-
Notifications
You must be signed in to change notification settings - Fork 0
Go Enforcement Parity
Huzefaaa2 edited this page May 19, 2026
·
72 revisions
Python remains the authoritative CAVRA runtime. The Go enforcement plane now has a bounded parity scaffold under go/cavra-runtime/ so the project can evolve toward low-latency local and CI enforcement without creating inconsistent decisions.
- Go module and runtime evaluator.
- JSON request to JSON decision CLI entrypoint.
- Shared critical parity fixture.
- Compiled-policy loader for normalized JSON from
cavra policy compile. - CLI
--policyflag for evaluating against compiled policy JSON. - Trust-registry loader and CLI
--registryflag for registry-backed MCP decisions. - Runtime evidence metadata with decision IDs, correlation IDs, timestamps, and
evidence://...references. - Compiled-policy parity across every bundled policy pack through Python-to-Go CLI validation.
- Go release package workflow with checksums, SPDX SBOM metadata, detached signatures, release evidence, GitHub Release asset attachment, and CLI verification.
- Go unit tests for file, command, Git, and MCP decisions.
- Python parity tests against the same fixture.
-
go-runtime-parityGitHub Actions job. - Required governance check execution of the Go test suite.
python3 -m pytest tests/test_go_runtime_parity.py -q
cd go/cavra-runtime
go test ./...PYTHONPATH=src python3 -m cavra.cli policy compile --policy-pack cavra-ai-agent-baseline > /tmp/cavra-compiled-policy.json
echo '{"action_type":"read_file","target":".env"}' \
| go run ./cmd/cavra-runtime --policy /tmp/cavra-compiled-policy.json
echo '{"session_id":"registry-demo","action_type":"mcp_tool_call","server":"github-mcp","tool":"delete_repository","capability":"repository","policy_pack":"cavra-mcp-enterprise"}' \
| go run ./cmd/cavra-runtime --registry testdata/mcp_registry.json- As a CI owner, I can verify Go decisions before adopting a runner-side backend.
- As a platform engineer, I can review the decision boundary before deploying binaries.
- As an auditor, I can see parity evidence in required checks.
Large engineering fleets need fast enforcement, but regulated environments need proof that every backend evaluates policy consistently. The parity scaffold creates the proof path before promotion.
Add rollout artifact integrity status and promotion readiness indicators to the console evidence view and continue broadening approval-route parity as new policy packs are added.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Technology Stack
- Conclusion