CLI ยท Scan

AuditWalk Scan Command Reference

This page defines exactly what to input in the CLI for Scan profiles, and what each command returns or executes. AuditWalk keeps the model explicit: scan observes, Baseline Scan trusts.

Core

Core command pattern

Run all scan profiles with the same command form:

auditwalk scan run --profile <profile_name>

Input

  • profile_name: quick, full, or paranoid

Returns / Executes

  • Executes a read-only filesystem observation pass
  • Produces a versioned scan artifact
  • Returns a unique scan_id for traceability

Profile 01

quick

Intent: fast, lightweight observation for routine checks and frequent runs.

Utility: frequent monitoring, obvious-change checks, and pre/post action snapshots with minimal runtime cost.

auditwalk scan run --profile quick

Input

  • --profile quick

Returns / Executes

  • Captures reduced-cost state evidence (paths + essential metadata)
  • Avoids deeper expensive inspection behavior by design
  • Writes a versioned scan artifact + scan_id

Plain English: give me a fast read-only inventory of current system state.

Profile 02

full

Intent: standard, baseline-grade observation profile for serious operational use.

Utility: baseline candidates, regular reviews, and dependable compare workflows.

auditwalk scan run --profile full

Input

  • --profile full

Returns / Executes

  • Captures the complete standard observation set for AuditWalk
  • Includes deeper evidence such as file hashes in defined scope
  • Writes a versioned scan artifact + scan_id

Plain English: give me the standard complete read-only observation of the system.

Profile 03

paranoid

Intent: strictest, scrutiny-heavy observation profile where depth is prioritized over speed.

Utility: sensitive systems, pre-change checks, post-incident review, and maximum scrutiny workflows.

auditwalk scan run --profile paranoid

Input

  • --profile paranoid

Returns / Executes

  • Runs stricter, broader, or more exhaustive observation logic than full
  • Applies fewer exclusions and spends more runtime resolving edge cases
  • Writes a versioned scan artifact + scan_id

Plain English: give me the strictest read-only filesystem observation available.

Contract

Recommended profile contract

Quick    = fast, reduced-cost observation
Full     = standard complete observation
Paranoid = maximum-depth observation

This hierarchy keeps profile behavior predictable and defensible for operators.

Sequence

How Scan fits the workflow chain

scan run --profile quick|full|paranoid
review resulting artifact
baseline set --scan-id <scan_id>

This preserves the core model: scan observes, Baseline Scan trusts.