-
Notifications
You must be signed in to change notification settings - Fork 0
Console Closeout Operator Experience
This closeout makes the public CAVRA portal feel complete for the four primary
operator audiences named in the roadmap: prospects, auditors, platform teams,
and CISOs. It adds a dedicated Operator Paths route and validator so the
public GitHub Pages console remains coherent as the release path matures.
Run the validator from the repository root:
python scripts/validate-console-closeout.pyExpected success output:
CAVRA console closeout validation passed.
-
Operator Pathsroute inapps/sandbox-ui/index.html. - Persona-specific cards rendered by
renderOperatorPaths()inapps/sandbox-ui/sandbox.js. - Command palette entries with
Operator Pathresult type. - Responsive card styling in
apps/sandbox-ui/styles.css. - CI enforcement through the Community, security, release, governance, and GitHub Pages deployment workflows.
| Audience | Operating Question | Portal Surfaces | Evidence Signal |
|---|---|---|---|
| Prospect | Can CAVRA explain its value without private access? | Dashboard, Architecture, Use Cases, Documentation | Risk posture, before-the-agent-acts flow, supported integrations, and trial handoff links. |
| Auditor | Can I trace a decision to durable evidence? | Evidence, Compliance, Release Readiness Dashboard, Release Index | Decision payload, compliance mapping, release packet, verification packet, and public boundary statement. |
| Platform Team | Can this be enforced in CI and developer workflows? | Architecture, Integrations, Policy Engine, Documentation | Required checks, policy packs, GitHub/GitLab/Azure DevOps paths, CLI commands, and deployment references. |
| CISO | Can I govern AI agents without exposing Enterprise source? | Dashboard, Compliance, Operator Paths, Enterprise Trial | Blocked-risk narrative, control coverage, open-core boundary, and Enterprise/SaaS handoff documentation. |
The closeout route is Community Edition public product UX. It does not expose Enterprise source code, private policy packs, SaaS backend implementation, license-service internals, customer evidence, private connector configuration, provider credentials, billing records, or private trial package paths.
- As a prospect, I can evaluate CAVRA's value from the public portal before requesting private trial access.
- As an auditor, I can find the compliance and release-evidence path without searching through implementation details.
- As a platform engineer, I can see how CAVRA plugs into CI/CD and developer workflows.
- As a CISO, I can understand how CAVRA governs AI agents while preserving the public/private open-core boundary.
Enterprise adoption stalls when buyer, audit, and platform audiences each need different proof and the demo only serves one of them. The operator closeout route gives each stakeholder a clear public journey from question, to portal surface, to evidence signal.
Merge the Community v1.0.0 metadata bump, create the community-v1.0.0 tag from main, build and upload final GitHub Release assets, then record final checksums, provenance, verifier defaults, and post-publication verification.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion