-
Notifications
You must be signed in to change notification settings - Fork 0
Evidence Trust Root Distribution
Huzefaaa2 edited this page May 19, 2026
·
2 revisions
CAVRA supports distributable evidence trust-root packages for Ed25519 evidence verification in CI, reviewer workstations, API services, audit tooling, and offline environments.
cavra evidence trust-root .cavra/keys/prod-public.pem \
--output .cavra/keys/prod-trust-root.json \
--key-id prod-evidence-2026-q2
cavra evidence trust-bundle .cavra/keys/prod-trust-root.json \
--output .cavra/keys/evidence-trust-roots.json
cavra evidence trust-distribution .cavra/keys/prod-trust-root.json \
--output .cavra/keys/trust-root-distribution \
--environment regulated-prod \
--distribution-id prod-trust-roots-2026-q2 \
--channel source-control \
--channel offline-media
cavra evidence verify .cavra/evidence/latest \
--trust-root .cavra/keys/evidence-trust-roots.json \
--key-id prod-evidence-2026-q2The distribution command writes evidence-trust-roots.json, trust-root-distribution-manifest.json, trust-root-distribution.md, and checksums.txt.
- As an auditor, I can verify historical evidence with public trust roots.
- As Platform Security, I can rotate signing keys without breaking old evidence.
- As Release Engineering, I can enforce approved key IDs in CI and PR review.
- As an offline operator, I can import one documented package with checksums and approved distribution channels.
Trust-root distribution packages give every verifier the same approved signing-key set and checksum-protected operator handoff. This reduces ambiguity around evidence origin, key rotation, historical verification, revoked keys, and restricted-network import.
See repository source page: docs/evidence-trust-root-distribution.md.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion