-
Notifications
You must be signed in to change notification settings - Fork 0
Go Backend Rollback Drill Acknowledgement Controls
CAVRA now lets operators record rollback drill notification acknowledgements directly from the Evidence Console while preserving the authenticated console actor in deployments that enable OIDC/RBAC.
- Route-level Ack, Escalate, and Resolve actions in the Go Rollback Drill Notifications console section.
- Console API calls that include the stored bearer token through
Authorization: Bearer .... - Server-side actor enforcement for
POST /runtime/go-pilot/rollback-drill-notifications/{schedule_id}/acknowledgementswhenever console OIDC or RBAC is configured. - Authenticated acknowledgement records that use the verified actor identity instead of trusting browser-supplied
acknowledged_byvalues. - Bulk acknowledgement and escalation actions for currently filtered drill routes.
- Acknowledgement audit package export for route state, actor identity, notes, and external references.
- Local sample-mode acknowledgement mutation so the Community Edition sandbox remains useful without a live API.
- Console session permission reporting through
acknowledge_drill_notifications.
Start the API and sandbox UI, then configure a console token in the Console Authenticated Sessions section:
cavra api
cd apps/sandbox-ui
python3 -m http.server 5173Open http://127.0.0.1:5173/index.html, save a signed console token if the API is configured with CAVRA_APPROVAL_OIDC_CONFIG, then use the Go Rollback Drill Notifications section.
The route buttons call:
POST /runtime/go-pilot/rollback-drill-notifications/{schedule_id}/acknowledgements
When OIDC or RBAC is configured, the endpoint requires verified actor context from a bearer token, actor_token, or actor_claims. The persisted acknowledgement uses that verified actor.
- As a release manager, I can acknowledge a missed rollback drill notification from the console without opening a separate CLI.
- As an incident commander, I can escalate or resolve a route and preserve the actor identity that made the decision.
- As a platform owner, I can require verified console sessions for drill acknowledgement mutations.
- As an auditor, I can distinguish operator-entered notes from the authenticated actor that recorded the evidence.
Rollback drill governance breaks down if acknowledgement records can be spoofed from an unauthenticated browser. This slice ties drill notification mutations to the same console identity boundary used by approval and break-glass actions, while keeping connector secrets and enterprise identity provider details outside the public Community Edition.
See docs/diagrams/go-backend-rollback-drill-acknowledgement-controls.svg.
The next recommended implementation step is to add approval-bound live retry execution records and connector recovery closure evidence.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion