-
Notifications
You must be signed in to change notification settings - Fork 0
Diagrams
See docs/diagrams/c4-context.md.
See docs/diagrams/c4-container.md. The current container diagram marks the Approval Router as an implemented JSON/SQLite-backed lifecycle service with repository routing, signed OIDC/JWKS validation, repository RBAC, Entra/Okta deployment references, console actions, console break-glass creation, approval audit details, provider request specs, and live provider delivery evidence. It also marks the Agent and MCP Trust Registry as a JSON/SQLite implementation for governed agent identities, MCP trust decisions, predefined agent profiles, MCP capability classifications, and console registry views. The metadata store now includes JSON/SQLite evidence, session, decision, approval, registry, repository inventory, policy rollout metadata, policy authoring previews, approval-bound signed policy publishing, rollout change plans, deployment readiness checks, integration inventory, connector delivery records, backup/restore operations, retention planning, and governed evidence artifact retrieval. The evidence plane now feeds CI/CD required-check artifacts for GitHub, GitLab, Azure DevOps templates, configured SIEM/ITSM/ChatOps/webhook connector hooks, and AWS/Azure immutable evidence storage references. The console security boundary and console session context are exposed as OIDC/RBAC/CORS readiness and authenticated actor metadata. The Go enforcement plane is now shown as a scaffolded parity-tested container with daemon transport and client mode, and the sandbox is shown as GitHub Pages deployable.
See docs/diagrams/agent-mcp-registry.svg for the dedicated registry view that separates profiles, registered identities, trust records, classifications, storage modes, runtime decisions, console views, and evidence consumers.
See docs/diagrams/c4-component-runtime.md.
See docs/diagrams/runtime-decision-flow.md.
See docs/diagrams/evidence-lifecycle.md.
See docs/diagrams/immutable-evidence-storage.svg for the dedicated immutable storage flow from runtime decision, signed bundle, verifier gate, and storage plan into AWS S3 Object Lock and Azure Blob immutability.
See docs/diagrams/oidc-rbac-deployment.svg for the dedicated identity flow from Entra ID or Okta discovery metadata and group claims into CAVRA OIDC config, repository RBAC, console sessions, approvals, and break-glass decisions.
See docs/diagrams/go-parity-sandbox-deployment.svg for the dedicated flow from authoritative Python runtime behavior through shared parity fixtures, Go runtime tests, required CI checks, sandbox source, GitHub Pages deployment, and the future promotion gate.
The release-governance runner wrapper now acquires provider OIDC tokens from GitHub Actions, GitLab CI, or Azure Pipelines when available, sends signed or OIDC-backed runner_auth to the Go daemon, records hash-chained evidence, verifies the evidence stream, and publishes release-governance-evidence-verification.json as an audit artifact. Custody and rotation guidance is documented in Runner-Auth-And-Evidence-Key-Custody.md.
See docs/diagrams/go-reproducible-airgap.svg for the release path from connected GitHub Actions build, checksums, SBOM, signatures, provenance, and reproducibility metadata to restricted-environment verification and optional binary rebuild.
See docs/diagrams/release-signing-operations.svg for the release path from external signing key custody into signed package generation, verifier enforcement, planned key rotation, and emergency revocation evidence.
See docs/diagrams/high-risk-command-cloud-iac-parity.svg for the shared fixture path that compares authoritative Python runtime decisions with Go runtime decisions before Go is allowed into deployment paths.
See docs/diagrams/go-backend-pilot.svg for the guarded backend-selection flow from operator opt-in through Python evaluation, Go comparison, parity gate, fallback, and readiness evidence.
See docs/diagrams/go-backend-deployment-readiness.svg for the CI runner and workstation readiness path that checks release metadata before Go backend promotion.
See docs/diagrams/go-backend-promotion.svg for the promotion gate that requires runtime readiness, deployment readiness, audited parity evidence, and approval before promoted mode selects Go.
See docs/diagrams/go-backend-rollback.svg for the rollback gate that requires an approved plan back to Python-only mode before promoted mode selects Go.
See docs/diagrams/go-backend-rollback-rehearsal.svg for the rehearsal evidence path that validates fallback restoration, recovery target, and dashboard visibility before promoted mode selects Go.
See docs/diagrams/go-backend-rollback-drill-history.svg for the operational drill history path that validates fresh fallback drills before promoted mode selects Go.
See docs/diagrams/go-backend-rollback-drill-executive-delivery-retry-execution-and-recovery-health-alerts.svg for the public-safe recovery retry health alert and executive report delivery retry execution loop.
See docs/diagrams/go-backend-rollback-drill-retry-approvals-recovery-playbooks.svg for the approval path from failed acknowledgement audit delivery through retry acknowledgement, execution approval, approval-bound worker selection, and connector recovery playbooks.
See docs/diagrams/go-backend-rollback-drill-live-retry-closure-evidence.svg for the live retry execution and recovery closure path that links failed delivery, retry acknowledgement, approval, worker execution, connector recovery playbooks, and closure evidence.
See docs/diagrams/go-backend-rollback-drill-retry-recovery-reporting.svg for the retry execution dashboard, recovery SLO, provider summary, and closure trend analytics flow.
See docs/diagrams/go-backend-rollback-drill-recovery-escalation-executive-reporting.svg for the public-safe flow from retry recovery evidence into escalation plans, connector delivery, executive reports, dashboard counts, and audit history.
See docs/diagrams/go-backend-rollback-drill-recovery-escalation-ack-retry-scheduling.svg for the public-safe flow from escalation plans into provider acknowledgements, failed delivery retry plans, scheduled executive report runs, dashboard counts, and audit history.
See docs/diagrams/go-backend-rollback-drill-recovery-escalation-retry-execution-and-executive-delivery.svg for the public-safe flow from recovery escalation acknowledgements into retry worker execution, retry execution records, scheduled executive report delivery, dashboard counts, and audit history.
See docs/diagrams/go-backend-rollback-drill-recovery-retry-health-and-executive-delivery-retry.svg for the public-safe flow from retry worker metadata and executive delivery failures into health reports, retry decisions, dashboard counts, and audit history.
See docs/diagrams/go-backend-rollback-drill-executive-retry-health-and-recovery-health-alert-retry.svg for the public-safe flow from executive retry metadata and failed recovery health alert delivery into retry health reports, retry decisions, dashboard counts, and audit history.
See docs/diagrams/go-backend-rollback-drill-recovery-health-alert-retry-worker-and-executive-retry-health-alerts.svg for the public-safe flow from failed recovery health alert delivery through retry worker execution and executive retry health alert delivery.
See docs/diagrams/go-backend-rollback-drill-executive-health-alert-retry-final-closure.svg for the public-safe flow from failed executive retry health alert delivery through retry planning, worker execution, execution evidence, and final reporting closure.
See docs/diagrams/go-backend-rollback-drill-final-readiness-runbook-export.svg for the public-safe flow from final closure evidence into release-readiness checks, operator runbook export, and release evidence attachment.
See docs/diagrams/go-backend-rollback-drill-readiness-approval-release-record.svg for the public-safe flow from final readiness summary into governed approval, operator runbook export, release record attachment evidence, and private connector boundaries.
See docs/diagrams/go-backend-rollback-drill-closure-packet-auditor-export.svg for the public-safe flow from release record attachment into closure packet verification, auditor export, and private SIEM/GRC/archive extension points.
See docs/diagrams/go-backend-rollback-drill-auditor-export-routing-archive.svg for the public-safe flow from verified auditor exports into connector delivery metadata, immutable archive references, Evidence Console metrics, and private enterprise connector boundaries.
See docs/diagrams/go-backend-rollback-drill-auditor-export-retry-archive-health.svg for the public-safe flow from failed auditor export delivery metadata into retry planning, archive custody health, Evidence Console drill-downs, and private execution boundaries.
See docs/diagrams/go-backend-rollback-drill-final-readiness-bundle-closeout.svg for the public-safe flow from final reporting metadata into readiness bundles, externally signed archive manifests, closeout summaries, and Enterprise/private signing boundaries.
See docs/diagrams/go-backend-rollback-drill-final-closeout-delivery-retention.svg for the public-safe flow from closed release summaries into connector delivery, retention review approval, downloadable closeout artifact bundles, and private retention boundaries.
See docs/diagrams/go-backend-rollback-drill-scheduling.svg for the schedule and notification path that detects due-soon or stale rollback drills and emits redacted connector delivery evidence.
See docs/diagrams/go-backend-rollback-drill-notification-escalation.svg for the acknowledgement and escalation path that tracks missed rollback drill notifications.
See docs/diagrams/go-backend-rollback-drill-routing.svg for owner routing, maintenance-window suppression, owner calendar suppression, and route decision evidence for promoted Go backend rollback drills.
See docs/diagrams/go-backend-rollback-drill-routing-history.svg for the route-history and suppression-trend path that converts persisted route decisions into filterable evidence and audit summaries.
See docs/diagrams/go-backend-rollback-drill-console.svg for the Evidence Console drill-down flow across notification history, acknowledgement state, escalation routes, detail panels, and exportable public-safe evidence.
See docs/diagrams/go-backend-rollback-drill-acknowledgement-controls.svg for the authenticated console mutation flow that records route acknowledgements with verified actor identity.
See docs/diagrams/go-backend-rollback-drill-bulk-acknowledgement-audit.svg for the filtered bulk acknowledgement and acknowledgement audit package export flow.
See docs/diagrams/go-backend-rollback-drill-acknowledgement-audit-delivery.svg for the scheduled acknowledgement audit delivery routing flow.
See docs/diagrams/go-backend-rollback-drill-audit-delivery-health.svg for acknowledgement audit delivery history filtering and health dashboards.
See docs/diagrams/go-backend-rollback-drill-audit-delivery-retry-worker.svg for governed retry planning, scheduled worker dry-runs, and public-safe retry evidence indexing.
See docs/diagrams/go-backend-rollback-drill-audit-worker-health-alerts.svg for worker health alerts, health alert acknowledgements, and retry acknowledgement evidence.
See docs/diagrams/go-backend-rollback-drill-executive-retry-health-and-recovery-health-alert-retry.svg for executive retry health reporting and recovery health alert delivery retry planning.
See docs/diagrams/go-backend-rollback-drill-final-closeout-health-retry.svg for closeout retention health checks, retention alert delivery, failed closeout delivery retry planning, and retry worker evidence.
See docs/diagrams/release-governance-final-closeout-operator-guide.svg for the public-safe operator workflow from final readiness evidence through signed archive manifest metadata, closeout delivery, retention approval, artifact bundle review, retention health, alerting, retry planning, release criteria, and trial handoff.
See docs/diagrams/final-closeout-trial-onboarding.svg for the customer onboarding and public sandbox flow across evaluator walkthrough, synthetic sample evidence, sales-engineering script, release criteria, upgrade path, and production pilot planning.
See docs/diagrams/final-closeout-production-pilot-intake.svg for the flow from trial evidence through scope intake, readiness checks, Enterprise/SaaS handoff path, pilot plan, success criteria, and commercial decision.
Repository diagram images:
docs/diagrams/architecture-context.svgdocs/diagrams/c4-container.svgdocs/diagrams/runtime-flow.svgdocs/diagrams/evidence-hub.svgdocs/diagrams/immutable-evidence-storage.svgdocs/diagrams/oidc-rbac-deployment.svgdocs/diagrams/go-parity-sandbox-deployment.svgdocs/diagrams/go-reproducible-airgap.svgdocs/diagrams/release-signing-operations.svgdocs/diagrams/high-risk-command-cloud-iac-parity.svgdocs/diagrams/go-backend-pilot.svgdocs/diagrams/go-backend-deployment-readiness.svgdocs/diagrams/go-backend-promotion.svgdocs/diagrams/go-backend-rollback.svgdocs/diagrams/go-backend-rollback-rehearsal.svgdocs/diagrams/go-backend-rollback-drill-history.svgdocs/diagrams/go-backend-rollback-drill-scheduling.svgdocs/diagrams/go-backend-rollback-drill-notification-escalation.svgdocs/diagrams/go-backend-rollback-drill-routing.svgdocs/diagrams/go-backend-rollback-drill-routing-history.svgdocs/diagrams/go-backend-rollback-drill-console.svgdocs/diagrams/go-backend-rollback-drill-acknowledgement-controls.svgdocs/diagrams/go-backend-rollback-drill-bulk-acknowledgement-audit.svgdocs/diagrams/go-backend-rollback-drill-acknowledgement-audit-delivery.svgdocs/diagrams/go-backend-rollback-drill-audit-delivery-health.svgdocs/diagrams/go-backend-rollback-drill-audit-delivery-retry-worker.svgdocs/diagrams/go-backend-rollback-drill-audit-worker-health-alerts.svgdocs/diagrams/go-backend-rollback-drill-executive-retry-health-and-recovery-health-alert-retry.svgdocs/diagrams/go-backend-rollback-drill-closure-packet-auditor-export.svgdocs/diagrams/go-backend-rollback-drill-auditor-export-retry-worker-archive-alert-acks.svgdocs/diagrams/go-backend-rollback-drill-final-closeout-health-retry.svgdocs/diagrams/release-governance-final-closeout-operator-guide.svgdocs/diagrams/final-closeout-trial-onboarding.svgdocs/diagrams/final-closeout-production-pilot-intake.svgdocs/diagrams/policy-lifecycle.svgdocs/diagrams/developer-journey.svgdocs/diagrams/agent-orchestration.svg
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion