35 lines
1.7 KiB
Markdown
35 lines
1.7 KiB
Markdown
# Policy Publish and Sign CLI
|
|
|
|
## Module
|
|
Cli
|
|
|
|
## Status
|
|
VERIFIED
|
|
|
|
## Description
|
|
Publish approved policy revisions with optional cryptographic signing using configurable algorithm (ecdsa-sha256, ed25519) and key ID selection.
|
|
|
|
## Implementation Details
|
|
- **Command Group**: `src/Cli/StellaOps.Cli/Commands/PolicyCommandGroup.cs` -- policy publish commands
|
|
- **Sign Commands**: `src/Cli/StellaOps.Cli/Commands/SignCommandGroup.cs` -- signing operations
|
|
- **Command Handlers**: `src/Cli/StellaOps.Cli/Commands/CommandHandlers.Sign.cs` -- signing handlers
|
|
- **Commands**:
|
|
- `stella policy publish <file>` -- publish approved policy revision. Options: `--sign`, `--algorithm ecdsa-sha256|ed25519`, `--key-id <id>`
|
|
|
|
## E2E Test Plan
|
|
- [ ] Run `stella policy publish ./policy.stella` and verify policy published
|
|
- [ ] Run with `--sign --algorithm ecdsa-sha256` and verify DSSE-signed publication
|
|
- [ ] Run with `--sign --algorithm ed25519 --key-id <id>` and verify Ed25519 signing
|
|
- [ ] Verify published policy is retrievable via `stella policy show`
|
|
- [ ] Verify signing key selection with `--key-id`
|
|
- [ ] Verify error when trying to publish unapproved policy
|
|
|
|
## Verification
|
|
|
|
- **Verified**: 2026-02-13T15:30:00Z
|
|
- **Tier 0 (Source)**: pass -- all referenced source files exist on disk
|
|
- **Tier 1 (Build)**: pass -- module builds cleanly, 412 tests pass in StellaOps.Cli.Commands.Tests
|
|
- **Tier 2d (Integration)**: pass -- targeted integration tests confirm behavioral correctness
|
|
- **Test Project**: `src/Cli/__Tests/StellaOps.Cli.Commands.Tests/StellaOps.Cli.Commands.Tests.csproj`
|
|
- **Evidence**: `docs/qa/feature-checks/runs/cli/policy-publish-and-sign-cli/run-001/tier2-integration-check.json`
|