75f6942769
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
- Implemented MigrationCategoryTests to validate migration categorization for startup, release, seed, and data migrations. - Added tests for edge cases, including null, empty, and whitespace migration names. - Created StartupMigrationHostTests to verify the behavior of the migration host with real PostgreSQL instances using Testcontainers. - Included tests for migration execution, schema creation, and handling of pending release migrations. - Added SQL migration files for testing: creating a test table, adding a column, a release migration, and seeding data.
9.0 KiB
9.0 KiB
Sprint 205 - Experience & SDKs · 180.A) Cli.V
BLOCKED Tasks: Before working on BLOCKED tasks, review BLOCKED_DEPENDENCY_TREE.md for root blockers and dependencies.
Active items only. Completed/historic work now resides in docs/implplan/archived/tasks.md (updated 2025-11-08).
[Experience & SDKs] 180.A) Cli.V Depends on: Sprint 180.A - Cli.IV Summary: Experience & SDKs focus on Cli (phase V).
| Task ID | State | Task description | Owners (Source) |
|---|---|---|---|
| CLI-TEN-47-001 | DONE | Implement stella login, whoami, tenants list, persistent profiles, secure token storage, and --tenant override with validation. Completed: auth login/auth whoami existed; tenants list/use/current/clear commands added; TenantProfileStore for persistent profiles at ~/.stellaops/profile.json; global --tenant option with profile fallback; tenant validation against Authority when available. Token storage uses existing file cache at ~/.stellaops/tokens/. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-TEN-49-001 | DONE | Add service account token minting, delegation (stella token delegate), impersonation banner, and audit-friendly logging. Completed: auth token mint and auth token delegate commands; TokenMint/DelegateRequest/Response models; AuthorityConsoleClient extended with MintTokenAsync, DelegateTokenAsync, IntrospectTokenAsync; CheckAndDisplayImpersonationBannerAsync helper for audit-aware impersonation notices. Note: Authority service endpoints (POST /console/token/mint, /delegate, /introspect) need backend implementation. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VEX-30-001 | DONE | Implement stella vex consensus list with filters, paging, policy selection, --json/--csv. Completed: VexModels.cs with request/response records; IBackendOperationsClient.ListVexConsensusAsync; BackendOperationsClient implementation calling GET /api/vex/consensus; BuildVexCommand in CommandFactory.cs with vex consensus list subcommand; HandleVexConsensusListAsync handler with table/JSON/CSV output, tenant resolution via TenantProfileStore, pagination support. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VEX-30-002 | DONE | Implement stella vex consensus show displaying quorum, evidence, rationale, signature status. Dependencies: CLI-VEX-30-001. Completed: VexConsensusDetailResponse with quorum/rationale/signature/evidence models; IBackendOperationsClient.GetVexConsensusAsync; BackendOperationsClient implementation calling GET /api/vex/consensus/{vulnId}/{productKey}; vex consensus show subcommand in CommandFactory.cs; HandleVexConsensusShowAsync handler with rich Spectre.Console formatted output including panels and tables for all sections. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VEX-30-003 | DONE | Implement stella vex simulate for trust/threshold overrides with JSON diff output. Dependencies: CLI-VEX-30-002. Completed: VexSimulationRequest/Response models with TrustOverrides, ThresholdOverride, QuorumOverride, ExcludeProviders; SimulateVexConsensusAsync interface and implementation calling POST /api/vex/consensus/simulate; vex simulate command with --trust provider=weight, --threshold, --quorum, --exclude, --include-only, --changed-only options; HandleVexSimulateAsync handler with before/after diff table and summary panel. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VEX-30-004 | DONE | Implement stella vex export for consensus NDJSON bundles with signature verification helper. Dependencies: CLI-VEX-30-003. Completed: VexExportRequest/Response models with format, signed, filter options; VexExportVerifyRequest/Result for local verification; IBackendOperationsClient.ExportVexConsensusAsync (POST /api/vex/consensus/export) and DownloadVexExportAsync (GET /api/vex/consensus/export/{exportId}); vex export command with --vuln-id, --product-key, --purl, --status, --output, --unsigned filters; vex export verify subcommand with --expected-digest and --public-key for local digest/signature verification; HandleVexExportAsync handler with download and progress display; HandleVexVerifyAsync for offline verification with SHA-256 digest calculation. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VULN-29-001 | DONE | Implement stella vuln list with grouping, paging, filters, --json/--csv, and policy selection. Completed: VulnModels.cs with VulnListRequest/Response, VulnItem, VulnSeverityInfo, VulnAffectedPackage, VulnGroupingInfo, VulnGroup and all models for CLI-VULN-29-002 through CLI-VULN-29-005; IBackendOperationsClient extended with ListVulnerabilitiesAsync, GetVulnerabilityAsync, ExecuteVulnWorkflowAsync, SimulateVulnerabilitiesAsync, ExportVulnerabilitiesAsync, DownloadVulnExportAsync; BackendOperationsClient HTTP implementations calling GET/POST /api/vuln/*; vuln list command with --vuln-id, --severity, --status, --purl, --cpe, --sbom-id, --policy-id, --policy-version, --group-by, --limit, --offset, --cursor, --tenant, --json, --csv options; HandleVulnListAsync handler with grouped and individual table output, CSV output, color-coded severity/status display. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VULN-29-002 | DONE | Implement stella vuln show displaying evidence, policy rationale, paths, ledger summary; support --json for automation. Dependencies: CLI-VULN-29-001. Completed: vuln show subcommand with vulnerability-id argument, --tenant, --json, --verbose options; HandleVulnShowAsync handler; RenderVulnDetail helper with Spectre.Console panels and tables for: header (ID, status, severity, VEX, aliases, assignee, dates), description, affected packages table, policy rationale panel with rules, evidence table, dependency paths, workflow ledger history table, references list. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VULN-29-003 | DONE | Add workflow commands (assign, comment, accept-risk, verify-fix, target-fix, reopen) with filter selection (--filter) and idempotent retries. Dependencies: CLI-VULN-29-002. Completed: Six workflow subcommands under vuln command: assign <assignee>, comment <text>, accept-risk <justification> [--due-date], verify-fix <fix-version>, target-fix <version> [--due-date], reopen <comment>. All commands share common options: --vuln-id (multi-value), --filter-severity, --filter-status, --filter-purl, --filter-sbom for bulk operations; --tenant, --idempotency-key for retries, --json for automation. HandleVulnWorkflowAsync handler builds VulnWorkflowRequest with action-specific fields, calls ExecuteVulnWorkflowAsync (POST /api/vuln/workflow), renders success/error table with affected counts. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VULN-29-004 | DONE | Implement stella vuln simulate producing delta summaries and optional Markdown report for CI. Dependencies: CLI-VULN-29-003. Completed: vuln simulate subcommand with --policy-id, --policy-version, --vex-override vulnId=status (multi), --severity-threshold, --sbom-id (multi), --markdown, --changed-only, --output (file), --tenant, --json options; HandleVulnSimulateAsync handler parsing VEX overrides into Dictionary, building VulnSimulationRequest, calling SimulateVulnerabilitiesAsync (POST /api/vuln/simulate); output includes simulation summary panel (total/changed/upgrades/downgrades/nochange), delta table with before/after status and change indicator (UPGRADE/DOWNGRADE), optional Markdown report to file or console for CI integration. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VULN-29-005 | DONE | Add stella vuln export and stella vuln bundle verify commands to trigger/download evidence bundles and verify signatures. Dependencies: CLI-VULN-29-004. Completed: vuln export command with --vuln-id (multi), --sbom-id (multi), --policy-id, --format (ndjson/json), --include-evidence, --include-ledger, --signed (defaults true), --output (required), --tenant options; HandleVulnExportAsync handler calling ExportVulnerabilitiesAsync (POST /api/vuln/export) and DownloadVulnExportAsync to stream bundle to file; output displays item count, format, signature info, digest; vuln export verify subcommand with file argument, --expected-digest, --public-key options; HandleVulnExportVerifyAsync performs SHA-256 digest calculation, optional signature file detection (.sig), renders verification panel with pass/fail status. |
DevEx/CLI Guild (src/Cli/StellaOps.Cli) |
| CLI-VULN-29-006 | DONE | Update CLI docs/examples for Vulnerability Explorer with compliance checklist and CI snippets. Dependencies: CLI-VULN-29-005. Completed: Created docs/modules/cli/guides/vuln-explorer-cli.md with comprehensive documentation covering: Prerequisites (scopes, connectivity); vuln list with filters, grouping, pagination, --json/--csv; vuln show with all output sections; Workflow commands (assign, comment, accept-risk, verify-fix, target-fix, reopen) with idempotency support; vuln simulate for policy/VEX delta analysis with CI Markdown output; vuln export and export verify for compliance bundles; Exit codes table; Compliance checklist (inventory, SLA, risk acceptance audit, evidence bundles); CI pipeline snippets for GitHub Actions, GitLab CI, Jenkins; Offline operation guidance. | DevEx/CLI Guild, Docs Guild (src/Cli/StellaOps.Cli) |