-
Notifications
You must be signed in to change notification settings - Fork 0
User Stories
I can use Claude Code with CAVRA so secret files, destructive commands, unknown MCP tools, and direct protected-branch pushes are blocked before execution.
I can define reusable policy packs so teams get a consistent safety floor without rebuilding controls for every repository.
I can validate signed OIDC console session context and repository-scoped permissions before browser-visible approval actions are accepted.
I can preview policy drafts, plan rollout changes, and validate production readiness before applying governance changes.
I can require approval and signature metadata before a policy draft is written back to the policy catalog.
I can govern AI-agent engineering actions before they touch code, cloud, Git, MCP, or production workflows.
I can make CAVRA evidence part of PR review, CI, SIEM, and change-management workflows.
I can deliver CAVRA evidence events to SIEM, ITSM, and ChatOps systems with credential-redacted delivery evidence.
I can require CAVRA evidence and PR attestation verification before AI-assisted pull requests merge.
I can inspect evidence that proves which agent acted, what it attempted, what policy decided, and why.
I can download allowlisted evidence artifacts and bundles for indexed sessions when the API is configured with a governed artifact root.
I can manage agent identities and MCP tool trust so AI capability expansion is visible and controlled.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion