-
Notifications
You must be signed in to change notification settings - Fork 0
Azure Trial And Enterprise Deployment
This page describes the Azure deployment model for CAVRA Trial and Enterprise
Edition at a public-safe level. The executable workflows live in the private
Huzefaaa2/cavra-enterprise repository because they deploy licensed artifacts,
private control-plane code, tenant stores, connector configuration, report
delivery settings, and AISPM production-readiness validators.
Trial deployment includes:
- Trial portal and license request workflow.
- Authenticated evaluator/operator access.
- Time-limited trial licenses.
- Private package/container delivery.
- Trial sandbox and AISPM guided labs.
- Expiry, revocation, audit evidence, and closeout.
The Azure shape is Static Web Apps or App Service, Container Apps, Container Registry, Key Vault, Azure SQL or PostgreSQL, Application Insights, and Monitor.
Enterprise deployment includes:
- Private Enterprise API/control plane.
- Microsoft Entra ID OIDC/SSO and RBAC.
- Tenant isolation.
- Private policy packs.
- Persistent audit and evidence stores.
- SMTP or report-provider integration.
- Live connectors and runtime workflow validation.
- Final AISPM production readiness gate.
The Azure shape is Container Apps or AKS, Key Vault, Azure SQL or PostgreSQL, immutable Blob Storage, Service Bus or Event Grid, Front Door/WAF, Private Endpoints, Monitor, and Application Insights.
The private Enterprise repository contains:
| Workflow | Purpose |
|---|---|
deploy-azure-trial-api.yml |
Deploys the Trial Access Portal API. |
deploy-azure-trial-ui.yml |
Deploys the Trial front door. |
deploy-azure-enterprise-api.yml |
Deploys the Enterprise control plane. |
deploy-azure-enterprise-ui.yml |
Deploys the authenticated operator UI shell. |
deploy-azure-enterprise-connectors.yml |
Deploys connector worker jobs. |
validate-azure-aispm-production.yml |
Runs the final AISPM production readiness gate. |
Enterprise AISPM is not production-ready until live validators run with real production inputs:
- real tenant configuration;
- real connector/provider settings;
- real SMTP or report-provider settings;
- real runtime agent/tool workflows;
- real tenant isolation checks;
- real operating archive/public-sync evidence.
The final packet must return:
{
"ready_for_aispm_production": true,
"blockers": []
}If any blocker remains, production launch is stopped until the referenced source validator is corrected and the final gate is rerun.
Do not copy private Enterprise workflow secrets, connector payloads, license keys, tenant data, SMTP credentials, private policy packs, or production evidence into the public repository or public wiki.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion