# Audit pack CLI

Audit pack commands
- audit-pack export: export audit packs for a scan.
- audit-pack verify: verify hashes and signatures.
- audit-pack info: show pack metadata and contents.
- audit-pack replay: replay a scan and compare verdicts.
- audit-pack verify-and-replay: combined workflow.

Typical workflow
1) Export and sign an audit pack.
2) Transfer to the offline environment.
3) Verify hashes and signatures.
4) Replay and compare verdict digests.

Environment variables
- STELLAOPS_AUDIT_PACK_VERIFY_SIGS controls signature verification default.
- STELLAOPS_AUDIT_PACK_TRUST_ROOTS points to trust roots.
- STELLAOPS_OFFLINE_BUNDLE provides offline inputs for replay.

Related references
- docs/cli/audit-pack-commands.md
- docs2/operations/replay-and-determinism.md