-
Notifications
You must be signed in to change notification settings - Fork 0
Textbook 14 Reference Appendices
- CLI
- API
- Diagrams
- Edition Boundaries
- Open Core Implementation Plan
- Private Enterprise Repo Plan
- Policy Engine Hardening
- Approval Workflows
- Evidence Hub And Attestation
- Agent Registry And MCP Trust
- AI Agent Enforcement And Anti-Bypass Model
- AISPM Dashboard Roadmap
- AI Security Posture Dashboard Contract
- AISPM CSO Report Center
- AISPM Enterprise Live Ingestion
| Family | Representative commands |
|---|---|
| Core |
cavra version, cavra evaluate
|
| Agent |
cavra agent start, cavra agent exec, cavra agent attest
|
| Policy |
cavra policy list, validate, test, explain, sign, verify
|
| Approval |
create, list, approve, deny, expire, break-glass, route, deliver
|
| Evidence |
bundle, verify, verify-attestation, index, search, export-siem
|
| Registry |
agent-register, agent-list, mcp-register, mcp-list, mcp-check
|
| Ops |
stores, backup, restore, retention-plan
|
| Runtime | Go rollback drill and runtime governance command families |
| Release | package verification, rollout, promotion, rollback, endpoint, remediation, SLA, connector delivery |
| Demo |
cavra init claude-code, cavra demo before-the-agent-acts
|
| Term | Meaning |
|---|---|
| Agent | An AI system or coding assistant that proposes or executes engineering actions. |
| AISPM | AI Security Posture Management, the posture and reporting layer built from CAVRA evidence. |
| Approval | A human or provider-backed decision that permits or denies a routed action. |
| Attestation | A signed or verifiable statement tying an action, PR, or bundle to evidence. |
| Break glass | Emergency authorization with explicit reason, actor, and audit trail. |
| Connector | Integration that delivers or retrieves evidence, reports, tickets, alerts, or workflow records. |
| Evidence bundle | A package of decision and operating proof generated by CAVRA. |
| MCP trust | Governance model for MCP servers, capabilities, tools, and approval states. |
| Policy pack | A set of rules that decide what actions are allowed, denied, or routed. |
| Runtime authority | The CAVRA decision point that evaluates an action before it proceeds. |
| Tenant | An isolated Enterprise customer or organization boundary. |
Public contracts include dashboard, report catalog, setup, delivery audit, operations dashboard, retention lifecycle, search and retrieval, export package manifest, schedule policy, recipient policy, approval decision, exception lifecycle, evidence room, incident packet, closure, KPI metrics, alert escalation, drilldown, remediation plan, remediation closure, executive digest, digest distribution, trial validation, operator dashboard, evaluator handoff, and publication readiness schemas.
See AI Security Posture Dashboard Contract for schema links and public-safe examples.
Implementation and validation history is archived in Development And Testing Artifacts. Use it when you need release evidence, trial-sync records, closeout notes, validation packets, or historical implementation context.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion