-
Notifications
You must be signed in to change notification settings - Fork 0
Go Enforcement Contracts
Huzefaaa2 edited this page May 21, 2026
·
19 revisions
CAVRA now has a generated Go contract package for the enforcement boundary.
Source contract: proto/cavra/enforcement/v1/enforcement.proto
Generated package: go/cavra-runtime/enforcement/v1
Generator: scripts/generate_go_enforcement_contracts.py
-
EvaluateRequestgenerated from the protobuf request shape. -
ReleaseGovernanceEvidencegenerated from the protobuf release-governance evidence payload shape. -
DecisionResponsegenerated from the protobuf response shape. - Conversion from generated request contracts to runtime requests.
- Conversion from typed release-governance contract payloads into public-safe runtime records.
- Conversion from runtime decisions to generated response contracts.
- Contract tests that verify expected proto fields remain present.
- Contract-level fixtures for approval, failed delivery, and critical inventory freshness release-governance payloads.
- Daemon and CI runner examples that send typed release-governance payloads through the generated request contract.
- Runtime support for both legacy
operationand proto-alignedrequested_operation.
Regenerate the Go contract file:
python3 scripts/generate_go_enforcement_contracts.pyRun contract tests when the Go toolchain is installed:
cd go/cavra-runtime
go test ./...Example proto-shaped JSON request:
{
"session_id": "session-1",
"agent_id": "codex-agent",
"actor": "developer@example.com",
"action_type": "execute_command",
"target": "terraform plan",
"requested_operation": "terraform plan",
"policy_pack": "cavra-ai-agent-baseline"
}Example release-governance evidence contract request:
{
"session_id": "release-contract-demo",
"agent_id": "release-agent",
"actor": "release.manager@example.com",
"action_type": "release_governance_record",
"target": "release-connectors",
"requested_operation": "verify",
"policy_pack": "cavra-ai-agent-baseline",
"release_governance": {
"metadata_kind": "release-connector-delivery",
"release_channel": "stable",
"release_version": "v0.2.0",
"failed_providers": ["servicenow"],
"failed_delivery_count": 1,
"blocked_count": 1,
"connector_delivery_source": "release_governance_promotion"
}
}- As a platform engineer, I can build daemon transport on a stable request and response shape.
- As a CI owner, I can validate the same contract before wiring runner-side enforcement.
- As an auditor, I can see that the Go enforcement boundary follows the documented protobuf contract.
- As a release manager, I can send typed release-governance metadata into the Go runtime without relying on ad hoc JSON maps.
Generated contracts reduce integration drift between Python, Go, future daemon transport, and CI runner integrations. Enterprises can review one enforcement boundary instead of reverse-engineering each runtime implementation.
- The generated package is a lightweight JSON transport contract, not a full gRPC server.
- The current daemon transport and
daemon.Clienthelper use these contracts over a one-request-per-connection Unix socket. - GitHub Actions, GitLab CI, and Azure Pipelines examples now use typed release-governance contract payloads directly.
- Next work should package signed runner binaries and reusable runner actions around these examples.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion