-
Notifications
You must be signed in to change notification settings - Fork 0
Console Security Boundary
Huzefaaa2 edited this page May 18, 2026
·
28 revisions
Phase 6 now reports the deployed console/API security boundary.
- Read-only
GET /console/security-boundary. - Read-only
GET /console/sessionfor signed bearer-token actor context. - OIDC readiness from
CAVRA_APPROVAL_OIDC_CONFIG. - Repository RBAC readiness from
CAVRA_APPROVAL_RBAC_FILE. - CORS origin visibility from
CAVRA_CORS_ORIGINS. - Browser-visible console permission categories.
- Operator notes for production deployments.
curl http://127.0.0.1:8000/console/security-boundaryThe sandbox console displays the same information in the Console Security Boundary panel.
The boundary endpoint reports whether the console/API topology is ready for signed OIDC actor tokens and repository RBAC on approval decisions, break-glass actions, and policy publish write-back. GET /console/session validates a bearer token and reports actor context. Production deployments should host the console behind enterprise identity and restrict CORS.
- As a platform engineer, I can confirm OIDC and RBAC wiring before production console rollout.
- As a security architect, I can separate static demo console behavior from production identity boundaries.
- As an auditor, I can inspect the control boundary for approval decisions.
The next recommended work is vendor-specific ITSM, ChatOps, and SIEM connector execution hooks.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion