-
Notifications
You must be signed in to change notification settings - Fork 0
Textbook 13 Use Cases Labs And Example Workflows
This chapter gives practical ways to experience CAVRA.
Goal: see runtime authority stop an unsafe agent change.
cavra evaluate write_file iam/admin-role.tf --jsonExpected result: the decision explains whether the write is allowed, denied, or routed for approval. Use the result as input to an approval or evidence workflow.
Goal: see human approval become part of the evidence chain.
cavra approval create /tmp/cavra-decision.json --requested-by developer
cavra approval list --state pending
cavra approval approve apr_123 --actor platform-security --reason "Reviewed scoped production change"Expected result: the approval record can be audited and referenced by later evidence.
Goal: create proof of governance.
cavra evidence bundle --output .cavra/evidence/latest
cavra evidence verify .cavra/evidence/latestExpected result: evidence can be verified, indexed, searched, exported, or used by CI/CD.
Goal: govern tool calls, not just files.
cavra registry mcp-register github-mcp --trust-tier approved --approval-state approved --capability repository --tool create_pull_request
cavra registry mcp-check github-mcp create_pull_request --capability repositoryExpected result: CAVRA has a record of which MCP tools are trusted for which actions.
Goal: experience the GUI.
- Start the sandbox.
- Open Dashboard.
- Run the flagship scenario.
- Open Evidence.
- Open AI Posture.
- Export a public-safe readiness packet.

Goal: understand the production condition.
Enterprise users configure real tenant inputs, real connector credentials, SMTP or report provider settings, and runtime workflows. Then they run source validators and the final production gate. The completion condition is ready_for_aispm_production: true with no blockers.
| Use case | CAVRA surface |
|---|---|
| Local agent governance | CLI, policy, evidence |
| Pull request control | CLI, CI/CD, attestation |
| MCP tool governance | Agent registry, MCP trust registry |
| Cloud and IaC control | Policy engine, approvals, runtime decisions |
| Executive posture | AISPM, Report Center |
| Enterprise trial | Trial guide, labs, evidence room |
| Production readiness | Live validators, production gate |
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion