-
Notifications
You must be signed in to change notification settings - Fork 0
CAVRA Trial Field Guide
The CAVRA Trial Field Guide is the public-safe operating handbook for approved CAVRA Trial evaluators. CAVRA Trial is a temporary evaluation access path for CAVRA Managed or Enterprise Subscription capabilities. It is not a separate source edition. This guide walks evaluators through CAVRA from first contact to closeout without exposing private source code, entitlement material, package credentials, customer data, raw prompts, or private policy-pack implementation details.
Use this guide with CAVRA Community, the approved CAVRA Trial request flow, and the validation packets linked from the release evidence index.
| Role | Primary Question | Field Guide Path |
|---|---|---|
| Developer | Will CAVRA govern agent actions before they change code or tools? | Labs 1, 3, and 4 |
| Platform engineer | Can we wire CAVRA into repositories, CI, and runtime control points? | Labs 2, 3, 6, and 7 |
| Security engineer | Can we see risky agent actions, violations, and control coverage? | Labs 3, 4, 5, and 7 |
| Auditor | Can we prove what happened, who approved it, and what evidence exists? | Labs 4, 5, 6, and 8 |
| CSO/CISO | Is the AI-agent security posture understandable and board-reviewable? | Labs 4, 5, 7, and 8 |
| Lab | Name | Outcome | Primary Surface |
|---|---|---|---|
| 1 | Product orientation | Understand CAVRA Community, CAVRA Managed, Enterprise Subscription, Trial access, and private-source boundaries. | Public docs and portal |
| 2 | Trial access request | Understand approved-access signup, operator review, hosted or package access, and entitlement validation. | Trial portal |
| 3 | Governed agent action | Review allow, warn, block, approval, and attestation decisions. | Community dashboard |
| 4 | AISPM posture review | Inspect risk, agent coverage, timelines, evidence confidence, and control coverage. | AI Posture |
| 5 | CSO report center | Download Community reports and understand configured delivery, audit, Managed, and retention controls. | Report Center |
| 6 | Operator readiness | Review release gates, trial handoff, runtime controls, and package-readiness boundaries. | Readiness packets |
| 7 | Pilot evidence room | Review pilot launch, exception, risk, board-pack, deployment, report-delivery, and runtime-workflow evidence. | Evidence packets |
| 8 | Trial closeout | Understand revocation, expiry, package access removal, blocked runtime validation, and feedback capture. | Closeout pages |

The dashboard introduces the product, shows public-safe controls, and links to Community documentation, trial access, demo flows, and release evidence.

The AISPM posture view uses sample or local data in Community and live, authenticated, tenant-scoped data in Enterprise.

The CSO Report Center gives executives and auditors a central place to download public-safe reports. Enterprise expands this with signed exports, email delivery, retention, evidence rooms, and audit trails.

