Skip to main content

stave bundle audit

Assemble a compliance-period evidence package

Usage

stave bundle audit [flags]

Description

Package all evidence components for a specific compliance framework and time period into a named directory with a SHA-256 manifest.

Components: assessment results, executive report, continuity attestation, remediation trend, and exemption register.

Inputs: --framework Compliance framework (hipaa, soc2, fedramp, pci_dss) --period Period shorthand (Q1-2026, Q4-2025) --from / --to Explicit date range (ISO 8601) --history Directory of assessment JSON files --exempt Path to acknowledgments YAML (optional) --out Output directory (created if not exists) --dry-run Show what would be collected without writing

Exit Codes: 0 Package assembled 2 Invalid input

Offline-only: reads local files; makes zero network connections; no cloud credentials.

Flags

FlagTypeDescription
--dry-runboolshow what would be collected
--exemptstringpath to acknowledgments YAML
--frameworkstringcompliance framework (required)
--fromstringperiod start date (ISO 8601)
--historystringdirectory of assessment JSON files (required)
--outstringoutput directory (required unless --dry-run)
--periodstringperiod shorthand (e.g. Q1-2026)
--tostringperiod end date (ISO 8601)

Examples

stave bundle audit --framework hipaa --period Q1-2026 --history ./assessments/ --out ./audit/
stave bundle audit --framework soc2 --from 2025-01-01 --to 2025-12-31 --history ./assessments/
stave bundle audit --framework hipaa --period Q1-2026 --history ./assessments/ --dry-run