๐๏ธ Introduction
What is Stave, who does it target, and how it works.
๐๏ธ Installation
Install Stave in three progressive tiers. Tier 1 is the standalone Go binary; Tier 2 adds external reasoning engines; Tier 3 adds Neo4j visualisation.
๐๏ธ Quick Start
Go from install to seeing findings in under two minutes.
๐๏ธ Time To First Finding
Get your first real finding against your own AWS environment in under 10 minutes.
๐๏ธ Stave Tutorial Demo
44 S3 security scenarios in Docker. No AWS credentials required.
๐๏ธ building-extractors
This is the ultimate way to leverage Contract-First architecture. Since the obs.v0.1 schema is the only thing the engine cares about, you can use a "Meta-Prompt" that turns any LLM to generate code for an Extractor.
๐๏ธ Custom Controls
Step-by-step guide to writing, testing, and deploying your own Stave controls.
๐๏ธ Tutorial: Understanding Why Stave Reached a Verdict
Learn how to use the Logic Trace to see the step-by-step reasoning behind
๐๏ธ Tutorial: Scaffolding Controls with the Policy Forge
Learn how to create a new security control with test fixtures in under
๐๏ธ Multi-Engine Analysis
A guided walkthrough: take one snapshot, export Stave's fact base, run three different reasoning engines (CEL, Z3, Soufflรฉ) against it, and read each verdict.
๐๏ธ Go Library
Run the full Stave pipeline in-process from your own Go program โ no CLI, no JSON parsing.
๐๏ธ Lab Metrics
Load CloudGoat lab findings and compute detection metrics, severity breakdowns, and assessment diffs using pkg/stave.