ACCTL Operator Guide
ACCTL is the authoritative operator interface for Asset Core. It is designed for diagnostics, forensics, and recovery when automation or integrations fail. Use it to validate invariants, inspect state, and regain control during incidents.
This guide is task-oriented. It assumes you already know how to install ACCTL; for a command catalog, see the CLI reference.
Diagnose the environment
Before debugging deeper issues, validate configuration and daemon connectivity:
acctl diag --print-config
This checks config paths, commit log access, and basic readiness signals.
Verify authorization and permissions
Confirm the current principal and effective permissions:
acctl auth whoami
acctl auth permissions --namespace-id 5001
Use these commands before attempting privileged operations or governance changes.
Audit recent commits
Inspect recent commit history to understand what changed and when:
acctl query-commits --namespace 5001 --limit 20
For a single container:
acctl query-container-commits --namespace 5001 --container-id 1001 --limit 20
Tail the envelope log
When you need low-level forensic detail, tail the envelope log directly:
acctl tail --envelope-log /path/to/envelope.log --follow
Use this during incident response to correlate commits with operational alerts.
Replay for correctness
Replay a range of envelopes offline to validate determinism and confirm that a failure is reproducible:
acctl replay --envelope-log /path/to/envelope.log --from 0 --to 2000
Replay does not require a running daemon and should be part of your post-incident workflow.
Freeze or drain a namespace
If you need to stop writes during an incident, adjust the operational state or lifecycle:
acctl namespaces operational --namespace-id 5001 --write-mode read-only --reason "incident freeze"
Always document the reason and ensure on-call operators know the rollback procedure.
Create a debug bundle
When escalation is needed, capture a shareable bundle of logs and artifacts:
acctl bundle-debug --config /path/to/write.toml --output debug-bundle.tar.gz
Next steps
- Authorization Model for the decision rules.
- Why access was denied for fast triage.
- Health and Metrics for ongoing monitoring.