-
Notifications
You must be signed in to change notification settings - Fork 0
Runtime Policy Modes
Huzefaaa2 edited this page Jun 3, 2026
·
1 revision
CAVRA now exposes explicit public-safe runtime mode summaries for Community GA control hardening.
| Mode | Effective Behavior |
|---|---|
audit_only |
Records findings and evidence without blocking execution. |
enforce |
Preserves the policy decision from the runtime guard. |
strict |
Preserves blocks and approvals; converts allowed actions to approval-gated actions. |
break_glass |
Blocks unless an actor and reason are provided, then allows only with attestation. |
cavra evaluate execute_command "terraform plan" --policy-mode strict --jsonBreak-glass does not disable CAVRA. It changes the effective decision only when the operator supplies an actor and reason, and it still requires attestation evidence.
CAVRA Field Compass
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
Textbook home: Before the Agent Acts |
Development archive: development and testing artifacts |
Source repository: github.com/Huzefaaa2/cavra
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion