Skip to main content

stave telemetry

Telemetry reads assessment JSON (from stave apply) and emits one NDJSON
line per finding — consumable by Vector, Fluent Bit, Splunk, Logstash,
Loki, or any log shipper.

This is a format converter, not a re-evaluator. It transforms Stave's
deterministic reasoning output into the structured telemetry stream that
dashboards, SIEM pipelines, and compliance trending systems consume.

Inputs:
  stdin or --in       Assessment JSON from stave apply --format json
  --severity          Comma-separated severity filter (default: all)
  --resource          Scope to a specific resource ARN (default: all)

Output:
  NDJSON to stdout — one JSON object per line, newline terminated.
  Append-safe: results can be appended to a file without re-parsing.

Exit Codes:
  0   Telemetry emitted
  2   Input error

Offline-only: reads local files; makes zero network connections; no cloud credentials.

Usage:
  stave telemetry [flags]

Examples:
  # Pipe from apply
  stave apply --format json | stave telemetry

  # From file
  stave telemetry --in assessment.json

  # Filter by severity
  stave telemetry --in assessment.json --severity critical,high

  # Scope to one resource
  stave telemetry --in assessment.json --resource arn:aws:s3:::prod-bucket

Flags:
  -h, --help              help for telemetry
      --in string         Path to assessment JSON (default: stdin)
      --resource string   Scope to a specific resource ARN
      --severity string   Comma-separated severity filter (e.g., critical,high)

Global Flags:
      --allow-symlink-output   Allow writing output through symlinks (default: refuse)
      --force                  Allow overwriting existing output files
      --log-file string        Write logs to file (default: stderr)
      --log-format string      Log format: text|json (default "text")
      --log-level string       Log level: debug|info|warn|error (overrides -v)
      --log-timestamps         Include timestamps in logs (breaks determinism)
      --log-timings            Include timing information (breaks determinism)
      --no-color               Disable ANSI colors in output
      --path-mode string       Path rendering in errors/logs: base (basename only) or full (absolute paths) Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
      --quiet                  Suppress output (exit code only) Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
      --require-offline        Assert offline operation: fail if proxy env vars (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY) are set
      --sanitize               Sanitize infrastructure identifiers (bucket names, ARNs, policies) from output Resolved default may come from STAVE_* env vars, stave.yaml, user config, or built-in.
      --strict                 Enable strict integrity checks for embedded registries and references
  -v, --verbose count          Increase verbosity (-v=INFO, -vv=DEBUG)
  -y, --yes                    Auto-confirm all interactive prompts (distinct from --force which controls file overwriting)