CLI Verify Command for Attestation Chain Validation

Module

Cli

IMPLEMENTED

CLI verify commands validate attestation chains for images with determinism testing and golden output verification.

Command Group: src/Cli/StellaOps.Cli/Commands/VerifyCommandGroup.cs -- VerifyCommandGroup for stella verify commands
Image Verification: src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyImage.cs -- image verification handlers
Bundle Verification: src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyBundle.cs -- bundle verification handlers
Offline Verification: src/Cli/StellaOps.Cli/Commands/CommandHandlers.VerifyOffline.cs -- offline verification handlers
Image Attestation Verifier: src/Cli/StellaOps.Cli/Services/ImageAttestationVerifier.cs / IImageAttestationVerifier.cs
Tests: src/Cli/__Tests/StellaOps.Cli.Tests/GoldenOutput/VerifyCommandGoldenTests.cs, VerifyCommandGoldenOutputTests.cs, VerifyImageCommandTests.cs, VerifyImageHandlerTests.cs
Commands:
- stella verify attestation <digest> -- verify attestation chain for an artifact
- stella verify image <image> -- verify image attestations
- stella verify bundle <path> -- verify evidence bundle integrity
- stella verify offline <digest> -- offline verification mode
Integration tests: src/Cli/__Tests/StellaOps.Cli.Tests/Integration/VerificationConsolidationTests.cs

Run stella verify attestation sha256:abc123 and verify attestation chain validated
Run stella verify image myregistry/app:v1.0 and verify image attestation check
Run stella verify bundle ./evidence-bundle/ and verify bundle integrity
Run stella verify offline sha256:abc123 and verify offline verification without network
Verify golden output tests pass deterministically
Verify exit code 0 for valid chains, non-zero for broken chains
Verify --format json provides structured verification results