Download

System

AuditWalk System Contract

AuditWalk keeps trust explicit. You observe state, confirm baseline, verify selectively, compare deeply, then interpret before action.

Hover any stage above or module below to drive the centerpiece animation and inspect how one contract stage flows into the next.

Reporting remains an explicit output capability outside this stage sequence. Use report render for reviewable Markdown/JSON/PDF artifacts.

State Machine

Canonical Runtime States

IDLE PRECHECK SCAN_BUILD BASELINE_SET operator sign-off SCAN_RUNNING DIFF_ANALYSIS REPORT_GEN CANCELLED cancel ERROR any state active / happy path transition error path

State Narrative

IDLE

IDLE → PRECHECK → SCAN_BUILD → BASELINE_SET → SCAN_RUNNING → DIFF_ANALYSIS → REPORT_GEN → COMPLETE, with CANCELLED and ERROR as explicit branches.

Every control in AuditWalk is enabled or disabled based on the current state of the workflow. The interface only surfaces actions that make sense for the evidence already collected and the decisions the operator has already made.

Control Gating

Button Availability by State

Hover or click a state node above to highlight the corresponding row.

Control Enabled when Disabled otherwise
scan run IDLE Any active state
Baseline Set IDLE after a completed scan No scan artifact; any active state
Preflight / Compare IDLE after Baseline Set Before Baseline Set; any active state
Cancel SCAN_RUNNING All other states
Export COMPLETE All other states

Findings Contract

Required Findings Schema

A finding is a structured record of a single filesystem change detected during a Compare run — what changed, where, when, and how severe. Every field is required. Read severity for triage priority, change_type for the nature of the event, and hash_before / hash_after for cryptographic proof of state. A null hash means the file did not exist at that point. Everything downstream — Doctor, Repair — operates on findings.

Fields

  • idstrUnique finding identifier per scan
  • pathstrAbsolute filesystem path of changed artifact
  • change_typeenumadded, removed, or modified
  • categoryenumsystem, user, binary, or config
  • severityenumclear → critical; drives sort and filter priority
  • hash_beforestr|NoneSHA-256 at baseline; null for added files
  • hash_afterstr|NoneSHA-256 at scan time; null for removed files
  • timestampdatetimeUTC timestamp of finding detection
  • notesstrHuman-readable context or rationale

Every finding follows a strict structure so evidence and severity are machine-consistent across scans. This is a display model for documentation. The canonical Finding record is defined in docs/architecture/auditwalk-engine-spec-v1.md §4.3. Default grouping is by change_type. Findings are sortable by path, severity, and timestamp.

Next Steps

Set up AuditWalk in under 2 minutes and run your first baseline workflow.

Free path: setup and run your first baseline workflow. Paid path: review license tiers before checkout.

Start Free Setup Downloads View License Tiers

1. Start setup (Free)

Open the official setup path for Linux CLI installation and first run.

User Guide

2. Install

Run one command and prepare the CLI quickly on Debian/Ubuntu/CentOS.

curl -sSL https://auditwalk.com/install.sh | sudo bash
Downloads

3. Run a first scan

Create a trusted baseline and see drift results in minutes.

auditwalk scan run --profile full
auditwalk baseline confirm <scan_id>
auditwalk preflight run
auditwalk compare run --format json
auditwalk doctor run --format json
Quickstart

Need command detail before running? Use the CLI Guide. Need paid feature scope first? View License Tiers.