docs: update CLI and helm reference for v2.17.7

.gitignore

@@ -1,3 +1,4 @@
 .vscode/
 .claude/settings.local.json
 tmp/
+__pycache__/

client_reference/kosli.md

@@ -24,7 +24,7 @@ Setting the API token to DRY_RUN sets the --dry-run flag.
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -h, --help  |  help for kosli  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 

client_reference/kosli_allow_artifact.md

@@ -11,7 +11,7 @@ description: "Add an artifact to an environment's allowlist.  "
 kosli allow artifact [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]
 ```
 
-Add an artifact to an environment's allowlist.  
+Add an artifact to an environment's allowlist.
 
 The artifact fingerprint can be provided directly with the `--fingerprint` flag, or
 calculated based on `--artifact-type` flag.
@@ -48,7 +48,7 @@ registry without needing a local Docker daemon.
 |    -c, --config-file string  |  [optional] The Kosli config file path. (default "kosli")  |
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 

client_reference/kosli_archive_attestation-type.md

@@ -29,19 +29,19 @@ New custom attestations using this type cannot be made, but existing attestation
 |    -c, --config-file string  |  [optional] The Kosli config file path. (default "kosli")  |
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 
 
 ## Examples Use Cases
 
-These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables). 
+These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
 
 <AccordionGroup>
 <Accordion title="archive a Kosli custom attestation type">
 ```shell
-kosli archive attestation-type yourAttestationTypeName 
+kosli archive attestation-type yourAttestationTypeName
 ```
 </Accordion>
 </AccordionGroup>

client_reference/kosli_archive_environment.md

@@ -29,19 +29,19 @@ The environment will no longer be visible in list of environments, data is still
 |    -c, --config-file string  |  [optional] The Kosli config file path. (default "kosli")  |
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 
 
 ## Examples Use Cases
 
-These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables). 
+These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
 
 <AccordionGroup>
 <Accordion title="archive a Kosli environment">
 ```shell
-kosli archive environment yourEnvironmentName 
+kosli archive environment yourEnvironmentName
 ```
 </Accordion>
 </AccordionGroup>

client_reference/kosli_archive_flow.md

@@ -29,19 +29,19 @@ The flow will no longer be visible in list of flows, data is still stored in the
 |    -c, --config-file string  |  [optional] The Kosli config file path. (default "kosli")  |
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 
 
 ## Examples Use Cases
 
-These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables). 
+These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
 
 <AccordionGroup>
 <Accordion title="archive a Kosli flow">
 ```shell
-kosli archive flow yourFlowName 
+kosli archive flow yourFlowName
 ```
 </Accordion>
 </AccordionGroup>

client_reference/kosli_assert_approval.md

@@ -11,8 +11,8 @@ description: "Assert an artifact in Kosli has been approved for deployment.  "
 kosli assert approval [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]
 ```
 
-Assert an artifact in Kosli has been approved for deployment.  
-Exits with non-zero code if the artifact has not been approved.  
+Assert an artifact in Kosli has been approved for deployment.
+Exits with non-zero code if the artifact has not been approved.
 
 The artifact fingerprint can be provided directly with the `--fingerprint` flag, or
 calculated based on `--artifact-type` flag.
@@ -48,27 +48,27 @@ registry without needing a local Docker daemon.
 |    -c, --config-file string  |  [optional] The Kosli config file path. (default "kosli")  |
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 
 
 ## Examples Use Cases
 
-These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables). 
+These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
 
 <AccordionGroup>
 <Accordion title="Assert that a file type artifact has been approved">
 ```shell
-kosli assert approval FILE.tgz 
-	--artifact-type file 
+kosli assert approval FILE.tgz
+	--artifact-type file
 
 
 ```
 </Accordion>
 <Accordion title="Assert that an artifact with a provided fingerprint (sha256) has been approved">
 ```shell
-kosli assert approval 
+kosli assert approval
 	--fingerprint yourArtifactFingerprint
 ```
 </Accordion>

client_reference/kosli_assert_artifact.md

@@ -2,7 +2,7 @@
 title: "kosli assert artifact"
 beta: false
 deprecated: false
-description: "Assert the compliance status of an artifact in Kosli. 
+description: "Assert the compliance status of an artifact in Kosli.
 There are three ways to choose what to assert against:
 
 1. Against an environment. When `--environment` is specified,
@@ -15,7 +15,7 @@ asserts against all poli..."
 kosli assert artifact [IMAGE-NAME | FILE-PATH | DIR-PATH] [flags]
 ```
 
-Assert the compliance status of an artifact in Kosli. 
+Assert the compliance status of an artifact in Kosli.
 There are three ways to choose what to assert against:
 
 1. Against an environment. When `--environment` is specified,
@@ -58,7 +58,7 @@ non-zero code if non-compliant status.
 |    -c, --config-file string  |  [optional] The Kosli config file path. (default "kosli")  |
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 
@@ -80,38 +80,38 @@ non-zero code if non-compliant status.
 
 ## Examples Use Cases
 
-These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables). 
+These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
 
 <AccordionGroup>
 <Accordion title="assert that an artifact meets all compliance requirements for an environment">
 ```shell
-kosli assert artifact 
-	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0 
-	--environment prod 
+kosli assert artifact
+	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0
+	--environment prod
 
 ```
 </Accordion>
 <Accordion title="assert that an artifact meets a set of policies">
 ```shell
-kosli assert artifact 
-	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0 
-	--policy has-approval,has-been-integration-tested 
+kosli assert artifact
+	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0
+	--policy has-approval,has-been-integration-tested
 
 ```
 </Accordion>
 <Accordion title="fail if an artifact has a non-compliant status in a single flow (using the artifact fingerprint)">
 ```shell
 export KOSLI_FLOW=yourFlowName
-kosli assert artifact 
-	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0 
+kosli assert artifact
+	--fingerprint 184c799cd551dd1d8d5c5f9a5d593b2e931f5e36122ee5c793c1d08a19839cc0
 
 ```
 </Accordion>
 <Accordion title="fail if an artifact has a non-compliant status in any flow (using the artifact name and type)">
 ```shell
 unset KOSLI_FLOW
-kosli assert artifact library/nginx:1.21 
-	--artifact-type docker 
+kosli assert artifact library/nginx:1.21
+	--artifact-type docker
 ```
 </Accordion>
 </AccordionGroup>

client_reference/kosli_assert_pullrequest_azure.md

@@ -11,20 +11,20 @@ description: "Assert an Azure DevOps pull request for a git commit exists.  "
 kosli assert pullrequest azure [flags]
 ```
 
-Assert an Azure DevOps pull request for a git commit exists.  
-The command exits with non-zero exit code 
+Assert an Azure DevOps pull request for a git commit exists.
+The command exits with non-zero exit code
 if no pull requests were found for the commit.
 
 ## Flags
 | Flag | Description |
 | :--- | :--- |
-|        --azure-org-url string  |  Azure organization url. E.g. "https://dev.azure.com/myOrg" (defaulted if you are running in Azure Devops pipelines: [docs](/ci-defaults) ).  |
+|        --azure-org-url string  |  Azure organization url. E.g. `https://dev.azure.com/myOrg` (defaulted if you are running in Azure Devops pipelines: [docs](/integrations/ci_cd) ).  |
 |        --azure-token string  |  Azure Personal Access token.  |
-|        --commit string  |  Git commit for which to find pull request evidence. (defaulted in some CIs: [docs](/ci-defaults) ). (default "HEAD")  |
+|        --commit string  |  Git commit for which to find pull request evidence. (defaulted in some CIs: [docs](/integrations/ci_cd) ). (default "HEAD")  |
 |    -D, --dry-run  |  [optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.  |
 |    -h, --help  |  help for azure  |
-|        --project string  |  Azure project.(defaulted if you are running in Azure Devops pipelines: [docs](/ci-defaults) ).  |
-|        --repository string  |  Git repository. (defaulted in some CIs: [docs](/ci-defaults) ).  |
+|        --project string  |  Azure project.(defaulted if you are running in Azure Devops pipelines: [docs](/integrations/ci_cd) ).  |
+|        --repository string  |  Git repository. (defaulted in some CIs: [docs](/integrations/ci_cd) ).  |
 
 
 ## Flags inherited from parent commands
@@ -34,14 +34,14 @@ if no pull requests were found for the commit.
 |    -c, --config-file string  |  [optional] The Kosli config file path. (default "kosli")  |
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 
 
 ## Examples Use Cases
 
-These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables). 
+These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
 
 ```shell
 kosli assert pullrequest azure \

client_reference/kosli_assert_pullrequest_bitbucket.md

@@ -11,21 +11,21 @@ description: "Assert a Bitbucket pull request for a git commit exists.  "
 kosli assert pullrequest bitbucket [flags]
 ```
 
-Assert a Bitbucket pull request for a git commit exists.  
+Assert a Bitbucket pull request for a git commit exists.
 The command exits with non-zero exit code if no pull requests were found for the commit.
 Authentication to Bitbucket can be done with access token (recommended) or app passwords. Credentials need to have read access for both repos and pull requests.
 
 ## Flags
 | Flag | Description |
 | :--- | :--- |
-|        --bitbucket-access-token string  |  Bitbucket repo/project/workspace access token. See https://developer.atlassian.com/cloud/bitbucket/rest/intro/#access-tokens for more details.  |
-|        --bitbucket-password string  |  Bitbucket App password. See https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication for more details.  |
+|        --bitbucket-access-token string  |  Bitbucket repo/project/workspace access token. See [Bitbucket access tokens](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#access-tokens) for more details.  |
+|        --bitbucket-password string  |  Bitbucket App password. See [Bitbucket authentication](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication) for more details.  |
 |        --bitbucket-username string  |  Bitbucket username. Only needed if you use --bitbucket-password  |
 |        --bitbucket-workspace string  |  Bitbucket workspace ID.  |
-|        --commit string  |  Git commit for which to find pull request evidence. (defaulted in some CIs: [docs](/ci-defaults) ). (default "HEAD")  |
+|        --commit string  |  Git commit for which to find pull request evidence. (defaulted in some CIs: [docs](/integrations/ci_cd) ). (default "HEAD")  |
 |    -D, --dry-run  |  [optional] Run in dry-run mode. When enabled, no data is sent to Kosli and the CLI exits with 0 exit code regardless of any errors.  |
 |    -h, --help  |  help for bitbucket  |
-|        --repository string  |  Git repository. (defaulted in some CIs: [docs](/ci-defaults) ).  |
+|        --repository string  |  Git repository. (defaulted in some CIs: [docs](/integrations/ci_cd) ).  |
 
 
 ## Flags inherited from parent commands
@@ -35,14 +35,14 @@ Authentication to Bitbucket can be done with access token (recommended) or app p
 |    -c, --config-file string  |  [optional] The Kosli config file path. (default "kosli")  |
 |        --debug  |  [optional] Print debug logs to stdout. A boolean flag [docs](/faq/#boolean-flags) (default false)  |
 |    -H, --host string  |  [defaulted] The Kosli endpoint. (default "https://app.kosli.com")  |
-|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. 'http://proxy-server-ip:proxy-port'  |
+|        --http-proxy string  |  [optional] The HTTP proxy URL including protocol and port number. e.g. `http://proxy-server-ip:proxy-port`  |
 |    -r, --max-api-retries int  |  [defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)  |
 |        --org string  |  The Kosli organization.  |
 
 
 ## Examples Use Cases
 
-These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables). 
+These examples all assume that the flags  `--api-token`, `--org`, `--host`, (and `--flow`, `--trail` when required), are [set/provided](/getting_started/install/#assigning-flags-via-environment-variables).
 
 ```shell
 kosli assert pullrequest bitbucket  \