-
Notifications
You must be signed in to change notification settings - Fork 0
Textbook 00 Foreword Preface And Reader Paths
AI agents are becoming operating actors inside engineering organizations. They read source code, propose patches, run shell commands, open pull requests, call MCP tools, trigger CI/CD jobs, and increasingly touch infrastructure and cloud configuration. The important question is no longer whether agents can act. The question is who governs them at the moment they try to act.
CAVRA is built for that moment. It is a runtime authority layer that sits between an agent and the action it wants to perform. It evaluates intent, context, policy, identity, approval state, and evidence requirements before the action proceeds. CAVRA is not just a scanner and not just a dashboard. It is a control point.
This textbook explains CAVRA end to end. It covers the Community Edition in this public repository, the Enterprise Edition model, the Trial evaluation path, the GUI, the CLI, policy authoring, approvals, evidence, AISPM, and operating patterns for production teams.
The book is intentionally practical. Every chapter maps a product concept to a user task:
- Developers learn how to run local evaluations, use policy packs, generate evidence, and understand blocked or approved decisions.
- Security teams learn how CAVRA models high-risk agent behavior, MCP trust, approvals, attestations, and AISPM posture.
- Platform teams learn how to integrate CAVRA into CI/CD, API workflows, evidence stores, and release governance.
- Enterprise evaluators learn edition boundaries, live connector expectations, tenant isolation, report delivery, and production readiness gates.
If you are new to CAVRA, read chapters 1 through 5 first. Then choose your operating path.
Community users should read:
- Install And Deploy CAVRA
- Community Edition User Guide
- CAVRA CLI Command Reference
- CAVRA GUI And Sandbox Guide
Enterprise evaluators should read:
- Enterprise Edition User Guide
- AISPM Guide
- Operations, Integrations, And Deployment Patterns
- Use Cases, Labs, And Example Workflows
Security architects should read:
- Why CAVRA Exists
- The Runtime Authority Model
- Policies, Approvals, Evidence, And Attestations
- Reference Appendices
Each chapter includes references to product pages, diagrams, examples, or screenshots. The wiki keeps historical development artifacts in Development And Testing Artifacts, while this book remains the reader-facing product guide.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion