Skip to content

Textbook 14 Reference Appendices

Huzefaaa2 edited this page Jun 28, 2026 · 7 revisions

Reference Appendices

Appendix A: Canonical Pages

Appendix B: Command Families

Family Representative commands
Core cavra version, cavra evaluate
Agent cavra agent start, cavra agent exec, cavra agent attest
Policy cavra policy list, validate, test, explain, sign, verify
Approval create, list, approve, deny, expire, break-glass, route, deliver
Evidence bundle, verify, verify-attestation, index, search, export-siem
Registry agent-register, agent-list, mcp-register, mcp-list, mcp-check
Ops stores, backup, restore, retention-plan
Runtime Go rollback drill and runtime governance command families
Release package verification, rollout, promotion, rollback, endpoint, remediation, SLA, connector delivery
Demo cavra init claude-code, cavra demo before-the-agent-acts

Appendix C: Glossary

Term Meaning
Agent An AI system or coding assistant that proposes or executes engineering actions.
AISPM AI Security Posture Management, the posture and reporting layer built from CAVRA evidence.
Approval A human or provider-backed decision that permits or denies a routed action.
Attestation A signed or verifiable statement tying an action, PR, or bundle to evidence.
Break glass Emergency authorization with explicit reason, actor, and audit trail.
Connector Integration that delivers or retrieves evidence, reports, tickets, alerts, or workflow records.
Evidence bundle A package of decision and operating proof generated by CAVRA.
MCP trust Governance model for MCP servers, capabilities, tools, and approval states.
Policy pack A set of rules that decide what actions are allowed, denied, or routed.
Runtime authority The CAVRA decision point that evaluates an action before it proceeds.
Tenant An isolated Enterprise customer or organization boundary.

Appendix D: AISPM Report Schema Families

Public contracts include dashboard, report catalog, setup, delivery audit, operations dashboard, retention lifecycle, search and retrieval, export package manifest, schedule policy, recipient policy, approval decision, exception lifecycle, evidence room, incident packet, closure, KPI metrics, alert escalation, drilldown, remediation plan, remediation closure, executive digest, digest distribution, trial validation, operator dashboard, evaluator handoff, and publication readiness schemas.

See AI Security Posture Dashboard Contract for schema links and public-safe examples.

Appendix E: Development And Testing Artifacts

Implementation and validation history is archived in Development And Testing Artifacts. Use it when you need release evidence, trial-sync records, closeout notes, validation packets, or historical implementation context.

Clone this wiki locally