-
Notifications
You must be signed in to change notification settings - Fork 0
Policy Pack Authoring Workflows
CAVRA supports safe policy authoring previews and governed rollout change workflows.
GET /policy-pack-catalogPOST /policy-packs/draftPOST /policy-packs/publish-planPOST /policy-packs/publish-requestPOST /policy-packs/publishPOST /policy-rollouts/change-planPOST /policy-rollouts/apply-change
Policy drafts are read-only previews. They validate against the policy schema and include rule counts and operator notes.
Policy publishing is approval-bound and signed. CAVRA creates a publish plan with a draft digest, creates an approval request bound to that digest, and writes policy.yaml plus policy.yaml.sig.json only after the matching approval is approved or break-glass. Mismatched draft digests are rejected before write-back.
Rollout change plans include before/after state, changed fields, risk, approval requirement, and operator notes. Applying a rollout change persists the normalized rollout record. When OIDC or RBAC is configured, apply-change requires verified actor context.
The sandbox console includes Policy Authoring and Rollout Changes for catalog refresh, draft preview, publish planning, publish approval requests, signed publishing, rollout planning, and rollout apply.
- As a platform engineer, I can preview policy packs before committing them.
- As a platform engineer, I can publish approved policy packs with signature metadata.
- As a security engineer, I can review rollout risk before enforcement.
- As an auditor, I can inspect rollout change plans and approval-bound policy write-back evidence.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion