Skip to content

User Stories

Huzefaaa2 edited this page May 18, 2026 · 7 revisions

User Stories

Developer

I can use Claude Code with CAVRA so secret files, destructive commands, unknown MCP tools, and direct protected-branch pushes are blocked before execution.

Platform Engineer

I can define reusable policy packs so teams get a consistent safety floor without rebuilding controls for every repository.

I can validate signed OIDC console session context and repository-scoped permissions before browser-visible approval actions are accepted.

I can preview policy drafts, plan rollout changes, and validate production readiness before applying governance changes.

I can require approval and signature metadata before a policy draft is written back to the policy catalog.

CISO

I can govern AI-agent engineering actions before they touch code, cloud, Git, MCP, or production workflows.

DevSecOps

I can make CAVRA evidence part of PR review, CI, SIEM, and change-management workflows.

I can require CAVRA evidence and PR attestation verification before AI-assisted pull requests merge.

Auditor

I can inspect evidence that proves which agent acted, what it attempted, what policy decided, and why.

I can download allowlisted evidence artifacts and bundles for indexed sessions when the API is configured with a governed artifact root.

AI Governance Lead

I can manage agent identities and MCP tool trust so AI capability expansion is visible and controlled.

Clone this wiki locally