-
Notifications
You must be signed in to change notification settings - Fork 0
Evidence Artifact Retrieval
CAVRA exposes read-only evidence artifacts for indexed sessions and managed endpoint rollout records when CAVRA_EVIDENCE_ARTIFACT_ROOT is configured.
GET /evidence/{session_id}/artifactsGET /evidence/{session_id}/artifacts/{artifact_name}GET /evidence/{session_id}/artifact-bundle
The artifact root contains one directory per evidence session or verified rollout record. The session or rollout must exist in metadata before files are served. The API only serves known evidence bundle filenames such as manifest.json, evidence.json, pr-attestation.md, compliance-mapping.md, siem-event.json, sandbox-run-summary.json, and retention-policy.json.
For metadata_kind=managed-endpoint-rollout, the API serves only managed-endpoint-rollout-evidence.json, managed-endpoint-rollout-evidence.md, and checksums.txt. The rollout bundle_dir must resolve inside the configured artifact root.
Downloads include x-cavra-artifact-sha256 for audit logging and client-side verification.
- No arbitrary server-side paths.
- Disabled unless
CAVRA_EVIDENCE_ARTIFACT_ROOTis set. - Metadata record required.
- Allowlisted artifact names only.
- Path traversal rejected.
- Rollout bundle directories outside the configured artifact root are rejected.
- As an auditor, I can download a full CAVRA evidence bundle for a session.
- As a reviewer, I can retrieve the PR attestation directly from the console.
- As an endpoint engineering owner, I can download verified rollout evidence and checksums for a managed endpoint deployment record.
- As a platform engineer, I can expose evidence from a controlled root without granting broad filesystem access.
Artifact retrieval connects metadata search to audit-ready evidence. Teams can find a session, inspect risk, download the attestation or bundle, and attach it to change records, incident reviews, or compliance requests.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion