StellaOps.Cli exception [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n request Create a new exception approval request\n approve Approve an exception request\n reject Reject an exception request\n list List exception approval requests\n status Get status of an exception request\n","stderrSnippet":"","verdict":"pass","notes":"Verify exception commands"}
{"feature":"exceptions-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:11Z","command":"stella exceptions --help","exitCode":0,"stdoutSnippet":"Description:\n Exception governance: list, show, create, promote, revoke, import, export.\n\nUsage:\n StellaOps.Cli exceptions [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n list List exceptions with filters.\n show <exception-id> Show exception details.\n create Create a new exception.\n promote <exception-id> Promote exception to next lifecycle stage.\n revoke <exception-id> Revoke an active exception.\n import <file> Import exceptions from NDJSON file.\n export Export exceptions to file.\n","stderrSnippet":"","verdict":"pass","notes":"Verify exceptions commands"}
{"feature":"feedser-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:18Z","command":"stella feedser --help","exitCode":0,"stdoutSnippet":"Description:\n Federation bundle operations for multi-site sync.\n\nUsage:\n StellaOps.Cli feedser [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n bundle Federation bundle operations.\n sites Federation site management.\n","stderrSnippet":"","verdict":"pass","notes":"Verify feedser commands"}
{"feature":"cvss-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:24Z","command":"stella cvss --help","exitCode":0,"stdoutSnippet":"Description:\n CVSS v4.0 receipt operations (score, show, history, export).\n\nUsage:\n StellaOps.Cli cvss [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n score Create a CVSS v4 receipt for a vulnerability.\n show <receipt-id> Fetch a CVSS receipt by ID.\n history <receipt-id> Show receipt amendment history.\n export <receipt-id> Export a CVSS receipt to JSON (pdf not yet supported).\n","stderrSnippet":"","verdict":"pass","notes":"Verify CVSS commands"}
{"feature":"risk-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:30Z","command":"stella risk --help","exitCode":0,"stdoutSnippet":"Description:\n Manage risk profiles, scoring, and bundle verification.\n\nUsage:\n StellaOps.Cli risk [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n profile Manage risk profiles.\n simulate Simulate risk scoring against an SBOM or asset.\n results Get risk evaluation results.\n bundle Risk bundle operations.\n","stderrSnippet":"","verdict":"pass","notes":"Verify risk commands"}
{"feature":"graph-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:37Z","command":"stella graph --help","exitCode":0,"stdoutSnippet":"Description:\n Call graph evidence commands.\n\nUsage:\n StellaOps.Cli graph [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n explain Explain call graph reachability with signed evidence.\n lineage Lineage graph commands.\n verify Verify a reachability graph DSSE attestation.\n bundles List edge bundles for a graph.\n","stderrSnippet":"","verdict":"pass","notes":"Verify graph commands"}
{"feature":"binary-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:43Z","command":"stella binary --help","exitCode":0,"stdoutSnippet":"Description:\n Binary reachability analysis operations.\n\nUsage:\n StellaOps.Cli binary [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n submit Submit binary graph for reachability analysis.\n info <hash> Display binary graph information.\n symbols <hash> List symbols from binary graph.\n verify Verify binary graph attestation.\n inspect <file> Inspect binary identity (Build-ID, hashes, architecture).\n lookup <build-id> Look up vulnerabilities by Build-ID.\n fingerprint Generate or export fingerprint for a binary.\n callgraph <file> Extract call graph and compute deterministic digest.\n ops BinaryIndex operations and diagnostics.\n delta-sig Binary delta signature operations for patch verification.\n","stderrSnippet":"","verdict":"pass","notes":"Verify binary commands"}
{"feature":"attest-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:49Z","command":"stella attest --help","exitCode":0,"stdoutSnippet":"Description:\n Verify and inspect DSSE attestations.\n\nUsage:\n StellaOps.Cli attest [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n sign Create and sign a DSSE attestation envelope.\n verify Verify a DSSE envelope offline against policy and trust roots.\n list List attestations from local storage or backend.\n show Display details for a specific attestation.\n fetch Download attestation envelopes and payloads to disk.\n key Manage attestation signing keys.\n bundle Build and verify attestation bundles.\n attach Attach a DSSE attestation to an OCI artifact\n oci-list List attestations attached to an OCI artifact in registry\n oci-verify Verify attestations attached to an OCI artifact in registry\n","stderrSnippet":"","verdict":"pass","notes":"Verify attest commands"}
{"feature":"promotion-commands.md","tier":"2b","timestamp":"2026-02-13T21:47:56Z","command":"stella promotion --help","exitCode":0,"stdoutSnippet":"Description:\n Build and manage promotion attestations.\n\nUsage:\n StellaOps.Cli promotion [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n assemble <image> Assemble promotion attestation resolving image digests, hashing SBOM/VEX, and emitting stella.ops/promotion@v1 JSON.\n attest <predicate> Sign a promotion predicate and produce a DSSE bundle via Signer or cosign.\n verify <bundle> Verify a promotion attestation bundle offline against trusted checkpoints.\n","stderrSnippet":"","verdict":"pass","notes":"Verify promotion commands"}
{"feature":"seal-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:02Z","command":"stella seal --help","exitCode":0,"stdoutSnippet":"Description:\n Create facet seal for an image. Seals capture the cryptographic state of image facets for drift detection.\n\nUsage:\n StellaOps.Cli seal <image> [options]\n\nArguments:\n <image> Image reference or digest to seal.\n\nOptions:\n -o, --output <output> Output file path for seal (default: stdout).\n --store Store seal in remote API.\n --sign Sign seal with DSSE.\n -k, --key <key> Private key path for signing (default: use configured key).\n -f, --facets <facets> Specific facets to seal (default: all). Comma-separated list.\n --format <format> Output format: json, yaml, compact. [default: json]\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify seal commands"}
{"feature":"drift-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:09Z","command":"stella drift --help","exitCode":0,"stdoutSnippet":"Description:\n Analyze facet drift against baseline seal. Compares current image state to sealed baseline.\n\nUsage:\n StellaOps.Cli drift <image> [options]\n\nArguments:\n <image> Image reference or digest to analyze.\n\nOptions:\n -b, --baseline <baseline> Baseline seal ID (default: latest for image).\n --format <format> Output format: table, json, yaml. [default: table]\n --verbose-files Show detailed file changes.\n --fail-on-breach Exit with error code if quota breached.\n -o, --output <output> Output file path (default: stdout).\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify drift commands"}
{"feature":"verify-fix-command.md","tier":"2b","timestamp":"2026-02-13T21:48:15Z","command":"stella verify-fix --help","exitCode":0,"stdoutSnippet":"Description:\n Verify that a patch fixes a vulnerability\n\nUsage:\n StellaOps.Cli verify-fix <vuln-id> [options]\n\nArguments:\n <vuln-id> Vulnerability identifier (CVE-YYYY-NNNNN)\n\nOptions:\n -p, --pre <pre> (REQUIRED) Pre-patch (vulnerable) binary path\n -P, --post <post> (REQUIRED) Post-patch (patched) binary path\n -g, --golden-set <golden-set> Path to golden set YAML (auto-resolved from corpus if not specified)\n --corpus <corpus> Corpus directory for golden set lookup\n -o, --output <json\nsarif\ntable> Output format: table (default), json, sarif [default: table]\n --attest Generate FixChain attestation on successful verification\n --sbom <sbom> Path to SBOM for attestation (required if --attest)\n -v, --verbose Enable verbose logging output.\n -?, -h, --help Show help and usage information\n","stderrSnippet":"","verdict":"pass","notes":"Verify verify-fix command"}
{"feature":"ts-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:22Z","command":"stella ts --help","exitCode":0,"stdoutSnippet":"Description:\n RFC-3161 timestamp operations\n\nUsage:\n StellaOps.Cli ts [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n rfc3161 Request an RFC-3161 timestamp token\n verify Verify an RFC-3161 timestamp token\n info Display metadata for an RFC-3161 timestamp token\n","stderrSnippet":"","verdict":"pass","notes":"Verify timestamp commands"}
{"feature":"license-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:28Z","command":"stella license --help","exitCode":0,"stdoutSnippet":"Description:\n License detection and compliance commands\n\nUsage:\n StellaOps.Cli license [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n detect <path> Detect licenses in a directory or file\n categorize <spdx-id> Show category and obligations for a license\n validate <expression> Validate an SPDX license expression\n extract <file> Extract license text and copyright from a file\n summary <path> Show aggregated license statistics for a directory [default: .]\n","stderrSnippet":"","verdict":"pass","notes":"Verify license commands"}
{"feature":"findings-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:34Z","command":"stella findings --help","exitCode":0,"stdoutSnippet":"Description:\n Inspect policy findings.\n\nUsage:\n StellaOps.Cli findings [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n ls List effective findings that match the provided filters.\n get <finding-id> Retrieve a specific finding.\n explain <finding-id> Fetch explain trace for a finding.\n","stderrSnippet":"","verdict":"pass","notes":"Verify findings commands"}
{"feature":"scanner-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:41Z","command":"stella scanner --help","exitCode":0,"stdoutSnippet":"Description:\n Manage scanner artifacts and lifecycle.\n\nUsage:\n StellaOps.Cli scanner [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n download Download the latest scanner bundle.\n workers Configure scanner worker settings.\n","stderrSnippet":"","verdict":"pass","notes":"Verify scanner commands"}
{"feature":"ruby-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:48Z","command":"stella ruby --help","exitCode":0,"stdoutSnippet":"Description:\n Work with Ruby analyzer outputs.\n\nUsage:\n StellaOps.Cli ruby [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n inspect Inspect a local Ruby workspace.\n resolve Fetch Ruby packages for a completed scan.\n","stderrSnippet":"","verdict":"pass","notes":"Verify ruby commands"}
{"feature":"php-commands.md","tier":"2b","timestamp":"2026-02-13T21:48:54Z","command":"stella php --help","exitCode":0,"stdoutSnippet":"Description:\n Work with PHP analyzer outputs.\n\nUsage:\n StellaOps.Cli php [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n inspect Inspect a local PHP workspace.\n","stderrSnippet":"","verdict":"pass","notes":"Verify PHP commands"}
{"feature":"bun-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:01Z","command":"stella bun --help","exitCode":0,"stdoutSnippet":"Description:\n Work with Bun analyzer outputs.\n\nUsage:\n StellaOps.Cli bun [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n inspect Inspect a local Bun workspace.\n resolve Fetch Bun packages for a completed scan.\n","stderrSnippet":"","verdict":"pass","notes":"Verify bun commands"}
{"feature":"sources-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:07Z","command":"stella sources --help","exitCode":0,"stdoutSnippet":"Description:\n Interact with source ingestion workflows.\n\nUsage:\n StellaOps.Cli sources [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n ingest Validate source documents before ingestion.\n list List all available advisory sources.\n check <source> Check connectivity to advisory sources.\n enable <sources> Enable one or more advisory sources.\n disable <sources> Disable one or more advisory sources.\n status Show current source configuration status.\n","stderrSnippet":"","verdict":"pass","notes":"Verify sources commands"}
{"feature":"aoc-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:13Z","command":"stella aoc --help","exitCode":0,"stdoutSnippet":"Description:\n Aggregation-Only Contract verification commands.\n\nUsage:\n StellaOps.Cli aoc [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n verify Verify stored raw documents against AOC guardrails.\n","stderrSnippet":"","verdict":"pass","notes":"Verify AOC commands"}
{"feature":"task-runner-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:19Z","command":"stella task-runner --help","exitCode":0,"stdoutSnippet":"Description:\n Interact with Task Runner operations.\n\nUsage:\n StellaOps.Cli task-runner [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n simulate Simulate a task pack and inspect the execution graph.\n","stderrSnippet":"","verdict":"pass","notes":"Verify task-runner commands"}
