-
Notifications
You must be signed in to change notification settings - Fork 0
Community v0.1.2 Readiness
This readiness note closes the public Community v0.1.2 preparation item for Python package metadata and release workflow guard evidence.
Community package metadata is now owned by pyproject.toml. setup.py remains
as a legacy setuptools shim only, which prevents duplicate metadata from
overriding the PEP 621 project table.
Resolved build warnings:
- ignored
project_urlsmetadata fromsetup.py; - deprecated TOML table form for
project.license; - duplicate
install_requiresandextras_requiremetadata; - deprecated license classifier usage;
- empty
.github/*.yamlmanifest pattern; - data-only
cavra.schemaspackage warning.
Validation command:
python3 scripts/validate-python-package-metadata.pyRequired evidence:
-
python -m buildcompletes without setuptools metadata warning markers; -
python -m twine checkpasses for the built wheel and source distribution; - wheel metadata declares
License-Expression: BUSL-1.1; - wheel metadata includes
LICENSEandNOTICE; - project URLs are present in the wheel metadata;
- packaged CAVRA JSON schemas are included in the wheel.
Community release workflows now include explicit guard evidence for public-safe release automation:
-
.github/workflows/publish-pypi.ymlruns automatically only for release tags that start withpypi-v, or manually throughworkflow_dispatch; -
.github/workflows/go-release.ymlruns automatically only for release tags that start withgo-runtime-v, or manually throughworkflow_dispatch; -
.github/workflows/community-ci.ymlruns package metadata validation for PRs and pushes tomain; -
.github/workflows/release-community.ymlruns package metadata validation before building Community artifacts.
This readiness evidence covers public Community packaging metadata and workflow guards only. It does not include Enterprise source code, private release artifacts, paid policy packs, private registry credentials, signing keys, license-service internals, SaaS backend code, or customer records.
Implement Community v1.0.0 release-candidate hardening packet from the completed Node 24 readiness baseline with signed artifacts, reproducible provenance verification, GA announcement checklist, and final operator evidence.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Technology Stack
- Conclusion