Function Map CLI

Module

Cli

Status

VERIFIED

Description

Runtime linkage verification workflow: generate function_map predicates from SBOMs defining expected runtime call paths and hot functions, then verify actual runtime observations against the map with DSSE signing and Rekor attestation.

Implementation Details

Command Group: src/Cli/StellaOps.Cli/Commands/FunctionMap/FunctionMapCommandGroup.cs -- FunctionMapCommandGroup
Commands:
- stella function-map generate <sbom> -- generate function_map predicate from SBOM
- stella function-map verify <map> --observations <file> -- verify runtime observations against function map
- stella function-map sign <map> -- DSSE-sign the function map
- stella function-map attest <map> -- submit function map to Rekor
Proof Commands: src/Cli/StellaOps.Cli/Commands/Proof/FuncProofCommandGroup.cs -- function proof generation
Proof Handlers: src/Cli/StellaOps.Cli/Commands/Proof/FuncProofCommandHandlers.cs -- function proof handlers

E2E Test Plan

Run stella function-map generate ./sbom.json and verify function_map predicate generated
Run stella function-map verify ./map.json --observations ./runtime.json and verify verification results
Verify mismatch detection when runtime observations differ from expected map
Run stella function-map sign ./map.json and verify DSSE signing
Run stella function-map attest ./map.json and verify Rekor submission
Verify --format json output

Verification

Verified: 2026-02-13T15:30:00Z
Tier 0 (Source): pass -- all referenced source files exist on disk
Tier 1 (Build): pass -- module builds cleanly, 339 tests pass in StellaOps.Cli.Plugins.Tests
Tier 2d (Integration): pass -- targeted integration tests confirm behavioral correctness
Test Project: src/Cli/__Tests/StellaOps.Cli.Plugins.Tests/StellaOps.Cli.Plugins.Tests.csproj
Evidence: docs/qa/feature-checks/runs/cli/function-map-cli/run-001/tier2-integration-check.json

2.0 KiB Raw Blame History