-
Notifications
You must be signed in to change notification settings - Fork 0
Community GA Release Checklist
This checklist defines the public Community release path for CAVRA. It ties the policy engine, runtime modes, Evidence Console, deployment validation, and Go runtime readiness into one user-verifiable release gate.
This checklist applies to public Community Edition releases. It does not approve Enterprise source code, customer policy packs, SaaS backend services, license-service internals, customer evidence, private signing services, production private keys, KMS/HSM integrations, private approval routers, or paid policy-pack implementation.
| Gate | Required Evidence | Pass Condition |
|---|---|---|
| Public boundary | scripts/validate-boundaries.sh |
Public boundary validation passes and no prohibited Enterprise material is committed. |
| Policy signing |
cavra policy keygen, policy sign, policy verify
|
Policy pack is signed with Ed25519 and verified with the matching public key. |
| Runtime modes | cavra evaluate ... --policy-mode ... --json |
audit_only, enforce, strict, and break_glass behavior is explicit and parseable. |
| Golden decisions | tests/test_golden_decisions.py |
Critical file, command, Git, MCP, and strict-mode decisions match the public fixture. |
| Evidence Console | Hosted sandbox smoke check | Community GA Control Hardening appears in the Evidence Console with docs and command links. |
| Deployment validation | /deployment/production-readiness |
Production readiness checks are visible and attachable to release evidence. |
| Go runtime readiness | Go parity and readiness checks | Go remains opt-in; Python remains authoritative unless readiness and rollback gates pass. |
| Documentation | README, docs, wiki-source, live wiki | Public documentation and wiki navigation are current for the release. |
| CI evidence | Required GitHub checks | Required checks, public-boundary, and matrix tests pass. |
- Run
scripts/validate-boundaries.sh. - Run policy validation, compile, diff, Ed25519 signing, and verification.
- Verify runtime modes through
cavra evaluate ... --policy-mode ... --json. - Run
python3 -m pytest -q tests/test_golden_decisions.py. - Run static Evidence Console syntax and smoke tests.
- Attach
/deployment/production-readinessoutput. - Confirm Go backend remains disabled unless opt-in readiness, promotion, rollback, rehearsal, and drill evidence pass.
- Run full local validation and confirm GitHub checks pass.
- Sync README, docs, wiki-source pages, and the live wiki.
ready_for_community_ga: all required gates pass.
ready_with_accepted_risk: non-critical warnings have an owner, expiry, and
compensating control.
blocked: public boundary validation fails, policy signatures do not verify,
golden decisions regress, runtime modes are ambiguous, required checks fail, or
Go promotion is requested without complete readiness and rollback evidence.
Use the Community GA release packet template and JSON schema for every public Community GA release packet.
Continue with a final tagged Community GA release packet when the maintainer is ready to publish an official Community GA release.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion