-
Notifications
You must be signed in to change notification settings - Fork 0
Textbook 05 Install And Deploy CAVRA
This chapter is the first practical path through CAVRA. It takes a new reader from a clean checkout to a visible blocked action, a verified evidence bundle, and the sandbox GUI.
The operating pattern is stable: install CAVRA, choose a policy pack, evaluate actions, generate evidence, and decide where enforcement belongs.
Clone the public repository:
git clone https://github.com/Huzefaaa2/cavra.git
cd cavraInstall the Python package in editable mode for local development:
python -m venv .venv
source .venv/bin/activate
pip install -e .If CAVRA is available from your Python package index, use an isolated CLI install instead:
pipx install cavraFor source development, keep the editable install. For daily CLI use, prefer pipx or a dedicated virtual environment so CAVRA dependencies do not mix with application dependencies.
Validate the CLI:
cavra version
cavra policy listStart with the flagship demo:
cavra demo before-the-agent-actsExpected decisions:
| Attempted action | Expected CAVRA outcome |
|---|---|
Read .env
|
Blocked |
Modify iam/admin-role.tf
|
Requires approval |
Run terraform plan
|
Allowed |
Run terraform apply -auto-approve
|
Blocked |
| Use unknown filesystem MCP server | Blocked |
Push directly to main
|
Blocked |
| Open a pull request | Allowed with attestation |
Now evaluate one risky command directly:
cavra evaluate execute_command "terraform apply -auto-approve" --jsonThe decision payload tells you the action, target, policy mode, decision, reason, and evidence expectations. In a real agent workflow, the agent or wrapper should stop when the decision is block or requires_approval.
Evaluate a risky file write:
cavra evaluate write_file iam/admin-role.tf --jsonEvaluate a direct protected-branch push:
cavra evaluate git_operation origin/main --jsonEvaluate an unknown MCP tool path:
cavra evaluate mcp_tool_call unknown-filesystem --jsonCreate evidence after the demo:
cavra evidence bundle --output .cavra/evidence/latest
cavra evidence verify .cavra/evidence/latestFor signed verification, create a keypair and trust root first:
cavra evidence generate-keypair
cavra evidence trust-root .cavra/keys/evidence-ed25519-public.pem --key-id local-evidence-key
cavra evidence trust-bundle .cavra/keys/evidence-trust-root.json
cavra evidence bundle --output .cavra/evidence/latest --private-key .cavra/keys/evidence-ed25519-private.pem --key-id local-evidence-key
cavra evidence verify .cavra/evidence/latest --trust-root .cavra/keys/evidence-trust-root.jsonThe important learning is that CAVRA does not only say "allowed" or "blocked." It creates a record that can later support review, CI/CD checks, AISPM posture, or audit.
Use these commands as your first local test set:
cavra evaluate write_file iam/admin-role.tf --json
cavra evaluate execute_command "terraform plan" --json
cavra evaluate execute_command "terraform apply -auto-approve" --json
cavra evaluate git_operation origin/main --jsonUse JSON output for automation and evidence workflows. Use cavra policy explain when the decision is surprising:
cavra policy explain execute_command "terraform apply -auto-approve"The public sandbox is a static UI under apps/sandbox-ui. Run it locally:
python -m http.server 5173 --directory apps/sandbox-uiOpen http://localhost:5173 and explore the dashboard, demo scenarios, evidence console, approvals, registry views, and AISPM pages.

The repository includes Docker examples for local evaluation and demo environments:
docker-compose.ymldocker/docker-compose.community.ymlexamples/docker/README.md
Use Docker when you want repeatable local startup or a shared demo environment. Use the Python editable install when you are modifying policy, CLI, or source behavior.
CAVRA includes a public API surface for decisions, policy packs, approvals, evidence, AISPM samples, and sandbox workflows. See API for endpoint families. A local deployment normally starts the API, configures policy and storage paths, then allows the sandbox UI or automation scripts to call the API.
The public Community repository includes an Azure deployment path for teams that want to run CAVRA as a lightweight hosted Community service instead of only as a local CLI or static sandbox.
The pattern uses:
- Azure Container Apps for the CAVRA FastAPI backend.
- Azure Static Web Apps for the sandbox and AISPM sample UI.
- Azure Container Registry for the API container image.
- GitHub Actions with Azure OIDC for deployment.
The implementation files are:
docker/Dockerfile.azure-api.github/workflows/deploy-azure-api.yml.github/workflows/deploy-azure-static-ui.yml
The API container runs:
uvicorn cavra.api:app --host 0.0.0.0 --port 8000The static UI workflow writes a deployment-specific config.js so the browser
uses the published API endpoint. Operators configure CAVRA_PUBLIC_API_BASE_URL
for the UI and CAVRA_CORS_ORIGINS for the API.
Use Azure Community SaaS Deployment for the full Azure resource list, GitHub variables, deployment flow, and validation steps.
This path is intentionally Community-scoped. It publishes public-safe CAVRA surfaces; it does not add Enterprise tenant isolation, live connectors, private policy packs, report-provider delivery, license enforcement, or AISPM production readiness validation.
CAVRA can be used in CI/CD to require policy decisions and evidence before merging or deploying. A typical flow is:
- A pull request proposes a high-risk change.
- CAVRA evaluates the change.
- Required approvals are opened or verified.
- Evidence is generated.
- A CI required check verifies the evidence and attestation.
See GitHub Required Checks And CI/CD Enforcement and Evidence Hub And Attestation.
Example workflow files are available under:
examples/github-actions/cavra-required-check.ymlexamples/github-actions/cavra-enterprise-enforcement.ymlexamples/gitlab-ci/cavra-required-check.gitlab-ci.yml
Enterprise deployment adds SSO, RBAC, tenant configuration, live connectors, private policy packs, report delivery, and AISPM live ingestion. Use Enterprise Trial Self-Service Access, OIDC RBAC Deployment, Connector Execution Hooks, and AISPM Enterprise Live Ingestion as the main references.
On Azure, Trial and Enterprise deployment use the private
Huzefaaa2/cavra-enterprise workflow set:
deploy-azure-trial-api.ymldeploy-azure-trial-ui.ymldeploy-azure-enterprise-api.ymldeploy-azure-enterprise-ui.ymldeploy-azure-enterprise-connectors.ymlvalidate-azure-aispm-production.yml
The Trial path hosts the approved-access portal, license request workflow, time-limited licenses, private package delivery, guided AISPM labs, expiry, revocation, audit evidence, and closeout. The Enterprise path hosts the private control plane with Entra ID/OIDC, RBAC, tenant isolation, private policy packs, persistent audit/evidence stores, SMTP/report-provider integration, live connectors, runtime workflow validation, and the final AISPM production readiness gate.
Use Azure Trial And Enterprise Deployment for the public-safe architecture. The executable workflows and secrets stay in the private Enterprise repository.
Enterprise deployment models:
| Model | Use when | Key work |
|---|---|---|
| Self-hosted control plane | You need private deployment and customer-controlled evidence stores. | Configure identity, policy registry, tenant audit store, connectors, and report delivery. |
| Docker or Compose | You need repeatable pilot or lab environments. | Pin images, mount policy/evidence paths, and keep secrets outside source control. |
| Kubernetes or Helm-style deployment | You need production-grade scheduling, ingress, secret management, and observability. | Add SSO/RBAC, persistent stores, network policy, connector credentials, and readiness probes. |
| Air-gapped or regulated environment | You need offline evidence, reproducible packages, or restricted network paths. | Use signed packages, offline trust roots, immutable storage, and export workflows. |
- Confirm edition and license boundary.
- Select policy packs.
- Configure evidence storage and trust roots.
- Configure approvals and break-glass rules.
- Configure agent and MCP trust registry entries.
- Add CI/CD enforcement where required.
- For Enterprise, configure tenant identity, connectors, SMTP or report provider settings, runtime workflows, and AISPM ingestion.
- Run readiness validators before production launch.
You have completed the first onboarding path when:
-
cavra demo before-the-agent-actsshows blocked, approval-routed, allowed, and attested outcomes. -
cavra evaluate execute_command "terraform apply -auto-approve" --jsonreturns a blocking decision under the starter policy. -
cavra evidence bundlecreates an evidence directory. -
cavra evidence verifysucceeds. - The sandbox GUI opens and you can identify Dashboard, Evidence, Approval, Registry, and AI Posture areas.
- Which command gives the fastest proof that CAVRA can block a risky action?
- Why should trust roots be configured before evidence is used in CI/CD or audit?
- What is the difference between serving the sandbox GUI and running Enterprise live ingestion?
Read Community Edition User Guide to turn the installation into repeatable local governance workflows.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion