stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
d1cbb905f8ced0103bb9b9545705c61b7c46c6d8
git.stella-ops.org/docs/implplan/SPRINT_202_cli_ii.md
master d1cbb905f8
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
up
2025-11-28 18:21:46 +02:00

7.3 KiB
Raw Blame History

Sprint 202 - Experience & SDKs · 180.A) Cli.II

Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).

[Experience & SDKs] 180.A) Cli.II Depends on: Sprint 180.A - Cli.I Summary: Experience & SDKs focus on Cli (phase II).

Task ID State Task description Owners (Source)
CLI-CORE-41-001 DONE (2025-11-28) Implemented CLI core features: OutputRenderer (json/yaml/table), CliProfile/CliProfileManager (profiles/contexts), CliError/CliErrorCodes (error mapping), GlobalOptions (global flags with --profile, --output, --verbose, --quiet, --no-color, --dry-run). Config precedence already exists in CliBootstrapper. Auth flows already exist via StellaOps.Auth.Client. DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-EXC-25-001 DONE (2025-11-28) Implemented stella exceptions list/show/create/promote/revoke/import/export commands for exception governance. Created ExceptionModels.cs with full models for exception instances, scopes, effects, evidence refs, lifecycle states (draft/staged/active/expired/revoked), and request/response types. Created IExceptionClient.cs interface and ExceptionClient.cs HTTP client with token caching for all CRUD operations plus import/export. Added command handlers with JSON/table output, status-colored rendering, verbose mode with evidence/approval details, and ERR_EXC_* error codes (exit code 16). DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-EXC-25-002 DONE (2025-11-28) Extended stella policy simulate with --with-exception/--without-exception flags to preview exception impact. Added repeatable options for exception IDs, validation to prevent overlapping IDs in both lists, verbose logging of exception preview mode, and OpenTelemetry tracing of exception counts. Updated PolicySimulationInput record with optional WithExceptions/WithoutExceptions fields. Dependencies: CLI-EXC-25-001. DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-EXPORT-35-001 BLOCKED (2025-10-29) Implement `stella export profiles DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-EXPORT-36-001 TODO Add distribution commands (stella export distribute, run download --resume enhancements) and improved status polling with progress bars. Dependencies: CLI-EXPORT-35-001. DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-EXPORT-37-001 TODO Provide scheduling (stella export schedule), retention, and export verify commands performing signature/hash validation. Dependencies: CLI-EXPORT-36-001. DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-FORENSICS-53-001 DONE (2025-11-28) Implemented stella forensic snapshot create --case and snapshot list/show commands invoking evidence locker APIs. Created ForensicSnapshotModels.cs with full document/manifest/artifact models, IForensicSnapshotClient.cs interface, ForensicSnapshotClient.cs HTTP client with token caching, and command handlers in CommandHandlers.cs with JSON/table output. DevEx/CLI Guild, Evidence Locker Guild (src/Cli/StellaOps.Cli)
CLI-FORENSICS-54-001 DONE (2025-11-28) Implemented stella forensic verify <bundle> command validating checksums, DSSE signatures, and timeline chain-of-custody. Created ForensicVerificationModels.cs with verification result models, IForensicVerifier.cs interface, ForensicVerifier.cs with SHA256/384/512 checksum verification, RSA-PSS signature verification, and chain-of-custody timeline validation. Added ERR_FORENSIC_* error codes (exit code 12), JSON/pretty output, and verbose mode with detailed tables. DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli)
CLI-FORENSICS-54-002 DONE (2025-11-28) Implemented stella forensic attest show <artifact> listing attestation details (signer, timestamp, subjects) and verifying signatures. Created AttestationModels.cs with DSSE/in-toto models, IAttestationReader.cs interface, AttestationReader.cs with PAE encoding, RSA-PSS verification, predicate parsing (SLSA/VEX), and rich console output with subject/signature tables. DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli)
CLI-PROMO-70-001 DONE (2025-11-28) Implemented stella promotion assemble command that resolves image digests (via crane/cosign), hashes SBOM/VEX artifacts with format detection (CycloneDX/SPDX, OpenVEX/CSAF), and emits the stella.ops/promotion@v1 JSON payload. Created PromotionModels.cs with full predicate/subject/material/metadata models, IPromotionAssembler.cs interface, PromotionAssembler.cs with image digest resolution, SHA256 file hashing, SBOM/VEX format detection, and JSON output. Command supports --image, --sbom, --vex, --from/--to environment, --actor, --ticket, --notes, --skip-rekor, and --output options. DevEx/CLI Guild, Provenance Guild (src/Cli/StellaOps.Cli)
CLI-DETER-70-003 DONE (2025-11-28) Implemented stella detscore run command that executes the determinism harness locally with fixed clock, seeded RNG, and canonical hashes. Created DeterminismModels.cs with manifest/request/result models per SCAN-DETER-186-010 schema, IDeterminismHarness.cs interface, DeterminismHarness.cs with Docker container execution, SHA256 artifact hashing, score calculation, and threshold verification. Command supports --image, --scanner, --policy-bundle, --feeds-bundle, --runs, --fixed-clock, --rng-seed, --max-concurrency, --memory, --cpuset, --platform, --image-threshold, --overall-threshold, --output-dir, --release, and --json options. Added ERR_DETER_* error codes (exit code 13). DevEx/CLI Guild, Scanner Guild (src/Cli/StellaOps.Cli)
CLI-LNM-22-001 DONE (2025-11-28) Implemented stella advisory obs get/linkset show/export commands with JSON/OSV output, pagination, conflict display, and ERR_AGG_* error code mapping. Added AdvisoryLinksetModels.cs with OSV format support, extended IConcelierObservationsClient with GetLinksetAsync/GetObservationByIdAsync, and added command handlers for all three subcommands. DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-LNM-22-002 DONE (2025-11-28) Implemented stella vex obs get/linkset show commands with product/status/provider filters, pagination, and JSON output for CI usage. Created VexObservationModels.cs with query/response/linkset models, IVexObservationsClient.cs interface, VexObservationsClient.cs HTTP client with VexRead scope, and command handlers with rich table output, conflict detection, and aggregate summaries. DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-NOTIFY-38-001 BLOCKED (2025-10-29) Implement `stella notify rules DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-NOTIFY-39-001 BLOCKED (2025-10-29) Add simulation (stella notify simulate) and digest commands with diff output and schedule triggering, including dry-run mode. Dependencies: CLI-NOTIFY-38-001. DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-NOTIFY-40-001 TODO Provide ack token redemption workflow, escalation management, localization previews, and channel health checks. Dependencies: CLI-NOTIFY-39-001. DevEx/CLI Guild (src/Cli/StellaOps.Cli)
CLI-OBS-50-001 DONE (2025-11-28) Implemented TraceparentHttpMessageHandler that propagates W3C Trace Context headers for all HTTP requests, logs correlation IDs on failure, records trace IDs in verbose logs (scrubbed), and includes AddTraceparentPropagation() extension method for IHttpClientBuilder. DevEx/CLI Guild (src/Cli/StellaOps.Cli)