-
Notifications
You must be signed in to change notification settings - Fork 0
Migration Report
Date: 2026-05-19
Reviewed repository root metadata, src/cavra, policies, docs, examples,
.github, apps, go, scripts, and tests using targeted boundary scans
for private-key, license-server, customer, confidential, and Enterprise package
terms.
- Runtime guard and policy engine interfaces.
- CLI, API, MCP server, evidence bundle formats, and public connector hooks.
- Community starter policies under
policies/community. - Public diagrams, quickstarts, and deployment examples.
- Public plugin runtime, edition hooks, and licensing abstractions.
The current repository includes policy packs with regulated or Enterprise-style names, such as PCI DSS, HIPAA, SOX, ISO 27001, EU AI Act, GitHub Enterprise, GitLab Enterprise, MCP Enterprise, banking, Kubernetes production, and cloud IAM. They appear to be public reference/starter policies today, not private customer material. As commercialization matures, decide which remain Community reference packs and which become paid private policy packs.
Examples with Enterprise names should be reviewed before public release copy is finalized. Public workflows must not build or publish private Enterprise artifacts.
No real Enterprise signing keys, Stripe secrets, customer secrets, license server private keys, private customer templates, or Enterprise source paths were found in public source paths.
Boundary scan did find expected public mentions of secrets and private keys in security documentation, tests, and examples. These are educational placeholders and not production credentials.
Huzefaaa2/cavra-enterprise
Public:
- Community core;
- public docs;
- safe plugin interfaces;
- trial installation instructions;
- feature comparison and Enterprise marketing docs.
Private:
- Enterprise package
cavra_enterprise; - premium policy packs;
- SaaS backend;
- license server client and service;
- commercial dashboards;
- enterprise Docker images and Helm charts.
- Create private
cavra-enterpriserepository. - Move future paid modules and paid policy packs there.
- Keep public interfaces stable and test Enterprise absence in Community mode.
- Promote Go to an optional backend only after audited parity and deployment tests pass.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion