Skip to main content

stave forge new

Interactive control authoring wizard

Usage

stave forge new [flags]

Description

Create a new custom security control interactively. The wizard prompts for control metadata, lets you browse property paths from a real snapshot, and shows live CEL evaluation before writing files.

Use --non-interactive to accept all inputs from flags (equivalent to make gencontrol).

Exit Codes: 0 Control generated successfully 2 Invalid input or missing required flags 4 Internal error

Examples: stave forge new --snapshot obs.json

stave forge new --non-interactive
--id CTL.S3.TAGS.001
--name "S3 buckets must have team tag"
--field properties.storage.tags.team
--op missing
--severity high
--remediation "Add a team tag"

Flags

FlagTypeDescription
--asset-typestringasset type for fixtures (default: aws_s3_bucket)
--compliancestringcompliance refs (key=value,...)
--domainstringdomain: exposure | identity | governance (default: exposure)
--fieldstringpredicate field path
--idstringcontrol ID (e.g. CTL.S3.TAGS.001)
--kindstringasset kind filter
--namestringcontrol name
--non-interactiveboolaccept all inputs from flags, skip wizard
--opstringpredicate operator (default: eq)
--outstringoutput base directory (default: testdata/e2e)
--remediationstringremediation action text
--scope-tagsstringcomma-separated scope tags (default: aws)
--severitystringseverity: critical | high | medium | low (default: high)
--snapshotstringsnapshot for path discovery and live preview
--valuestringunsafe value (default: true)

Examples

stave forge new --snapshot obs.json
stave forge new --non-interactive --id CTL.S3.TAGS.001 --name "..." --field ... --remediation "..."