The board-pack view groups launch decision, evidence room, risk acceptance, exceptions, reviewer checklist, and report artifacts into one executive review surface.
CAVRA Trial entitlement material is generated only after an approved request through the public trial portal:
https://cavra-trial.mind-ops.cloud
The portal collects the evaluator's business contact, GitHub username, company role, and evaluation goal. A CAVRA trial operator reviews the request. Approved evaluators receive hosted access or private package access where applicable, plus one-time, time-limited entitlement material through a controlled channel.
Use the entitlement material this way:
- Store the entitlement in the protected location described in the approval handoff. Do not commit it to Git, tickets, screenshots, public docs, or chat transcripts.
- Configure package access exactly as described in the handoff.
- Run the supplied license validation step before starting Enterprise workflows.
- Keep the entitlement bound to the approved evaluator, tenant, and evaluation window.
- Treat expiry, revocation, and closeout as part of the trial, not as administrative cleanup after the fact.
The public textbook intentionally avoids publishing private package names, entitlement commands, token formats, signing details, or approval-channel implementation details.
Use this scenario to prove CAVRA's efficiency during a trial.
Goal: show that CAVRA lets a team safely use an AI coding agent for a real workflow while preserving runtime authority, approval evidence, and executive posture visibility.
- Pick one repository or workflow that represents a real business risk.
- Define one risky agent action, such as editing deployment automation, changing IAM or Kubernetes configuration, invoking a repository mutation tool, or running a destructive command.
- Request CAVRA Trial access from
https://cavra-trial.mind-ops.cloud. - After approval, activate hosted or package access and validate the evaluator entitlement using the handoff instructions.
- Run the workflow through CAVRA and record the decision: allow, warn, block, require approval, or allow with attestation.
- Route one legitimate high-risk action for approval and deny one unsafe action.
- Generate an evidence bundle and verify that the evidence explains actor, action, policy, decision, approval path, and evidence references.
- Review the AISPM posture view and report center to see how the trial action appears to security, audit, and executive users.
- Close the trial by confirming entitlement expiry or revocation, package access removal, evidence archive status, feedback, and pilot decision.
Success criteria: the evaluator can show exactly what the agent attempted, how CAVRA decided, who approved or denied the action, where the evidence lives, and whether remaining blockers prevent pilot or production expansion.
- Open
https://huzefaaa2.github.io/cavra/#dashboard. - Confirm that the product is CAVRA: Controlled Agentic Verification & Runtime Authority.
- Review the product boundary: CAVRA Community source is public; Managed service code, commercial entitlement services, certified connector packages, private policy packs, and private trial package implementation remain private.
- Open the documentation links for AISPM Dashboard Roadmap, AI Security Posture Dashboard Contract, Product Model, and Trial Access Guide.
Checkpoint: checkpoint-product-surfaces
Expected result: the evaluator can explain CAVRA Community, CAVRA Managed, Enterprise Subscription, Trial access, and private-source boundaries.
- Open
https://cavra-trial.mind-ops.cloud. - Submit a trial request with business contact details, GitHub username, company role, and evaluation goal.
- Confirm the request is recorded as pending operator review.
- Review Trial Access And Operator Approval to understand operator approval, package access where applicable, and entitlement issuance.
- After approval, follow the private handoff to configure hosted or package access, store entitlement material securely, and validate the time-limited evaluator entitlement before running Managed or Enterprise Subscription workflows.
Checkpoint: checkpoint-trial-request
Expected result: the evaluator understands why CAVRA Trial access is approved and gated instead of anonymous, and how evaluator entitlement is generated, activated, validated, and closed out.
- Open the public dashboard and run the sample agent scenario.
- Inspect the generated decision: allow, warn, block, require approval, or allow with attestation.
- Download the public-safe evidence JSON.
- Confirm the evidence identifies what the agent attempted, what CAVRA decided, why, and which evidence references support the decision.
Checkpoint: checkpoint-agent-decision
Expected result: the evaluator can see how CAVRA governs an AI-agent action before relying on after-the-fact review.
- Open
AI Posture. - Review live activity sample data, risk queue, execution timeline, approval lineage, control coverage heatmap, evidence confidence, and evidence freshness panels.
- Confirm each tile clearly indicates public-safe sample/local provenance.
- Review the executive risk narrative and near-miss queue.
Checkpoint: checkpoint-aispm-posture
Expected result: CSO/CISO, security, and platform teams can inspect AI-agent posture without raw prompt or private payload exposure in Community.
- Open the report center inside the AI Posture route.
- Download Community-safe executive, audit, control coverage, evidence freshness, and agent-risk reports.
- Review AISPM CSO Report Center for the configured or Managed expansion: PDF, XLSX, DOCX, HTML, signed JSON, JSONL, GRC packages, scheduled email delivery, retry evidence, retention, and evidence-room access events.
Checkpoint: checkpoint-report-center
Expected result: executives and auditors can identify which reports exist in Community and which delivery/governance capabilities require configuration, CAVRA Managed, or Enterprise Subscription.
- Review the CAVRA Trial readiness public summary:
docs/release-verifications/aispm-enterprise-trial-readiness-public-summary.json. - Confirm the public-safe gates are ready: runtime binding, alert transport, release dashboard publication, trial field guide, operator audit archive, runtime-control closeout, systems-of-record attachment, and announcement closeout.
- Review the release evidence index for validator paths and packet names.
Checkpoint: checkpoint-operator-readiness
Expected result: evaluators can see the readiness trail without seeing private operator records or package credentials.
- Review the public-safe pilot evidence room packet.
- Confirm it references launch decision, reviewer checklist, exception register, risk acceptance, board pack, deployment runtime validation, report-delivery validation, and runtime-workflow validation.
- Confirm the private implementation owns signed acceptance, board minutes, private ACLs, customer data, and authenticated evidence-room access logs.
Checkpoint: checkpoint-pilot-evidence-room
Expected result: CSO/CISO and auditors can understand the pilot evidence room without receiving customer-private evidence.
- Review Trial Revocation, Expiry, And Closeout.
- Confirm closeout expectations: license expiry or revocation, package access removal, blocked runtime validation, archived evidence packet, evaluator feedback, and commercial/pilot handoff decision.
Checkpoint: checkpoint-revocation-expiry
Expected result: the evaluator understands how trial access is ended or converted without leaving stale package or license access behind.
| Checkpoint | Expected Evidence |
|---|---|
| Product surfaces | Public dashboard and open-core docs reviewed. |
| Trial request | Approved-access flow, operator review, license handoff, and secure license storage understood. |
| Agent decision | Public-safe decision evidence downloaded. |
| AISPM posture | Risk, coverage, timeline, and freshness panels reviewed. |
| Report center | Community downloads and configured or Managed delivery boundary understood. |
| Operator readiness | Public-safe readiness summary reviewed. |
| Pilot evidence room | Required artifact families identified. |
| Revocation and expiry | Closeout and blocked-access expectations understood. |
Do not publish or attach private source code, license keys, package tokens, private container URLs, SMTP credentials, signing keys, private policy-pack implementation details, customer records, evaluator identities, operator identities, IP addresses, raw prompts, model reasoning, raw tool output, provider responses, private evidence room ACLs, signed download URLs, or tenant-specific findings in this public guide.
Use public-safe summaries, screenshots, diagrams, packet names, hashes, and status fields only.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion