-
Notifications
You must be signed in to change notification settings - Fork 0
Repository Policy Rollout
Huzefaaa2 edited this page May 18, 2026
·
30 revisions
Phase 6 now includes durable repository scope and policy rollout visibility.
- JSON and SQLite persistence for governed repositories.
- JSON and SQLite persistence for policy rollout records.
- API filters for owner, policy pack, status, risk tier, rollout state, rollout mode, and repository.
- Console views for repository inventory, rollout progress, and rollout detail.
- Rollout change planning and apply workflows.
- Evidence references so rollout records can point back to CAVRA decisions, bundles, or attestations.
Configure JSON persistence:
export CAVRA_INVENTORY_STORE=.cavra/api/inventory.jsonConfigure SQLite persistence:
export CAVRA_INVENTORY_DB=.cavra/api/inventory.db
cavra evidence migrate --sqlite .cavra/api/inventory.dbCreate or update repository inventory:
curl -X POST http://127.0.0.1:8000/repositories \
-H 'content-type: application/json' \
-d '{"repository":"payments/api","owner":"payments-platform","policy_pack":"cavra-banking-baseline","risk_tier":"regulated","status":"active"}'Create or update policy rollout state:
curl -X POST http://127.0.0.1:8000/policy-rollouts \
-H 'content-type: application/json' \
-d '{"repository":"payments/api","policy_pack":"cavra-banking-baseline","mode":"strict","state":"active","coverage_percent":100}'Preview and apply rollout changes:
curl -X POST http://127.0.0.1:8000/policy-rollouts/change-plan \
-H 'content-type: application/json' \
-d '{"rollout_id":"payments-api-banking","repository":"payments/api","policy_pack":"cavra-banking-baseline","mode":"strict","state":"active","coverage_percent":100}'- As a CISO, I can see which repositories are protected by which policy pack.
- As a platform engineer, I can track rollout mode before moving teams from audit-only to enforcement.
- As an auditor, I can map policy coverage to evidence references and persisted decision records.
Large enterprises cannot govern AI coding agents repository by repository through spreadsheets. CAVRA now provides an API-backed inventory and rollout view so repository coverage, ownership, risk, and enforcement mode can be inspected centrally.
The next recommended work is Go daemon transport and public sandbox URL validation after deployment from main.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion