KB-SIGNAL-20260717-001ProposalCAVA proposes canonical action identities for governing agents across heterogeneous runtimes
Verified
Jul 17, 2026
Jurisdiction
Global
Factual summary
CAVA proposes converting agent activity from shell, MCP, browser, API, workflow, and managed-agent runtimes into versioned canonical action objects. Policy decisions, approvals, execution evidence, and optional attestations bind to deterministic fingerprints over action semantics rather than raw text or runtime-native identifiers. The paper reports results from 96 seed scenarios expanded into 384 controlled runtime variants.
Domain impact
Canonical action identity could give agent authorization and audit systems a portable object for comparing actions across runtimes, limiting approval drift, verifying receipt integrity, and disclosing whether a deployment can observe, warn, gate, or block before side effects occur.
Keelbase analysis
The durable signal is the distinction between recording an event and identifying the operational action that authority governed. CAVA supplies a useful schema, threat model, and buyer-evaluation vocabulary, but its perfect controlled-corpus scores should not be treated as universal validation. External traces, independent reproduction, broader parser coverage, and adversarial testing remain necessary.