-
Notifications
You must be signed in to change notification settings - Fork 0
Policy Signing Key Workflow
Huzefaaa2 edited this page Jun 3, 2026
·
1 revision
This public Community workflow hardens policy integrity for CAVRA GA readiness. It supports local Ed25519 policy signing while preserving the existing HMAC signature metadata path for local tamper checks.
The public repository may include signing commands, public-key verification guidance, and synthetic examples. It must not contain production private keys, customer signing keys, KMS/HSM identifiers, Enterprise approval workflows, customer policy packs, paid policy packs, or private signing-service implementation details.
cavra policy keygen \
--output .cavra/policy-signing \
--key-id community-ga-policy-keycavra policy sign policies/cavra-ai-agent-baseline/policy.yaml \
--signer platform-security \
--private-key .cavra/policy-signing/community-ga-policy-key.private.pem \
--key-id community-ga-policy-keycavra policy verify policies/cavra-ai-agent-baseline/policy.yaml \
--public-key .cavra/policy-signing/community-ga-policy-key.public.pemUse Ed25519 for GA signing workflows. Use HMAC only for local tamper checks or legacy automation that has not migrated yet.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Technology Stack
- Conclusion