Capabilities exposes two views.
Default (no subcommand) emits a JSON document describing the protocol
metadata: observation schemas, control DSL versions, input source
types, and command capability metadata this version of Stave supports.
This is the stable contract consumers parse.
`stave capabilities catalog` emits the user-facing capability
catalog: grouped detections + compound chains + operational features.
Pair with `stave search` to look up by intent.
Exit Codes:
0 - Success
4 - Internal error
Examples:
# Protocol metadata (default)
stave capabilities
# User-facing catalog
stave capabilities catalog
# Pipe to jq for parsing
stave capabilities | jq '.observations.schema_versions'
# Check supported source types
stave capabilities | jq '.inputs.source_types'
# Check security-audit capabilities
stave capabilities | jq '.security_audit'
Offline-only: reads local files; makes zero network connections; no cloud credentials.
Usage:
stave capabilities [flags]
stave capabilities [command]
Examples:
stave capabilities | jq '.version'
Available Commands:
catalog Print the user-facing capability catalog
Flags:
-h, --help help for capabilities
Global Flags:
--allow-symlink-output Allow writing output through symlinks (default: refuse)
--force Allow overwriting existing output files
--log-file string Write logs to file (default: stderr)
--log-format string Log format: text|json (default "text")
--log-level string Log level: debug|info|warn|error (overrides -v)
--log-timestamps Include timestamps in logs (breaks determinism)
--log-timings Include timing information (breaks determinism)
--no-color Disable ANSI colors in output
--path-mode string Path rendering in errors/logs: base (basename only) or full (absolute paths) Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
--quiet Suppress output (exit code only) Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
--require-offline Assert offline operation: fail if proxy env vars (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY) are set
--sanitize Sanitize infrastructure identifiers (bucket names, ARNs, policies) from output Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
--strict Enable strict integrity checks for embedded registries and references
-v, --verbose count Increase verbosity (-v=INFO, -vv=DEBUG)
-y, --yes Auto-confirm all interactive prompts (distinct from --force which controls file overwriting)
Use "stave capabilities [command] --help" for more information about a command.