-
Notifications
You must be signed in to change notification settings - Fork 0
AISPM Phase B Closeout Verification
This page records the public-safe closeout status for CAVRA AI Security Posture Management Phase B: Community Demo And Local Activity View.
| Field | Value |
|---|---|
| Product area | AI Security Posture Management |
| Phase | Phase B |
| Edition | Community |
| Verification date | 2026-06-11 |
| Primary route | apps/sandbox-ui/index.html#ai-posture |
| Data boundary | Public-safe sample or local activity metadata only |
The Community dashboard includes posture overview, agent observability, risk queue, control coverage, near misses, execution timeline, trace replay, approval lineage, behavior fingerprints, policy context gaps, pre-action risk forecasts, intent-to-action drift, tool-chain risk graph, agent blast-radius map, control coverage heatmap, evidence confidence, evidence freshness, executive risk narrative, replay-to-policy draft and test fixture previews, review packet export, PR attachment guidance, CI gate readiness export, rollout checklist export, rollout audit packet export, and CI gate rollout auditor view.
| Gate | Status | Evidence |
|---|---|---|
| Dashboard route | Pass | #ai-posture |
| Static portal smoke | Pass | python3 scripts/validate-sandbox-portal.py |
| JavaScript syntax | Pass | node --check apps/sandbox-ui/sandbox.js |
| Public boundary | Pass | scripts/validate-boundaries.sh |
| Regression suite | Pass | PYTHONPATH=src pytest -q |
| Desktop/mobile render | Pass | Playwright rendered the AI Posture auditor view |
| Required check name | Pass |
cavra-aispm-review-packet is preserved |
Community does not expose raw prompts, model reasoning, raw tool output, customer secrets, tenant event stores, private connector payloads, private policy-pack implementation, Enterprise source code, license keys, or automated branch-protection write-back credentials.
Phase B is ready as a public-safe Community AISPM dashboard baseline after the current dashboard changes are merged and CI passes. Enterprise live ingestion, authenticated CSO/CISO dashboards, runtime controls, tenant retention, and commercial compliance exports remain Phase C through Phase E work.
The canonical packet is
docs/aispm-phase-b-closeout-verification.md.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion