838257245a
Closes the last open task in SPRINT_20260422_003. Persisted operator
enablement is now separated from runtime readiness so credential-gated
sources can show an explicit blocked state instead of collapsing into a
generic failed/disabled shape.
Readiness model:
- new SourceReadiness constants class: Disabled | Unsupported | Blocked | Ready
- ConfiguredAdvisorySourceStatus gains Readiness + BlockedReason alongside
existing SyncState (kept as backward-compatible alias)
- enabled = persisted operator intent (untouched)
- readiness = blocked when persisted-enabled and credentials/URIs missing
- blockedReason = free-form list of missing fields
- blockingReason.errorCode = SOURCE_CONFIG_REQUIRED for structured drill-down
Endpoint propagation:
- /status: persisted enabled=true kept; readiness=blocked; readyForSync=false
- /{id}/enable: 200 with readiness=blocked; sourceRegistry left disabled
until credentials land (pre-existing behaviour retained)
- /{id}/sync: 422 readiness=blocked + SOURCE_CONFIG_REQUIRED;
**connector never invoked**, no job run created
- /sync (batch): per-result outcome=blocked with readiness/errorCode/
blockedReason; excluded from totalTriggered; other sources proceed
- Transition: PUT /{id}/configuration with missing credential →
runtimeOptionsInvalidator.Invalidate → next /status flips to ready.
No disable/re-enable cycle needed.
Tests: 8 targeted xUnit methods via scripts/test-targeted-xunit.ps1,
8/8 pass. Includes: blocked status exposure, blocked-to-ready transition
on persisted credential, connector-not-invoked-when-blocked, plus 4
pre-existing SRC-CREDS-002 regression tests.
Docs:
- docs/modules/concelier/connectors.md — new "Blocked / sleeping
readiness state" section with field contract, per-endpoint behaviour
table, UI/CLI rendering guidance, resolution flow
- docs/modules/cli/guides/commands/db.md — short note under
`db connectors configure` cross-linking the connectors.md contract
Sprint SPRINT_20260422_003 archived — all 5 tasks DONE.
New fields are additive; existing UI types in
source-management.api.ts ignore unknown fields so no UI breakage. A
future FE pass can wire explicit readiness/blockedReason rendering.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
StellaOps CLI
The stella CLI is the operator-facing Swiss army knife for scans, exports, policy management, offline kit operations, and automation scripting.
Responsibilities
- Deliver deterministic verbs for scan, diff, export, policy, and observability operations.
- Handle interactive and non-interactive authentication via Authority (seeded human username/password bootstrap, client credentials for automation).
- Support offline kit workflows including bundle verification and seed installation.
- Expose JSON outputs suitable for CI parity and golden tests.
Key components
StellaOps.Clinative AOT host.- Shared helpers in
StellaOps.Cli.Core. - Restart-time plug-ins under
StellaOps.Cli.Plugins.*.
Integrations & dependencies
- Authority for token exchange.
- Backend APIs (Scanner, Policy, Export Center, Notify).
- Offline kit bundles and local keychain/DPoP storage.
Operational notes
- Deterministic output fixtures under
src/Cli/StellaOps.Cli.Tests. - Versioned command docs in
docs/modules/cli/guides. - Plugin catalogue in
plugins/cli/**(restart-only).
Related resources
- ./guides/20_REFERENCE.md
- ./guides/cli-reference.md
- ./guides/commands/analytics.md
- ./guides/policy.md
- ./guides/trust-profiles.md
Backlog references
- DOCS-CLI-OBS-52-001 / DOCS-CLI-FORENSICS-53-001 in ../../TASKS.md.
- CLI-CORE-41-001 epic in
src/Cli/StellaOps.Cli/TASKS.md.
Current workstreams (Q4 2025)
- Active docs sprint:
docs/implplan/SPRINT_0316_0001_0001_docs_modules_cli.md— normalised sprint naming, doc sync, and upcoming ops/runbook refresh.
Epic alignment
- Epic 2 – Policy Engine & Editor: deliver deterministic policy authoring, simulation, and explain verbs.
- Epic 4 – Policy Studio: integrate registry/promotion workflows, approvals, and lint tooling.
- Epic 6 – Vulnerability Explorer: surface triage and ledger operations.
- Epic 10 – Export Center: orchestrate export requests, verification, and Offline Kit automation.
- Epic 11 – Notifications Studio: manage notification authoring/previews from the command line.
Implementation Status
Epic Milestones:
- Epic 2 (Policy Engine & Editor) – Deliver deterministic policy verbs, simulation, and explain outputs
- Epic 4 (Policy Studio) – Add registry/promotion workflows, lint tooling, and approvals UX
- Epic 6 (Vulnerability Explorer) – Integrate ledger/triage operations
- Epic 10 (Export Center) – Automate export verification and Offline Kit flows
- Epic 11 (Notifications Studio) – Manage rule/channel authoring and previews via CLI
Key Responsibilities:
- Deterministic verbs for scan, diff, export, policy, and observability operations
- Interactive and non-interactive authentication via Authority (seeded human username/password bootstrap, client credentials for automation)
- Offline kit workflows including bundle verification and seed installation
- JSON outputs suitable for CI parity and golden tests
Operational Focus:
- Maintain deterministic output fixtures and versioned command documentation
- Support plugin catalogue for restart-only extensions
- Keep documentation aligned with active sprint outcomes