Skip to content
Huzefaaa2 edited this page Jun 28, 2026 · 272 revisions

Before the Agent Acts: The CAVRA Technical Textbook

Welcome to the CAVRA Wiki. This wiki now opens as a technical textbook for CAVRA, Controlled Agentic Verification and Runtime Authority. It is written for developers, security engineers, platform owners, compliance teams, architects, and enterprise evaluators who need to understand what CAVRA is, how it works, how to run it, and how to operate it safely.

CAVRA exists for a simple reason: AI agents should not receive unchecked authority over code, cloud, data, identity, CI/CD, MCP tools, and production workflows. CAVRA gives organizations a runtime authority layer that evaluates agent actions before they happen, records evidence after they happen, and turns that evidence into AI Security Posture Management, or AISPM.

CAVRA runtime authority map

Animated CAVRA runtime authority loop showing an agent request moving through policy, approval, evidence, and AISPM posture

Start Here

Read the book in order if you are new to CAVRA. Jump directly to the command, GUI, AISPM, or deployment chapters if you already know the product shape.

Five-minute CAVRA journey

Five-Minute Quick Start

If you want to see CAVRA work before reading the full book, follow this short path:

  1. Install the Community Edition from the repository with pip install -e ..
  2. Run cavra version and cavra policy list.
  3. Run cavra demo before-the-agent-acts to see CAVRA block risky agent behavior.
  4. Run cavra evaluate execute_command "terraform apply -auto-approve" --json to evaluate a dangerous command directly.
  5. Run cavra evidence bundle --output .cavra/evidence/latest and cavra evidence verify .cavra/evidence/latest to prove the control path.
  6. Open the sandbox GUI and review the decision, evidence, and AISPM views.

The detailed walkthrough is in Install And Deploy CAVRA, Community Edition User Guide, and Use Cases, Labs, And Example Workflows.

Learning Paths

Reader Read first Outcome
First-time user Chapters 0, 1, 5, 6, 13 Install, run a demo, block a risky action, and verify evidence.
Developer Chapters 5, 6, 8, 11 Use the CLI, write policy, route approvals, and create evidence.
Security architect Chapters 1, 2, 3, 11, 15, 16 Understand the runtime authority model, policy language, governance controls, and troubleshooting.
Platform owner Chapters 3, 5, 8, 12 Integrate CAVRA into CI/CD, APIs, and operating workflows.
Enterprise evaluator Chapters 4, 7, 10, 12, 13, 16 Validate SSO/RBAC, connectors, tenant isolation, AISPM, report delivery, and blocker closeout.

Complete Table Of Contents

  1. Foreword, Preface, And Reader Paths
  2. Why CAVRA Exists
  3. The Runtime Authority Model
  4. Architecture And Open-Core Design
  5. Editions, Licensing, And Feature Boundaries
  6. Install And Deploy CAVRA
  7. Community Edition User Guide
  8. Enterprise Edition User Guide
  9. CAVRA CLI Command Reference
  10. CAVRA GUI And Sandbox Guide
  11. AISPM Guide
  12. Policies, Approvals, Evidence, And Attestations
  13. Operations, Integrations, And Deployment Patterns
  14. Use Cases, Labs, And Example Workflows
  15. Reference Appendices
  16. Policy Language Reference
  17. Troubleshooting And FAQ
  18. Conclusion: The Runtime Authority Revolution

Visual Index

Topic Diagram
Runtime authority CAVRA runtime authority map
Architecture context Architecture context
Runtime decision flow Runtime flow
Editions Edition map
CLI command families Command map
AISPM posture loop AISPM posture loop
Enterprise sequence Enterprise sequence
Getting started journey Getting started journey
Policy authoring journey Policy authoring journey
Approval routing Approval routing flow
Troubleshooting Troubleshooting decision tree
Dynamic runtime loop Animated runtime authority loop
Dynamic AISPM readiness Animated AISPM readiness pulse

The animated diagrams are SVG-native and are written to degrade into readable static diagrams when motion is disabled by browser, accessibility, or renderer settings. Every textbook image uses descriptive alt text in the surrounding Markdown.

Enterprise Trial Path

Approved Enterprise evaluators start at the public trial portal:

The trial portal is the starting point for requesting operator-reviewed access, private package entitlement, and time-limited evaluator license material. After approval, use the CAVRA Trial Field Guide to run a complete proof-of-value scenario: choose one repository or workflow, govern one risky AI-agent action, route one approval, generate evidence, review AISPM, and close out the trial without leaving stale package or license access behind.

Primary Product References

Development And Testing Archive

Historical implementation notes, release packets, validation records, trial synchronization notes, rollback-drill records, closeout documents, and readiness artifacts are preserved in one archive:

The archive is intentionally separated from the textbook so new readers can learn CAVRA without walking through every development milestone.

Clone this wiki locally