-
Notifications
You must be signed in to change notification settings - Fork 0
Connector Execution Hooks
CAVRA now supports live connector execution hooks for SIEM, ChatOps, ITSM, generic webhooks, and endpoint-management publication delivery.
- SIEM: Splunk HEC, Microsoft Sentinel or Log Analytics ingestion endpoints, Datadog Logs, generic webhook.
- ChatOps: Slack incoming webhooks, Microsoft Teams incoming webhooks.
- ITSM: Jira issue API, ServiceNow change request API.
- Endpoint management: Jamf, Microsoft Intune, and Linux fleet delivery endpoints for governed runtime export publication.
Use examples/connectors/cavra-connectors.example.json as a starting point. Production deployments should store secrets in environment variables and reference them with token_env, api_key_env, authorization_env, or url_env.
export CAVRA_CONNECTOR_CONFIG=.cavra/connectors.json
export SPLUNK_HEC_URL=https://splunk.example/services/collector
export SPLUNK_HEC_TOKEN=...Credential-bearing headers are redacted in delivery evidence. URLs with query strings are also redacted.
Register an integration record:
curl -X POST http://127.0.0.1:8000/integrations \
-H 'content-type: application/json' \
-d '{"integration_id":"splunk","provider":"splunk","category":"siem","status":"active","health_status":"healthy"}'Deliver an event through that integration:
curl -X POST http://127.0.0.1:8000/integrations/splunk/deliver \
-H 'content-type: application/json' \
-d '{"event":{"event_type":"cavra.evidence_bundle","session_id":"demo-session","decision_count":7,"blocked_count":4,"approval_required_count":1,"max_severity":"high"},"retries":1}'The response uses cavra.connector.delivery.v1 and records provider, success, status code, attempt count, redacted request metadata, and errors.
Release governance records can use the same connector path:
curl -X POST http://127.0.0.1:8000/promotion-executions/rpe_prod/audit-export/deliver \
-H 'content-type: application/json' \
-d '{"provider":"webhook","retries":1}'
curl -X POST http://127.0.0.1:8000/rollback-executions/rre_prod/deliver \
-H 'content-type: application/json' \
-d '{"provider":"webhook","retries":1}'
curl -X POST http://127.0.0.1:8000/endpoint-management-exports/eme_stable/publish \
-H 'content-type: application/json' \
-d '{"provider":"jamf","retries":1}'Release governance API deliveries are indexed as metadata_kind=release-connector-delivery in the active evidence metadata store. Review delivery history and alert summaries:
curl 'http://127.0.0.1:8000/release-connector-deliveries?provider=webhook&success=false'
curl http://127.0.0.1:8000/release-connector-deliveries/dashboard
curl 'http://127.0.0.1:8000/endpoint-management-publications?provider=jamf&success=false'
curl http://127.0.0.1:8000/endpoint-management-publications/dashboardcavra integration deliver .cavra/evidence/latest/siem-event.json \
--config .cavra/connectors.json \
--provider splunk \
--output .cavra/integrations/deliveries
cavra release deliver-promotion-audit .cavra/release/rollout-promotion-execution/rollout-promotion-execution.json \
--config .cavra/connectors.json \
--provider webhook \
--retries 1 \
--metadata-json .cavra/evidence/metadata.json
cavra release deliver-rollback-execution .cavra/release/rollout-rollback-execution/rollout-rollback-execution.json \
--config .cavra/connectors.json \
--provider webhook \
--retries 1 \
--metadata-json .cavra/evidence/metadata.json
cavra release deliver-endpoint-export .cavra/release/endpoint-management-export/endpoint-management-export-manifest.json \
--config .cavra/connectors.json \
--provider jamf \
--retries 1 \
--metadata-json .cavra/evidence/metadata.json
cavra release connector-delivery-history --metadata-json .cavra/evidence/metadata.json --provider webhook --no-success
cavra release connector-delivery-dashboard --metadata-json .cavra/evidence/metadata.json
cavra release endpoint-publication-history --metadata-json .cavra/evidence/metadata.json --provider jamf --no-success
cavra release endpoint-publication-dashboard --metadata-json .cavra/evidence/metadata.json- As a SOC analyst, I can receive CAVRA evidence events in SIEM without manually uploading JSON.
- As a platform engineer, I can send governance notifications to Slack or Teams with redacted delivery evidence.
- As a change manager, I can create Jira or ServiceNow records from CAVRA events.
- As a release manager, I can route promotion audit and rollback execution events with retry evidence.
- As a release manager, I can review persisted release connector delivery history by provider, event, and success state.
- As an endpoint engineer, I can see whether a Jamf, Intune, or Linux export was actually delivered after it was generated.
- As a SOC analyst, I can see dashboard alerts when release governance delivery fails.
- As an auditor, I can inspect delivery evidence without seeing connector secrets.
Connector execution hooks move CAVRA from generated payloads to operational delivery. Teams can route AI-agent governance evidence into existing SOC, ChatOps, and change-management systems while preserving redacted audit trails.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion