-
Notifications
You must be signed in to change notification settings - Fork 0
Community v0.1.3 Maintenance Planning
This planning note defines the public-safe scope for the Community v0.1.3 maintenance release. The release is intended to keep the public Community delivery path healthy before the v1.0.0 launch track.
Community v0.1.3 is a maintenance release candidate focused on GitHub Actions Node 24 readiness and release-verification freshness. It does not add Enterprise source code, private SaaS logic, paid policy packs, license signing keys, customer records, or private trial package internals.
The GitHub Actions Node 24 readiness scope covers Community CI, security scan, release build, and release verification workflows.
This planning artifact is public Community release evidence only. Enterprise source code, commercial policy pack implementation, private SaaS backend code, license-service internals, private registry details, customer records, provider credentials, and signing keys must remain outside the public repository.
| Workflow | Readiness Control | Status |
|---|---|---|
.github/workflows/community-ci.yml |
Uses actions/checkout@v6, actions/setup-python@v6, and sets FORCE_JAVASCRIPT_ACTIONS_TO_NODE24. |
Ready |
.github/workflows/security-scan.yml |
Uses actions/checkout@v6, actions/setup-python@v6, and sets FORCE_JAVASCRIPT_ACTIONS_TO_NODE24. |
Ready |
.github/workflows/release-community.yml |
Uses actions/checkout@v6, actions/setup-python@v6, and sets FORCE_JAVASCRIPT_ACTIONS_TO_NODE24. |
Ready |
.github/workflows/verify-community-release.yml |
Uses actions/checkout@v6, actions/setup-python@v6, sets FORCE_JAVASCRIPT_ACTIONS_TO_NODE24, and defaults to the current v0.1.3 release artifacts. |
Ready |
- Keep
community-ci,security-scan,release-community, andverify-community-releaseon Node 24-ready JavaScript action versions. - Verify the manual Community release workflow defaults point at the current published Community release.
- Run release-note freshness, release-index freshness, readiness dashboard, portal, console, production deployment, Go hardening, Enterprise integration, procurement closeout, boundary, Python, and Go test gates.
- Publish Community v0.1.3 only after all local and GitHub checks are green.
- Sync README and wiki release records after publication.
- As a maintainer, I can run Community release workflows without deprecated JavaScript action runtime warnings.
- As a release manager, I can verify the current published release from a workflow dispatch screen with correct default artifact checksums.
- As a buyer or auditor, I can see that the public release path remains actively maintained before the v1.0.0 launch.
Enterprises expect governance products to keep their own CI/CD controls current. This maintenance plan reduces release-chain drift and keeps CAVRA's public Community release path credible for pilots, procurement review, and v1.0.0 launch preparation.
Implement Community v1.0.0 release-candidate hardening packet from the completed Node 24 readiness baseline with signed artifacts, reproducible provenance verification, GA announcement checklist, and final operator evidence.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion