-
Notifications
You must be signed in to change notification settings - Fork 0
AISPM Enterprise Trial Lab Notebook
This page is the public-safe entry point for the future CAVRA Enterprise Trial lab notebook. It gives approved evaluators a structured path to understand the product, run governed AI-agent scenarios, inspect AISPM posture views, and prepare evidence for security, audit, platform, and executive review.
The full Enterprise Trial package, license validation, private container access, private lab fixtures, customer-specific setup values, and live operator evidence remain outside the public Community repository.
- Developers validating AI-agent enforcement behavior.
- Platform engineers preparing repository, CI, and runtime controls.
- Security engineers evaluating policy decisions and runtime governance.
- Auditors reviewing evidence, approvals, and report center outputs.
- CSO/CISO users reviewing posture, risk, coverage, and trial closeout.
| Phase | Lab | Outcome |
|---|---|---|
| Orientation | Product tour | Understand CAVRA editions, core surfaces, and evidence boundaries. |
| Trial access | Request and approval flow | Understand approved-access trial onboarding. |
| Agent enforcement | Governed agent scenario | Review allow, warn, block, and approval decisions. |
| AISPM dashboard | CSO/CISO posture review | Inspect risk, timelines, agent coverage, and evidence confidence. |
| Report center | Community reports and Enterprise governance | Download public-safe reports and review Enterprise report controls. |
| Readiness gates | Operator release gate review | Confirm Enterprise Trial gates are ready before package promotion. |
| Closeout | Revocation and expiry | Verify blocked access and closeout evidence expectations. |
- Dashboard screenshot from
https://huzefaaa2.github.io/cavra/#dashboard. - Open-core model diagram from the architecture documentation.
- AISPM dashboard screenshot with sample or redacted data only.
- Revocation and expiry flow chart with no evaluator identity or license data.
The following public-safe assets are included for approved evaluator onboarding and public documentation. They use sample or static Community data only.




The private Enterprise implementation now exposes the release gates required before the Enterprise Trial package can be announced. This notebook documents only public-safe gate names and outcomes.
| Gate | Public-Safe Outcome |
|---|---|
| Runtime Binding | Provider, scheduler, evidence sink, alert, Playwright session, and audit-storage references are present without exposing secrets. |
| Alert Transport | Email, ChatOps, SIEM, and ITSM smoke evidence is retained before release approval. |
| Release Dashboard Publication | Scheduler-produced release evidence is published to a release-dashboard reference. |
| Trial Lab Notebook | Screenshots, diagrams, flow charts, walkthroughs, and release evidence references are linked for evaluator onboarding. |
| Operator Audit Archive | Immutable operator audit archive and retention evidence are validated before release. |
| Trial Package Readiness Validator | Private packaging fails closed unless a current AISPM staging rehearsal packet proves all gates passed. |
Public readiness evidence:
docs/release-verifications/aispm-enterprise-trial-readiness-public-summary.json.
- Open the public Community portal at
https://huzefaaa2.github.io/cavra/#dashboard. - Confirm the product boundary: Community source is public, Enterprise Trial package access is approved and licensed, and private source is not exposed.
- Open
AI Postureand review the sample/local AISPM dashboard. Confirm the data provenance labels before using the dashboard for evaluator evidence. - Run the sample agent scenario from the dashboard and review the generated policy decision and evidence payload.
- Open the CSO Report Center and download the Community-safe executive, audit, control coverage, evidence freshness, and agent-risk reports.
- Review the trial readiness, trial handoff, closeout, procurement, pilot approval, evidence room, risk acceptance, board pack, and pilot control packets.
- Review the Enterprise Trial readiness gate sync and confirm all public-safe
gates are
readybefore treating the Enterprise Trial package as announcement-ready. - Attach only public-safe exports to evaluator or procurement records. Do not attach license keys, package tokens, private telemetry, customer data, raw prompts, model reasoning, or Enterprise source code.
- During Enterprise Trial closeout, confirm the private operator has revoked package access, expired or revoked the license, and recorded blocked access evidence in the private system.
| Checkpoint | Expected Result |
|---|---|
| Product surfaces | Evaluator can identify Community, Enterprise Trial, AISPM, evidence, and report-center boundaries. |
| Agent decision | A governed agent action produces a policy decision and evidence reference. |
| CSO dashboard | Executive posture, risk, coverage, and evidence freshness views are understandable. |
| Community reports | Public-safe Community report downloads are available without Enterprise secrets. |
| Enterprise readiness gates | Runtime binding, alert transport, release dashboard, lab notebook, audit archive, and package validator gates are documented as public-safe ready summaries. |
| Revocation and expiry | Trial access is blocked after revocation or expiry in the private implementation. |
Do not publish Enterprise source code, license keys, package tokens, private container URLs, customer data, evaluator identities, operator identities, IP addresses, raw prompts, model reasoning, raw tool output, provider responses, or private policy-pack implementation details in this notebook.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion