Skip to content

Go Enforcement Parity

Huzefaaa2 edited this page May 18, 2026 · 72 revisions

Go Enforcement Parity Scaffold

Python remains the authoritative CAVRA runtime. The Go enforcement plane now has a bounded parity scaffold under go/cavra-runtime/ so the project can evolve toward low-latency local and CI enforcement without creating inconsistent decisions.

Delivered

  • Go module and runtime evaluator.
  • JSON request to JSON decision CLI entrypoint.
  • Shared critical parity fixture.
  • Compiled-policy loader for normalized JSON from cavra policy compile.
  • CLI --policy flag for evaluating against compiled policy JSON.
  • Trust-registry loader and CLI --registry flag for registry-backed MCP decisions.
  • Runtime evidence metadata with decision IDs, correlation IDs, timestamps, and evidence://... references.
  • Go unit tests for file, command, Git, and MCP decisions.
  • Python parity tests against the same fixture.
  • go-runtime-parity GitHub Actions job.
  • Required governance check execution of the Go test suite.

How To Use

python3 -m pytest tests/test_go_runtime_parity.py -q
cd go/cavra-runtime
go test ./...
PYTHONPATH=src python3 -m cavra.cli policy compile --policy-pack cavra-ai-agent-baseline > /tmp/cavra-compiled-policy.json
echo '{"action_type":"read_file","target":".env"}' \
  | go run ./cmd/cavra-runtime --policy /tmp/cavra-compiled-policy.json
echo '{"session_id":"registry-demo","action_type":"mcp_tool_call","server":"github-mcp","tool":"delete_repository","capability":"repository","policy_pack":"cavra-mcp-enterprise"}' \
  | go run ./cmd/cavra-runtime --registry testdata/mcp_registry.json

User Stories

  • As a CI owner, I can verify Go decisions before adopting a runner-side backend.
  • As a platform engineer, I can review the decision boundary before deploying binaries.
  • As an auditor, I can see parity evidence in required checks.

Enterprise Challenge Solved

Large engineering fleets need fast enforcement, but regulated environments need proof that every backend evaluates policy consistently. The parity scaffold creates the proof path before promotion.

Next

Expand golden cases across every bundled policy pack and approval route, then package signed binaries.

Clone this wiki locally