-
Notifications
You must be signed in to change notification settings - Fork 0
Textbook 02 Runtime Authority Model
CAVRA is built on a runtime authority model. The runtime authority is the control layer that evaluates agent actions before execution and produces evidence after evaluation.
CAVRA models several kinds of actors:
- AI coding agents that propose file edits, shell commands, Git operations, or tool calls.
- Human operators who approve, deny, or break glass.
- MCP servers and tools that expose external capabilities to agents.
- CI/CD runners that enforce policy in automated delivery paths.
- Enterprise connectors that deliver evidence, notifications, incidents, tickets, or reports.
CAVRA evaluates actions rather than vague intent. Example action families include:
-
read_file,write_file, and repository modifications. - Shell commands and high-risk command patterns.
- Git operations, branch protection changes, and pull request activity.
- MCP tool calls against repositories, filesystems, cloud tools, ticketing systems, or custom tools.
- Infrastructure and cloud changes through Terraform, OpenTofu, Kubernetes, GitHub, IAM, or deployment workflows.
- Evidence generation, report delivery, and release governance tasks.
A CAVRA decision tells the calling workflow what should happen next.
| Decision | Meaning |
|---|---|
allow |
The action can proceed and evidence should be recorded. |
deny |
The action is blocked because policy does not permit it. |
requires_approval |
The action needs a human or external approval route. |
shadow |
The action is observed and recorded without hard enforcement. |
break_glass |
An emergency path is used with explicit justification and evidence. |
CAVRA can evaluate decisions from several inputs:
- Static policy packs.
- Repository and file metadata.
- Runtime action payloads.
- Agent registry records.
- MCP trust registry records.
- OIDC identity claims and RBAC mappings.
- Approval store state.
- Evidence and attestation history.
- Enterprise tenant, connector, and entitlement state.
CAVRA treats bypass risk as a first-class design problem. The runtime authority model assumes agents may try alternate tools, indirect file paths, generated scripts, shell wrappers, or CI/CD side channels. CAVRA therefore documents anti-bypass principles in AI Agent Enforcement And Anti-Bypass Model and uses evidence to detect whether expected gates were used.
The runtime authority loop is:
- Agent proposes an action.
- CAVRA normalizes the action into a decision request.
- Policy, identity, registry, and approval context are evaluated.
- A decision is returned.
- Approved execution or blocked activity is recorded.
- Evidence is signed, indexed, searched, exported, or transformed into AISPM posture.
This loop is the heart of the product.
- What is the difference between
denyandrequires_approval? - Why does CAVRA model MCP servers and tools as trust objects?
- Which evidence should exist after a blocked action?
Read Architecture And Open-Core Design to see how the runtime authority model becomes product components and data boundaries.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion