From 8b2e47ecf6f6465d7ea73b4cdd25fa0b420ae2f7 Mon Sep 17 00:00:00 2001
From: Dave Waltermire <david.waltermire@gsa.gov>
Date: Sun, 9 Jun 2024 11:41:58 -0400
Subject: [PATCH] Refactored CLI commands to simplify the command pathways for
 conversion, profile resolution, and validations to make these commands more
 CI/CD friendly.

---
 .../secauto/oscal/tools/cli/core/CLI.java     |   6 +
 .../AbstractOscalConvertSubcommand.java       |  26 +-
 .../AbstractOscalValidationSubcommand.java    |  11 +-
 .../core/commands/AbstractResolveCommand.java | 322 ++++++++++++++++++
 .../cli/core/commands/ConvertCommand.java     |  98 ++++++
 .../cli/core/commands/ResolveCommand.java     |  41 +++
 .../cli/core/commands/ValidateCommand.java    |  71 ++++
 .../assessmentplan/ConvertSubcommand.java     |   2 +-
 .../assessmentplan/ValidateSubcommand.java    |   4 +-
 .../assessmentresults/ConvertSubcommand.java  |   2 +-
 .../assessmentresults/ValidateSubcommand.java |   4 +-
 .../commands/catalog/ConvertSubcommand.java   |   2 +-
 .../commands/catalog/ValidateSubcommand.java  |   4 +-
 .../ConvertSubcommand.java                    |   2 +-
 .../ValidateSubcommand.java                   |   4 +-
 ...ctDeprecatedOscalValidationSubcommand.java |  65 ++++
 .../core/commands/poam/ConvertSubcommand.java |   2 +-
 .../commands/poam/ValidateSubcommand.java     |   4 +-
 .../commands/profile/ConvertSubcommand.java   |   2 +-
 .../commands/profile/ResolveSubcommand.java   | 291 +---------------
 .../commands/profile/ValidateSubcommand.java  |   4 +-
 .../core/commands/ssp/ConvertSubcommand.java  |   2 +-
 .../core/commands/ssp/ValidateSubcommand.java |   4 +-
 src/main/resources/log4j2.xml                 |  20 +-
 .../secauto/oscal/tools/cli/core/CLITest.java |  68 +++-
 .../core/commands/Issue96ClassLoaderTest.java |   2 -
 26 files changed, 742 insertions(+), 321 deletions(-)
 rename src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/{oscal => }/AbstractOscalConvertSubcommand.java (75%)
 rename src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/{oscal => }/AbstractOscalValidationSubcommand.java (92%)
 create mode 100644 src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractResolveCommand.java
 create mode 100644 src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java
 create mode 100644 src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ResolveCommand.java
 create mode 100644 src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ValidateCommand.java
 create mode 100644 src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractDeprecatedOscalValidationSubcommand.java

diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java
index fecc835..31208f5 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/CLI.java
@@ -34,6 +34,9 @@
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.LibOscalVersion;
 import gov.nist.secauto.oscal.lib.OscalVersion;
+import gov.nist.secauto.oscal.tools.cli.core.commands.ConvertCommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.ResolveCommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.ValidateCommand;
 import gov.nist.secauto.oscal.tools.cli.core.commands.assessmentplan.AssessmentPlanCommand;
 import gov.nist.secauto.oscal.tools.cli.core.commands.assessmentresults.AssessmentResultsCommand;
 import gov.nist.secauto.oscal.tools.cli.core.commands.catalog.CatalogCommand;
@@ -75,6 +78,9 @@ public static ExitStatus runCli(String... args) {
     processor.addCommandHandler(new AssessmentResultsCommand());
     processor.addCommandHandler(new PlanOfActionsAndMilestonesCommand());
     processor.addCommandHandler(new MetaschemaCommand());
+    processor.addCommandHandler(new ValidateCommand());
+    processor.addCommandHandler(new ConvertCommand());
+    processor.addCommandHandler(new ResolveCommand());
     return processor.process(args);
   }
 
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java
similarity index 75%
rename from src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java
rename to src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java
index 43b9f38..926fbe8 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalConvertSubcommand.java
@@ -24,20 +24,31 @@
  * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
  */
 
-package gov.nist.secauto.oscal.tools.cli.core.commands.oscal;
+package gov.nist.secauto.oscal.tools.cli.core.commands;
 
 import gov.nist.secauto.metaschema.cli.commands.AbstractConvertSubcommand;
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
+import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
 import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
 import gov.nist.secauto.metaschema.databind.IBindingContext;
+import gov.nist.secauto.metaschema.databind.io.Format;
+import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
 
 import org.apache.commons.cli.CommandLine;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.Writer;
+import java.net.URI;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
 
 public abstract class AbstractOscalConvertSubcommand
     extends AbstractConvertSubcommand {
+  private static final Logger LOGGER = LogManager.getLogger(AbstractOscalConvertSubcommand.class);
 
   @NonNull
   public abstract Class<?> getOscalClass();
@@ -62,8 +73,17 @@ protected IBindingContext getBindingContext() {
     }
 
     @Override
-    protected Class<?> getLoadedClass() {
-      return getOscalClass();
+    public ExitStatus execute() {
+      LOGGER.atWarn().log("This command path is deprecated. Please use 'convert'.");
+
+      return super.execute();
+    }
+
+    @Override
+    protected void handleConversion(URI source, Format toFormat, Writer writer, IBoundLoader loader)
+        throws FileNotFoundException, IOException {
+      Class<?> clazz = getOscalClass();
+      loader.convert(source, writer, toFormat, clazz);
     }
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalValidationSubcommand.java
similarity index 92%
rename from src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java
rename to src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalValidationSubcommand.java
index ebc5c21..8b0b6c6 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractOscalValidationSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractOscalValidationSubcommand.java
@@ -24,7 +24,7 @@
  * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
  */
 
-package gov.nist.secauto.oscal.tools.cli.core.commands.oscal;
+package gov.nist.secauto.oscal.tools.cli.core.commands;
 
 import gov.nist.secauto.metaschema.cli.commands.AbstractValidateContentCommand;
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
@@ -39,6 +39,7 @@
 import org.json.JSONObject;
 
 import java.io.IOException;
+import java.net.URL;
 import java.util.List;
 import java.util.Set;
 
@@ -60,10 +61,10 @@ public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine c
     return new OscalCommandExecutor(callingContext, commandLine);
   }
 
-  private final class OscalCommandExecutor
+  protected class OscalCommandExecutor
       extends AbstractValidationCommandExecutor {
 
-    private OscalCommandExecutor(
+    protected OscalCommandExecutor(
         @NonNull CallingContext callingContext,
         @NonNull CommandLine commandLine) {
       super(callingContext, commandLine);
@@ -85,13 +86,13 @@ protected IBindingContext getBindingContext(@NonNull Set<IConstraintSet> constra
 
     @Override
     @NonNull
-    public List<Source> getXmlSchemas() throws IOException {
+    public List<Source> getXmlSchemas(URL targetResource) throws IOException {
       return getOscalXmlSchemas();
     }
 
     @Override
     @NonNull
-    public JSONObject getJsonSchema() throws IOException {
+    public JSONObject getJsonSchema(JSONObject json) throws IOException {
       return getOscalJsonSchema();
     }
   }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractResolveCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractResolveCommand.java
new file mode 100644
index 0000000..fdd8da0
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/AbstractResolveCommand.java
@@ -0,0 +1,322 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
+import gov.nist.secauto.metaschema.cli.processor.ExitCode;
+import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
+import gov.nist.secauto.metaschema.cli.processor.InvalidArgumentException;
+import gov.nist.secauto.metaschema.cli.processor.OptionUtils;
+import gov.nist.secauto.metaschema.cli.processor.command.AbstractTerminalCommand;
+import gov.nist.secauto.metaschema.cli.processor.command.DefaultExtraArgument;
+import gov.nist.secauto.metaschema.cli.processor.command.ExtraArgument;
+import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
+import gov.nist.secauto.metaschema.core.metapath.DynamicContext;
+import gov.nist.secauto.metaschema.core.metapath.StaticContext;
+import gov.nist.secauto.metaschema.core.metapath.item.node.IDocumentNodeItem;
+import gov.nist.secauto.metaschema.core.metapath.item.node.INodeItem;
+import gov.nist.secauto.metaschema.core.util.CustomCollectors;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
+import gov.nist.secauto.metaschema.databind.io.DeserializationFeature;
+import gov.nist.secauto.metaschema.databind.io.Format;
+import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
+import gov.nist.secauto.metaschema.databind.io.ISerializer;
+import gov.nist.secauto.oscal.lib.OscalBindingContext;
+import gov.nist.secauto.oscal.lib.model.Catalog;
+import gov.nist.secauto.oscal.lib.model.Profile;
+import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolutionException;
+import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.Option;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.net.URI;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.Locale;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public abstract class AbstractResolveCommand
+    extends AbstractTerminalCommand {
+  @NonNull
+  private static final List<ExtraArgument> EXTRA_ARGUMENTS = ObjectUtils.notNull(List.of(
+      new DefaultExtraArgument("file to resolve", true),
+      new DefaultExtraArgument("destination file", false)));
+  @NonNull
+  private static final Option AS_OPTION = ObjectUtils.notNull(
+      Option.builder()
+          .longOpt("as")
+          .hasArg()
+          .argName("FORMAT")
+          .desc("source format: xml, json, or yaml")
+          .build());
+  @NonNull
+  private static final Option TO_OPTION = ObjectUtils.notNull(
+      Option.builder()
+          .longOpt("to")
+          .required()
+          .hasArg().argName("FORMAT")
+          .desc("convert to format: xml, json, or yaml")
+          .build());
+  @NonNull
+  private static final Option OVERWRITE_OPTION = ObjectUtils.notNull(
+      Option.builder()
+          .longOpt("overwrite")
+          .desc("overwrite the destination if it exists")
+          .build());
+  @NonNull
+  private static final List<Option> OPTIONS = ObjectUtils.notNull(
+      List.of(
+          AS_OPTION,
+          TO_OPTION,
+          OVERWRITE_OPTION));
+
+  @Override
+  public String getDescription() {
+    return "Resolve the specified OSCAL Profile";
+  }
+
+  @Override
+  public Collection<? extends Option> gatherOptions() {
+    return OPTIONS;
+  }
+
+  @Override
+  public List<ExtraArgument> getExtraArguments() {
+    return EXTRA_ARGUMENTS;
+  }
+
+  @SuppressWarnings({
+      "PMD.CyclomaticComplexity", "PMD.CognitiveComplexity", // reasonable
+      "PMD.PreserveStackTrace" // intended
+  })
+  @Override
+  public void validateOptions(CallingContext callingContext, CommandLine cmdLine) throws InvalidArgumentException {
+    if (cmdLine.hasOption(AS_OPTION)) {
+      try {
+        String toFormatText = cmdLine.getOptionValue(AS_OPTION);
+        Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
+      } catch (IllegalArgumentException ex) {
+        InvalidArgumentException newEx = new InvalidArgumentException(
+            String.format("Invalid '%s' argument. The format must be one of: %s.",
+                OptionUtils.toArgument(AS_OPTION),
+                Arrays.asList(Format.values()).stream()
+                    .map(format -> format.name())
+                    .collect(CustomCollectors.joiningWithOxfordComma("and"))));
+        newEx.setOption(AS_OPTION);
+        newEx.addSuppressed(ex);
+        throw newEx;
+      }
+    }
+
+    if (cmdLine.hasOption(TO_OPTION)) {
+      try {
+        String toFormatText = cmdLine.getOptionValue(TO_OPTION);
+        Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
+      } catch (IllegalArgumentException ex) {
+        InvalidArgumentException newEx
+            = new InvalidArgumentException("Invalid '--to' argument. The format must be one of: "
+                + Arrays.asList(Format.values()).stream()
+                    .map(format -> format.name())
+                    .collect(CustomCollectors.joiningWithOxfordComma("and")));
+        newEx.setOption(AS_OPTION);
+        newEx.addSuppressed(ex);
+        throw newEx;
+      }
+    }
+
+    List<String> extraArgs = cmdLine.getArgList();
+    if (extraArgs.isEmpty()) {
+      throw new InvalidArgumentException("The source to resolve must be provided.");
+    }
+
+    File source = new File(extraArgs.get(0));
+    if (!source.exists()) {
+      throw new InvalidArgumentException("The provided source '" + source.getPath() + "' does not exist.");
+    }
+    if (!source.canRead()) {
+      throw new InvalidArgumentException("The provided source '" + source.getPath() + "' is not readable.");
+    }
+  }
+
+  @Override
+  public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine cmdLine) {
+    return ICommandExecutor.using(callingContext, cmdLine, this::executeCommand);
+  }
+
+  @SuppressWarnings({
+      "PMD.OnlyOneReturn", // readability
+      "unused"
+  })
+  protected ExitStatus executeCommand(
+      @NonNull CallingContext callingContext,
+      @NonNull CommandLine cmdLine) {
+    List<String> extraArgs = cmdLine.getArgList();
+    Path source = resolvePathAgainstCWD(ObjectUtils.notNull(Paths.get(extraArgs.get(0))));
+
+    IBoundLoader loader = OscalBindingContext.instance().newBoundLoader();
+    loader.disableFeature(DeserializationFeature.DESERIALIZE_VALIDATE_CONSTRAINTS);
+
+    Format asFormat;
+    // attempt to determine the format
+    if (cmdLine.hasOption(AS_OPTION)) {
+      try {
+        String asFormatText = cmdLine.getOptionValue(AS_OPTION);
+        asFormat = Format.valueOf(asFormatText.toUpperCase(Locale.ROOT));
+      } catch (IllegalArgumentException ex) {
+        return ExitCode.INVALID_ARGUMENTS
+            .exitMessage("Invalid '--as' argument. The format must be one of: " + Arrays.stream(Format.values())
+                .map(format -> format.name())
+                .collect(CustomCollectors.joiningWithOxfordComma("or")));
+      }
+    } else {
+      // attempt to determine the format
+      try {
+        asFormat = loader.detectFormat(ObjectUtils.notNull(source));
+      } catch (FileNotFoundException ex) {
+        // this case was already checked for
+        return ExitCode.IO_ERROR.exitMessage("The provided source file '" + source + "' does not exist.");
+      } catch (IOException ex) {
+        return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
+      } catch (IllegalArgumentException ex) {
+        return ExitCode.INVALID_ARGUMENTS.exitMessage(
+            "Source file has unrecognizable format. Use '--as' to specify the format. The format must be one of: "
+                + Arrays.stream(Format.values())
+                    .map(format -> format.name())
+                    .collect(CustomCollectors.joiningWithOxfordComma("or")));
+      }
+    }
+
+    source = source.toAbsolutePath();
+    assert source != null;
+
+    Format toFormat;
+    if (cmdLine.hasOption(TO_OPTION)) {
+      String toFormatText = cmdLine.getOptionValue(TO_OPTION);
+      toFormat = Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
+    } else {
+      toFormat = asFormat;
+    }
+
+    Path destination = null;
+    if (extraArgs.size() == 2) {
+      destination = Paths.get(extraArgs.get(1)).toAbsolutePath();
+    }
+
+    if (destination != null) {
+      if (Files.exists(destination)) {
+        if (!cmdLine.hasOption(OVERWRITE_OPTION)) {
+          return ExitCode.INVALID_ARGUMENTS.exitMessage("The provided destination '" + destination
+              + "' already exists and the --overwrite option was not provided.");
+        }
+        if (!Files.isWritable(destination)) {
+          return ExitCode.IO_ERROR.exitMessage("The provided destination '" + destination + "' is not writable.");
+        }
+      } else {
+        Path parent = destination.getParent();
+        if (parent != null) {
+          try {
+            Files.createDirectories(parent);
+          } catch (IOException ex) {
+            return ExitCode.INVALID_TARGET.exit().withThrowable(ex);
+          }
+        }
+      }
+    }
+
+    IDocumentNodeItem document;
+    try {
+      document = loader.loadAsNodeItem(asFormat, source);
+    } catch (IOException ex) {
+      return ExitCode.IO_ERROR.exit().withThrowable(ex);
+    }
+    Object object = document.getValue();
+    if (object == null) {
+      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target profile contained no data");
+    }
+
+    if (object instanceof Catalog) {
+      // this is a catalog
+      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target is already a catalog");
+    }
+
+    if (!(object instanceof Profile)) {
+      // this is something else
+      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target is not a profile");
+    }
+
+    // this is a profile
+    URI sourceUri = ObjectUtils.notNull(source.toUri());
+
+    DynamicContext dynamicContext = new DynamicContext(
+        StaticContext.builder()
+            .baseUri(sourceUri)
+            .defaultModelNamespace(document.getNamespace())
+            .build());
+    dynamicContext.setDocumentLoader(loader);
+    ProfileResolver resolver = new ProfileResolver();
+    resolver.setDynamicContext(dynamicContext);
+
+    IDocumentNodeItem resolvedProfile;
+    try {
+      resolvedProfile = resolver.resolve(document);
+    } catch (IOException | ProfileResolutionException ex) {
+      return ExitCode.PROCESSING_ERROR
+          .exitMessage(
+              String.format("Unable to resolve profile '%s'. %s", document.getDocumentUri(), ex.getMessage()))
+          .withThrowable(ex);
+    }
+
+    // DefaultConstraintValidator validator = new
+    // DefaultConstraintValidator(dynamicContext);
+    // ((IBoundXdmNodeItem)resolvedProfile).validate(validator);
+    // validator.finalizeValidation();
+
+    ISerializer<Catalog> serializer
+        = OscalBindingContext.instance().newSerializer(toFormat, Catalog.class);
+    try {
+      if (destination == null) {
+        @SuppressWarnings({ "resource", "PMD.CloseResource" }) PrintStream stdOut = ObjectUtils.notNull(System.out);
+        serializer.serialize((Catalog) INodeItem.toValue(resolvedProfile), stdOut);
+      } else {
+        serializer.serialize((Catalog) INodeItem.toValue(resolvedProfile), destination);
+      }
+    } catch (IOException ex) {
+      return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
+    }
+    return ExitCode.OK.exit();
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java
new file mode 100644
index 0000000..97352f9
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ConvertCommand.java
@@ -0,0 +1,98 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import gov.nist.secauto.metaschema.cli.commands.AbstractConvertSubcommand;
+import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
+import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
+import gov.nist.secauto.metaschema.databind.IBindingContext;
+import gov.nist.secauto.metaschema.databind.io.Format;
+import gov.nist.secauto.metaschema.databind.io.FormatDetector;
+import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
+import gov.nist.secauto.metaschema.databind.io.ISerializer;
+import gov.nist.secauto.metaschema.databind.io.ModelDetector;
+import gov.nist.secauto.oscal.lib.OscalBindingContext;
+
+import org.apache.commons.cli.CommandLine;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Writer;
+import java.net.URI;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public class ConvertCommand
+    extends AbstractConvertSubcommand {
+  @Override
+  public String getDescription() {
+    return "Check that the specified OSCAL instance is well-formed and valid to an OSCAL model.";
+  }
+
+  @Override
+  public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine commandLine) {
+    return new OscalCommandExecutor(callingContext, commandLine);
+  }
+
+  private static final class OscalCommandExecutor
+      extends AbstractConversionCommandExecutor {
+
+    private OscalCommandExecutor(
+        @NonNull CallingContext callingContext,
+        @NonNull CommandLine commandLine) {
+      super(callingContext, commandLine);
+    }
+
+    @Override
+    protected IBindingContext getBindingContext() {
+      return OscalBindingContext.instance();
+    }
+
+    @Override
+    protected void handleConversion(URI source, Format toFormat, Writer writer, IBoundLoader loader)
+        throws FileNotFoundException, IOException {
+
+      Class<?> boundClass;
+      Object object;
+      try (InputStream is = source.toURL().openStream()) {
+        FormatDetector.Result formatResult = loader.detectFormat(is);
+        Format sourceformat = formatResult.getFormat();
+        try (InputStream fis = formatResult.getDataStream()) {
+          ModelDetector.Result modelResult = loader.detectModel(fis, sourceformat);
+          boundClass = modelResult.getBoundClass();
+          try (InputStream mis = modelResult.getDataStream()) {
+            object = loader.load(boundClass, sourceformat, mis, source);
+          }
+        }
+      }
+
+      ISerializer<Object> serializer = getBindingContext().newSerializer(toFormat, boundClass);
+      serializer.serialize(object, writer);
+    }
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ResolveCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ResolveCommand.java
new file mode 100644
index 0000000..73d55d0
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ResolveCommand.java
@@ -0,0 +1,41 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public class ResolveCommand
+    extends AbstractResolveCommand {
+
+  @NonNull
+  private static final String COMMAND = "resolve-profile";
+
+  @Override
+  public String getName() {
+    return COMMAND;
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ValidateCommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ValidateCommand.java
new file mode 100644
index 0000000..fa1b624
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ValidateCommand.java
@@ -0,0 +1,71 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands;
+
+import gov.nist.secauto.metaschema.core.model.util.JsonUtil;
+import gov.nist.secauto.metaschema.core.model.util.XmlUtil;
+import gov.nist.secauto.metaschema.core.util.CollectionUtil;
+import gov.nist.secauto.metaschema.core.util.ObjectUtils;
+import gov.nist.secauto.oscal.lib.OscalBindingContext;
+
+import org.json.JSONObject;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.xml.transform.Source;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public class ValidateCommand
+    extends AbstractOscalValidationSubcommand {
+  @Override
+  public String getDescription() {
+    return "Check that the specified OSCAL instance is well-formed and valid to an OSCAL model.";
+  }
+
+  @Override
+  @NonNull
+  public List<Source> getOscalXmlSchemas() throws IOException {
+    List<Source> retval = new LinkedList<>();
+    retval.add(
+        XmlUtil.getStreamSource(ObjectUtils.requireNonNull(
+            OscalBindingContext.class.getResource("/schema/xml/oscal-complete_schema.xsd"))));
+    return CollectionUtil.unmodifiableList(retval);
+  }
+
+  @Override
+  @NonNull
+  public JSONObject getOscalJsonSchema() throws IOException {
+    try (InputStream is = ObjectUtils.requireNonNull(
+        OscalBindingContext.class.getResourceAsStream("/schema/json/oscal-complete_schema.json"))) {
+      return JsonUtil.toJsonObject(is);
+    }
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java
index 6c42df3..3f55833 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ConvertSubcommand.java
@@ -27,7 +27,7 @@
 package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentplan;
 
 import gov.nist.secauto.oscal.lib.model.AssessmentPlan;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ValidateSubcommand.java
index 6b58b50..c541b0b 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentplan/ValidateSubcommand.java
@@ -31,7 +31,7 @@
 import gov.nist.secauto.metaschema.core.util.CollectionUtil;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
@@ -43,7 +43,7 @@
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the System Assessment Plan model.";
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java
index 10f855f..c7407fb 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ConvertSubcommand.java
@@ -27,7 +27,7 @@
 package gov.nist.secauto.oscal.tools.cli.core.commands.assessmentresults;
 
 import gov.nist.secauto.oscal.lib.model.AssessmentResults;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ValidateSubcommand.java
index 44d11e5..8b0f2bc 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/assessmentresults/ValidateSubcommand.java
@@ -31,7 +31,7 @@
 import gov.nist.secauto.metaschema.core.util.CollectionUtil;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
@@ -43,7 +43,7 @@
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the System Assessment Results model";
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java
index f665a91..46c8874 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ConvertSubcommand.java
@@ -27,7 +27,7 @@
 package gov.nist.secauto.oscal.tools.cli.core.commands.catalog;
 
 import gov.nist.secauto.oscal.lib.model.Catalog;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ValidateSubcommand.java
index 54c19f1..30b46ce 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/catalog/ValidateSubcommand.java
@@ -31,7 +31,7 @@
 import gov.nist.secauto.metaschema.core.util.CollectionUtil;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
@@ -43,7 +43,7 @@
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the Catalog model.";
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java
index cfc91e5..d35f497 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ConvertSubcommand.java
@@ -27,7 +27,7 @@
 package gov.nist.secauto.oscal.tools.cli.core.commands.componentdefinition;
 
 import gov.nist.secauto.oscal.lib.model.ComponentDefinition;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ValidateSubcommand.java
index d732b03..e104b06 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/componentdefinition/ValidateSubcommand.java
@@ -31,7 +31,7 @@
 import gov.nist.secauto.metaschema.core.util.CollectionUtil;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
@@ -43,7 +43,7 @@
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the Component Definition model.";
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractDeprecatedOscalValidationSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractDeprecatedOscalValidationSubcommand.java
new file mode 100644
index 0000000..280b77c
--- /dev/null
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/oscal/AbstractDeprecatedOscalValidationSubcommand.java
@@ -0,0 +1,65 @@
+/*
+ * Portions of this software was developed by employees of the National Institute
+ * of Standards and Technology (NIST), an agency of the Federal Government and is
+ * being made available as a public service. Pursuant to title 17 United States
+ * Code Section 105, works of NIST employees are not subject to copyright
+ * protection in the United States. This software may be subject to foreign
+ * copyright. Permission in the United States and in foreign countries, to the
+ * extent that NIST may hold copyright, to use, copy, modify, create derivative
+ * works, and distribute this software and its documentation without fee is hereby
+ * granted on a non-exclusive basis, provided that this notice and disclaimer
+ * of warranty appears in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
+ * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
+ * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
+ * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
+ * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
+ * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
+ * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
+ * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
+ * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
+ * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
+ * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
+ */
+
+package gov.nist.secauto.oscal.tools.cli.core.commands.oscal;
+
+import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
+import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
+import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalValidationSubcommand;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import edu.umd.cs.findbugs.annotations.NonNull;
+
+public abstract class AbstractDeprecatedOscalValidationSubcommand
+    extends AbstractOscalValidationSubcommand {
+  private static final Logger LOGGER = LogManager.getLogger(AbstractDeprecatedOscalValidationSubcommand.class);
+
+  @Override
+  public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine commandLine) {
+    return new DeprecatedOscalCommandExecutor(callingContext, commandLine);
+  }
+
+  protected final class DeprecatedOscalCommandExecutor
+      extends AbstractOscalValidationSubcommand.OscalCommandExecutor {
+
+    private DeprecatedOscalCommandExecutor(
+        @NonNull CallingContext callingContext,
+        @NonNull CommandLine commandLine) {
+      super(callingContext, commandLine);
+    }
+
+    @Override
+    public ExitStatus execute() {
+      LOGGER.atWarn().log("This command path is deprecated. Please use 'validate'.");
+
+      return super.execute();
+    }
+  }
+}
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java
index 2f7ded3..648bff8 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ConvertSubcommand.java
@@ -27,7 +27,7 @@
 package gov.nist.secauto.oscal.tools.cli.core.commands.poam;
 
 import gov.nist.secauto.oscal.lib.model.PlanOfActionAndMilestones;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ValidateSubcommand.java
index a4df6c9..6b09acb 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/poam/ValidateSubcommand.java
@@ -31,7 +31,7 @@
 import gov.nist.secauto.metaschema.core.util.CollectionUtil;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
@@ -43,7 +43,7 @@
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed"
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java
index f21deea..98395c6 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ConvertSubcommand.java
@@ -27,7 +27,7 @@
 package gov.nist.secauto.oscal.tools.cli.core.commands.profile;
 
 import gov.nist.secauto.oscal.lib.model.Profile;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
index 0491681..b96be9f 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ResolveSubcommand.java
@@ -27,86 +27,21 @@
 package gov.nist.secauto.oscal.tools.cli.core.commands.profile;
 
 import gov.nist.secauto.metaschema.cli.processor.CLIProcessor.CallingContext;
-import gov.nist.secauto.metaschema.cli.processor.ExitCode;
 import gov.nist.secauto.metaschema.cli.processor.ExitStatus;
-import gov.nist.secauto.metaschema.cli.processor.InvalidArgumentException;
-import gov.nist.secauto.metaschema.cli.processor.OptionUtils;
-import gov.nist.secauto.metaschema.cli.processor.command.AbstractTerminalCommand;
-import gov.nist.secauto.metaschema.cli.processor.command.DefaultExtraArgument;
-import gov.nist.secauto.metaschema.cli.processor.command.ExtraArgument;
-import gov.nist.secauto.metaschema.cli.processor.command.ICommandExecutor;
-import gov.nist.secauto.metaschema.core.metapath.DynamicContext;
-import gov.nist.secauto.metaschema.core.metapath.StaticContext;
-import gov.nist.secauto.metaschema.core.metapath.item.node.IDocumentNodeItem;
-import gov.nist.secauto.metaschema.core.metapath.item.node.INodeItem;
-import gov.nist.secauto.metaschema.core.util.CustomCollectors;
-import gov.nist.secauto.metaschema.core.util.ObjectUtils;
-import gov.nist.secauto.metaschema.databind.io.DeserializationFeature;
-import gov.nist.secauto.metaschema.databind.io.Format;
-import gov.nist.secauto.metaschema.databind.io.FormatDetector;
-import gov.nist.secauto.metaschema.databind.io.IBoundLoader;
-import gov.nist.secauto.metaschema.databind.io.ISerializer;
-import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.lib.model.Catalog;
-import gov.nist.secauto.oscal.lib.model.Profile;
-import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolutionException;
-import gov.nist.secauto.oscal.lib.profile.resolver.ProfileResolver;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractResolveCommand;
 
 import org.apache.commons.cli.CommandLine;
-import org.apache.commons.cli.Option;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.net.URI;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.List;
-import java.util.Locale;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 import edu.umd.cs.findbugs.annotations.NonNull;
 
 public class ResolveSubcommand
-    extends AbstractTerminalCommand {
+    extends AbstractResolveCommand {
+  private static final Logger LOGGER = LogManager.getLogger(ResolveSubcommand.class);
 
   @NonNull
   private static final String COMMAND = "resolve";
-  @NonNull
-  private static final List<ExtraArgument> EXTRA_ARGUMENTS = ObjectUtils.notNull(List.of(
-      new DefaultExtraArgument("file to resolve", true),
-      new DefaultExtraArgument("destination file", false)));
-  @NonNull
-  private static final Option AS_OPTION = ObjectUtils.notNull(
-      Option.builder()
-          .longOpt("as")
-          .hasArg()
-          .argName("FORMAT")
-          .desc("source format: xml, json, or yaml")
-          .build());
-  @NonNull
-  private static final Option TO_OPTION = ObjectUtils.notNull(
-      Option.builder()
-          .longOpt("to")
-          .required()
-          .hasArg().argName("FORMAT")
-          .desc("convert to format: xml, json, or yaml")
-          .build());
-  @NonNull
-  private static final Option OVERWRITE_OPTION = ObjectUtils.notNull(
-      Option.builder()
-          .longOpt("overwrite")
-          .desc("overwrite the destination if it exists")
-          .build());
-  @NonNull
-  private static final List<Option> OPTIONS = ObjectUtils.notNull(
-      List.of(
-          AS_OPTION,
-          TO_OPTION,
-          OVERWRITE_OPTION));
 
   @Override
   public String getName() {
@@ -114,219 +49,9 @@ public String getName() {
   }
 
   @Override
-  public String getDescription() {
-    return "Resolve the specified OSCAL Profile";
-  }
-
-  @Override
-  public Collection<? extends Option> gatherOptions() {
-    return OPTIONS;
-  }
-
-  @Override
-  public List<ExtraArgument> getExtraArguments() {
-    return EXTRA_ARGUMENTS;
-  }
-
-  @SuppressWarnings({
-      "PMD.CyclomaticComplexity", "PMD.CognitiveComplexity", // reasonable
-      "PMD.PreserveStackTrace" // intended
-  })
-  @Override
-  public void validateOptions(CallingContext callingContext, CommandLine cmdLine) throws InvalidArgumentException {
-    if (cmdLine.hasOption(AS_OPTION)) {
-      try {
-        String toFormatText = cmdLine.getOptionValue(AS_OPTION);
-        Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
-      } catch (IllegalArgumentException ex) {
-        InvalidArgumentException newEx = new InvalidArgumentException(
-            String.format("Invalid '%s' argument. The format must be one of: %s.",
-                OptionUtils.toArgument(AS_OPTION),
-                Arrays.asList(Format.values()).stream()
-                    .map(format -> format.name())
-                    .collect(CustomCollectors.joiningWithOxfordComma("and"))));
-        newEx.setOption(AS_OPTION);
-        newEx.addSuppressed(ex);
-        throw newEx;
-      }
-    }
-
-    if (cmdLine.hasOption(TO_OPTION)) {
-      try {
-        String toFormatText = cmdLine.getOptionValue(TO_OPTION);
-        Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
-      } catch (IllegalArgumentException ex) {
-        InvalidArgumentException newEx
-            = new InvalidArgumentException("Invalid '--to' argument. The format must be one of: "
-                + Arrays.asList(Format.values()).stream()
-                    .map(format -> format.name())
-                    .collect(CustomCollectors.joiningWithOxfordComma("and")));
-        newEx.setOption(AS_OPTION);
-        newEx.addSuppressed(ex);
-        throw newEx;
-      }
-    }
-
-    List<String> extraArgs = cmdLine.getArgList();
-    if (extraArgs.isEmpty()) {
-      throw new InvalidArgumentException("The source to resolve must be provided.");
-    }
-
-    File source = new File(extraArgs.get(0));
-    if (!source.exists()) {
-      throw new InvalidArgumentException("The provided source '" + source.getPath() + "' does not exist.");
-    }
-    if (!source.canRead()) {
-      throw new InvalidArgumentException("The provided source '" + source.getPath() + "' is not readable.");
-    }
-  }
-
-  @Override
-  public ICommandExecutor newExecutor(CallingContext callingContext, CommandLine cmdLine) {
-    return ICommandExecutor.using(callingContext, cmdLine, this::executeCommand);
-  }
-
-  @SuppressWarnings({
-      "PMD.OnlyOneReturn", // readability
-      "unused"
-  })
-  protected ExitStatus executeCommand(
-      @NonNull CallingContext callingContext,
-      @NonNull CommandLine cmdLine) {
-    List<String> extraArgs = cmdLine.getArgList();
-    Path source = resolvePathAgainstCWD(ObjectUtils.notNull(Paths.get(extraArgs.get(0))));
-
-    IBoundLoader loader = OscalBindingContext.instance().newBoundLoader();
-    loader.disableFeature(DeserializationFeature.DESERIALIZE_VALIDATE_CONSTRAINTS);
-
-    Format asFormat;
-    // attempt to determine the format
-    if (cmdLine.hasOption(AS_OPTION)) {
-      try {
-        String asFormatText = cmdLine.getOptionValue(AS_OPTION);
-        asFormat = Format.valueOf(asFormatText.toUpperCase(Locale.ROOT));
-      } catch (IllegalArgumentException ex) {
-        return ExitCode.INVALID_ARGUMENTS
-            .exitMessage("Invalid '--as' argument. The format must be one of: " + Arrays.stream(Format.values())
-                .map(format -> format.name())
-                .collect(CustomCollectors.joiningWithOxfordComma("or")));
-      }
-    } else {
-      // attempt to determine the format
-      try {
-        FormatDetector.Result result = loader.detectFormat(ObjectUtils.notNull(source));
-        asFormat = result.getFormat();
-      } catch (FileNotFoundException ex) {
-        // this case was already checked for
-        return ExitCode.IO_ERROR.exitMessage("The provided source file '" + source + "' does not exist.");
-      } catch (IOException ex) {
-        return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
-      } catch (IllegalArgumentException ex) {
-        return ExitCode.INVALID_ARGUMENTS.exitMessage(
-            "Source file has unrecognizable format. Use '--as' to specify the format. The format must be one of: "
-                + Arrays.stream(Format.values())
-                    .map(format -> format.name())
-                    .collect(CustomCollectors.joiningWithOxfordComma("or")));
-      }
-    }
-
-    source = source.toAbsolutePath();
-    assert source != null;
-
-    Format toFormat;
-    if (cmdLine.hasOption(TO_OPTION)) {
-      String toFormatText = cmdLine.getOptionValue(TO_OPTION);
-      toFormat = Format.valueOf(toFormatText.toUpperCase(Locale.ROOT));
-    } else {
-      toFormat = asFormat;
-    }
-
-    Path destination = null;
-    if (extraArgs.size() == 2) {
-      destination = Paths.get(extraArgs.get(1)).toAbsolutePath();
-    }
-
-    if (destination != null) {
-      if (Files.exists(destination)) {
-        if (!cmdLine.hasOption(OVERWRITE_OPTION)) {
-          return ExitCode.INVALID_ARGUMENTS.exitMessage("The provided destination '" + destination
-              + "' already exists and the --overwrite option was not provided.");
-        }
-        if (!Files.isWritable(destination)) {
-          return ExitCode.IO_ERROR.exitMessage("The provided destination '" + destination + "' is not writable.");
-        }
-      } else {
-        Path parent = destination.getParent();
-        if (parent != null) {
-          try {
-            Files.createDirectories(parent);
-          } catch (IOException ex) {
-            return ExitCode.INVALID_TARGET.exit().withThrowable(ex);
-          }
-        }
-      }
-    }
-
-    IDocumentNodeItem document;
-    try {
-      document = loader.loadAsNodeItem(asFormat, source);
-    } catch (IOException ex) {
-      return ExitCode.IO_ERROR.exit().withThrowable(ex);
-    }
-    Object object = document.getValue();
-    if (object == null) {
-      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target profile contained no data");
-    }
-
-    if (object instanceof Catalog) {
-      // this is a catalog
-      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target is already a catalog");
-    }
-
-    if (!(object instanceof Profile)) {
-      // this is something else
-      return ExitCode.INVALID_ARGUMENTS.exitMessage("The target is not a profile");
-    }
-
-    // this is a profile
-    URI sourceUri = ObjectUtils.notNull(source.toUri());
-
-    DynamicContext dynamicContext = new DynamicContext(
-        StaticContext.builder()
-            .baseUri(sourceUri)
-            .defaultModelNamespace(document.getNamespace())
-            .build());
-    dynamicContext.setDocumentLoader(loader);
-    ProfileResolver resolver = new ProfileResolver();
-    resolver.setDynamicContext(dynamicContext);
-
-    IDocumentNodeItem resolvedProfile;
-    try {
-      resolvedProfile = resolver.resolve(document);
-    } catch (IOException | ProfileResolutionException ex) {
-      return ExitCode.PROCESSING_ERROR
-          .exitMessage(
-              String.format("Unable to resolve profile '%s'. %s", document.getDocumentUri(), ex.getMessage()))
-          .withThrowable(ex);
-    }
-
-    // DefaultConstraintValidator validator = new
-    // DefaultConstraintValidator(dynamicContext);
-    // ((IBoundXdmNodeItem)resolvedProfile).validate(validator);
-    // validator.finalizeValidation();
+  protected ExitStatus executeCommand(CallingContext callingContext, CommandLine cmdLine) {
+    LOGGER.atWarn().log("This command path is deprecated. Please use 'resolve-profile'.");
 
-    ISerializer<Catalog> serializer
-        = OscalBindingContext.instance().newSerializer(toFormat, Catalog.class);
-    try {
-      if (destination == null) {
-        @SuppressWarnings({ "resource", "PMD.CloseResource" }) PrintStream stdOut = ObjectUtils.notNull(System.out);
-        serializer.serialize((Catalog) INodeItem.toValue(resolvedProfile), stdOut);
-      } else {
-        serializer.serialize((Catalog) INodeItem.toValue(resolvedProfile), destination);
-      }
-    } catch (IOException ex) {
-      return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
-    }
-    return ExitCode.OK.exit();
+    return super.executeCommand(callingContext, cmdLine);
   }
 }
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ValidateSubcommand.java
index 9a3be48..7462bd4 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/profile/ValidateSubcommand.java
@@ -31,7 +31,7 @@
 import gov.nist.secauto.metaschema.core.util.CollectionUtil;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
@@ -43,7 +43,7 @@
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL Profile is well-formed and valid to the Profile model.";
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java
index ab14d6d..3dd4f0c 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ConvertSubcommand.java
@@ -27,7 +27,7 @@
 package gov.nist.secauto.oscal.tools.cli.core.commands.ssp;
 
 import gov.nist.secauto.oscal.lib.model.SystemSecurityPlan;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.AbstractOscalConvertSubcommand;
 
 public class ConvertSubcommand
     extends AbstractOscalConvertSubcommand {
diff --git a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ValidateSubcommand.java b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ValidateSubcommand.java
index 64201cb..78f0db5 100644
--- a/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ValidateSubcommand.java
+++ b/src/main/java/gov/nist/secauto/oscal/tools/cli/core/commands/ssp/ValidateSubcommand.java
@@ -31,7 +31,7 @@
 import gov.nist.secauto.metaschema.core.util.CollectionUtil;
 import gov.nist.secauto.metaschema.core.util.ObjectUtils;
 import gov.nist.secauto.oscal.lib.OscalBindingContext;
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalValidationSubcommand;
+import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractDeprecatedOscalValidationSubcommand;
 
 import org.json.JSONObject;
 
@@ -43,7 +43,7 @@
 import javax.xml.transform.Source;
 
 public class ValidateSubcommand
-    extends AbstractOscalValidationSubcommand {
+    extends AbstractDeprecatedOscalValidationSubcommand {
   @Override
   public String getDescription() {
     return "Check that the specified OSCAL instance is well-formed and valid to the System Security Plan model.";
diff --git a/src/main/resources/log4j2.xml b/src/main/resources/log4j2.xml
index b174b3f..9965634 100644
--- a/src/main/resources/log4j2.xml
+++ b/src/main/resources/log4j2.xml
@@ -2,12 +2,17 @@
 <!DOCTYPE Configuration>
 <Configuration verbose="true">
 	<Appenders>
-		<Console name="console-trace" target="SYSTEM_ERR" immediateFlush="true">
-			<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n" charset="UTF-8" />
+		<Console name="console-trace" target="SYSTEM_OUT" immediateFlush="true">
+			<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %highlight{%m}{DEBUG=green, TRACE=blue}%n" charset="UTF-8" />
 			<ThresholdFilter level="INFO" onMatch="DENY" onMismatch="ACCEPT" />
 		</Console>
-		<Console name="console-info" target="SYSTEM_ERR" immediateFlush="true">
-			<PatternLayout pattern="%m%n" charset="UTF-8" />
+		<Console name="console-info" target="SYSTEM_OUT" immediateFlush="true">
+<!-- 			<PatternLayout pattern="%highlight{%m}{WARN=yellow bold, INFO=magenta}%n" charset="UTF-8" />-->
+			<PatternLayout charset="UTF-8">
+				<LevelPatternSelector defaultPattern="%m%n">
+					<PatternMatch key="WARN" pattern="%style{%m}{bright yellow}%n"/>
+				</LevelPatternSelector>
+			</PatternLayout>
 			<Filters>
 				<ThresholdFilter level="ERROR" onMatch="DENY" onMismatch="ACCEPT" />
 				<ThresholdFilter level="DEBUG" onMatch="DENY" onMismatch="NEUTRAL" />
@@ -16,7 +21,12 @@
 		</Console>
 		<Console name="console-error" target="SYSTEM_ERR" immediateFlush="true">
 <!--			<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n" charset="UTF-8" />-->
-			<PatternLayout pattern="%m%n" charset="UTF-8" />
+			<PatternLayout charset="UTF-8">
+				<LevelPatternSelector defaultPattern="%style{%m}{bright red}%n">
+					<PatternMatch key="FATAL" pattern="%style{%-5level: %m}{bright magenta}%n"/>
+				</LevelPatternSelector>
+			</PatternLayout>
+<!--			<PatternLayout pattern="%highlight{%m%n}{FATAL=red blink, ERROR=red bold}" charset="UTF-8" />-->
 			<ThresholdFilter level="ERROR" onMatch="ACCEPT" onMismatch="DENY" />
 		</Console>
 	</Appenders>
diff --git a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java
index d2fa91b..29654ed 100644
--- a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java
+++ b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/CLITest.java
@@ -99,6 +99,7 @@ private static Stream<Arguments> providesValues() throws IOException {
 
       for (Format format : Format.values()) {
         String sourceExtension = format.getDefaultExtension();
+        // test command path-specific commands
         values.add(
             Arguments.of(
                 new String[] {
@@ -118,8 +119,27 @@ private static Stream<Arguments> providesValues() throws IOException {
                 ExitCode.OK,
                 null));
 
+        // test general commands
+        values.add(
+            Arguments.of(
+                new String[] {
+                    "validate",
+                    Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension).toString()
+                },
+                ExitCode.FAIL,
+                null));
+        values.add(
+            Arguments.of(
+                new String[] {
+                    "validate",
+                    Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension).toString()
+                },
+                ExitCode.OK,
+                null));
+
         for (Format targetFormat : formatEntries.get(format)) {
           Path path = Paths.get("src/test/resources/cli/example_" + cmd + "_valid" + sourceExtension);
+          // test command path-specific command
           values.add(
               Arguments.of(
                   new String[] {
@@ -132,8 +152,20 @@ private static Stream<Arguments> providesValues() throws IOException {
                   },
                   ExitCode.OK,
                   null));
+          // test general command
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "convert",
+                      "--to=" + targetFormat.name().toLowerCase(),
+                      path.toString(),
+                      generateOutputPath(path, targetFormat),
+                      "--overwrite"
+                  },
+                  ExitCode.OK,
+                  null));
 
-          // TODO: Update when usnistgov/oscal#217 fix merged.
+          // test command path-specific command
           path = Paths.get("src/test/resources/cli/example_" + cmd + "_invalid" + sourceExtension);
           values.add(
               Arguments.of(
@@ -147,12 +179,25 @@ private static Stream<Arguments> providesValues() throws IOException {
                   },
                   ExitCode.OK,
                   null));
+          // test general command
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "convert",
+                      "--to=" + targetFormat.name().toLowerCase(),
+                      path.toString(),
+                      generateOutputPath(path, targetFormat),
+                      "--overwrite"
+                  },
+                  ExitCode.OK,
+                  null));
         }
         if (cmd == "profile") {
+          // test command path-specific command
           values.add(
               Arguments.of(
                   new String[] {
-                      cmd,
+                      "profile",
                       "resolve",
                       "--to=" + format.name().toLowerCase(),
                       Paths.get("src/test/resources/cli/example_profile_valid" + sourceExtension).toString()
@@ -169,6 +214,25 @@ private static Stream<Arguments> providesValues() throws IOException {
                   },
                   ExitCode.PROCESSING_ERROR,
                   ProfileResolutionException.class));
+          // test general command
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "resolve-profile",
+                      "--to=" + format.name().toLowerCase(),
+                      Paths.get("src/test/resources/cli/example_profile_valid" + sourceExtension).toString()
+                  },
+                  ExitCode.OK,
+                  null));
+          values.add(
+              Arguments.of(
+                  new String[] {
+                      "resolve-profile",
+                      "--to=" + format.name().toLowerCase(),
+                      Paths.get("src/test/resources/cli/example_profile_invalid" + sourceExtension).toString()
+                  },
+                  ExitCode.PROCESSING_ERROR,
+                  ProfileResolutionException.class));
         }
       }
     }
diff --git a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/commands/Issue96ClassLoaderTest.java b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/commands/Issue96ClassLoaderTest.java
index 20eb205..da71f20 100644
--- a/src/test/java/gov/nist/secauto/oscal/tools/cli/core/commands/Issue96ClassLoaderTest.java
+++ b/src/test/java/gov/nist/secauto/oscal/tools/cli/core/commands/Issue96ClassLoaderTest.java
@@ -28,8 +28,6 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
-import gov.nist.secauto.oscal.tools.cli.core.commands.oscal.AbstractOscalConvertSubcommand;
-
 import org.junit.jupiter.api.Test;
 
 class Issue96ClassLoaderTest {