-
Notifications
You must be signed in to change notification settings - Fork 0
Console Authenticated Sessions
Huzefaaa2 edited this page May 17, 2026
·
1 revision
CAVRA now exposes GET /console/session and enforces verified actor context for console mutations when OIDC or RBAC is configured.
The console session endpoint accepts Authorization: Bearer <OIDC JWT>. The API validates the token with CAVRA_APPROVAL_OIDC_CONFIG, maps groups with CAVRA_APPROVAL_RBAC_FILE, and returns actor, groups, repository permissions, and console permission flags.
POST /approvals/{approval_id}/approvePOST /approvals/{approval_id}/denyPOST /approvals/{approval_id}/expirePOST /approvals/break-glass
Approval decisions use repository-scoped RBAC. Break-glass actions require Change Advisory Board group membership.
The sandbox console includes a Console Session panel for bearer-token validation. Once a token is active, approval and break-glass actions include it automatically.
- As a platform engineer, I can verify the console actor before approving controlled actions.
- As a repository owner, I can receive repository-scoped approval rights without global authority.
- As an auditor, I can confirm that browser-visible mutations require signed identity context.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion