-
Notifications
You must be signed in to change notification settings - Fork 0
Current Feature Inventory
Implemented modules: policy registry, policy authoring preview, approval-bound signed policy publishing, rollout change planning, runtime guard, session audit, command interceptor, PR attestation exporter, webhook exporter, connector execution hooks, connector delivery history dashboards, approval router, evidence hub, evidence artifact retrieval, CI/CD required-check templates, activity persistence, repository inventory, policy rollout persistence, integration inventory, persistent API operations, pilot intake persistence, production deployment validation, Typer CLI, MCP server, FastAPI app, sandbox decision model, Go enforcement-plane parity scaffold, opt-in Go backend pilot, Go backend deployment readiness, Go backend promotion gate, Go backend rollback controls, Go backend rollback rehearsal evidence, Go backend rollback drill history, Go backend rollback drill scheduling and stale notification delivery, Go backend rollback drill notification acknowledgements and escalation plans, Go backend rollback drill owner routing, maintenance-window suppression, routing history filters, suppression trend summaries, authenticated drill acknowledgement controls, bulk drill acknowledgement workflows, acknowledgement audit packages, acknowledgement audit delivery routing, acknowledgement audit delivery health dashboards, acknowledgement audit delivery retry plans, scheduled acknowledgement audit delivery worker runs, worker health alerts, retry acknowledgements, retry execution approvals, connector recovery playbooks, approval-bound live retry execution records, connector recovery closure evidence, retry execution dashboards, recovery SLO reporting, closure trend analytics, recovery escalation notifications, recovery escalation acknowledgements, escalation delivery retry plans, recovery escalation retry workers, recovery escalation retry execution records, recovery escalation retry health reports, recovery retry health alert delivery, retry planning and retry worker execution, executive recovery reports, scheduled executive report runs, executive report delivery, executive report delivery retry plans, executive report delivery retry execution, executive delivery retry health reports, and executive retry health alert delivery and acknowledgements, final reporting closure dashboards, release-readiness summaries, operator runbook exports, readiness approval decisions, release record attachments, closure packet verifications, auditor exports, auditor export delivery routing, immutable archive references, auditor export retry planning, auditor export retry worker execution records, archive reference health checks, archive health alert delivery acknowledgements, final closeout delivery, retention review approvals, downloadable closeout artifact bundles, closeout retention health reports, retention health alert delivery, closeout delivery retry plans, closeout retry workers, closeout retry execution records, final closeout operator runbooks, final closeout release criteria, final closeout trial guidance, final closeout trial walkthrough, synthetic sample evidence package, sales-engineering demo script, interactive final closeout sandbox flow, downloadable final closeout sample evidence, release-criteria summary cards, final closeout production pilot intake worksheets, pilot readiness checklists, Enterprise/SaaS handoff plan, synthetic pilot intake template, Go enforcement contracts, typed release-governance evidence contract payloads, runner authentication contract payloads, typed release-governance daemon and CI runner examples, Go daemon transport, Go daemon client helper, signed runner authentication claims, CI-provider OIDC JWT runner verification, provider-native runner OIDC token acquisition for GitHub Actions, GitLab CI, and Azure Pipelines wrappers, runner/evidence key custody documentation, hash-chained HMAC-signed daemon evidence streams, daemon evidence verifier CLI support, signed CI runner bundle metadata, reusable release-governance runner wrappers, GitHub composite runner action, release governance record parity for approvals, delivery failures, endpoint publication, inventory freshness, reconciliation drift, SLA reports, and handoff status, release channel manifests, managed workstation updater policy, release-channel promotion approvals, endpoint-management export bundles, release channel publishing history views, governed endpoint export downloads, endpoint export publication delivery, endpoint inventory ingestion, endpoint inventory freshness SLA reporting, reconciliation automation from ingested inventory, managed endpoint deployment reconciliation, endpoint drift monitoring dashboards, approval-bound endpoint drift remediation plans, endpoint remediation handoff packages, endpoint remediation handoff status reconciliation, endpoint remediation SLA and executive reporting, endpoint remediation SLA notification delivery, notification routing policies, acknowledgement tracking, duplicate suppression windows, escalation ladders, owner-specific service-level objectives, recurrence retry policies, owner digest notifications, suppression trend analytics, Evidence Console recurrence operations filters and export drill-downs, Evidence Console drill notification acknowledgement and escalation drill-downs, scheduled recurrence automation worker runs, Evidence Console recurrence automation worker history, recurrence automation deployment templates, recurrence automation health reporting, recurrence automation health alert delivery and acknowledgements, hosted sandbox deployment workflow, CAVRA brand asset system, open-core edition boundaries, public-safe licensing placeholders, feature registry, and plugin runtime interfaces.
Private Enterprise implementation progress: the private cavra-enterprise repository now includes final rollout release-readiness approvals, managed tenant database adapter and driver package contracts, migration readiness evidence, envelope/KMS provider factory registration, KMS policy readiness evidence, cloud object storage provider factory registration, provider package descriptors, managed database driver package health evidence, object storage probe scheduling and retry evidence, managed database driver health scheduling and retry evidence, dashboard persistence, release-readiness approval summaries, and managed infrastructure readiness rollups. Public Community docs expose only the product boundary and user-facing capability summary.
Agent enforcement readiness: agent enforcement-readiness inspects local CAVRA enforcement files and optional exported provider settings for required-check workflow coverage, evidence artifacts, agent manifests, PR templates, CODEOWNERS, branch protection, required checks, security checks, and risky workflow permission patterns.
Existing CLI commands: version, evaluate, agent start, agent exec, agent attest, agent enforcement-readiness, policy list, policy describe, policy validate, policy test, policy explain, policy compile, policy diff, policy sign, policy verify, policy simulate, policy dry-run, policy init, runtime go-pilot-readiness, runtime go-deployment-readiness, runtime go-promotion-readiness, runtime go-rollback-readiness, runtime go-rollback-rehearsal, runtime go-rollback-drills, runtime go-rollback-drill-schedule, runtime go-rollback-drill-notification-plan, runtime go-rollback-drill-notification-ack, runtime go-rollback-drill-escalation-plan, runtime go-pilot-evaluate, integration deliver, ops stores, ops backup, ops restore, ops retention-plan, init claude-code, demo before-the-agent-acts.
Policy engine hardening: policy validate uses JSON Schema, policy compile emits normalized output and accepts overlays, policy diff reports semantic added/removed/changed paths, policy sign emits signature metadata, policy verify detects digest tampering, and policy packs can inherit parent packs through metadata.inherits.
Evidence hub: evidence bundle creates manifest.json, evidence.json, pr-attestation.md, compliance-mapping.md, siem-event.json, and sandbox-run-summary.json; evidence verify validates checksums plus optional HMAC or Ed25519 signatures; trust-root bundles, offline trust-root distribution packages, retention artifacts, immutable storage plans, AWS S3 Object Lock and Azure Blob immutability deployment references, SQLite metadata indexing, PR attestation verification, and governed artifact retrieval are available. Go release packaging includes signed installer metadata, managed endpoint deployment manifests, release channel manifests, managed workstation updater policy, signed release-channel promotion approvals, Jamf/Intune/Linux endpoint-management export bundles, release channel promotion request indexing, endpoint export indexing, API and Evidence Console publishing history views, governed endpoint export downloads, checksum-enforced endpoint export integrity, endpoint export publication records, Jamf/Intune/Linux connector delivery, endpoint publication history dashboards, endpoint inventory ingestion for Jamf, Intune, Linux fleet, and EDR exports, endpoint inventory freshness SLA reports, reconciliation automation from ingested inventory, managed endpoint reconciliation, endpoint drift dashboards, approval-bound endpoint drift remediation requests, approved remediation execution records, endpoint remediation handoff packages, endpoint remediation handoff status reconciliation, SLA breach reporting, executive summaries, SLA notification delivery, routing plans, duplicate suppression, acknowledgement records, escalation ladders, owner-specific acknowledgement and resolution SLO state, escalation delivery actions, owner review records, recurrence policies, owner calendars, maintenance-window suppression, recurrence delivery batching, suppression audit exports, recurrence retry policies, owner digest notifications, and suppression trend analytics for ITSM, ChatOps, and private connector queues, managed rollout evidence capture, rollout evidence verification and indexing, rollout evidence search filters and console/API views, governed rollout artifact retrieval, rollout artifact integrity status, promotion readiness indicators, signed promotion approval requests, approved promotion execution records, promotion execution search and audit drill-downs, rollback evidence links, approved rollback execution records, SIEM/ITSM promotion audit exports, connector delivery for promotion audit and rollback execution records, persisted connector delivery history, alert dashboard summaries, installer smoke validation, SBOM, provenance, keyless attestations, release evidence, and air-gapped verification.
Approval router: approval create, list, approve, deny, expire, break-glass, route, migrate, export-notifications, provider-requests, and deliver support JSON or SQLite stores, repository routing files, local claims authorization, signed OIDC/JWKS validation, repository RBAC policies, Entra ID and Okta deployment references, provider payload exports, credential-free provider request specs, live provider delivery with redacted evidence, console break-glass creation, and approval audit detail views.
Existing API endpoints: /health, /version, /policies, /policy-packs, /policy-pack-catalog, /policy-packs/draft, /policy-packs/publish-plan, /policy-packs/publish-request, /policy-packs/publish, /policy-rollouts/change-plan, /policy-rollouts/apply-change, /deployment/production-readiness, /runtime/go-pilot/readiness, /runtime/go-pilot/deployment-readiness, /runtime/go-pilot/promotion-readiness, /runtime/go-pilot/rollback-readiness, /runtime/go-pilot/rollback-rehearsal, /runtime/go-pilot/rollback-drills, /runtime/go-pilot/evaluate, /decisions, /sessions, /aispm/dashboard/contract, /aispm/dashboard/sample, /aispm/posture, /aispm/agents, /aispm/findings, /aispm/timeline, /aispm/control-coverage, /aispm/control-coverage-heatmap, /aispm/near-misses, /aispm/trace-replay/{session_id}, /aispm/approval-lineage, /aispm/behavior-fingerprints, /aispm/policy-context-gaps, /aispm/pre-action-risk-forecasts, /aispm/intent-action-drift, /aispm/tool-chain-graph, /aispm/agent-blast-radius, /aispm/evidence-confidence, /aispm/evidence-freshness, /aispm/executive-risk-narrative, /agents, /repositories, /approvals, /evidence, /evidence/{session_id}/artifacts, /integrations, /integrations/{integration_id}/deliver, /mcp/servers, /mcp/trust, /risk/events, /compliance/mappings, and sandbox endpoints under /api/sandbox.
Activity persistence: POST /decisions evaluates and persists decisions, GET /decisions searches decisions by session, agent, repository, policy pack, outcome, severity, and action type, and GET /sessions searches session summaries. JSON and SQLite stores are supported through CAVRA_ACTIVITY_STORE and CAVRA_ACTIVITY_DB.
AI Security Posture Dashboard public contract: GET /aispm/dashboard/contract, /aispm/dashboard/sample, /aispm/posture, /aispm/agents, /aispm/findings, /aispm/timeline, /aispm/control-coverage, /aispm/control-coverage-heatmap, /aispm/near-misses, /aispm/trace-replay/{session_id}, /aispm/approval-lineage, /aispm/behavior-fingerprints, /aispm/policy-context-gaps, /aispm/pre-action-risk-forecasts, /aispm/intent-action-drift, /aispm/tool-chain-graph, /aispm/agent-blast-radius, /aispm/evidence-confidence, /aispm/evidence-freshness, and /aispm/executive-risk-narrative expose a Community-safe local posture model from existing activity metadata. The public portal includes an AI Posture route that reads /aispm/posture, /aispm/trace-replay/{session_id}, /aispm/approval-lineage, /aispm/behavior-fingerprints, /aispm/policy-context-gaps, /aispm/pre-action-risk-forecasts, /aispm/intent-action-drift, /aispm/tool-chain-graph, /aispm/agent-blast-radius, /aispm/control-coverage-heatmap, /aispm/evidence-confidence, /aispm/evidence-freshness, and /aispm/executive-risk-narrative when window.CAVRA_API_BASE is configured and otherwise labels deterministic sample data. It now shows posture overview, agent coverage, risk findings, control coverage, near-miss queue, execution timeline, public-safe trace replay drill-down, public-safe approval lineage, behavior fingerprints, policy context gaps, pre-action risk forecasts, intent-to-action drift, tool-chain risk graph, agent blast-radius map, control coverage heatmap, evidence confidence drilldown, evidence freshness SLO panel, executive risk narrative, and the raw public-safe payload. Community control coverage heatmaps pivot normalized local decisions by agent, repository, and control surface while keeping private repository owner graphs, identity-provider claims, permission matrices, environment criticality, CMDB service mapping, and live organization baselines in Enterprise. Community trace replay reconstructs normalized decision steps and redaction status without exposing raw prompts, reasoning, tool output, or customer context. Community approval lineage reconstructs approver group, state, timestamps, decision linkage, and evidence refs while reducing human actors to role labels and keeping IdP/RBAC context private. Community behavior fingerprints summarize action profiles, decision profiles, observed repositories, control surfaces, risk signals, drift status, and evidence refs while keeping raw prompts, reasoning, tool output, private customer context, and private behavior baselines in Enterprise. Community policy context gaps flag missing environment, ownership, data, change-window, criticality, approval-route, and trust-tier metadata while keeping private CMDB, data catalog, identity-provider, cloud inventory, ticketing, and change-calendar enrichment in Enterprise. Community pre-action risk forecasts project blast radius, likely impact, and required controls from normalized local decision metadata while keeping private asset graphs, dependency graphs, identity blast radius, cloud inventory, runtime state, and prompt-intent context in Enterprise. Community intent-to-action drift compares declared intent metadata with observed action type, target summary, control surface, and policy outcome while keeping raw prompt intent extraction, reasoning analysis, conversation history, private ticket context, full tool payloads, and semantic