-
Notifications
You must be signed in to change notification settings - Fork 0
Go Backend Deployment Readiness
CAVRA now separates Go backend pilot readiness from deployment readiness. Pilot readiness proves that a local Go runtime can be selected safely. Deployment readiness proves that CI runner and workstation rollout paths have the metadata needed for controlled production use.
The deployment readiness report evaluates public-safe release metadata:
cavra-runtime.endpoint-deployment.jsoncavra-runtime.ci-runner-bundles.jsoncavra-runtime.channels.jsoncavra-runtime.updater-policy.json
It checks that:
- CI runner bundles reference endpoint deployment metadata.
- CI runner targets are declared as
ci-runnersurfaces. - CI runner controls include signed runtime verification, runner authentication, signed daemon evidence, evidence verification output, and fail-closed behavior.
- Workstation release channels require approval.
- Workstation channels disable automatic updates by default.
- Workstation channel targets include deployment guidance.
- Workstation updater policy references the channel manifest and matches channel names.
Use a verified Go runtime release package directory:
export CAVRA_GO_RUNTIME_PACKAGE_DIR=/opt/cavra/go-runtime-releaseOr configure individual metadata files:
export CAVRA_GO_ENDPOINT_DEPLOYMENT_MANIFEST=/opt/cavra/cavra-runtime.endpoint-deployment.json
export CAVRA_GO_CI_RUNNER_BUNDLES=/opt/cavra/cavra-runtime.ci-runner-bundles.json
export CAVRA_GO_WORKSTATION_CHANNELS=/opt/cavra/cavra-runtime.channels.json
export CAVRA_GO_WORKSTATION_UPDATER_POLICY=/opt/cavra/cavra-runtime.updater-policy.jsoncavra runtime go-deployment-readiness \
--mode shadow \
--package-dir /opt/cavra/go-runtime-release \
--jsoncurl http://127.0.0.1:8000/runtime/go-pilot/deployment-readinessThe production readiness endpoint includes the same result under go_backend_deployment:
curl http://127.0.0.1:8000/deployment/production-readiness-
not_configured: acceptable when the Go backend pilot is disabled. -
needs_attention: deployment metadata is missing, malformed, or incomplete when the Go backend pilot is enabled. -
ready: CI runner and workstation metadata passed readiness checks.
- As a CI owner, I can prove runner bundles publish required daemon evidence before enabling Go-backed enforcement in pipelines.
- As an endpoint engineering lead, I can verify workstation release channels remain approval-bound before distributing the Go runtime.
- As a security architect, I can block Go pilot promotion until runner and workstation deployment paths have documented controls.
- As an auditor, I can attach deployment readiness evidence to a release or pilot approval record.
Go runtime adoption touches developer laptops and CI runners. Those surfaces need tighter change-control evidence than a local smoke test. This readiness report gives platform teams a repeatable way to verify runner and workstation rollout metadata before production use.
The next recommended implementation step is to add acknowledgement audit worker health alerts and retry acknowledgements.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion