CLI Guide
Workflow learning, first-run setup, and operator sequence.
Open CLI GuideLive Runtime Terms
CLI Glossary
Lookup page for terms used in live commands, events, and operator-facing output. Planned/reserved vocabulary is intentionally excluded.
Related pages
Command Reference
Exact syntax, canonical forms, aliases, and rewrites.
Open Command ReferenceCLI Glossary
Live runtime terminology for commands and outputs.
Open CLI GlossaryPlanned / Reserved
Future vocabulary kept separate from runtime behavior.
Open Planned / Reserved TermsScope rules
- Implemented/live terms only.
- Planned/reserved terms are excluded from this page.
- Command behavior remains defined by runtime and contracts.
Core workflow terms
| Term | Type | Meaning | Example |
|---|---|---|---|
scan | Domain/workflow | Captures system state evidence. | auditwalk scan run --profile full |
baseline | Domain/workflow | Trusted reference selected from scan evidence. | auditwalk baseline set --scan-id <scan_id> |
preflight | Domain/workflow | Fast baseline-referenced verification pass. | auditwalk preflight run |
compare | Domain/workflow | Produces factual differences vs baseline. | auditwalk compare run |
doctor | Domain/workflow | Interprets compare evidence into advisory output. | auditwalk doctor run |
Command language terms
| Term | Type | Meaning | Example |
|---|---|---|---|
domain | CLI grammar | Top-level namespace after auditwalk. | compare, watch |
action | CLI grammar | Verb inside a domain. | run, show, export |
argument | CLI grammar | Positional command value. | <scan_id> |
option | CLI grammar | Flag that modifies behavior. | --format json |
target | CLI grammar | Specific record selected by arg/option. | <finding_id> |
canonical | CLI grammar | Preferred public command form. | auditwalk compare run |
alias | CLI grammar | Accepted shortcut mapped to canonical form. | auditwalk scan quick |
default rewrite | CLI grammar | Noun-only invocation rewritten to default action. | auditwalk doctor -> auditwalk doctor run |
Evidence and result terms
| Term | Type | Meaning | Example |
|---|---|---|---|
drift | Output concept | Difference from trusted baseline context. | drift_detected |
finding | Output concept | Individual interpreted issue in output surfaces. | finding_id |
evidence | Output concept | Observed data backing decisions. | data.evidence[*] |
artifact | Output concept | Persisted output object (scan/compare/doctor/report/plan). | compare_*.json |
partial | Result posture | Operation completed with incomplete coverage/context. | partial coverage |
completed | Result posture | Operation finished normally. | tick completed |
degraded | Result posture | Output succeeded with reduced confidence. | result_status=degraded |
policy_suppressed | Policy metadata | Finding urgency/visibility reduced by policy. | policy_suppressed=true |
hash-only change | Drift concept | Hash change without broader object-type change. | hash-only drift |
skipped entries | Output concept | Paths/entities omitted from processing scope/result. | skipped entries |
Advisory terms
| Term | Type | Meaning | Example |
|---|---|---|---|
none | Advisory state | No advisory state for completed watch tick. | advisory_state=none |
advisory_ready | Advisory state | Watch advisory state is ready/non-degraded. | advisory_state=advisory_ready |
degraded_advisory | Advisory state | Watch advisory state is degraded. | advisory_state=degraded_advisory |
guardrail_blocked | Advisory state | Advisory/escalation path blocked by guardrail. | advisory_state=guardrail_blocked |
condition | Doctor field | Observed condition label. | condition=... |
severity | Doctor field | Urgency tier. | severity=HIGH |
action | Doctor field | Operator attention class. | action=REVIEW |
recommendation | Doctor field | Suggested next step. | recommendation=... |
confidence | Doctor field | Confidence level for interpretation. | confidence=... |
reason code | Advisory metadata | Structured rationale code. | primary_reason_code=... |
rule ID | Advisory metadata | Stable decision rule identifier. | rule_id=... |
Watch and runtime terms
| Term | Type | Meaning | Example |
|---|---|---|---|
watch | Domain/workflow | Continuous baseline-referenced monitoring loop. | auditwalk watch run --interval 300 |
watch_started | Event type | Watch loop started. | event_type=watch_started |
watch_tick_completed | Event type | One watch tick finished. | event_type=watch_tick_completed |
drift_detected | Event type | Drift observed in current tick. | event_type=drift_detected |
drift_resolved | Event type | Previously open drift is resolved. | event_type=drift_resolved |
watch_error | Event type | Recoverable watch runtime error surfaced. | event_type=watch_error |
watch_stopped | Event type | Watch loop stopped. | event_type=watch_stopped |
running | Daemon state | Active watch ownership is present. | daemon_state=running |
not_running | Daemon state | No active watch owner detected. | daemon_state=not_running |
stale_lock | Daemon state | Ownership lock appears stale. | daemon_state=stale_lock |
invalid_state | Daemon state | Daemon control state malformed/inconsistent. | daemon_state=invalid_state |
Repair and retain terms
| Term | Type | Meaning | Example |
|---|---|---|---|
repair | Domain/workflow | Plan/apply surfaces for reviewed repair actions. | auditwalk repair plan |
repair apply | Command surface | Executes persisted plan actions (simulation supported). | auditwalk repair apply --dry-run |
repair plan | Command surface | Builds non-mutating repair plan from doctor input. | auditwalk repair plan --input <doctor.json> |
dry-run | Safety option | Simulates execution without mutating actions. | --dry-run |
retain | Domain/workflow | Retention policy analysis for stored artifacts. | auditwalk retain dry-run |
retain dry-run | Command surface | Analyzes retention eligibility without deleting data. | auditwalk retain dry-run |