intent models in Enterprise. Community tool-chain graphing maps agents, safe tool labels, redacted targets, policy packs, hotspots, and risk-scored execution edges while keeping raw tool request bodies, tool results, connector spans, cross-system call graphs, private network targets, and Enterprise trace correlation private. Community agent blast-radius mapping rolls up per-agent repository, target-class, tool, policy-pack, control-surface, approval-path, risk, control, and evidence-reference reach while keeping private asset graphs, identity permission graphs, cloud inventory, dependency graphs, secret names, customer topology, and private criticality enrichment in Enterprise. Community executive risk narratives summarize local posture, top risks, evidence SLO status, and recommended actions while keeping AI-assisted board summaries, private trend history, tenant benchmarking, service criticality, and customer-impact context in Enterprise. The packaged dashboard schema lives at src/cavra/schemas/aispm-dashboard.schema.json; public sample data lives at examples/aispm/community-dashboard-sample.json. The packaged control coverage heatmap schema lives at src/cavra/schemas/aispm-control-coverage-heatmap.schema.json; public sample data lives at examples/aispm/community-control-coverage-heatmap-sample.json. The packaged trace replay schema lives at src/cavra/schemas/aispm-trace-replay.schema.json; public sample data lives at examples/aispm/community-trace-replay-sample.json. The packaged approval lineage schema lives at src/cavra/schemas/aispm-approval-lineage.schema.json; public sample data lives at examples/aispm/community-approval-lineage-sample.json. The packaged behavior fingerprint schema lives at src/cavra/schemas/aispm-behavior-fingerprints.schema.json; public sample data lives at examples/aispm/community-behavior-fingerprints-sample.json. The packaged policy context gap schema lives at src/cavra/schemas/aispm-policy-context-gaps.schema.json; public sample data lives at examples/aispm/community-policy-context-gaps-sample.json. The packaged pre-action risk forecast schema lives at src/cavra/schemas/aispm-pre-action-risk-forecasts.schema.json; public sample data lives at examples/aispm/community-pre-action-risk-forecasts-sample.json. The packaged intent-to-action drift schema lives at src/cavra/schemas/aispm-intent-action-drift.schema.json; public sample data lives at examples/aispm/community-intent-action-drift-sample.json. The packaged tool-chain graph schema lives at src/cavra/schemas/aispm-tool-chain-graph.schema.json; public sample data lives at examples/aispm/community-tool-chain-graph-sample.json. The packaged agent blast-radius schema lives at src/cavra/schemas/aispm-agent-blast-radius.schema.json; public sample data lives at examples/aispm/community-agent-blast-radius-sample.json. The packaged executive risk narrative schema lives at src/cavra/schemas/aispm-executive-risk-narrative.schema.json; public sample data lives at examples/aispm/community-executive-risk-narrative-sample.json. Live prompt traces, tool-call graphing, full trace replay, private behavior baselines, private context enrichment, private identity-provider claims, private forecast enrichment, private semantic intent extraction, private workflow correlation, raw tool payload graphing, private blast-radius enrichment, private organization-wide heatmap enrichment, cross-system execution traces, kill switch, policy toggles, runtime overrides, organization-wide coverage, multi-tenant retention, and compliance exports remain Enterprise capabilities.
AISPM evidence confidence drilldown: GET /aispm/evidence-confidence classifies local decision/session evidence as signed, activity-reference, sample, metadata-only, or missing evidence. The public portal includes the drilldown in the AI Posture route, and packaged public artifacts live at src/cavra/schemas/aispm-evidence-confidence.schema.json and examples/aispm/community-evidence-confidence-sample.json. Raw evidence payloads, private artifact contents, signature trust chains, external ticket payloads, customer data, tenant evidence stores, and immutable evidence validation remain Enterprise capabilities.
AISPM evidence freshness and retention SLO: GET /aispm/evidence-freshness classifies local decision/session timestamps as fresh, review-soon, stale, or missing and flags public-safe retention-reference gaps. The public portal includes the SLO panel in the AI Posture route, and packaged public artifacts live at src/cavra/schemas/aispm-evidence-freshness.schema.json and examples/aispm/community-evidence-freshness-sample.json. Immutable archive probes, object-lock status, KMS key health, retention lifecycle policies, external archive metadata, auditor export manifests, and tenant evidence stores remain Enterprise capabilities.
AISPM executive risk narrative: GET /aispm/executive-risk-narrative generates a deterministic public-safe CSO/CISO narrative from local posture metrics, top risks, blocked and approval-gated decisions, evidence freshness SLO status, and recommended actions. The public portal includes the narrative panel in the AI Posture route, and packaged public artifacts live at src/cavra/schemas/aispm-executive-risk-narrative.schema.json and examples/aispm/community-executive-risk-narrative-sample.json. AI-assisted board summaries, private tenant trends, business owner and service criticality enrichment, customer impact analysis, scheduled executive brief delivery, GRC/incident packet export, and tenant benchmarks remain Enterprise capabilities.
AISPM replay-to-policy draft authoring: GET /aispm/replay-to-policy-draft generates a public-safe, read-only policy-pack draft from normalized replay decisions. The public portal includes candidate-control cards and a policy JSON preview in the AI Posture route, and packaged public artifacts live at src/cavra/schemas/aispm-replay-to-policy-draft.schema.json and examples/aispm/community-replay-to-policy-draft-sample.json. Prompt-derived authoring, model reasoning analysis, raw tool payload analysis, ticket and asset enrichment, tenant-history simulation, private approval policy, and automated policy write-back remain Enterprise capabilities.
AISPM replay-to-policy review workflow, review packet, PR attachment guidance, validation, CI gate guidance, readiness export, and test fixture export: GET /aispm/replay-to-policy-tests generates public-safe, review-only JSON policy test fixtures from replay-derived draft controls. The public portal includes a review workflow panel for candidate controls, fixture coverage, evidence references, validation commands, approval gates, and Enterprise boundaries, a review packet export that combines the candidate policy draft, test fixture, and checklist into one public-safe JSON packet for PR attachment or auditor review, PR attachment guidance with exact packet, draft, fixture paths and copyable approval language, a CI gate panel with GitHub Actions, GitLab CI, and Azure Pipelines required-check paths, a readiness summary, a rollout checklist Markdown export, a rollout audit packet export, a CI gate rollout auditor view, and a public-safe readiness export, plus a fixture preview with copy and download actions in the AI Posture route. Review packet validation is available through cavra aispm validate-review-packet, POST /aispm/replay-to-policy-review-packet/validate, and reusable GitHub Actions, GitLab CI, and Azure Pipelines templates. CI gate readiness validation is available through cavra aispm validate-ci-gate-readiness, POST /aispm/replay-to-policy-ci-gate-readiness/validate, and optional repository-root template checks. Packaged public artifacts live at src/cavra/schemas/aispm-replay-to-policy-tests.schema.json, examples/aispm/community-replay-to-policy-tests-sample.json, src/cavra/schemas/aispm-replay-to-policy-review-packet.schema.json, examples/aispm/community-replay-to-policy-review-packet-sample.json, src/cavra/schemas/aispm-replay-to-policy-ci-gate-readiness.schema.json, and examples/aispm/community-replay-to-policy-ci-gate-readiness-sample.json. Prompt-derived test generation, raw tool payload analysis, tenant-history regression, private context enrichment, CI write-back, and pull-request automation remain Enterprise capabilities.
AISPM Enterprise live ingestion public contract: docs/architecture/aispm-enterprise-live-ingestion.md, src/cavra/schemas/aispm-enterprise-live-ingestion-envelope.schema.json, and examples/aispm/enterprise-live-ingestion-envelope-public-contract.example.json define the public-safe Phase C envelope for live Enterprise agent, MCP, CI/CD, cloud/IaC, policy-decision, approval, and evidence events. The contract uses metadata, redacted summaries, opaque private payload references, integrity fields, transport metadata, and Enterprise boundary markers. Private collectors, authenticated ingestion APIs, tenant persistence, streaming transport, raw prompt/reasoning/tool-output storage, license enforcement, and dashboard projection workers remain private Enterprise capabilities.
AISPM CSO Report Center: the public AI Posture route includes browser-generated Community downloads for executive risk briefs, board KPI packs, SOC 2-style audit summaries, control coverage CSV, evidence freshness CSV, and agent risk register CSV from sample or local posture metadata. docs/architecture/aispm-report-center.md documents the Enterprise expansion for PDF, XLSX, DOCX, HTML, signed JSON, JSONL, GRC upload packages, scheduled email delivery, SMTP/provider setup, recipient allowlists, RBAC, approval gates, retry evidence, delivery audit trails, retention lifecycle governance, RBAC-scoped report retrieval, signed export package manifests, governed report schedules, recipient policy enforcement, immutable approval decisions, exception lifecycle governance, scoped evidence rooms for expiring auditor access, immutable evidence room access events, incident review packets, incident closure evidence, aggregate CSO KPI metrics, alert escalation, alert operations dashboards, alert drilldowns, alert remediation plans, alert remediation closure, remediation closure operations dashboards, remediation closure executive digests, remediation closure digest distribution governance, the Enterprise readiness checklist in docs/architecture/aispm-report-center-enterprise-readiness.md, Enterprise Trial validation packets, trial operator dashboard readiness, trial operator dashboard API/view-model mapping, trial evaluator handoff packets, trial revocation and expiry evidence, trial lab notebook outlines, and trial lab notebook publication readiness. src/cavra/aispm_reports.py, src/cavra/schemas/aispm-report-delivery-contract.schema.json, src/cavra/schemas/aispm-report-setup-wizard-contract.schema.json, src/cavra/schemas/aispm-report-delivery-audit-event.schema.json, src/cavra/schemas/aispm-report-operations-dashboard.schema.json, src/cavra/schemas/aispm-report-retention-lifecycle.schema.json, src/cavra/schemas/aispm-report-search-retrieval.schema.json, src/cavra/schemas/aispm-report-export-package-manifest.schema.json, src/cavra/schemas/aispm-report-schedule-policy.schema.json, src/cavra/schemas/aispm-report-recipient-policy.schema.json, src/cavra/schemas/aispm-report-approval-decision.schema.json, src/cavra/schemas/aispm-report-exception-lifecycle.schema.json, src/cavra/schemas/aispm-report-evidence-room.schema.json, src/cavra/schemas/aispm-report-evidence-room-access-event.schema.json, src/cavra/schemas/aispm-report-incident-packet.schema.json, src/cavra/schemas/aispm-report-incident-closure.schema.json, src/cavra/schemas/aispm-report-kpi-metrics.schema.json, src/cavra/schemas/aispm-report-alert-escalation.schema.json, src/cavra/schemas/aispm-report-alert-operations-dashboard.schema.json, src/cavra/schemas/aispm-report-alert-drilldown.schema.json, src/cavra/schemas/aispm-report-alert-remediation-plan.schema.json, src/cavra/schemas/aispm-report-alert-remediation-closure.schema.json, src/cavra/schemas/aispm-report-remediation-closure-operations-dashboard.schema.json, src/cavra/schemas/aispm-report-remediation-closure-executive-digest.schema.json, src/cavra/schemas/aispm-report-remediation-closure-digest-distribution.schema.json, src/cavra/schemas/aispm-report-center-trial-validation-packet.schema.json, src/cavra/schemas/aispm-report-center-trial-operator-dashboard-readiness.schema.json, src/cavra/schemas/aispm-report-center-trial-operator-api-view-model.schema.json, src/cavra/schemas/aispm-report-center-trial-evaluator-handoff-packet.schema.json, src/cavra/schemas/aispm-report-center-trial-revocation-expiry-evidence.schema.json, src/cavra/schemas/aispm-report-center-trial-lab-notebook-outline.schema.json, src/cavra/schemas/aispm-report-center-trial-lab-notebook-publication-readiness.schema.json, examples/aispm/enterprise-report-delivery-contract-public.example.json, examples/aispm/enterprise-report-setup-wizard-contract-public.example.json, examples/aispm/enterprise-report-delivery-audit-event-public.example.json, examples/aispm/enterprise-report-operations-dashboard-public.example.json, examples/aispm/enterprise-report-retention-lifecycle-public.example.json, examples/aispm/enterprise-report-search-retrieval-public.example.json, examples/aispm/enterprise-report-export-package-manifest-public.example.json, examples/aispm/enterprise-report-schedule-policy-public.example.json, examples/aispm/enterprise-report-recipient-policy-public.example.json, examples/aispm/enterprise-report-approval-decision-public.example.json, examples/aispm/enterprise-report-exception-lifecycle-public.example.json, examples/aispm/enterprise-report-evidence-room-public.example.json, examples/aispm/enterprise-report-evidence-room-access-event-public.example.json, examples/aispm/enterprise-report-incident-packet-public.example.json, examples/aispm/enterprise-report-incident-closure-public.example.json, examples/aispm/enterprise-report-kpi-metrics-public.example.json, examples/aispm/enterprise-report-alert-escalation-public.example.json, examples/aispm/enterprise-report-alert-operations-dashboard-public.example.json, examples/aispm/enterprise-report-alert-drilldown-public.example.json, examples/aispm/enterprise-report-alert-remediation-plan-public.example.json, examples/aispm/enterprise-report-alert-remediation-closure-public.example.json, examples/aispm/enterprise-report-remediation-closure-operations-dashboard-public.example.json, examples/aispm/enterprise-report-remediation-closure-executive-digest-public.example.json, examples/aispm/enterprise-report-remediation-closure-digest-distribution-public.example.json, examples/aispm/enterprise-report-center-trial-validation-packet-public.example.json, examples/aispm/enterprise-report-center-trial-operator-dashboard-readiness-public.example.json, examples/aispm/enterprise-report-center-trial-operator-api-view-model-public.example.json, examples/aispm/enterprise-report-center-trial-evaluator-handoff-packet-public.example.json, examples/aispm/enterprise-report-center-trial-revocation-expiry-evidence-public.example.json, examples/aispm/enterprise-report-center-trial-lab-notebook-outline-public.example.json, and examples/aispm/enterprise-report-center-trial-lab-notebook-publication-readiness-public.example.json define the public-safe contracts that private Enterprise should implement. SMTP passwords, provider tokens, private keys, customer records, raw prompts, model reasoning, raw tool output, download URLs, auditor identities, approver identities, operator identities, IP addresses, private justifications, remediation details beyond public-safe summaries, tenant drilldown metrics, notification provider responses, and provider credentials remain outside the public repository.
Repository inventory and policy rollout persistence: POST /repositories upserts repository scope, ownership, status, protected branch, required check, risk tier, and active policy metadata; GET /repositories searches by provider, owner, policy pack, status, and risk tier; POST /policy-rollouts upserts rollout mode, state, owner, version, coverage, and evidence references; and GET /policy-rollouts searches by repository, policy pack, state, mode, and owner. JSON and SQLite stores are supported through CAVRA_INVENTORY_STORE and CAVRA_INVENTORY_DB.
Policy rollout drill-downs: GET /policy-rollout-details/{rollout_id} joins rollout state with repository inventory, policy pack metadata, matching decision activity, integration inventory, and readiness checks. The console shows rollout detail from each policy rollout row.
Policy authoring and rollout changes: GET /policy-pack-catalog summarizes installed policy packs, POST /policy-packs/draft validates read-only policy drafts, POST /policy-packs/publish-plan previews approval-bound write-back, POST /policy-packs/publish-request creates a digest-bound approval request, POST /policy-packs/publish writes policy.yaml and signature metadata only after matching approval, POST /policy-rollouts/change-plan previews rollout transitions, and POST /policy-rollouts/apply-change persists rollout changes with verified actor context when OIDC or RBAC is configured.
Integration inventory persistence: POST /integrations upserts provider, category, owner, environment, auth mode, endpoint reference, status, health status, capability, repository scope, and evidence metadata; GET /integrations searches by provider, category, status, owner, environment, and health status. JSON and SQLite stores are supported through CAVRA_INTEGRATION_STORE and CAVRA_INTEGRATION_DB.
Connector execution hooks: POST /integrations/{integration_id}/deliver and cavra integration deliver send events through configured Splunk, Sentinel, Datadog, Slack, Teams, Jira, ServiceNow, or webhook connectors and return redacted delivery evidence. CAVRA_CONNECTOR_CONFIG points the API at connector configuration.
Persistent API operations: ops stores reports active JSON/SQLite persistence paths, ops backup writes checksum-backed JSON and SQLite backups, ops restore validates backup checksums before copying stores to a test or live path, and ops retention-plan exports JSON and Markdown retention controls. The API exposes read-only /operations/stores and /operations/retention-plan, and operations now include integration inventory stores.
Production deployment validation: GET /deployment/production-readiness checks OIDC, RBAC, CORS, evidence artifact root, policy catalog availability, persistent store presence, Go backend pilot readiness, Go CI runner/workstation deployment readiness, Go promotion readiness, Go rollback readiness, Go rollback rehearsal readiness, Go rollback drill history, and Go rollback drill scheduling. The console includes a Production Readiness panel with Go pilot, deployment, promotion, rollback, rehearsal, latest drill status, recovery target, next drill due date, notification routes, and evidence references.
CI/CD required-check templates: .github/workflows/cavra-governance.yml exposes cavra-required-check for branch protection, validates policy packs, runs lint/tests, generates and verifies evidence, verifies PR attestation, and uploads CI evidence artifacts. Reusable GitHub Actions, GitLab CI, and Azure Pipelines examples live under examples/.
Go enforcement-plane parity scaffold: go/cavra-runtime/ contains a Go module, runtime decision evaluator, CLI entrypoint, compiled-policy JSON loader, generated enforcement contract package, and shared parity fixture for critical file, command, Git, MCP, and release governance record decisions. Release governance parity now covers approval states, delivery failures, endpoint publication delivery, inventory freshness, reconciliation drift, SLA reports, and handoff status. The Go CLI supports --policy for normalized JSON generated by cavra policy compile. tests/test_go_runtime_parity.py, the go-runtime-parity CI job, and cavra-required-check exercise the parity contract.
Go enforcement contracts: scripts/generate_go_enforcement_contracts.py generates go/cavra-runtime/enforcement/v1/contracts.go from proto/cavra/enforcement/v1/enforcement.proto. The generated package provides EvaluateRequest, ReleaseGovernanceEvidence, DecisionResponse, and conversion helpers for daemon transport and runtime release-governance records.
Go daemon transport: go/cavra-runtime/daemon and go run ./cmd/cavra-runtime --serve --socket .cavra/cavra-runtime.sock provide the first Unix-socket transport for generated EvaluateRequest and DecisionResponse JSON payloads. daemon.NewClient(socket).Evaluate(request) and go run ./cmd/cavra-runtime --daemon --socket .cavra/cavra-runtime.sock provide a reusable client path. go run ./cmd/cavra-runtime --lifecycle start|status|stop provides PID-file-backed daemon lifecycle management. --evidence-log writes request/response JSONL evidence and appends go-daemon-evidence://... references to decision responses. examples/go-runtime/typed-release-governance/ plus GitHub Actions, GitLab CI, Azure Pipelines templates, examples/ci-runners/cavra-release-governance-runner.sh, and examples/github-actions/actions/cavra-release-governance-go-runtime/action.yml show release-governance gates using typed daemon requests. The Go release package now emits cavra-runtime.ci-runner-bundles.json and signs the reusable runner wrappers with the rest of the runtime release evidence.
Opt-in Go backend pilot: src/cavra/go_backend.py defaults to Python-only mode, supports disabled, shadow, enforce, and promoted, validates configured runtime and compiled policy paths, exposes CLI and API readiness reports, evaluates Python first, invokes Go only when enabled, and falls back to Python on runtime failure, timeout, missing readiness inputs, missing promotion evidence, missing rollback controls, missing rollback rehearsal evidence, missing rollback drill history, or parity mismatch.
Go backend deployment readiness: cavra runtime go-deployment-readiness, /runtime/go-pilot/deployment-readiness, and /deployment/production-readiness validate CI runner bundle metadata, endpoint deployment metadata, workstation release channels, and updater policy before Go backend promotion.
Go backend promotion gate: cavra runtime go-promotion-readiness, /runtime/go-pilot/promotion-readiness, and /deployment/production-readiness require runtime readiness, deployment readiness, approved audited parity evidence, and CAVRA_GO_PROMOTION_EVIDENCE before promoted mode selects Go as an optional backend.
Go backend rollback controls: cavra runtime go-rollback-readiness, /runtime/go-pilot/rollback-readiness, and /deployment/production-readiness require an approved CAVRA_GO_ROLLBACK_PLAN with target_mode=disabled, recovery steps, controls, and evidence references before promoted mode selects Go as an optional backend.
Go backend rollback rehearsal evidence: cavra runtime go-rollback-rehearsal, /runtime/go-pilot/rollback-rehearsal, and /deployment/production-readiness require CAVRA_GO_ROLLBACK_REHEARSAL_EVIDENCE, verified Python fallback restoration, recovery-time evidence, a runbook reference, and evidence refs before promoted mode selects Go as an optional backend. The Evidence Console surfaces rehearsal status, recovery target, and evidence references.
Go backend rollback drill history: cavra runtime go-rollback-drills, /runtime/go-pilot/rollback-drills, and /deployment/production-readiness require CAVRA_GO_ROLLBACK_DRILL_HISTORY, a fresh passing drill, disabled target mode, verified Python fallback restoration, recovery-time evidence, and evidence refs before promoted mode selects Go as an optional backend. The Evidence Console surfaces latest drill status, timestamp, and evidence references.
Go backend rollback drill scheduling: cavra runtime go-rollback-drill-schedule, cavra runtime go-rollback-drill-notification-plan, /runtime/go-pilot/rollback-drill-schedule, and /runtime/go-pilot/rollback-drill-notifications/deliver require CAVRA_GO_ROLLBACK_DRILL_SCHEDULE, active cadence metadata, owners, notification providers, and runbook references. Promoted mode selects Go only when the schedule is ready or due soon; stale schedules fall back to Python and can deliver redacted connector notification evidence.
Go backend rollback drill notification acknowledgements: runtime APIs now include acknowledgement audit delivery, recovery escalation, recovery retry health alert delivery, retry planning, retry worker execution, executive recovery reports, scheduled executive report delivery, executive delivery retry plans, executive delivery retry workers, executive delivery retry health reports, executive retry health alerts, final closeout retention health, final closeout retention alerts, final closeout delivery retry planning, final closeout retry workers, dashboard search, route history, and missed-notification escalation plans. They record public-safe acknowledgement metadata, dashboard outstanding routes, bulk route acknowledgements, delivery health dashboards, retry acknowledgements, retry recovery reports, recovery escalation delivery, recovery escalation retry execution records, recovery health alert retry execution records, executive report delivery retry execution, executive retry health alert acknowledgements, and health metadata, final auditor export delivery metadata, immutable archive references, auditor export retry plans, auditor export retry worker execution records, archive reference health reports, archive health alert acknowledgements, closeout retention health reports, and closeout retry execution records without connector or archive secrets.
Go backend rollback drill routing: cavra runtime go-rollback-drill-notification-plan --routing-policy and /runtime/go-pilot/rollback-drill-notifications/deliver accept public-safe owner_routes, maintenance_windows, and owner_calendars to select per-owner providers, apply owner-specific acknowledgement SLOs, and suppress connector delivery during approved change freezes or owner unavailability.
Hosted sandbox deployment workflow: .github/workflows/deploy-sandbox.yml validates apps/sandbox-ui/sandbox.js, builds a static artifact from apps/sandbox-ui, includes SVG diagram assets, uploads a GitHub Pages artifact, opts JavaScript-based GitHub Actions into Node.js 24, and deploys only from main.
Brand assets: assets/brand/ contains CAVRA SVG logos, favicons, social thumbnails, and PNG exports for documentation, README, dashboard, and social preview usage. The sandbox console uses a top-left CAVRA wordmark, a larger top-right hero mark below the install CTA, and ships the brand assets in the Pages artifact.
Evidence Console Community GA closeout: the hosted sandbox now includes a Community GA Control Hardening section with Ed25519 policy signing commands, runtime mode behavior, golden decision snapshot coverage, deployment validation references, and release evidence links for the public Community path.
Community GA release checklist: docs/community-ga-release-checklist.md ties public boundary validation, Ed25519 policy signing, runtime modes, golden decision snapshots, Evidence Console readiness, deployment validation, Go runtime readiness, documentation sync, and required CI evidence into one user-verifiable public Community release gate.
Community GA release packet template: docs/community-ga-release-packet-template.md, docs/release-packets/community-ga-release-packet.schema.json, and examples/release-packets/community-ga-release-packet.example.json define the public-safe Markdown and JSON packet shape for future Community GA release evidence, accepted risk review, boundary status, release decision, and wiki sync references.
Community GA dry-run release packet: docs/release-packets/community-ga-dry-run-2026-06-04.md and docs/release-packets/community-ga-dry-run-2026-06-04.json record the first public-safe dry run of the Community GA checklist against main commit 65f63df48304, including boundary, policy signing, runtime mode, Evidence Console, deployment readiness, Go disabled-readiness, documentation, and CI evidence status.
Community GA release packet validation: scripts/validate-release-packets.py validates Community GA packet JSON artifacts against docs/release-packets/community-ga-release-packet.schema.json, enforces the required gate set, rejects ready_for_community_ga packets with accepted risks, and runs in Community CI, security scan, release-community, and cavra-required-check workflows.
Community GA v0.1.0 release packet: docs/release-packets/community-ga-v0.1.0.md and docs/release-packets/community-ga-v0.1.0.json record the first official public Community GA release packet for tag community-v0.1.0, with all Community GA gates passing and no accepted risks.
Community GA v0.1.0 release publication: docs/community-ga-v0.1.0-release-publication.md records the public GitHub Release URL, successful release workflow, attached source distribution and wheel artifacts, SHA-256 checksums, and public Community boundary notice.
Community GA v0.1.0 post-release verification: docs/release-verifications/community-v0.1.0-post-release-verification.md, docs/release-verifications/community-v0.1.0-post-release-verification.json, scripts/verify-community-release-artifacts.py, .github/workflows/verify-community-release.yml, docs/community-release-verification-runbook.md, and docs/releases/community-v0.1.0.md record artifact downloadability, checksum verification, clean wheel install smoke testing, release-link freshness, and future manual workflow operation.
Community GA user-verifiable path: docs/community-ga-user-verifiable-path.md and scripts/validate-community-ga-path.py connect policy gates, release packets, post-release verification, Evidence Console validation, Go runtime disabled/promoted status, README links, wiki navigation, and workflow enforcement into one public operator-verifiable release path.
Production deployment guide validation: docs/production-deployment-guide-validation.md and scripts/validate-production-deployment-guide.py keep install, configuration, storage, backup, restore, CORS/API, GitHub Pages portal checks, release validators, README links, wiki navigation, and CI workflow wiring aligned for public Community deployment handoffs.
Go enforcement production hardening: docs/go-enforcement-production-hardening.md and scripts/validate-go-production-hardening.py keep Unix-socket transport, gRPC boundary planning, air-gapped packaging, reproducibility, release-candidate upgrade validation, performance smoke evidence, operational readiness, README links, wiki navigation, and CI workflow wiring aligned for the public Go enforcement plane.
Enterprise integration validation: docs/enterprise-integration-validation.md and scripts/validate-enterprise-integration-readiness.py keep GitHub App/orchestrator governance, GitLab CI parity, Azure DevOps parity, SAML identity readiness, SIEM workflow evidence, ITSM workflow evidence, README links, wiki navigation, and CI workflow wiring aligned without exposing Enterprise source code or provider credentials.
Production readiness procurement closeout: docs/production-readiness-procurement-closeout.md and scripts/validate-production-readiness-procurement-closeout.py keep performance, concurrency, backup/restore, upgrade/migration, SOC 2 readiness, security advisory drill, release integrity, README links, wiki navigation, and CI workflow wiring aligned for procurement handoff.
Community maintenance-release governance: docs/community-maintenance-release-checklist.md, docs/community-maintenance-release-evidence-template.md, docs/release-verifications/community-maintenance-release.schema.json, examples/release-verifications/community-maintenance-release.example.json, and scripts/validate-maintenance-release-evidence.py define and enforce the post-GA public Community maintenance release gate set for release notes, changelog, README, wiki, verification workflow, artifact checksums, install smoke, public boundary, and CI evidence.
Community release-note freshness: docs/community-release-note-freshness.md and scripts/validate-community-release-note-freshness.py enforce that every docs/releases/community-v*.md page has a matching GitHub Release URL, verification packet, README link, wiki release notes page, and wiki verification entry.
Community v0.1.1 maintenance and post-release verification: docs/releases/community-v0.1.1.md, docs/release-verifications/community-v0.1.1-maintenance-verification.md, docs/release-verifications/community-v0.1.1-maintenance-verification.json, docs/release-verifications/community-v0.1.1-post-release-verification.md, and docs/release-verifications/community-v0.1.1-post-release-verification.json record the official post-GA public Community maintenance release path, published GitHub Release asset downloadability, SHA-256 checksum matches, clean install smoke output, README/wiki freshness, release index, and readiness dashboard links.
Community v0.1.2 readiness: docs/community-v0.1.2-readiness.md, scripts/validate-python-package-metadata.py, .github/workflows/community-ci.yml, .github/workflows/release-community.yml, .github/workflows/publish-pypi.yml, and .github/workflows/go-release.yml close Python packaging metadata warnings, assert BUSL-1.1 wheel metadata, include packaged schemas, and preserve explicit release workflow guards before official artifact publication.
Community v0.1.2 release record: docs/releases/community-v0.1.2.md, docs/release-verifications/community-v0.1.2-maintenance-verification.md, docs/release-verifications/community-v0.1.2-maintenance-verification.json, docs/release-verifications/community-v0.1.2-post-release-verification.md, docs/release-verifications/community-v0.1.2-post-release-verification.json, docs/community-release-index.md, and docs/community-release-readiness-dashboard.md record the published maintenance release, package metadata closure, release workflow guard evidence, artifact checksums, clean-install smoke, and public boundary status.
Community v0.1.3 maintenance planning: docs/community-v0.1.3-maintenance-planning.md records GitHub Actions Node 24 workflow readiness, current v0.1.3 verification defaults, and the public-safe release-candidate checklist for the current Community maintenance release.
Community v0.1.3 release record: docs/releases/community-v0.1.3.md, docs/release-verifications/community-v0.1.3-maintenance-verification.md, docs/release-verifications/community-v0.1.3-maintenance-verification.json, docs/release-verifications/community-v0.1.3-post-release-verification.md, docs/release-verifications/community-v0.1.3-post-release-verification.json, docs/community-release-index.md, and docs/community-release-readiness-dashboard.md record the package version bump, release evidence, public boundary, artifact checksums, clean-install smoke, and final post-release verification.
Community v1.0.0 stabilization planning: docs/community-v1.0.0-stabilization-plan.md, docs/release-verifications/community-v1.0.0-stabilization-plan.json, and scripts/validate-community-v100-stabilization.py define and enforce the public-safe v1.0.0 path for release signing, reproducible provenance, GA announcement readiness, final operator evidence, and public boundary validation.
Community v1.0.0 release-candidate hardening: docs/community-v1.0.0-release-candidate-hardening.md, docs/release-verifications/community-v1.0.0-release-candidate-hardening.json, and scripts/validate-community-v100-rc-hardening.py define and enforce the public-safe RC path for signed artifact verification, reproducible provenance verification, GA announcement checklist, final operator evidence, and public boundary validation.
Community v1.0.0 release-candidate publication: docs/community-v1.0.0-release-candidate-publication.md, docs/releases/community-v1.0.0-rc.1.md, docs/release-verifications/community-v1.0.0-rc.1-publication-readiness.md, docs/release-verifications/community-v1.0.0-release-candidate-publication.json, and scripts/validate-community-v100-rc-publication.py define and enforce the public-safe RC1 dry-run publication path for release notes, signed artifact verification readiness, provenance evidence readiness, announcement readiness, release index coverage, release dashboard coverage, and public boundary validation.
Community v1.0.0 RC1 post-publication verification: docs/release-verifications/community-v1.0.0-rc.1-post-publication-verification.md, docs/release-verifications/community-v1.0.0-rc.1-post-publication-verification.json, and scripts/validate-community-v100-rc-post-publication.py define and enforce the published RC1 evidence path for GitHub Release links, artifact SHA-256 checksums, provenance metadata, workflow evidence, clean install smoke, README links, release index status, release dashboard status, wiki navigation, and public boundary validation.
Community v1.0.0 GA readiness: docs/community-v1.0.0-ga-readiness.md, docs/release-verifications/community-v1.0.0-ga-readiness.json, and scripts/validate-community-v100-ga-readiness.py define and enforce the public-safe GA readiness bridge from RC1 feedback into upgrade notes, installer paths, announcement copy, final GA evidence gates, README links, wiki navigation, release index continuity, release dashboard continuity, and public boundary validation.
Community v1.0.0 GA publication package: docs/community-v1.0.0-ga-publication-package.md, docs/releases/community-v1.0.0.md, docs/release-verifications/community-v1.0.0-publication-readiness.md, docs/release-verifications/community-v1.0.0-ga-publication-package.json, and scripts/validate-community-v100-ga-publication-package.py define and enforce the public-safe final GA publication package for release notes, artifact build planning, verifier inputs, announcement approval evidence, release index coverage, release dashboard coverage, and public boundary validation.
Community v1.0.0 post-publication verification: docs/releases/community-v1.0.0.md, docs/release-verifications/community-v1.0.0-post-publication-verification.md, docs/release-verifications/community-v1.0.0-post-publication-verification.json, and scripts/validate-community-v100-ga-post-publication.py define and enforce the published GA evidence path for GitHub Release links, final artifact SHA-256 checksums, checksum manifest, provenance metadata, clean install smoke, Community Docker build evidence, verifier workflow defaults, README links, release index status, release dashboard status, wiki navigation, and public boundary validation.
Community release keyless attestation: docs/community-release-keyless-attestation.md, .github/workflows/attest-community-release.yml, and scripts/validate-community-release-keyless-attestation.py define and enforce the public Community release asset attestation path for published artifact download, checksum validation, GitHub Actions OIDC/Sigstore attestation generation, gh attestation verify evidence, README links, wiki navigation, and public boundary validation.
Historical GA publication next recommendation: Merge the Community v1.0.0 metadata bump, create the community-v1.0.0 tag from main, build and upload final GitHub Release assets, then record final checksums, provenance, verifier defaults, and post-publication verification.
Next recommendation: Use Community v1.0.0 as the stable public baseline and begin the v1.0.1 maintenance planning path for post-GA fixes, release integrity hardening, detached signing or keyless attestation, and adoption feedback.
Community release index: docs/community-release-index.md summarizes public Community tags, release notes, verification packets, publication state, and next action for published and dry-run Community release records.
Community release index freshness: docs/community-release-index-freshness.md and scripts/validate-community-release-index.py enforce that every indexed Community release has matching release notes, verification evidence, README links, wiki links, and a valid publication state.
Community release readiness dashboard: docs/community-release-readiness-dashboard.md rolls up public Community release states, release evidence, verification packets, freshness controls, validation commands, CI evidence, and maintainer next actions.
Community release readiness dashboard validation: docs/community-release-readiness-dashboard-validation.md and scripts/validate-community-release-readiness-dashboard.py enforce dashboard row parity with the release index, required freshness controls, verification commands, CI workflow references, README navigation, wiki navigation, and public boundary language.
