-
Notifications
You must be signed in to change notification settings - Fork 0
Evidence Key Management
Huzefaaa2 edited this page May 17, 2026
·
3 revisions
CAVRA evidence bundles can be signed with Ed25519 keys and verified through a public key or trust-root document.
cavra evidence generate-keypair --private-key .cavra/keys/prod-private.pem --public-key .cavra/keys/prod-public.pem
cavra evidence trust-root .cavra/keys/prod-public.pem --output .cavra/keys/prod-trust-root.json --key-id prod-evidence-2026-q2
cavra evidence trust-bundle .cavra/keys/prod-trust-root.json --output .cavra/keys/evidence-trust-roots.json
cavra evidence bundle --output .cavra/evidence/latest --private-key .cavra/keys/prod-private.pem --key-id prod-evidence-2026-q2
cavra evidence verify .cavra/evidence/latest --trust-root .cavra/keys/evidence-trust-roots.json --key-id prod-evidence-2026-q2- Generate a new keypair before rotation.
- Publish the updated trust-root bundle before signing release evidence.
- Keep retired trust roots for historical verification.
- Mark compromised keys as
revoked. - Do not commit private keys.
See repository source page: docs/evidence-key-management.md.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion