CLI Guide · Graph & Vulnerability

Status: Draft (2025-11-26) — reflects current Graph API surface; Vuln API pending (see docs/api/vuln.md).

Prereqs

stellaops-cli built from current repo.
Auth token with scopes: graph:read, graph:query, graph:export (and vuln:read when Vuln API lands).
Tenant header is required for all calls (--tenant).

Commands

Search graph

stella graph search \
  --tenant acme \
  --kinds component \
  --query "pkg:npm/" \
  --limit 20 \
  --format ndjson

Outputs NDJSON tiles (node, optional cursor).

Query graph with budgets

stella graph query \
  --tenant acme \
  --kinds component \
  --query widget \
  --include-edges \
  --budget-tiles 200 \
  --budget-nodes 150 \
  --budget-edges 100 \
  --format ndjson

Returns nodes/edges/stats/cursor with cost metadata. If edge budget is exceeded, an error tile with GRAPH_BUDGET_EXCEEDED is returned.

Paths

stella graph paths \
  --tenant acme \
  --source gn:acme:component:one \
  --target gn:acme:component:two \
  --max-depth 4 \
  --include-edges \
  --format ndjson

Diff snapshots

stella graph diff \
  --tenant acme \
  --snapshot-a snapA \
  --snapshot-b snapB \
  --include-edges \
  --format ndjson

Export graph

stella graph export \
  --tenant acme \
  --format ndjson \
  --include-edges \
  --kinds component \
  --query "pkg:npm/" \
  --out graph-export.ndjson

Manifest is returned with jobId, sha256, size, and download URL; CLI downloads to --out.

Vuln lookup (placeholder)

Pending Vuln Explorer API; for now use graph search/query to inspect impacted components. See docs/api/vuln.md.

Exit codes

0 success
2 validation error (missing kinds/tenant/scopes)
3 budget exceeded (error tile received)
4 network/auth failure

Tips

Add --format table (when available) for quick summaries; default is NDJSON.
Use --cursor from a previous call to page results.
To sample overlays, pass --include-overlays (budget permitting).

2.0 KiB Raw Blame History