CAVRA developer portal redesign: apps/sandbox-ui now presents the public GitHub Pages site as a Backstage-style portal with persistent navigation, command palette search, mobile drawer and bottom navigation, interactive architecture explorer, policy/evidence/integration/compliance/use-case/documentation/roadmap pages, and a static-hostable design path documented in docs/sandbox-portal-redesign.md.
Enterprise Trial hosted portal wiring: GitHub Pages deployment now writes window.CAVRA_TRIAL_API_URL from repository variable CAVRA_PUBLIC_TRIAL_API_URL. GitHub Pages and Jekyll remain public-static surfaces only; the private Trial Access Portal, license service, evaluator records, GHCR access, expiry, and revocation workflows remain outside the public repository.
CAVRA developer portal smoke validation: scripts/validate-sandbox-portal.py keeps public GitHub Pages routes, command palette content, mobile navigation, architecture nodes, compliance filters, workflow smoke strings, brand assets, README links, and wiki navigation aligned before deployment.
Console closeout operator experience: apps/sandbox-ui includes an Operator Paths route for prospects, auditors, platform teams, and CISOs. scripts/validate-console-closeout.py keeps the route, persona cards, command palette entries, docs, wiki navigation, roadmap handoff, and CI wiring aligned.
Console security boundary and sessions: GET /console/security-boundary reports OIDC, repository RBAC, CORS, console permission categories, and operator notes for deployed console/API topologies. GET /console/session validates bearer-token OIDC context, returns actor identity, repository permissions, and console permission flags, and console approval or break-glass mutations require verified actor context when OIDC or RBAC is configured. Entra ID and Okta reference bundles live under examples/identity/.
Evidence artifact retrieval: GET /evidence/{session_id}/artifacts, GET /evidence/{session_id}/artifacts/{artifact_name}, and GET /evidence/{session_id}/artifact-bundle expose allowlisted bundle files for indexed sessions and allowlisted managed endpoint rollout evidence files when CAVRA_EVIDENCE_ARTIFACT_ROOT is configured. Rollout listings include checksum integrity and promotion readiness. The console shows artifact lists, bundle download links, rollout integrity, and readiness indicators from evidence rows.
Agent and MCP registry: registry agent-register, registry agent-list, registry profiles, registry mcp-register, registry mcp-list, registry mcp-check, registry mcp-classifications, and registry migrate support JSON/SQLite governed agent identities, MCP trust tiers, approved tools, capabilities, owner, approval state, last-seen metadata, predefined agent capability profiles, MCP tool classifications, console registry views, and registry-backed MCP runtime decisions.
Existing policy packs: CAVRA baseline, banking, PCI DSS, HIPAA, SOX, NIST SSDF, ISO 27001, EU AI Act, OWASP LLM/agentic, MCP enterprise, Kubernetes prod, Terraform/OpenTofu prod, cloud IAM, GitHub Enterprise, GitLab Enterprise.
Current controls: file reads, file writes, shell commands, Terraform/OpenTofu, Kubernetes, cloud IAM commands, Git protected branch push, MCP unknown server blocking, audit evidence, approval routing, claims-aware approval decisions, PR attestation, final rollback drill readiness bundles, externally signed archive manifests, release closeout summaries, closeout delivery, retention review approvals, downloadable closeout artifact bundles, closeout retention health reports, retention alert delivery, failed closeout delivery retry planning, final closeout operator guidance, final closeout release criteria, final closeout trial guidance, final closeout trial walkthrough, synthetic sample evidence package, sales-engineering demo script, interactive final closeout sandbox flow, downloadable sample evidence, release-criteria summary cards, production pilot intake worksheets, readiness checklists, Enterprise/SaaS handoff plan, synthetic pilot intake template, Evidence Console pilot readiness panel, pilot intake save API, pilot readiness scoring, public-safe private handoff plan contracts, private Enterprise MVP bootstrap for tenant-scoped pilot-intake execution, private SSO claim binding for Enterprise pilot authorization, private customer/SaaS KMS-style envelope encryption, private managed tenant database adapter contracts, private CRM/ITSM/GRC/customer-success/tenant-management handoff workers, private provider-native Salesforce/HubSpot/Jira/ServiceNow/Archer adapters, private immutable audit export and retention enforcement, private provider auth/rate-limit handling, private immutable object storage adapters, private archive health deployment recipes, private scheduled archive health workers, private archive alert delivery and dashboard persistence, private archive alert transport packages and dashboard API persistence, private managed archive dashboard storage with live alert transports, private archive alert deployment wiring, private archive alert deployment runbooks with Kubernetes/Helm examples and provider smoke-test guidance, and private archive alert smoke-test execution jobs with post-delivery dashboard assertions, and private archive alert smoke-test scheduling with evidence export and customer-facing deployment verification reports, and private archive alert verification report delivery routing with customer-success handoff automation, and private archive alert verification delivery health dashboards with retry planning, and private archive alert verification retry workers with customer-success closure evidence, and private archive alert verification retry health alerts with closure trend reporting, and private archive alert verification retry alert routing with closure dashboard persistence, and private archive alert verification retry alert acknowledgements with closure dashboard query filters, and private archive alert verification acknowledgement trend reports with dashboard export packages, and private archive alert verification dashboard export delivery routing with acknowledgement SLA summaries, and private archive alert verification delivery SLA alert routing with export delivery health dashboards, and private archive alert verification SLA alert delivery retry planning with export delivery health trend reports, and private archive alert verification SLA alert retry worker execution with export delivery trend persistence, and private archive alert verification SLA retry worker health reporting with export trend query filters, and private archive alert verification SLA retry worker health alert routing with export trend summary packages, and private archive alert verification SLA retry worker health alert acknowledgements with export summary delivery dashboards, and private archive alert verification export summary delivery retry planning with acknowledgement trend reports, and private archive alert verification export summary retry worker execution with acknowledgement trend persistence, and private archive alert verification export summary retry worker health reporting with acknowledgement trend query filters, and private archive alert verification export summary retry health alert routing with acknowledgement trend exports, and private archive alert verification export summary retry health acknowledgements with trend delivery dashboards.
Known gaps: Archive alert deployment runbooks, Kubernetes/Helm examples, and provider smoke-test commands remain private Enterprise/SaaS follow-up work. CAVRA does not yet have a production-grade real-time AI Security Posture Management dashboard. The public Evidence Console provides sample and local evidence views, while the Enterprise roadmap now calls for live agent observability, prompts, reasoning traces, tool calls, execution timelines, risk and violation queues, drift detection, approval lineage, RBAC-scoped governance, trace replay, SOC 2-style audit logs, kill switches, policy toggles, and runtime override evidence. See docs/ai-security-posture-dashboard-roadmap.md.
Recent parity expansion: Go and Python now share high-risk command and cloud/IaC fixtures for Cloud IAM, Kubernetes production, Terraform/OpenTofu production, GitHub Enterprise, OWASP LLM agentic command injection, and transparent agentic delivery controls.
Refactor recommendations: typed policy models, JSON Schema validation in command path, persistent evidence store, policy inheritance resolver, expanded golden parity suite, generated enforcement contracts for the Go runtime, and promotion posture checks for Go pilot runner and workstation paths.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion