-
Notifications
You must be signed in to change notification settings - Fork 0
Current Feature Inventory
Implemented modules: policy registry, policy authoring preview, approval-bound signed policy publishing, rollout change planning, runtime guard, session audit, command interceptor, PR attestation exporter, webhook exporter, connector execution hooks, connector delivery history dashboards, approval router, evidence hub, evidence artifact retrieval, CI/CD required-check templates, activity persistence, repository inventory, policy rollout persistence, integration inventory, persistent API operations, production deployment validation, Typer CLI, MCP server, FastAPI app, sandbox decision model, Go enforcement-plane parity scaffold, opt-in Go backend pilot, Go backend deployment readiness, Go backend promotion gate, Go backend rollback controls, Go backend rollback rehearsal evidence, Go backend rollback drill history, Go backend rollback drill scheduling and stale notification delivery, Go backend rollback drill notification acknowledgements and escalation plans, Go backend rollback drill owner routing, maintenance-window suppression, routing history filters, suppression trend summaries, authenticated drill acknowledgement controls, bulk drill acknowledgement workflows, acknowledgement audit packages, acknowledgement audit delivery routing, acknowledgement audit delivery health dashboards, acknowledgement audit delivery retry plans, scheduled acknowledgement audit delivery worker runs, worker health alerts, retry acknowledgements, retry execution approvals, connector recovery playbooks, approval-bound live retry execution records, connector recovery closure evidence, retry execution dashboards, recovery SLO reporting, closure trend analytics, recovery escalation notifications, recovery escalation acknowledgements, escalation delivery retry plans, recovery escalation retry workers, recovery escalation retry execution records, recovery escalation retry health reports, recovery retry health alert delivery, retry planning and retry worker execution, executive recovery reports, scheduled executive report runs, executive report delivery, executive report delivery retry plans, executive report delivery retry execution, executive delivery retry health reports, and executive retry health alert delivery and acknowledgements, final reporting closure dashboards, release-readiness summaries, operator runbook exports, readiness approval decisions, release record attachments, closure packet verifications, auditor exports, auditor export delivery routing, immutable archive references, auditor export retry planning, auditor export retry worker execution records, archive reference health checks, archive health alert delivery acknowledgements, final closeout delivery, retention review approvals, downloadable closeout artifact bundles, closeout retention health reports, retention health alert delivery, closeout delivery retry plans, closeout retry workers, closeout retry execution records, final closeout operator runbooks, final closeout release criteria, final closeout trial guidance, final closeout trial walkthrough, synthetic sample evidence package, sales-engineering demo script, interactive final closeout sandbox flow, downloadable final closeout sample evidence, release-criteria summary cards, final closeout production pilot intake worksheets, pilot readiness checklists, Enterprise/SaaS handoff plan, synthetic pilot intake template, Go enforcement contracts, typed release-governance evidence contract payloads, runner authentication contract payloads, typed release-governance daemon and CI runner examples, Go daemon transport, Go daemon client helper, signed runner authentication claims, CI-provider OIDC JWT runner verification, provider-native runner OIDC token acquisition for GitHub Actions, GitLab CI, and Azure Pipelines wrappers, runner/evidence key custody documentation, hash-chained HMAC-signed daemon evidence streams, daemon evidence verifier CLI support, signed CI runner bundle metadata, reusable release-governance runner wrappers, GitHub composite runner action, release governance record parity for approvals, delivery failures, endpoint publication, inventory freshness, reconciliation drift, SLA reports, and handoff status, release channel manifests, managed workstation updater policy, release-channel promotion approvals, endpoint-management export bundles, release channel publishing history views, governed endpoint export downloads, endpoint export publication delivery, endpoint inventory ingestion, endpoint inventory freshness SLA reporting, reconciliation automation from ingested inventory, managed endpoint deployment reconciliation, endpoint drift monitoring dashboards, approval-bound endpoint drift remediation plans, endpoint remediation handoff packages, endpoint remediation handoff status reconciliation, endpoint remediation SLA and executive reporting, endpoint remediation SLA notification delivery, notification routing policies, acknowledgement tracking, duplicate suppression windows, escalation ladders, owner-specific service-level objectives, recurrence retry policies, owner digest notifications, suppression trend analytics, Evidence Console recurrence operations filters and export drill-downs, Evidence Console drill notification acknowledgement and escalation drill-downs, scheduled recurrence automation worker runs, Evidence Console recurrence automation worker history, recurrence automation deployment templates, recurrence automation health reporting, recurrence automation health alert delivery and acknowledgements, hosted sandbox deployment workflow, CAVRA brand asset system, open-core edition boundaries, public-safe licensing placeholders, feature registry, and plugin runtime interfaces.
Private Enterprise implementation progress: the private cavra-enterprise repository now includes final rollout release-readiness approvals, managed tenant database adapter and driver package contracts, migration readiness evidence, envelope/KMS provider factory registration, KMS policy readiness evidence, cloud object storage provider factory registration, provider package descriptors, managed database driver package health evidence, object storage probe scheduling and retry evidence, managed database driver health scheduling and retry evidence, dashboard persistence, release-readiness approval summaries, managed infrastructure readiness rollups, SaaS customer operating closeout evidence, and SaaS operating automation plan evidence through PR #74. Public Community docs expose only the product boundary, SaaS operating automation contract, public API/CLI surfaces, Evidence Console inspection, and user-facing capability summary.
Agent enforcement readiness: agent enforcement-readiness inspects local CAVRA enforcement files and optional exported provider settings for required-check workflow coverage, evidence artifacts, agent manifests, PR templates, CODEOWNERS, branch protection, required checks, security checks, and risky workflow permission patterns.
Existing CLI commands: version, evaluate, agent start, agent exec, agent attest, agent enforcement-readiness, policy list, policy describe, policy validate, policy test, policy explain, policy compile, policy diff, policy sign, policy verify, policy simulate, policy dry-run, policy init, runtime go-pilot-readiness, runtime go-deployment-readiness, runtime go-promotion-readiness, runtime go-rollback-readiness, runtime go-rollback-rehearsal, runtime go-rollback-drills, runtime go-rollback-drill-schedule, runtime go-rollback-drill-notification-plan, runtime go-rollback-drill-notification-ack, runtime go-rollback-drill-escalation-plan, runtime go-pilot-evaluate, integration deliver, ops stores, ops backup, ops restore, ops retention-plan, init claude-code, demo before-the-agent-acts.
Policy engine hardening: policy validate uses JSON Schema, policy compile emits normalized output and accepts overlays, policy diff reports semantic added/removed/changed paths, policy sign emits signature metadata, policy verify detects digest tampering, and policy packs can inherit parent packs through metadata.inherits.
Evidence hub: evidence bundle creates manifest.json, evidence.json, pr-attestation.md, compliance-mapping.md, siem-event.json, and sandbox-run-summary.json; evidence verify validates checksums plus optional HMAC or Ed25519 signatures; trust-root bundles, offline trust-root distribution packages, retention artifacts, immutable storage plans, AWS S3 Object Lock and Azure Blob immutability deployment references, SQLite metadata indexing, PR attestation verification, and governed artifact retrieval are available. Go release packaging includes signed installer metadata, managed endpoint deployment manifests, release channel manifests, managed workstation updater policy, signed release-channel promotion approvals, Jamf/Intune/Linux endpoint-management export bundles, release channel promotion request indexing, endpoint export indexing, API and Evidence Console publishing history views, governed endpoint export downloads, checksum-enforced endpoint export integrity, endpoint export publication records, Jamf/Intune/Linux connector delivery, endpoint publication history dashboards, endpoint inventory ingestion for Jamf, Intune, Linux fleet, and EDR exports, endpoint inventory freshness SLA reports, reconciliation automation from ingested inventory, managed endpoint reconciliation, endpoint drift dashboards, approval-bound endpoint drift remediation requests, approved remediation execution records, endpoint remediation handoff packages, endpoint remediation handoff status reconciliation, SLA breach reporting, executive summaries, SLA notification delivery, routing plans, duplicate suppression, acknowledgement records, escalation ladders, owner-specific acknowledgement and resolution SLO state, escalation delivery actions, owner review records, recurrence policies, owner calendars, maintenance-window suppression, recurrence delivery batching, suppression audit exports, recurrence retry policies, owner digest notifications, and suppression trend analytics for ITSM, ChatOps, and private connector queues, managed rollout evidence capture, rollout evidence verification and indexing, rollout evidence search filters and console/API views, governed rollout artifact retrieval, rollout artifact integrity status, promotion readiness indicators, signed promotion approval requests, approved promotion execution records, promotion execution search and audit drill-downs, rollback evidence links, approved rollback execution records, SIEM/ITSM promotion audit exports, connector delivery for promotion audit and rollback execution records, persisted connector delivery history, alert dashboard summaries, installer smoke validation, SBOM, provenance, keyless attestations, release evidence, and air-gapped verification.
Approval router: approval create, list, approve, deny, expire, break-glass, route, migrate, export-notifications, provider-requests, and deliver support JSON or SQLite stores, repository routing files, local claims authorization, signed OIDC/JWKS validation, repository RBAC policies, Entra ID and Okta deployment references, provider payload exports, credential-free provider request specs, live provider delivery with redacted evidence, console break-glass creation, and approval audit detail views.
Existing API endpoints: /health, /version, /policies, /policy-packs, /policy-pack-catalog, /policy-packs/draft, /policy-packs/publish-plan, /policy-packs/publish-request, /policy-packs/publish, /policy-rollouts/change-plan, /policy-rollouts/apply-change, /deployment/production-readiness, /runtime/go-pilot/readiness, /runtime/go-pilot/deployment-readiness, /runtime/go-pilot/promotion-readiness, /runtime/go-pilot/rollback-readiness, /runtime/go-pilot/rollback-rehearsal, /runtime/go-pilot/rollback-drills, /runtime/go-pilot/evaluate, /saas/control-plane/contract, /saas/operating-automation, /decisions, /sessions, /agents, /repositories, /approvals, /evidence, /evidence/{session_id}/artifacts, /integrations, /integrations/{integration_id}/deliver, /mcp/servers, /mcp/trust, /risk/events, /compliance/mappings, and sandbox endpoints under /api/sandbox.
Activity persistence: POST /decisions evaluates and persists decisions, GET /decisions searches decisions by session, agent, repository, policy pack, outcome, severity, and action type, and GET /sessions searches session summaries. JSON and SQLite stores are supported through CAVRA_ACTIVITY_STORE and CAVRA_ACTIVITY_DB.
Repository inventory and policy rollout persistence: POST /repositories upserts repository scope, ownership, status, protected branch, required check, risk tier, and active policy metadata; GET /repositories searches by provider, owner, policy pack, status, and risk tier; POST /policy-rollouts upserts rollout mode, state, owner, version, coverage, and evidence references; and GET /policy-rollouts searches by repository, policy pack, state, mode, and owner. JSON and SQLite stores are supported through CAVRA_INVENTORY_STORE and CAVRA_INVENTORY_DB.
Policy rollout drill-downs: GET /policy-rollout-details/{rollout_id} joins rollout state with repository inventory, policy pack metadata, matching decision activity, integration inventory, and readiness checks. The console shows rollout detail from each policy rollout row.
Policy authoring and rollout changes: GET /policy-pack-catalog summarizes installed policy packs, POST /policy-packs/draft validates read-only policy drafts, POST /policy-packs/publish-plan previews approval-bound write-back, POST /policy-packs/publish-request creates a digest-bound approval request, POST /policy-packs/publish writes policy.yaml and signature metadata only after matching approval, POST /policy-rollouts/change-plan previews rollout transitions, and POST /policy-rollouts/apply-change persists rollout changes with verified actor context when OIDC or RBAC is configured.
Integration inventory persistence: POST /integrations upserts provider, category, owner, environment, auth mode, endpoint reference, status, health status, capability, repository scope, and evidence metadata; GET /integrations searches by provider, category, status, owner, environment, and health status. JSON and SQLite stores are supported through CAVRA_INTEGRATION_STORE and CAVRA_INTEGRATION_DB.
Connector execution hooks: POST /integrations/{integration_id}/deliver and cavra integration deliver send events through configured Splunk, Sentinel, Datadog, Slack, Teams, Jira, ServiceNow, or webhook connectors and return redacted delivery evidence. CAVRA_CONNECTOR_CONFIG points the API at connector configuration.
Persistent API operations: ops stores reports active JSON/SQLite persistence paths, ops backup writes checksum-backed JSON and SQLite backups, ops restore validates backup checksums before copying stores to a test or live path, and ops retention-plan exports JSON and Markdown retention controls. The API exposes read-only /operations/stores and /operations/retention-plan, and operations now include integration inventory stores.
Production deployment validation: GET /deployment/production-readiness checks OIDC, RBAC, CORS, evidence artifact root, policy catalog availability, persistent store presence, Go backend pilot readiness, Go CI runner/workstation deployment readiness, Go promotion readiness, Go rollback readiness, Go rollback rehearsal readiness, Go rollback drill history, and Go rollback drill scheduling. The console includes a Production Readiness panel with Go pilot, deployment, promotion, rollback, rehearsal, latest drill status, recovery target, next drill due date, notification routes, and evidence references.
CI/CD required-check templates: .github/workflows/cavra-governance.yml exposes cavra-required-check for branch protection, validates policy packs, runs lint/tests, generates and verifies evidence, verifies PR attestation, and uploads CI evidence artifacts. Reusable GitHub Actions, GitLab CI, and Azure Pipelines examples live under examples/.
Go enforcement-plane parity scaffold: go/cavra-runtime/ contains a Go module, runtime decision evaluator, CLI entrypoint, compiled-policy JSON loader, generated enforcement contract package, and shared parity fixture for critical file, command, Git, MCP, and release governance record decisions. Release governance parity now covers approval states, delivery failures, endpoint publication delivery, inventory freshness, reconciliation drift, SLA reports, and handoff status. The Go CLI supports --policy for normalized JSON generated by cavra policy compile. tests/test_go_runtime_parity.py, the go-runtime-parity CI job, and cavra-required-check exercise the parity contract.
Go enforcement contracts: scripts/generate_go_enforcement_contracts.py generates go/cavra-runtime/enforcement/v1/contracts.go from proto/cavra/enforcement/v1/enforcement.proto. The generated package provides EvaluateRequest, ReleaseGovernanceEvidence, DecisionResponse, and conversion helpers for daemon transport and runtime release-governance records.
Go daemon transport: go/cavra-runtime/daemon and go run ./cmd/cavra-runtime --serve --socket .cavra/cavra-runtime.sock provide the first Unix-socket transport for generated EvaluateRequest and DecisionResponse JSON payloads. daemon.NewClient(socket).Evaluate(request) and go run ./cmd/cavra-runtime --daemon --socket .cavra/cavra-runtime.sock provide a reusable client path. go run ./cmd/cavra-runtime --lifecycle start|status|stop provides PID-file-backed daemon lifecycle management. --evidence-log writes request/response JSONL evidence and appends go-daemon-evidence://... references to decision responses. examples/go-runtime/typed-release-governance/ plus GitHub Actions, GitLab CI, Azure Pipelines templates, examples/ci-runners/cavra-release-governance-runner.sh, and examples/github-actions/actions/cavra-release-governance-go-runtime/action.yml show release-governance gates using typed daemon requests. The Go release package now emits cavra-runtime.ci-runner-bundles.json and signs the reusable runner wrappers with the rest of the runtime release evidence.
Opt-in Go backend pilot: src/cavra/go_backend.py defaults to Python-only mode, supports disabled, shadow, enforce, and promoted, validates configured runtime and compiled policy paths, exposes CLI and API readiness reports, evaluates Python first, invokes Go only when enabled, and falls back to Python on runtime failure, timeout, missing readiness inputs, missing promotion evidence, missing rollback controls, missing rollback rehearsal evidence, missing rollback drill history, or parity mismatch.
Go backend deployment readiness: cavra runtime go-deployment-readiness, /runtime/go-pilot/deployment-readiness, and /deployment/production-readiness validate CI runner bundle metadata, endpoint deployment metadata, workstation release channels, and updater policy before Go backend promotion.
Go backend promotion gate: cavra runtime go-promotion-readiness, /runtime/go-pilot/promotion-readiness, and /deployment/production-readiness require runtime readiness, deployment readiness, approved audited parity evidence, and CAVRA_GO_PROMOTION_EVIDENCE before promoted mode selects Go as an optional backend.
Go backend rollback controls: cavra runtime go-rollback-readiness, /runtime/go-pilot/rollback-readiness, and /deployment/production-readiness require an approved CAVRA_GO_ROLLBACK_PLAN with target_mode=disabled, recovery steps, controls, and evidence references before promoted mode selects Go as an optional backend.
Go backend rollback rehearsal evidence: cavra runtime go-rollback-rehearsal, /runtime/go-pilot/rollback-rehearsal, and /deployment/production-readiness require CAVRA_GO_ROLLBACK_REHEARSAL_EVIDENCE, verified Python fallback restoration, recovery-time evidence, a runbook reference, and evidence refs before promoted mode selects Go as an optional backend. The Evidence Console surfaces rehearsal status, recovery target, and evidence references.
Go backend rollback drill history: cavra runtime go-rollback-drills, /runtime/go-pilot/rollback-drills, and /deployment/production-readiness require CAVRA_GO_ROLLBACK_DRILL_HISTORY, a fresh passing drill, disabled target mode, verified Python fallback restoration, recovery-time evidence, and evidence refs before promoted mode selects Go as an optional backend. The Evidence Console surfaces latest drill status, timestamp, and evidence references.
Go backend rollback drill scheduling: cavra runtime go-rollback-drill-schedule, cavra runtime go-rollback-drill-notification-plan, /runtime/go-pilot/rollback-drill-schedule, and /runtime/go-pilot/rollback-drill-notifications/deliver require CAVRA_GO_ROLLBACK_DRILL_SCHEDULE, active cadence metadata, owners, notification providers, and runbook references. Promoted mode selects Go only when the schedule is ready or due soon; stale schedules fall back to Python and can deliver redacted connector notification evidence.
Go backend rollback drill notification acknowledgements: runtime APIs now include acknowledgement audit delivery, recovery escalation, recovery retry health alert delivery, retry planning, retry worker execution, executive recovery reports, scheduled executive report delivery, executive delivery retry plans, executive delivery retry workers, executive delivery retry health reports, executive retry health alerts, final closeout retention health, final closeout retention alerts, final closeout delivery retry planning, final closeout retry workers, dashboard search, route history, and missed-notification escalation plans. They record public-safe acknowledgement metadata, dashboard outstanding routes, bulk route acknowledgements, delivery health dashboards, retry acknowledgements, retry recovery reports, recovery escalation delivery, recovery escalation retry execution records, recovery health alert retry execution records, executive report delivery retry execution, executive retry health alert acknowledgements, and health metadata, final auditor export delivery metadata, immutable archive references, auditor export retry plans, auditor export retry worker execution records, archive reference health reports, archive health alert acknowledgements, closeout retention health reports, and closeout retry execution records without connector or archive secrets.
Go backend rollback drill routing: cavra runtime go-rollback-drill-notification-plan --routing-policy and /runtime/go-pilot/rollback-drill-notifications/deliver accept public-safe owner_routes, maintenance_windows, and owner_calendars to select per-owner providers, apply owner-specific acknowledgement SLOs, and suppress connector delivery during approved change freezes or owner unavailability.
Hosted sandbox deployment workflow: .github/workflows/deploy-sandbox.yml validates apps/sandbox-ui/sandbox.js, builds a static artifact from apps/sandbox-ui, includes SVG diagram assets, uploads a GitHub Pages artifact, opts JavaScript-based GitHub Actions into Node.js 24, and deploys only from main.
Brand assets: assets/brand/ contains CAVRA SVG logos, favicons, social thumbnails, and PNG exports for documentation, README, dashboard, and social preview usage. The sandbox console uses a top-left CAVRA wordmark, a larger top-right hero mark below the install CTA, and ships the brand assets in the Pages artifact.
Evidence Console Community GA closeout: the hosted sandbox now includes a Community GA Control Hardening section with Ed25519 policy signing commands, runtime mode behavior, golden decision snapshot coverage, deployment validation references, and release evidence links for the public Community path.
Community GA release checklist: docs/community-ga-release-checklist.md ties public boundary validation, Ed25519 policy signing, runtime modes, golden decision snapshots, Evidence Console readiness, deployment validation, Go runtime readiness, documentation sync, and required CI evidence into one user-verifiable public Community release gate.
Community GA release packet template: docs/community-ga-release-packet-template.md, docs/release-packets/community-ga-release-packet.schema.json, and examples/release-packets/community-ga-release-packet.example.json define the public-safe Markdown and JSON packet shape for future Community GA release evidence, accepted risk review, boundary status, release decision, and wiki sync references.
Community GA dry-run release packet: docs/release-packets/community-ga-dry-run-2026-06-04.md and docs/release-packets/community-ga-dry-run-2026-06-04.json record the first public-safe dry run of the Community GA checklist against main commit 65f63df48304, including boundary, policy signing, runtime mode, Evidence Console, deployment readiness, Go disabled-readiness, documentation, and CI evidence status.
Community GA release packet validation: scripts/validate-release-packets.py validates Community GA packet JSON artifacts against docs/release-packets/community-ga-release-packet.schema.json, enforces the required gate set, rejects ready_for_community_ga packets with accepted risks, and runs in Community CI, security scan, release-community, and cavra-required-check workflows.
Community GA v0.1.0 release packet: docs/release-packets/community-ga-v0.1.0.md and docs/release-packets/community-ga-v0.1.0.json record the first official public Community GA release packet for tag community-v0.1.0, with all Community GA gates passing and no accepted risks.
Community GA v0.1.0 release publication: docs/community-ga-v0.1.0-release-publication.md records the public GitHub Release URL, successful release workflow, attached source distribution and wheel artifacts, SHA-256 checksums, and public Community boundary notice.
Community GA v0.1.0 post-release verification: docs/release-verifications/community-v0.1.0-post-release-verification.md, docs/release-verifications/community-v0.1.0-post-release-verification.json, scripts/verify-community-release-artifacts.py, .github/workflows/verify-community-release.yml, docs/community-release-verification-runbook.md, and docs/releases/community-v0.1.0.md record artifact downloadability, checksum verification, clean wheel install smoke testing, release-link freshness, and future manual workflow operation.
Community GA user-verifiable path: docs/community-ga-user-verifiable-path.md and scripts/validate-community-ga-path.py connect policy gates, release packets, post-release verification, Evidence Console validation, Go runtime disabled/promoted status, README links, wiki navigation, and workflow enforcement into one public operator-verifiable release path.
Production deployment guide validation: docs/production-deployment-guide-validation.md and scripts/validate-production-deployment-guide.py keep install, configuration, storage, backup, restore, CORS/API, GitHub Pages portal checks, release validators, README links, wiki navigation, and CI workflow wiring aligned for public Community deployment handoffs.
Go enforcement production hardening: docs/go-enforcement-production-hardening.md and scripts/validate-go-production-hardening.py keep Unix-socket transport, gRPC boundary planning, air-gapped packaging, reproducibility, release-candidate upgrade validation, performance smoke evidence, operational readiness, README links, wiki navigation, and CI workflow wiring aligned for the public Go enforcement plane.
Enterprise integration validation: docs/enterprise-integration-validation.md and scripts/validate-enterprise-integration-readiness.py keep GitHub App/orchestrator governance, GitLab CI parity, Azure DevOps parity, SAML identity readiness, SIEM workflow evidence, ITSM workflow evidence, README links, wiki navigation, and CI workflow wiring aligned without exposing Enterprise source code or provider credentials.
Production readiness procurement closeout: docs/production-readiness-procurement-closeout.md and scripts/validate-production-readiness-procurement-closeout.py keep performance, concurrency, backup/restore, upgrade/migration, SOC 2 readiness, security advisory drill, release integrity, README links, wiki navigation, and CI workflow wiring aligned for procurement handoff.
Community maintenance-release governance: docs/community-maintenance-release-checklist.md, docs/community-maintenance-release-evidence-template.md, docs/release-verifications/community-maintenance-release.schema.json, examples/release-verifications/community-maintenance-release.example.json, and scripts/validate-maintenance-release-evidence.py define and enforce the post-GA public Community maintenance release gate set for release notes, changelog, README, wiki, verification workflow, artifact checksums, install smoke, public boundary, and CI evidence.
Community release-note freshness: docs/community-release-note-freshness.md and scripts/validate-community-release-note-freshness.py enforce that every docs/releases/community-v*.md page has a matching GitHub Release URL, verification packet, README link, wiki release notes page, and wiki verification entry.
Community v0.1.1 maintenance and post-release verification: docs/releases/community-v0.1.1.md, docs/release-verifications/community-v0.1.1-maintenance-verification.md, docs/release-verifications/community-v0.1.1-maintenance-verification.json, docs/release-verifications/community-v0.1.1-post-release-verification.md, and docs/release-verifications/community-v0.1.1-post-release-verification.json record the official post-GA public Community maintenance release path, published GitHub Release asset downloadability, SHA-256 checksum matches, clean install smoke output, README/wiki freshness, release index, and readiness dashboard links.
Community v0.1.2 readiness: docs/community-v0.1.2-readiness.md, scripts/validate-python-package-metadata.py, .github/workflows/community-ci.yml, .github/workflows/release-community.yml, .github/workflows/publish-pypi.yml, and .github/workflows/go-release.yml close Python packaging metadata warnings, assert BUSL-1.1 wheel metadata, include packaged schemas, and preserve explicit release workflow guards before official artifact publication.
Community v0.1.2 release record: docs/releases/community-v0.1.2.md, docs/release-verifications/community-v0.1.2-maintenance-verification.md, docs/release-verifications/community-v0.1.2-maintenance-verification.json, docs/release-verifications/community-v0.1.2-post-release-verification.md, docs/release-verifications/community-v0.1.2-post-release-verification.json, docs/community-release-index.md, and docs/community-release-readiness-dashboard.md record the published maintenance release, package metadata closure, release workflow guard evidence, artifact checksums, clean-install smoke, and public boundary status.
Community v0.1.3 maintenance planning: docs/community-v0.1.3-maintenance-planning.md records GitHub Actions Node 24 workflow readiness, current v0.1.3 verification defaults, and the public-safe release-candidate checklist for the current Community maintenance release.
Community v0.1.3 release record: docs/releases/community-v0.1.3.md, docs/release-verifications/community-v0.1.3-maintenance-verification.md, docs/release-verifications/community-v0.1.3-maintenance-verification.json, docs/release-verifications/community-v0.1.3-post-release-verification.md, docs/release-verifications/community-v0.1.3-post-release-verification.json, docs/community-release-index.md, and docs/community-release-readiness-dashboard.md record the package version bump, release evidence, public boundary, artifact checksums, clean-install smoke, and final post-release verification.
Community v1.0.0 stabilization planning: docs/community-v1.0.0-stabilization-plan.md, docs/release-verifications/community-v1.0.0-stabilization-plan.json, and scripts/validate-community-v100-stabilization.py define and enforce the public-safe v1.0.0 path for release signing, reproducible provenance, GA announcement readiness, final operator evidence, and public boundary validation.
Community v1.0.0 release-candidate hardening: docs/community-v1.0.0-release-candidate-hardening.md, docs/release-verifications/community-v1.0.0-release-candidate-hardening.json, and scripts/validate-community-v100-rc-hardening.py define and enforce the public-safe RC path for signed artifact verification, reproducible provenance verification, GA announcement checklist, final operator evidence, and public boundary validation.
Community v1.0.0 release-candidate publication: docs/community-v1.0.0-release-candidate-publication.md, docs/releases/community-v1.0.0-rc.1.md, docs/release-verifications/community-v1.0.0-rc.1-publication-readiness.md, docs/release-verifications/community-v1.0.0-release-candidate-publication.json, and scripts/validate-community-v100-rc-publication.py define and enforce the public-safe RC1 dry-run publication path for release notes, signed artifact verification readiness, provenance evidence readiness, announcement readiness, release index coverage, release dashboard coverage, and public boundary validation.
Community v1.0.0 RC1 post-publication verification: docs/release-verifications/community-v1.0.0-rc.1-post-publication-verification.md, docs/release-verifications/community-v1.0.0-rc.1-post-publication-verification.json, and scripts/validate-community-v100-rc-post-publication.py define and enforce the published RC1 evidence path for GitHub Release links, artifact SHA-256 checksums, provenance metadata, workflow evidence, clean install smoke, README links, release index status, release dashboard status, wiki navigation, and public boundary validation.
Community v1.0.0 GA readiness: docs/community-v1.0.0-ga-readiness.md, docs/release-verifications/community-v1.0.0-ga-readiness.json, and scripts/validate-community-v100-ga-readiness.py define and enforce the public-safe GA readiness bridge from RC1 feedback into upgrade notes, installer paths, announcement copy, final GA evidence gates, README links, wiki navigation, release index continuity, release dashboard continuity, and public boundary validation.
Next recommendation: Prepare Community v1.0.0 GA publication package from validated RC1 feedback and the completed Node 24 readiness baseline by drafting final release notes, v1.0.0 artifact build plan, verifier inputs, and announcement approval evidence.
Community release index: docs/community-release-index.md summarizes public Community tags, release notes, verification packets, publication state, and next action for published and dry-run Community release records.
Community release index freshness: docs/community-release-index-freshness.md and scripts/validate-community-release-index.py enforce that every indexed Community release has matching release notes, verification evidence, README links, wiki links, and a valid publication state.
Community release readiness dashboard: docs/community-release-readiness-dashboard.md rolls up public Community release states, release evidence, verification packets, freshness controls, validation commands, CI evidence, and maintainer next actions.
Community release readiness dashboard validation: docs/community-release-readiness-dashboard-validation.md and scripts/validate-community-release-readiness-dashboard.py enforce dashboard row parity with the release index, required freshness controls, verification commands, CI workflow references, README navigation, wiki navigation, and public boundary language.
CAVRA developer portal redesign: apps/sandbox-ui now presents the public GitHub Pages site as a Backstage-style portal with persistent navigation, command palette search, mobile drawer and bottom navigation, interactive architecture explorer, policy/evidence/integration/compliance/use-case/documentation/roadmap pages, and a static-hostable design path documented in docs/sandbox-portal-redesign.md.
CAVRA developer portal smoke validation: scripts/validate-sandbox-portal.py keeps public GitHub Pages routes, command palette content, mobile navigation, architecture nodes, compliance filters, workflow smoke strings, brand assets, README links, and wiki navigation aligned before deployment.
Console closeout operator experience: apps/sandbox-ui includes an Operator Paths route for prospects, auditors, platform teams, and CISOs. scripts/validate-console-closeout.py keeps the route, persona cards, command palette entries, docs, wiki navigation, roadmap handoff, and CI wiring aligned.
Console security boundary and sessions: GET /console/security-boundary reports OIDC, repository RBAC, CORS, console permission categories, and operator notes for deployed console/API topologies. GET /console/session validates bearer-token OIDC context, returns actor identity, repository permissions, and console permission flags, and console approval or break-glass mutations require verified actor context when OIDC or RBAC is configured. Entra ID and Okta reference bundles live under examples/identity/.
Evidence artifact retrieval: GET /evidence/{session_id}/artifacts, GET /evidence/{session_id}/artifacts/{artifact_name}, and GET /evidence/{session_id}/artifact-bundle expose allowlisted bundle files for indexed sessions and allowlisted managed endpoint rollout evidence files when CAVRA_EVIDENCE_ARTIFACT_ROOT is configured. Rollout listings include checksum integrity and promotion readiness. The console shows artifact lists, bundle download links, rollout integrity, and readiness indicators from evidence rows.
Agent and MCP registry: registry agent-register, registry agent-list, registry profiles, registry mcp-register, registry mcp-list, registry mcp-check, registry mcp-classifications, and registry migrate support JSON/SQLite governed agent identities, MCP trust tiers, approved tools, capabilities, owner, approval state, last-seen metadata, predefined agent capability profiles, MCP tool classifications, console registry views, and registry-backed MCP runtime decisions.
Existing policy packs: CAVRA baseline, banking, PCI DSS, HIPAA, SOX, NIST SSDF, ISO 27001, EU AI Act, OWASP LLM/agentic, MCP enterprise, Kubernetes prod, Terraform/OpenTofu prod, cloud IAM, GitHub Enterprise, GitLab Enterprise.
Current controls: file reads, file writes, shell commands, Terraform/OpenTofu, Kubernetes, cloud IAM commands, Git protected branch push, MCP unknown server blocking, audit evidence, approval routing, claims-aware approval decisions, PR attestation, final rollback drill readiness bundles, externally signed archive manifests, release closeout summaries, closeout delivery, retention review approvals, downloadable closeout artifact bundles, closeout retention health reports, retention alert delivery, failed closeout delivery retry planning, final closeout operator guidance, final closeout release criteria, final closeout trial guidance, final closeout trial walkthrough, synthetic sample evidence package, sales-engineering demo script, interactive final closeout sandbox flow, downloadable sample evidence, release-criteria summary cards, production pilot intake worksheets, readiness checklists, Enterprise/SaaS handoff plan, synthetic pilot intake template, Evidence Console pilot readiness panel, pilot intake save API, pilot readiness scoring, public-safe private handoff plan contracts, private Enterprise MVP bootstrap for tenant-scoped pilot-intake execution, private SSO claim binding for Enterprise pilot authorization, private customer/SaaS KMS-style envelope encryption, private managed tenant database adapter contracts, private CRM/ITSM/GRC/customer-success/tenant-management handoff workers, private provider-native Salesforce/HubSpot/Jira/ServiceNow/Archer adapters, private immutable audit export and retention enforcement, private provider auth/rate-limit handling, private immutable object storage adapters, private archive health deployment recipes, private scheduled archive health workers, private archive alert delivery and dashboard persistence, private archive alert transport packages and dashboard API persistence, private managed archive dashboard storage with live alert transports, private archive alert deployment wiring, private archive alert deployment runbooks with Kubernetes/Helm examples and provider smoke-test guidance, and private archive alert smoke-test execution jobs with post-delivery dashboard assertions, and private archive alert smoke-test scheduling with evidence export and customer-facing deployment verification reports, and private archive alert verification report delivery routing with customer-success handoff automation, and private archive alert verification delivery health dashboards with retry planning, and private archive alert verification retry workers with customer-success closure evidence, and private archive alert verification retry health alerts with closure trend reporting, and private archive alert verification retry alert routing with closure dashboard persistence, and private archive alert verification retry alert acknowledgements with closure dashboard query filters, and private archive alert verification acknowledgement trend reports with dashboard export packages, and private archive alert verification dashboard export delivery routing with acknowledgement SLA summaries, and private archive alert verification delivery SLA alert routing with export delivery health dashboards, and private archive alert verification SLA alert delivery retry planning with export delivery health trend reports, and private archive alert verification SLA alert retry worker execution with export delivery trend persistence, and private archive alert verification SLA retry worker health reporting with export trend query filters, and private archive alert verification SLA retry worker health alert routing with export trend summary packages, and private archive alert verification SLA retry worker health alert acknowledgements with export summary delivery dashboards, and private archive alert verification export summary delivery retry planning with acknowledgement trend reports, and private archive alert verification export summary retry worker execution with acknowledgement trend persistence, and private archive alert verification export summary retry worker health reporting with acknowledgement trend query filters, and private archive alert verification export summary retry health alert routing with acknowledgement trend exports, and private archive alert verification export summary retry health acknowledgements with trend delivery dashboards.
Known gaps: Archive alert deployment runbooks, Kubernetes/Helm examples, and provider smoke-test commands remain private Enterprise/SaaS follow-up work.
Recent parity expansion: Go and Python now share high-risk command and cloud/IaC fixtures for Cloud IAM, Kubernetes production, Terraform/OpenTofu production, GitHub Enterprise, OWASP LLM agentic command injection, and transparent agentic delivery controls.
Refactor recommendations: typed policy models, JSON Schema validation in command path, persistent evidence store, policy inheritance resolver, expanded golden parity suite, generated enforcement contracts for the Go runtime, and promotion posture checks for Go pilot runner and workstation paths.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion