-
Notifications
You must be signed in to change notification settings - Fork 0
Go Backend Rollback Drill History
CAVRA now requires public-safe operational drill history before promoted mode can select Go as an optional backend. Rollback rehearsal evidence proves one controlled fallback path was exercised. Drill history proves the operating team keeps that path current over time.
Rollback drill history readiness requires:
-
CAVRA_GO_BACKEND_MODE=promotedor an explicit drill history request. -
CAVRA_GO_ROLLBACK_DRILL_HISTORYpoints to valid public-safe drill history metadata. - The latest drill has
status=pass. - The latest drill returns from
promotedtodisabled. - Python fallback restoration is verified.
-
recovery_minutesis positive and less than or equal tomax_recovery_minutes. - Evidence references and a runbook reference are present.
- The latest drill is within
CAVRA_GO_ROLLBACK_DRILL_MAX_AGE_DAYS, defaulting to 90 days.
The public drill history schema is cavra.go-backend-rollback-drill-history.v1:
{
"schema_version": "cavra.go-backend-rollback-drill-history.v1",
"environment": "production-pilot",
"drills": [
{
"drill_id": "drill_go_backend_python_fallback",
"executed_at": "2026-05-21T15:40:00Z",
"actor": "release-agent",
"source_mode": "promoted",
"target_mode": "disabled",
"status": "pass",
"fallback_verified": true,
"recovery_minutes": 7,
"max_recovery_minutes": 15,
"runbook_ref": "docs/go-backend-rollback-drill-history.md",
"evidence_refs": [
"go-rollback-drill://ci/python-fallback-restored",
"go-production-readiness://ci/post-drill-ready"
]
}
]
}Do not include secrets, hostnames, customer names, private endpoint identifiers, license server details, or private automation scripts in public drill history.
export CAVRA_GO_BACKEND_MODE=promoted
export CAVRA_GO_PROMOTION_EVIDENCE=/etc/cavra/go-backend-promotion-evidence.json
export CAVRA_GO_ROLLBACK_PLAN=/etc/cavra/go-backend-rollback-plan.json
export CAVRA_GO_ROLLBACK_REHEARSAL_EVIDENCE=/etc/cavra/go-backend-rollback-rehearsal.json
export CAVRA_GO_ROLLBACK_DRILL_HISTORY=/etc/cavra/go-backend-rollback-drills.json
export CAVRA_GO_ROLLBACK_DRILL_MAX_AGE_DAYS=90cavra runtime go-rollback-drills \
--mode promoted \
--rollback-drill-history-path /etc/cavra/go-backend-rollback-drills.json \
--rollback-drill-max-age-days 90 \
--jsonPromoted-mode evaluation also checks drill history:
cavra runtime go-pilot-evaluate execute_command "terraform plan" \
--mode promoted \
--runtime-path /opt/cavra/bin/cavra-runtime \
--policy-path /etc/cavra/compiled-policy.json \
--package-dir /opt/cavra/go-runtime-release \
--promotion-evidence-path /etc/cavra/go-backend-promotion-evidence.json \
--rollback-plan-path /etc/cavra/go-backend-rollback-plan.json \
--rollback-rehearsal-path /etc/cavra/go-backend-rollback-rehearsal.json \
--rollback-drill-history-path /etc/cavra/go-backend-rollback-drills.json \
--jsoncurl http://127.0.0.1:8000/runtime/go-pilot/rollback-drills
curl http://127.0.0.1:8000/deployment/production-readinessProduction readiness includes a go_backend_rollback_drill_history section and a go_backend_rollback_drill_history check. The Evidence Console Production Readiness panel displays drill status, latest drill ID, drill timestamp, and evidence references. not_requested is acceptable when promoted mode is not configured. needs_attention blocks readiness when promoted mode is requested without fresh passing drill history.
- As an incident commander, I can prove that return-to-Python rollback is practiced on an operational cadence.
- As a platform owner, I can see the latest drill ID, timestamp, recovery target, and evidence references in the Evidence Console.
- As a security reviewer, I can block promoted mode when rollback drills become stale.
- As an auditor, I can review drill history without exposing private customer or endpoint details.
Enterprise rollback plans decay unless they are rehearsed and tracked. CAVRA turns rollback drills into a production readiness gate, giving teams a repeatable evidence trail that the promoted Go backend remains reversible.
The next recommended implementation step is to add approval-bound live retry execution records and connector recovery closure evidence.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion