git.stella-ops.org/docs/cli/triage-cli.md

Triage CLI Reference

Sprint: SPRINT_3600_0001_0001
Task: TRI-MASTER-0008 - Update CLI documentation with offline commands

Overview

The Triage CLI provides commands for vulnerability triage, decision management, and offline workflows. It supports evidence-based decision making and audit-ready replay tokens.

Commands

stellaops triage list

List findings for triage.

stellaops triage list [OPTIONS]

Options

Option	Description	Default
--scan-id <ID>	Filter by scan ID	-
--status <STATUS>	Filter: untriaged, affected, not_affected, wont_fix, false_positive	all
--priority-min <N>	Minimum priority (0-1)	0
--priority-max <N>	Maximum priority (0-1)	1
--sort <FIELD>	Sort: priority, vuln, component, created	priority
--format <FMT>	Output: table, json, csv	table
--limit <N>	Max results	50
--workspace <PATH>	Offline workspace	-

Examples

# List untriaged high-priority findings
stellaops triage list \
  --scan-id scan-12345678 \
  --status untriaged \
  --priority-min 0.7

# Export for review
stellaops triage list \
  --scan-id scan-12345678 \
  --format json > findings.json

stellaops triage show

Show finding details with evidence.

stellaops triage show <FINDING-ID> [OPTIONS]

Options

Option	Description	Default
--show-evidence	Include full evidence	false
--evidence-first	Lead with evidence summary	false
--show-history	Show decision history	false
--format <FMT>	Output: text, json, yaml	text
--workspace <PATH>	Offline workspace	-

Example

# Show with evidence
stellaops triage show CVE-2024-1234 \
  --show-evidence \
  --evidence-first

# Output:
# ═══════════════════════════════════════════
# CVE-2024-1234 · pkg:npm/lodash@4.17.20
# ═══════════════════════════════════════════
#
# EVIDENCE
# ────────
# Reachability: TAINTED_SINK (tier 3/3)
#   └─ api.js:42 → utils.js:15 → lodash/merge
#
# Call Stack:
#   1. api.js:42     handleUserInput()
#   2. utils.js:15   processData()
#   3. lodash:merge  <vulnerable sink>
#
# VEX: No statement
# EPSS: 0.67 (High)
# KEV: No
#
# VULNERABILITY
# ─────────────
# CVE-2024-1234: Prototype Pollution in lodash
# CVSS: 7.5 (High)
# CWE: CWE-1321
#
# STATUS: untriaged

stellaops triage decide

Record a triage decision.

stellaops triage decide <FINDING-ID> [OPTIONS]

Options

Option	Description	Default
--status <STATUS>	Required: affected, not_affected, wont_fix, false_positive	-
--justification <TEXT>	Decision justification	-
--reviewer <NAME>	Reviewer identifier	current user
--vex-emit	Emit VEX statement	false
--workspace <PATH>	Offline workspace	-

Examples

# Mark as not affected
stellaops triage decide CVE-2024-1234 \
  --status not_affected \
  --justification "Feature gated, unreachable in production"

# Mark affected and emit VEX
stellaops triage decide CVE-2024-5678 \
  --status affected \
  --justification "In use, remediation planned" \
  --vex-emit

stellaops triage batch

Interactive batch triage mode.

stellaops triage batch [OPTIONS]

Options

Option	Description	Default
--scan-id <ID>	Scan to triage	-
--query <EXPR>	Filter expression	-
--input <PATH>	Offline bundle	-
--workspace <PATH>	Offline workspace	-

Keyboard Shortcuts

Key	Action
j / ↓	Next finding
k / ↑	Previous finding
a	Mark affected
n	Mark not affected
w	Mark won't fix
f	Mark false positive
e	Show full evidence
g	Show graph context
u	Undo last decision
/	Search findings
?	Show help
q	Save and quit

Example

# Interactive triage
stellaops triage batch \
  --scan-id scan-12345678 \
  --query "priority>=0.5"

stellaops triage export

Export findings for offline triage.

stellaops triage export [OPTIONS]

Options

Option	Description	Default
--scan-id <ID>	Scan to export	required
--findings <IDS>	Specific finding IDs (comma-separated)	-
--all-findings	Export all findings	false
--include-evidence	Include evidence data	true
--include-graph	Include dependency graph	true
--output <PATH>	Output path (.stella.bundle.tgz)	required
--sign	Sign the bundle	true

Example

# Export specific findings
stellaops triage export \
  --scan-id scan-12345678 \
  --findings CVE-2024-1234,CVE-2024-5678 \
  --output triage-bundle.stella.bundle.tgz

stellaops triage import

Import offline bundle for triage.

stellaops triage import [OPTIONS]

Options

Option	Description	Default
--input <PATH>	Bundle path	required
--workspace <PATH>	Target workspace	~/.stellaops/triage
--verify	Verify signature	true
--public-key <PATH>	Public key for verification	-

stellaops triage export-decisions

Export decisions for sync.

stellaops triage export-decisions [OPTIONS]

Options

Option	Description	Default
--workspace <PATH>	Workspace path	required
--output <PATH>	Output path	required
--format <FMT>	Format: json, ndjson	json
--sign	Sign output	true

stellaops triage import-decisions

Import and apply decisions.

stellaops triage import-decisions [OPTIONS]

Options

Option	Description	Default
--input <PATH>	Decisions file	required
--verify	Verify signatures	true
--apply	Apply to server	false
--dry-run	Preview only	false
--conflict-mode <MODE>	Conflict handling: keep-local, keep-server, newest, review	review

stellaops triage verify-bundle

Verify bundle integrity.

stellaops triage verify-bundle [OPTIONS]

Options

Option	Description	Default
--input <PATH>	Bundle path	required
--public-key <PATH>	Public key	required
--strict	Fail on warnings	false

stellaops triage show-token

Display replay token details.

stellaops triage show-token <TOKEN>

stellaops triage verify-token

Verify replay token.

stellaops triage verify-token <TOKEN> [OPTIONS]

Options

Option	Description	Default
--public-key <PATH>	Public key	required

Exit Codes

Code	Meaning
0	Success
1	Findings require attention
10	Invalid arguments
11	Resource not found
20	Verification failed
21	Signature invalid
30	Conflict detected
99	Internal error

Environment Variables

Variable	Description
STELLAOPS_OFFLINE	Enable offline mode
STELLAOPS_TRIAGE_WORKSPACE	Default workspace
STELLAOPS_REVIEWER	Default reviewer name

Related Documentation

• Triage Air-Gap Workflows
• Keyboard Shortcuts
• Triage API Reference