# CAVRA Unified Enterprise Enhancement Roadmap Last updated: 2026-07-04 This page is the GitHub Wiki version of the product enhancement roadmap. It converts the merged expert review into an implementation sequence with dependencies, status, verification expectations, and GitHub evidence. The source roadmap is maintained in the public repository at [docs/product/cavra-unified-enterprise-product-enhancement-roadmap.md](https://github.com/Huzefaaa2/cavra/blob/main/docs/product/cavra-unified-enterprise-product-enhancement-roadmap.md). ## Scope Decision CAVRA is being planned as a unified AI governance control plane for two governed asset classes: - **Agent actions:** file writes, shell commands, Git operations, MCP tool calls, CI/CD triggers, cloud operations, infrastructure changes, and production workflow actions. - **Models and artifacts:** model registry entries, model metadata, deployment packages, AI supply-chain artifacts, assessment findings, drift signals, and compliance evidence. The common control planes are Decision, Identity and Trust, Evidence, and Posture. This avoids building two unrelated products: one for agents and another for model risk. ![CAVRA unified enterprise roadmap](assets/textbook/cavra-unified-enterprise-roadmap.svg) ## Phase Dependency Map | Phase | Focus | Primary Dependencies | Current Status | Exit Condition | | --- | --- | --- | --- | --- | | 0 | Positioning and public roadmap | Review agreement, product scope decision | Completed | README, wiki, and product site describe unified agent-action plus model/artifact governance and link to this tracker. | | 1 | Foundation trust | Phase 0 | In Progress | Security governance, API contract, signed release, SBOM, and buyer trust documentation are publishable. | | 2 | Identity, data, and multi-tenancy | Phase 1 API contract and trust model | In Progress | Enterprise identity, RBAC/ABAC, tenant/workspace isolation, and production data architecture are implemented and tested. | | 3 | Evidence, audit, and compliance | Phase 1 trust model, Phase 2 tenancy model | Planned | KMS-backed evidence, immutable audit log, and dynamic compliance mapping are production-ready. | | 4 | Zero-trust scanning and connectors | Phase 2 tenancy, Phase 3 evidence/audit | Planned | Certified connector SDK, priority connectors, and model/artifact scanner agents work without raw model/data egress. | | 5 | Policy lifecycle and event core | Phase 2 identity/data, Phase 4 connectors | In Progress | Policy authoring, test, shadow, rollback, and event-driven continuous assessment paths are working. | | 6 | Scale and ecosystem expansion | Phases 1-5 | In Progress | Benchmarks, chaos tests, broader agent adapters, LLM guardrails, supply-chain checks, and red-team automation are validated. | | 7 | Live customer evidence capture | Phase 6 public-contract closeout | In Progress | Managed and Enterprise deployments can submit sanitized live evidence references without exposing private data. | ## Numbered Enhancement Tracker | ID | Phase | Problem(s) | Requirement | Dependency | Status | Tests and verification | | --- | --- | --- | --- | --- | --- | --- | | R0.1 | 0 | P8, P16, P22 | Document CAVRA as one unified control plane for agent actions and models/artifacts. | None | Completed | README, wiki, and product-site validation. | | R0.2 | 0 | P1-P22 | Publish this numbered product enhancement roadmap with dependencies and status. | R0.1 | Completed | `git diff --check`; wiki Markdown render. | | R0.3 | 0 | P1-P22 | Add a unified architecture-roadmap diagram for the public repo and wiki. | R0.1 | Completed | SVG readability and motion-safe fallback. | | R0.4 | 0 | P22 | Make product website point buyers to the roadmap, trust posture, and implementation sequence. | R0.1, R0.2 | Completed | Product-site Playwright validation. | | R1.1 | 1 | P6, P12 | Harden public security governance: responsible disclosure, supported versions, vulnerability handling, and release security criteria. | R0.2 | Completed | Release-security validator and Phase 1 trust-governance tests. | | R1.2 | 1 | P10, P12 | Establish multi-maintainer governance with CODEOWNERS, maintainer onboarding, RFC process, and release cadence. | R1.1 | In Progress | CODEOWNERS and RFC docs exist; additional maintainer onboarding remains. | | R1.3 | 1 | P6, P12 | Produce signed releases, SBOMs, provenance, and repeatable release attestations. | R1.2 | Completed | Community release workflow now runs the release trust gate, generates checksums, SPDX SBOM, SLSA/in-toto provenance, and release-trust evidence; Go runtime and Community attestation workflows retain GitHub keyless attestation controls. | | R1.4 | 1 | P15 | Publish OpenAPI 3.x contract and API versioning discipline. | R0.1 | Completed | OpenAPI contract, export script, validator, workflow, and tests. | | R1.5 | 1 | P22 | Publish CISO and buyer trust documentation. | R0.4 | Completed | Public trust pack and buyer review map. | | R2.1 | 2 | P1, P13 | Implement OIDC/SAML, SCIM, RBAC, ABAC, break-glass, model-owner roles, and security-operator roles. | R1.4 | In Progress | Enterprise identity readiness contract, API endpoints, default policy, SAML bridge contract, SCIM lifecycle contract, RBAC/ABAC role model, break-glass controls, runtime scoped approval enforcement, and public-safe live identity validation packet gate are implemented publicly; live IdP and private SCIM worker evidence still must be supplied by an Enterprise deployment. | | R2.2 | 2 | P2, P13 | Implement production multi-tenant persistence with workspaces, Postgres, tenant isolation, and migration path from JSON/SQLite. | R2.1 | In Progress | Tenant/workspace persistence contract, JSON/SQLite reference stores, tenant/workspace scope helper, activity, approval, evidence metadata, inventory, and integration scope binding, Postgres/RLS public contract, JSON/SQLite import row tests, request-scoped Postgres session adapter, public-safe RLS smoke harness, and isolation tests are implemented; private live Postgres RLS smoke evidence remains. | | R2.3 | 2 | P11, P2, P13 | Define HA topology: stateless workers, queues, health checks, backup/DR, RTO/RPO, and data residency. | R2.2 | In Progress | Enterprise HA/DR contract, readiness validator, sample evidence packet, sanitized live example, strict live CI workflow, Azure evidence map runbook, RTO/RPO checks, failover checks, restore checks, health endpoint checks, monitor alert checks, data residency checks, and tests are implemented publicly; private live HA/DR evidence remains. | | R3.1 | 3 | P4 | Add KMS/HSM-backed evidence signing, key rotation, custody policy, and independent verifier support. | R2.2 | In Progress | Enterprise evidence custody contract, readiness validator, sample custody packet, sanitized live example, strict live CI workflow, KMS/HSM custody docs, rotation checks, revocation drill checks, trust-root distribution checks, independent verifier checks, and tests are implemented publicly; private live KMS/HSM signer and custody evidence remains. | | R3.2 | 3 | P14 | Add immutable, append-only audit log separate from evidence bundles. | R2.2, R3.1 | In Progress | Append-only JSONL audit log, hash-chain verification, optional HMAC signatures, readiness validator, sample audit packet, sanitized live example, strict live CI workflow, immutable audit-log docs, retention checks, tamper drill checks, monitoring checks, auditor/SIEM export checks, and tests are implemented publicly; private live immutable audit-store evidence remains. | | R3.3 | 3 | P5, P17 | Add clause-level compliance mapping packs for NIST AI RMF, ISO/IEC 42001, OWASP LLM/GenAI, NIST SSDF, and EU AI Act. | R3.2 | In Progress | Clause-level pack registry, deterministic finding-to-clause report builder, readiness validator, sample packet, sanitized live example, strict live CI workflow, docs, and tests are implemented publicly; customer-specific legal review, approved exceptions, and live auditor evidence remain deployment-specific. | | R3.4 | 3 | P21, P5 | Build auditor, BI, executive, and board-ready reporting exports. | R3.3 | In Progress | Public-safe report export generator, auditor Markdown, BI CSV, executive JSON, board PDF manifest, readiness validator, sample packet, sanitized live example, strict live CI workflow, docs, and tests are implemented publicly; private tenant PDFs, BI workbooks, recipient delivery logs, and evidence-room publication evidence remain Enterprise deployment-specific. | | R4.1 | 4 | P3, P15 | Create public connector/plugin SDK with stable interfaces, certification rules, examples, and compatibility tests. | R1.4 | In Progress | Public connector SDK manifest contract, certification packet builder, compatibility matrix builder, reference webhook manifest, readiness validator, sample packet, sanitized live example, strict live CI workflow, docs, and tests are implemented; provider-specific certified connector implementations and live provider sandbox evidence remain R4.2 / deployment-specific. | | R4.2 | 4 | P3 | Deliver priority certified connectors across SCM, CI/CD, SIEM, ITSM, and communications. | R4.1, R2.1 | In Progress | Public-safe certified connector registry, eleven provider manifests, compatibility matrix generation, request-spec support for SCM/CI/CD providers, sample packet, sanitized live example, strict live CI workflow, docs, and tests are implemented; tenant-specific credentials, provider sandbox logs, and production support evidence remain deployment-specific. | | R4.3 | 4 | P3, P16, P20 | Add model registry connectors that work by reference: MLflow, SageMaker, Hugging Face, and Weights & Biases. | R4.1, R3.2 | In Progress | Metadata-only model registry connector registry, four provider manifests, compatibility matrix generation, metadata event builder, no-raw-model-egress negative tests, sample packet, sanitized live example, strict live CI workflow, docs, and tests are implemented; customer registry credentials, private owner mapping, and live registry sandbox evidence remain deployment-specific. | | R4.4 | 4 | P16, P20 | Build zero-trust scanner agent that runs in customer VPC/on-prem and emits metadata, hashes, risk scores, and evidence only. | R4.3, R3.1 | In Progress | Public-safe zero-trust scanner result contract, recursive egress sanitizer, hash-only reference scan, raw-egress negative fixture, sample packet, sanitized live example, strict live CI workflow, docs, and tests are implemented; real customer-side scanner packaging, private network deployment evidence, and production scanner operations remain deployment-specific. | | R5.1 | 5 | P9 | Add OPA/Rego policy path alongside current policy engine with testable, Git-versioned policies. | R2.1, R4.1 | In Progress | Public OPA/Rego compatibility path is implemented: YAML policy remains source of truth, Rego module/data/input fixtures/manifest export is supported, Python/Rego parity tests cover core runtime decisions, sample and sanitized live readiness packets are validated, CLI commands and strict CI workflow are added; private OPA runtime deployment evidence and customer policy PR evidence remain deployment-specific. | | R5.2 | 5 | P9 | Build policy lifecycle tooling: authoring UI, linting, versioning, shadow mode, dry run, rollback, and approval workflow builder. | R5.1 | In Progress | Public policy lifecycle tooling is implemented: authoring UI contract, lint report, version manifest, shadow-mode plan, dry-run report, rollback plan, approval workflow builder, sample packet, sanitized live example, CLI commands, validator, and strict CI workflow are added; private customer UI screenshots, approval records, and production rollout evidence remain deployment-specific. Verification: `python3 scripts/validate_policy_lifecycle.py --policy-pack cavra-ai-agent-baseline --export-dir dist/test/policy-lifecycle`; `python3 scripts/validate_policy_lifecycle.py --packet examples/policy-lifecycle/enterprise-policy-lifecycle.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_policy_lifecycle.py -q`. | | R5.3 | 5 | P18, P11 | Add event-driven continuous monitoring with event bus triggers for agent actions, model registration, drift, and promotions. | R2.3, R4.4 | In Progress | Public continuous monitoring event core is implemented: required event schemas, deterministic sample event stream, replay/dedupe logic, latency SLO validation, stale assessment checks, readiness packet validation, sanitized live example, CLI commands, validator, docs, and strict CI workflow are added; live customer queue configuration, monitor dashboards, and event-bus evidence remain deployment-specific. Verification: `python3 scripts/validate_continuous_monitoring.py --build-sample --export-dir dist/test/continuous-monitoring --now 2026-07-04T10:15:00+00:00`; `python3 scripts/validate_continuous_monitoring.py --packet examples/continuous-monitoring/enterprise-continuous-monitoring.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_continuous_monitoring.py -q`. | | R6.1 | 6 | P7, P11 | Publish latency, throughput, HA, and failure-mode benchmarks with SLO regression gates. | R2.3, R5.3 | In Progress | Public benchmark/SLO gate is implemented with deterministic reference report, optional measured local run, latency/throughput checks, HA SLO targets, failure-mode drills, readiness validation, sanitized live example, CLI, validator, docs, tests, and strict CI workflow; live tenant benchmark, HA, and failure-drill evidence remains deployment-specific. Verification: `python3 scripts/validate_benchmark_slo.py --export-dir dist/test/benchmark-slo`; `python3 scripts/validate_benchmark_slo.py --packet examples/benchmark-slo/enterprise-benchmark-slo.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_benchmark_slo.py -q`. | | R6.2 | 6 | P8 | Expand beyond coding agents through generic adapter SDK and action taxonomy. | R4.1, R5.1 | In Progress | Public generic adapter SDK and action taxonomy are implemented with canonical domains/effects/risk levels, adapter manifest contract, runtime-compatible action mapping, non-coding sample scenario, readiness packet validation, sanitized live example, CLI, validator, docs, tests, and strict CI workflow; provider-specific private adapters and real customer live scenario evidence remain deployment-specific. Verification: `python3 scripts/validate_generic_agent_adapter.py --export-dir dist/test/generic-agent-adapter`; `python3 scripts/validate_generic_agent_adapter.py --packet examples/generic-adapters/enterprise-generic-agent-adapter.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_generic_agent_adapter.py -q`. | | R6.3 | 6 | P19, P20, P21 | Add native LLM guardrail testing, AI supply-chain scanning, malicious model checks, and red-team automation. | R4.4, R5.3 | In Progress | Public native AI red-team gate is implemented with required LLM guardrail tests, AI artifact supply-chain metadata validation, malicious model checks, invalid raw/unsafe fixture, readiness packet validation, sanitized live example, CLI, validator, docs, tests, and strict CI workflow; private customer-specific prompt suites, proprietary scanner plugins, and live red-team closeout evidence remain deployment-specific. Verification: `python3 scripts/validate_ai_red_team.py --export-dir dist/test/ai-red-team`; `python3 scripts/validate_ai_red_team.py --packet examples/ai-red-team/enterprise-ai-red-team.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_ai_red_team.py -q`. | | R6.4 | 6 | P16, P22, P3 | Publish zero-trust quickstart demo and reference deployments for Docker Compose, Helm, Terraform, Azure, and scanner operation. | R4.4, R6.1 | In Progress | Public zero-trust reference deployment contract is implemented: Docker Compose, Helm chart, Terraform Azure skeleton, Azure Container Apps Bicep, scanner operation runbook, quickstart demo, readiness packet validation, sanitized live example, CLI, validator, docs, tests, and strict CI workflow are added; private customer deployment proof and live environment smoke artifacts remain deployment-specific. | | R6.5 | 6 | P7, P8, P11, P16, P19, P20, P21, P22 | Publish Phase 6 public-contract closeout rollup and separate public readiness from customer live evidence. | R6.1, R6.2, R6.3, R6.4 | Completed | Phase 6 rollup gate is implemented and validates all R6 public contracts, docs, workflows, and checked-in evidence packets while reporting customer-live evidence as deployment-specific. Verification: `python3 scripts/validate_phase6_rollup.py --packet examples/phase6-rollup/phase6-ecosystem-rollup.json --repo-root .`; `python3 -m pytest tests/test_phase6_rollup.py -q`. | | R7.1 | 7 | P7, P11, P13, P16, P21, P22 | Add customer-live evidence intake packet for Managed and Enterprise deployment closeout without exposing private data. | R6.5 | In Progress | Public customer-live evidence intake contract is implemented with sanitized evidence sections, redaction controls, attestation refs, sample/live sanitized examples, CLI, validator, docs, tests, and strict CI workflow; actual customer evidence refs remain deployment-specific. Verification: `python3 scripts/validate_customer_live_evidence.py --packet examples/customer-live-evidence/customer-live-evidence.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_customer_live_evidence.py -q`. | | R7.2 | 7 | P7, P11, P16, P21, P22 | Add customer evidence-room closeout index for Managed and Enterprise live readiness review. | R7.1 | In Progress | Public customer evidence-room closeout contract is implemented with sanitized evidence-room sections, publication controls, source intake validation binding, sample/live sanitized examples, CLI, validator, docs, tests, and strict CI workflow; actual evidence-room publication remains deployment-specific. Verification: `python3 scripts/validate_customer_evidence_room.py --index examples/customer-evidence-room/customer-evidence-room.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_customer_evidence_room.py -q`. | | R7.3 | 7 | P7, P11, P16, P21, P22 | Add customer closeout handoff packet for release announcement and operating-review startup. | R7.2 | In Progress | Public customer closeout handoff contract is implemented with evidence-room readiness binding, owner refs, announcement/support refs, operating-review cadence refs, known exclusions, handoff controls, sample/live sanitized examples, CLI, validator, docs, tests, and strict CI workflow; actual announcement delivery remains deployment-specific. Verification: `python3 scripts/validate_customer_closeout_handoff.py --packet examples/customer-closeout-handoff/customer-closeout-handoff.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_customer_closeout_handoff.py -q`. | | R7.4 | 7 | P7, P11, P16, P21, P22 | Add customer operating review cadence for recurring post-closeout health. | R7.3 | In Progress | Public customer operating review contract is implemented with closeout handoff binding, owner refs, success metrics, evidence freshness, support/SLA health, AISPM posture, open exclusions, renewal checkpoint refs, review controls, sample/live sanitized examples, CLI, validator, docs, tests, and strict CI workflow; actual operating-review evidence remains deployment-specific. Verification: `python3 scripts/validate_customer_operating_review.py --packet examples/customer-operating-review/customer-operating-review.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_customer_operating_review.py -q`. | | R7.5 | 7 | P7, P11, P16, P21, P22 | Add customer renewal and expansion readiness for post-operating-review lifecycle. | R7.4 | In Progress | Public customer renewal and expansion contract is implemented with operating-review binding, owner refs, value realization, adoption depth, posture continuity, unresolved risk, expansion candidates, commercial handoff refs, renewal controls, sample/live sanitized examples, CLI, validator, docs, tests, and strict CI workflow; actual commercial terms remain deployment-specific. Verification: `python3 scripts/validate_customer_renewal_expansion.py --packet examples/customer-renewal-expansion/customer-renewal-expansion.live.sanitized.example.json --require-live`; `python3 -m pytest tests/test_customer_renewal_expansion.py -q`. | ## How This Tracker Is Maintained Each requirement should move through the same evidence path: 1. Requirement accepted in this tracker. 2. Design or implementation committed. 3. Tests, validators, screenshots, or deployment checks completed. 4. GitHub evidence column updated in the repository source roadmap. 5. Wiki mirror updated so readers can see current status. ## Immediate Next Engineering Work The next clean engineering sequence is late Phase 1 into Phase 2: 1. Complete the remaining R1.2 governance operating action by adding real additional maintainers/reviewers. 2. Start R2.1 enterprise identity/RBAC/ABAC design and tests. 3. Continue into R2.2 tenant isolation after the identity contract is stable. 4. Start design records for R3.1 KMS/HSM signing, R4.1 plugin SDK, and R4.4 zero-trust scanner agent.