git.stella-ops.org/docs/features/unchecked/cli/determinism-hash-signature-verification-in-ui.md

Determinism Hash / Signature Verification in UI

Module

Cli

Status

IMPLEMENTED

Description

Proofs and proof-studio UI features exist for browsing proof artifacts. Bundle verification exists in CLI. Full inline determinism hash and signature verification status display in the compare view may be partially wired up.

What's Implemented

• Bundle Verification CLI: src/Cli/StellaOps.Cli/Commands/BundleVerifyCommand.cs -- BundleVerifyCommand (static class)
  • Sprint: SPRINT_20260118_018_AirGap_router_integration (TASK-018-003)
  • Implements stella bundle verify --bundle <path> [--trust-root <pem>] [--rekor-checkpoint <path>]
  • Full cryptographic verification: checksums, DSSE signatures, Rekor proofs
  • Uses StellaOps.Attestor.Core.Signing, StellaOps.Cryptography
• Compare Command: src/Cli/StellaOps.Cli/Commands/Compare/CompareCommandBuilder.cs -- compare with --base and --target digests
• Verdict Verification: src/Cli/StellaOps.Cli/Commands/VerdictCommandGroup.cs -- stella verdict verify <ref> with --sbom-digest, --feeds-digest, --policy-digest, --decision verification
• Proof Command Group: src/Cli/StellaOps.Cli/Commands/Proof/ProofCommandGroup.cs -- proof browsing and verification

What's Missing

• Inline verification status in compare view: The Web UI compare view does not display per-artifact hash verification status alongside diff results
• Signature verification badges in UI: No visual badge/icon showing DSSE signature verification pass/fail for each evidence artifact in the proof studio
• Live re-verification: No "re-verify now" button in UI that triggers determinism hash recomputation against stored evidence
• Determinism score integration: CLI stella determinism score report not linked to compare view

Implementation Plan

• Add verification status column to Web UI compare view showing per-artifact hash match status
• Add DSSE signature verification badge component to proof-studio evidence browser
• Wire BundleVerifyCommand logic as a service callable from Web UI API
• Add "verify" action button in proof-studio that triggers re-verification and displays results inline
• Integrate determinism score into compare view header

Related Documentation

• Bundle verification: src/Cli/StellaOps.Cli/Commands/BundleVerifyCommand.cs
• Verdict verification: src/Cli/StellaOps.Cli/Commands/VerdictCommandGroup.cs
• Compare: src/Cli/StellaOps.Cli/Commands/Compare/CompareCommandBuilder.cs