-
Notifications
You must be signed in to change notification settings - Fork 0
Go Backend Pilot
CAVRA now includes an explicitly opt-in Go enforcement backend pilot. Python remains the authoritative runtime. The Go backend is used only when an operator enables it and the pilot can prove readiness.
The pilot is intentionally conservative:
- Default mode is
disabled. -
shadowmode runs Python first, attempts Go, compares decision parity, and keeps Python as the effective decision. -
enforcemode selects Go only when Go succeeds and matches Python ondecision,rule_id, andseverity. -
promotedmode selects Go only after runtime readiness, deployment readiness, approved audited parity evidence, approved rollback controls, rollback rehearsal evidence, and fresh rollback drill history and active rollback drill scheduling all pass. - Any Go runtime error, timeout, missing binary, missing compiled policy, or parity mismatch falls back to Python.
- Readiness is surfaced through the CLI and
/deployment/production-readiness.
export CAVRA_GO_BACKEND_MODE=shadow
export CAVRA_GO_RUNTIME_PATH=/opt/cavra/bin/cavra-runtime
export CAVRA_GO_RUNTIME_POLICY=/etc/cavra/compiled-policy.json
export CAVRA_GO_RUNTIME_REGISTRY=/etc/cavra/mcp-registry.json
export CAVRA_GO_PROMOTION_EVIDENCE=/etc/cavra/go-backend-promotion-evidence.json
export CAVRA_GO_ROLLBACK_PLAN=/etc/cavra/go-backend-rollback-plan.json
export CAVRA_GO_ROLLBACK_REHEARSAL_EVIDENCE=/etc/cavra/go-backend-rollback-rehearsal.json
export CAVRA_GO_ROLLBACK_DRILL_HISTORY=/etc/cavra/go-backend-rollback-drills.json
export CAVRA_GO_ROLLBACK_DRILL_SCHEDULE=/etc/cavra/go-backend-rollback-drill-schedule.json
export CAVRA_GO_RUNTIME_TIMEOUT_SECONDS=5Supported modes:
-
disabled: default; Python only. -
shadow: run Go for comparison and evidence, use Python decision. -
enforce: use Go only when parity matches; otherwise fall back to Python. -
promoted: use Go as the optional backend only when runtime, deployment, promotion, rollback readiness, rollback rehearsal, and rollback drill history and rollback drill schedule checks pass.
Check readiness:
cavra runtime go-pilot-readiness \
--mode shadow \
--runtime-path /opt/cavra/bin/cavra-runtime \
--policy-path /etc/cavra/compiled-policy.json \
--jsonEvaluate with the pilot:
cavra runtime go-pilot-evaluate execute_command "terraform plan" \
--mode shadow \
--runtime-path /opt/cavra/bin/cavra-runtime \
--policy-path /etc/cavra/compiled-policy.json \
--jsonCompile a policy file for the Go runtime:
cavra policy compile --policy-pack cavra-ai-agent-baseline > /etc/cavra/compiled-policy.jsonReadiness:
curl http://127.0.0.1:8000/runtime/go-pilot/readinessPromotion readiness:
curl http://127.0.0.1:8000/runtime/go-pilot/promotion-readinessRollback readiness:
curl http://127.0.0.1:8000/runtime/go-pilot/rollback-readiness
curl http://127.0.0.1:8000/runtime/go-pilot/rollback-rehearsalEvaluation:
curl -X POST http://127.0.0.1:8000/runtime/go-pilot/evaluate \
-H 'content-type: application/json' \
-d '{"action_type":"execute_command","target":"terraform plan","policy_pack":"cavra-ai-agent-baseline"}'Production readiness now includes go_backend_pilot, go_backend_deployment, go_backend_promotion, go_backend_rollback, go_backend_rollback_rehearsal, go_backend_rollback_drill_history, and go_backend_rollback_drill_schedule sections. A disabled pilot is acceptable. An enabled pilot must have a runtime binary, compiled policy file, optional registry file if configured, Python fallback, and parity gate.
Deployment readiness is reported separately under go_backend_deployment. It validates CI runner bundle metadata, workstation channel manifests, and updater policy before a Go pilot is promoted into runner or workstation rollout paths.
Promotion readiness is reported separately under go_backend_promotion. It validates runtime readiness, deployment readiness, and a public-safe evidence file using schema cavra.go-backend-promotion-evidence.v1.
Rollback readiness is reported separately under go_backend_rollback. It validates an approved public-safe rollback plan using schema cavra.go-backend-rollback-plan.v1. Rollback rehearsal is reported under go_backend_rollback_rehearsal. It validates public-safe rehearsal evidence using schema cavra.go-backend-rollback-rehearsal.v1.
- As a platform owner, I can test the Go backend in shadow mode without changing the effective policy decision.
- As a security reviewer, I can prove Go is not selected when it diverges from Python.
- As a CI owner, I can pilot Go only after attaching readiness evidence to deployment records.
- As a release owner, I can require approved parity evidence before
promotedmode selects Go. - As an incident commander, I can require approved rollback controls and rehearsal evidence before
promotedmode selects Go. - As an auditor, I can see fallback reason, selected backend, Python decision, Go decision, and parity result for each pilot evaluation.
Fast local enforcement is useful only if it cannot silently drift from the authoritative policy plane. This pilot gives enterprises a measured path from Python-only enforcement to Go-assisted enforcement with explicit opt-in, deployment readiness, promotion evidence, rollback controls, rollback rehearsal evidence, rollback drill history, parity gates, and audited fallback.
The next recommended implementation step is to add approval-bound live retry execution records and connector recovery closure evidence.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion