-
Notifications
You must be signed in to change notification settings - Fork 0
Console Closeout Operator Experience
This closeout makes the public CAVRA portal feel complete for the four primary
operator audiences named in the roadmap: prospects, auditors, platform teams,
and CISOs. It adds a dedicated Operator Paths route and validator so the
public GitHub Pages console remains coherent as the release path matures.
Run the validator from the repository root:
python scripts/validate-console-closeout.pyExpected success output:
CAVRA console closeout validation passed.
-
Operator Pathsroute inapps/sandbox-ui/index.html. - Persona-specific cards rendered by
renderOperatorPaths()inapps/sandbox-ui/sandbox.js. - Command palette entries with
Operator Pathresult type. - Responsive card styling in
apps/sandbox-ui/styles.css. - CI enforcement through the Community, security, release, governance, and GitHub Pages deployment workflows.
| Audience | Operating Question | Portal Surfaces | Evidence Signal |
|---|---|---|---|
| Prospect | Can CAVRA explain its value without private access? | Dashboard, Architecture, Use Cases, Documentation | Risk posture, before-the-agent-acts flow, supported integrations, and trial handoff links. |
| Auditor | Can I trace a decision to durable evidence? | Evidence, Compliance, Release Readiness Dashboard, Release Index | Decision payload, compliance mapping, release packet, verification packet, and public boundary statement. |
| Platform Team | Can this be enforced in CI and developer workflows? | Architecture, Integrations, Policy Engine, Documentation | Required checks, policy packs, GitHub/GitLab/Azure DevOps paths, CLI commands, and deployment references. |
| CISO | Can I govern AI agents without exposing Enterprise source? | Dashboard, Compliance, Operator Paths, Enterprise Trial | Blocked-risk narrative, control coverage, open-core boundary, and Enterprise/SaaS handoff documentation. |
The closeout route is Community Edition public product UX. It does not expose Enterprise source code, private policy packs, SaaS backend implementation, license-service internals, customer evidence, private connector configuration, provider credentials, billing records, or private trial package paths.
- As a prospect, I can evaluate CAVRA's value from the public portal before requesting private trial access.
- As an auditor, I can find the compliance and release-evidence path without searching through implementation details.
- As a platform engineer, I can see how CAVRA plugs into CI/CD and developer workflows.
- As a CISO, I can understand how CAVRA governs AI agents while preserving the public/private open-core boundary.
Enterprise adoption stalls when buyer, audit, and platform audiences each need different proof and the demo only serves one of them. The operator closeout route gives each stakeholder a clear public journey from question, to portal surface, to evidence signal.
Publish Community v1.0.0 GA artifacts from the approved publication package and completed Node 24 readiness baseline by bumping package metadata to 1.0.0, building final artifacts, attaching GitHub Release assets, recording checksums and provenance, and completing post-publication verification.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion