-
Notifications
You must be signed in to change notification settings - Fork 0
Evidence Trust Root Distribution
Huzefaaa2 edited this page May 17, 2026
·
2 revisions
CAVRA supports distributable evidence trust-root bundles for Ed25519 evidence verification.
cavra evidence trust-root .cavra/keys/prod-public.pem \
--output .cavra/keys/prod-trust-root.json \
--key-id prod-evidence-2026-q2
cavra evidence trust-bundle .cavra/keys/prod-trust-root.json \
--output .cavra/keys/evidence-trust-roots.json
cavra evidence verify .cavra/evidence/latest \
--trust-root .cavra/keys/evidence-trust-roots.json \
--key-id prod-evidence-2026-q2- As an auditor, I can verify historical evidence with public trust roots.
- As Platform Security, I can rotate signing keys without breaking old evidence.
- As Release Engineering, I can enforce approved key IDs in CI and PR review.
Trust-root bundles give every verifier the same approved signing-key set. This reduces ambiguity around evidence origin, key rotation, historical verification, and revoked keys.
See repository source page: docs/evidence-trust-root-distribution.md.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Technology Stack
- Conclusion