-
Notifications
You must be signed in to change notification settings - Fork 0
Go Backend Rollback
CAVRA now requires rollback controls before promoted mode can select Go as an optional backend. Python remains the recovery backend. If rollback readiness is missing or invalid, promoted-mode evaluation falls back to Python.
Rollback readiness requires:
-
CAVRA_GO_BACKEND_MODE=promotedor an explicit rollback plan request. - Python fallback remains available.
-
CAVRA_GO_ROLLBACK_PLANpoints to valid JSON metadata. - The rollback plan has
status=ready. - The rollback plan has
target_mode=disabled. - The rollback plan is approved.
- Required controls are present.
- Rollback steps and evidence references are public-safe and parseable.
The public rollback plan schema is cavra.go-backend-rollback-plan.v1:
{
"schema_version": "cavra.go-backend-rollback-plan.v1",
"status": "ready",
"target_mode": "disabled",
"approved": true,
"approval_id": "apr_go_backend_rollback",
"max_recovery_minutes": 15,
"controls": [
"python-fallback-available",
"promoted-mode-disable-tested",
"rollback-approval-recorded",
"operator-runbook-linked",
"evidence-capture-enabled"
],
"rollback_steps": [
"Set CAVRA_GO_BACKEND_MODE=disabled.",
"Restart API, CI runner, or workstation process using CAVRA.",
"Capture rollback readiness and production readiness reports."
],
"evidence_refs": [
"go-rollback-readiness://ci/ready",
"go-promotion-rollback-runbook://docs/current"
]
}Do not include secrets, private customer details, private endpoint identifiers, or proprietary operational data in the public rollback plan.
export CAVRA_GO_BACKEND_MODE=promoted
export CAVRA_GO_PROMOTION_EVIDENCE=/etc/cavra/go-backend-promotion-evidence.json
export CAVRA_GO_ROLLBACK_PLAN=/etc/cavra/go-backend-rollback-plan.json
export CAVRA_GO_ROLLBACK_REHEARSAL_EVIDENCE=/etc/cavra/go-backend-rollback-rehearsal.jsonTo roll back immediately:
export CAVRA_GO_BACKEND_MODE=disabledThen restart the API, CI runner wrapper, workstation service, or process hosting CAVRA so the disabled mode is loaded.
cavra runtime go-rollback-readiness \
--mode promoted \
--rollback-plan-path /etc/cavra/go-backend-rollback-plan.json \
--jsonPromoted-mode evaluation also checks rollback readiness:
cavra runtime go-pilot-evaluate execute_command "terraform plan" \
--mode promoted \
--runtime-path /opt/cavra/bin/cavra-runtime \
--policy-path /etc/cavra/compiled-policy.json \
--package-dir /opt/cavra/go-runtime-release \
--promotion-evidence-path /etc/cavra/go-backend-promotion-evidence.json \
--rollback-plan-path /etc/cavra/go-backend-rollback-plan.json \
--rollback-rehearsal-path /etc/cavra/go-backend-rollback-rehearsal.json \
--jsoncurl http://127.0.0.1:8000/runtime/go-pilot/rollback-readiness
curl http://127.0.0.1:8000/deployment/production-readinessProduction readiness includes a go_backend_rollback section and a go_backend_rollback_controls check. not_requested is acceptable when promoted mode is not configured. needs_attention blocks readiness when promoted mode is requested without an approved rollback plan. Rehearsal evidence is documented in Go backend rollback rehearsal evidence.
- As a platform owner, I can prove that promoted Go backend pilots have a documented path back to Python-only mode.
- As an incident commander, I can disable promoted Go selection by setting
CAVRA_GO_BACKEND_MODE=disabled. - As a security reviewer, I can require rollback approval before Go becomes the selected optional backend.
- As an auditor, I can attach rollback plan, approval, evidence references, and recovery-time expectations to promoted backend evidence.
Backend promotion is only production-ready when rollback is boring, explicit, and auditable. These controls keep Go backend adoption reversible and give regulated teams a clear recovery path before they allow promoted-mode enforcement in CI runners or workstation services.
The next recommended implementation step is to add rollback drill notification acknowledgements and escalation policy for missed drill notifications.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion