๐๏ธ How Stave Works
Data flow through the Stave evaluation engine โ inputs, schema validation, evaluation, and structured output.
๐๏ธ Controls
What controls are, how they differ from rules, and how Stave evaluates them.
๐๏ธ Guarantees
Stave's compile-time and runtime security guarantees: offline operation, no credentials, determinism, no code execution, filesystem safety, sanitization, and supply-chain integrity.
๐๏ธ Threat Model
Stave's threat model: assets, trust boundaries, attacker profiles, controls, and residual risks.
๐๏ธ Air-Gapped Analysis
Why Stave operates offline on local observation snapshots instead of connecting to cloud APIs.
๐๏ธ System Invariant as Code
What system invariant as code means in Stave, and how it differs from OPA, IaC scanners, and CSPM tools.
๐๏ธ Security and Trust
Overview of Stave's security design and trust model.
๐๏ธ FAQ
Frequently asked questions about Stave's approach, terminology, and how it differs from existing tools.
๐๏ธ Release Security
How Stave releases are built, signed, and verified.
๐๏ธ Execution Safety
Stave's guarantees against dynamic code execution.
๐๏ธ Data Flow and I/O
Per-command I/O model, permission policy, and overwrite protection.
๐๏ธ Offline & Air-Gapped
What runs offline in Stave, what still needs network access, and recommended deployment patterns.
๐๏ธ Stave and Z3
Stave's evaluator is in-process Google CEL. A small Go example under examples/ shows how to compose Stave's library API with libz3 to answer SAT/UNSAT questions. They are different shapes of analysis.
๐๏ธ Z3 Question Catalogue
What kinds of cloud-security questions an SMT solver such as Z3 can answer, organised by attack stage. A starting point for tools that compose Stave's library API with libz3.
๐๏ธ Files as the Boundary
Why Stave evaluates with CEL and exports facts to external reasoning engines through files on disk โ not subprocess calls, not plug-ins. The architectural choice that makes the multi-engine surface tractable.
๐๏ธ Reasoning Contract
Stave is the fact-producing substrate that any reasoning engine can target via a YAML spec format. Validated end-to-end with five independent paradigms (Z3, Soufflรฉ, Clingo, Prolog, PRISM).
๐๏ธ Counterfactual Analysis
Counterfactual analysis answers whether a given control would have prevented a past breach, turning post-incident review into evidence-based control prioritization.
๐๏ธ Design Philosophy
Stave is designed around open standards from the first release so teams can adopt it without platform lock-in.
๐๏ธ Identity Blast Radius
Why identity blast radius measures the damage surface of a single compromised credential, and how it differs from control-level blast radius.
๐๏ธ Why the Logic Trace Exists
The problem with black-box verdicts
๐๏ธ Why Stave is a Risk Reasoning Engine
Stave is not a scanner. It is a deterministic risk reasoning engine