๐๏ธ Configuration
How Stave resolves settings from flags, project config, user config, and environment variables.
๐๏ธ Limits
What Stave does and does not do. Scope boundaries, known limitations, and out-of-scope areas.
๐๏ธ obs.v0.1
Reference for the obs.v0.1 observation snapshot schema.
๐๏ธ Observation Export Schema
Field-by-field reference for the S3 observation property groups produced by Stave's export and ingest tooling.
๐๏ธ out.v0.1
Reference for Stave evaluation output contract out.v0.1.
๐๏ธ Stability
Stave's stability commitments, schema versioning, and dependency policy.
๐๏ธ Evaluation Semantics
Deterministic evaluation behavior, predicate matching rules, and output semantics.
๐๏ธ ctrl.v1
Reference for the ctrl.v1 control definition schema.
๐๏ธ Severity Thresholds
How severity levels work and how to tune duration thresholds.
๐๏ธ Observation Contract
Stable contract for observation snapshots used by Stave.
๐๏ธ Output & Severity
How to read evaluation output, severity, remediation, and fix plans.
๐๏ธ Output Formats
JSON, text, and markdown output options in Stave.
๐๏ธ diagnose.v1
Reference for Stave diagnose output contract diagnose.v1.
๐๏ธ CLI Reference
56 items
๐๏ธ Controls Reference
8 items
๐๏ธ Fact Export
The on-disk formats Stave produces for external reasoning engines: JSON / JSONL / SMT-LIB v2. Schema, predicate vocabulary, closed-world semantics, exit codes.
๐๏ธ Changelog
All notable changes to this project will be documented in this file.
๐๏ธ Command Reference
<!-- GENERATED by internal/tools/gencommanddocs โ DO NOT EDIT.
๐๏ธ OWASP Non-Human Identity Top 10 โ Stave coverage
The OWASP Non-Human Identity (NHI) Top 10
๐๏ธ Contract-First Schemas
Stave uses contract-first JSON schemas so validation is deterministic,
๐๏ธ Engine Capabilities
What Stave's CEL-backed evaluation engine supports, what the shipped S3 / IAM / DocumentDB controls actually exercise, and what is retained as candidate code for future domains.
๐๏ธ Stave Terminology Glossary
This glossary maps Stave's internal terminology to security industry standards
๐๏ธ HIPAA CLI Evidence
Per-control AWS CLI evidence commands, expected output shapes, and pass/fail observation JSON for HIPAA S3 controls.
๐๏ธ HIPAA Control Mapping
Mapping of HIPAA Security Rule sections to Stave S3 controls, with AWS CLI evidence and pass/fail observation shapes.
๐๏ธ Minimum IAM Permissions for S3 Observation Collection
Stave evaluates local observation files. Users collect these observations
๐๏ธ Identity Blast Radius
Observation properties, controls, the identity_blast_radius chain, and example output for identity blast radius.
๐๏ธ Operator Contract
Three commands verify correctness after any change:
๐๏ธ Scope and support
In scope
๐๏ธ Security Policy
Scope