Download

Workflow · Baseline Confirm

Baseline Confirm: Where Observation Becomes Trust

Baseline Confirm is the trust boundary in AuditWalk. Scan captures evidence; Baseline Confirm promotes reviewed evidence into the trusted reference state used by Preflight, Compare, Doctor, and Repair.

Next actions

auditwalk baseline confirm <scan_id> Open User Guide Continue to Preflight

Definition

What Baseline Confirm is

Baseline Confirm is the explicit promotion of a reviewed scan artifact into trusted reference state. It is not an automatic result of scanning. It is a deliberate operator action.

In AuditWalk terms: scan captures what is; Baseline Confirm establishes what should be treated as trusted for future comparison.

Importance

Why Baseline Confirm matters

Without a trusted baseline, change data has weak context. Baseline Confirm gives Compare and Preflight a stable reference so deviations can be surfaced and judged as expected or suspicious.

Operational value

  • Makes drift detection meaningful, not generic
  • Improves incident triage quality
  • Supports repeatable trust decisions over time

Risk reduction

  • Prevents accidental trust assignment
  • Keeps observation and approval separate
  • Preserves operator accountability

Doctrine

Observation vs trust

scan run                 -> produce evidence
review artifact          -> human/operator judgment
baseline confirm <scan_id> -> establish trusted reference

This separation is the core safety model. The system can collect facts; only the operator can declare trust.

Workflow

How Baseline Confirm integrates with the workflow

Scan -> Baseline Confirm -> Preflight -> Compare -> Doctor -> Repair

Baseline Confirm is the gate between passive evidence capture and downstream diagnostic/repair workflows.

CLI

Baseline Confirm in the CLI

This page uses a clear command story: scan run creates evidence, and baseline confirm promotes reviewed evidence into trusted state.

Create a baseline-grade scan (full)

auditwalk scan run --profile full

Create a higher-scrutiny scan (paranoid)

auditwalk scan run --profile paranoid

List and review scan artifacts

auditwalk scan list
auditwalk scan show --scan-id <scan_id>

Promote reviewed artifact into baseline state

auditwalk baseline confirm <scan_id>

Show active baseline and baseline history

auditwalk baseline show
auditwalk baseline history

Follow-up commands after baseline

auditwalk preflight run --scope browser,system
auditwalk compare run
auditwalk doctor run
auditwalk repair plan

Example workflow

auditwalk scan run --profile full
auditwalk scan show --scan-id scan_00042
auditwalk baseline confirm scan_00042
auditwalk preflight run --scope browser,system
auditwalk compare run

Profiles

Profile implications for baseline quality

full should be the default baseline-grade profile. paranoid is suitable where higher scrutiny is worth runtime cost. quick is best treated as observation-first unless your policy explicitly accepts it for baseline promotion.

Guidance

User guidance and caveats

  • Never promote an unreviewed scan into baseline state.
  • Baseline changes should be intentional and documented.
  • If environment risk increases, re-baseline using full or paranoid.
  • Keep CLI vocabulary stable across docs to avoid operator confusion.

Information Architecture

Suggested site structure placement

/scan/            -> profile behavior and scan engine contract
/baseline-scan/   -> trust promotion model and baseline lifecycle
/system.html      -> workflow-level architecture
/features/        -> command surface and install/use flow

Copy

Short summary and main-page excerpt copy

Short summary: Baseline Confirm is the deliberate trust action that promotes reviewed scan evidence into the reference state used by AuditWalk to evaluate future change.

Homepage excerpt:
"Baseline Confirm is where observed evidence becomes trusted reference.
AuditWalk does not auto-trust scans; it requires explicit operator promotion
so every compare and preflight result has real context."