{"feature":"issuer-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:24Z","command":"stella issuer --help","exitCode":0,"stdoutSnippet":"Description:\n Issuer key management commands.\n\nUsage:\n StellaOps.Cli issuer [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n keys Manage issuer keys.\n","stderrSnippet":"","verdict":"pass","notes":"Verify issuer commands"}
{"feature":"decision-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:29Z","command":"stella decision --help","exitCode":0,"stdoutSnippet":"Description:\n Manage VEX decisions with DSSE signing and Rekor transparency.\n\nUsage:\n StellaOps.Cli decision [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n export Export VEX decisions as OpenVEX documents with optional DSSE signing.\n verify <file> Verify DSSE signature and optional Rekor inclusion proof of a VEX decision document.\n compare <base> <target> Compare two VEX decision documents and show differences.\n","stderrSnippet":"","verdict":"pass","notes":"Verify decision commands"}
{"feature":"crypto-commands.md","tier":"2b","timestamp":"2026-02-13T21:49:35Z","command":"stella crypto --help","exitCode":0,"stdoutSnippet":"Description:\n Cryptographic operations (sign, verify, profiles)\n\nUsage:\n StellaOps.Cli crypto [command] [options]\n\nOptions:\n -?, -h, --help Show help and usage information\n\nCommands:\n sign Sign artifacts using configured crypto provider\n verify Verify signatures using configured crypto provider\n profiles Manage crypto profiles\n plugins Manage crypto plugins\n keys Key management operations (from: sigstore, cosign).\n encrypt Encrypt data with a key or certificate.\n decrypt Decrypt data with a key or certificate.\n hash Compute cryptographic hash of files.\n providers List registered crypto providers and keys.\n","stderrSnippet":"","verdict":"pass","notes":"Verify crypto commands"}
{"feature":"doctor-run.md","tier":"2b","timestamp":"2026-02-13T21:49:40Z","command":"stella doctor run --help","exitCode":0,"stdoutSnippet":"Description:\n Execute diagnostic checks.\n\nUsage:\n StellaOps.Cli doctor run [options]\n\nOptions:\n -f, --format <format> Output format: text (default), json, markdown [default: text]\n -m, --mode <mode> Run mode: quick (fast checks only), normal (default), full (all checks including slow ones)\n -c, --category <category> Filter checks by category (e.g., Core, Database, Security)\n -t, --tag <tag> Filter checks by tag (e.g., quick, connectivity). Can be specified multiple times.\n --check <check> Run a specific check by ID (e.g., check.core.disk)\n -p, --parallel <parallel> Maximum parallel check executions (default: 4)\n --timeout <timeout> Per-check timeout in seconds (default: 30)\n -o, --output <output> Write output to file instead of stdout\n --fail-on-warn Exit with non-zero code on warnings (default: only fail on errors)\n -w, --watch Run in continuous monitoring mode\n --interval <interval> Interval in seconds between checks in watch mode (default: 60)\n -e, --env <env> Target environment for checks (e.g., dev, staging, prod)\n -v, --verbose Enable verbose logging output.\n","stderrSnippet":"","verdict":"pass","notes":"Verify doctor run subcommand"}
{"feature":"config-show.md","tier":"2b","timestamp":"2026-02-13T21:49:46Z","command":"stella config show","exitCode":0,"stdoutSnippet":"Backend URL: <not configured>\nConcelier URL: <not configured>\nAPI Key: <not configured>\nScanner Cache: scanners\nResults Directory: results\nDefault Runner: docker\nAuthority URL: <not configured>\nAuthority Client ID: <not configured>\nAuthority Client Secret: <not configured>\nAuthority Username: <not configured>\nAuthority Password: <not configured>\nAuthority Scope: concelier.jobs.trigger\nAuthority Token Cache: C:\Users\VladimirMoushkov\.stellaops\tokens\n","stderrSnippet":"","verdict":"pass","notes":"Actually run config show"}
{"feature":"version-check.md","tier":"2b","timestamp":"2026-02-13T21:49:52Z","command":"stella --version","exitCode":0,"stdoutSnippet":"1.0.0+9ca2de05dff9c7db11eb49df6d4e47bbfe7a99f6\n","stderrSnippet":"","verdict":"pass","notes":"Verify version output"}
Reference in New Issue View Git Blame Copy Permalink