-
Notifications
You must be signed in to change notification settings - Fork 0
Phase Completion Log
Status: complete for public Community GA release checklist documentation.
Completed implementation:
- Added
docs/community-ga-release-checklist.md. - Added wiki-source mirror
docs/wiki/Community-GA-Release-Checklist.md. - Linked the checklist from README, wiki Home, release documentation policy, production roadmap, roadmap status pages, and feature inventory.
- Added documentation tests to verify the checklist covers policy signing, runtime modes, golden decisions, Evidence Console readiness, deployment validation, Go runtime readiness, and public boundary gates.
Validation:
- The checklist remains public-safe and does not include Enterprise source code, customer policy packs, customer evidence, production private keys, signing-service internals, KMS/HSM identifiers, SaaS backend implementation, license-service internals, private approval-router integrations, or paid policy-pack implementation.
Recommended next issue: create a public Community GA release packet template that captures checklist outputs, validation results, evidence links, accepted risks, and wiki sync references in repeatable markdown/JSON artifacts for future release PRs.
Status: complete for the public Community operator console closeout slice.
Completed implementation:
- Added a Community GA Control Hardening section to the hosted Evidence Console.
- Surfaced Ed25519 policy signing status, copyable signing commands, runtime mode behavior, golden decision snapshot coverage, deployment validation, and release evidence links.
- Added release-note visibility for the Community GA hardening batch.
- Updated README, roadmap, feature inventory, production roadmap, and wiki navigation.
Validation:
- Public UI syntax and smoke tests cover the new console IDs and CSS classes.
- Public documentation contains no Enterprise source code, customer records, production private keys, KMS/HSM identifiers, license-service internals, SaaS backend implementation, private approval-router integrations, or paid policy packs.
Recommended next issue: create a Community GA release checklist that ties policy signing, runtime modes, golden decision snapshots, Evidence Console readiness, deployment validation, and Go runtime readiness into one user-verifiable public release path.
Status: complete for the first public Community GA control hardening batch.
Completed implementation:
- Added Ed25519 policy signing key generation, signing, and verification while preserving backward-compatible HMAC signature checks.
- Added golden decision snapshots for critical Community file, command, Git, MCP, and strict-mode behavior.
- Added explicit runtime mode summaries for
audit_only,enforce,strict, andbreak_glassthrough CLI output and runtime helpers. - Updated public Community deployment validation guidance with signing, snapshot, and runtime mode checks.
- Updated README navigation, roadmap, production roadmap, and wiki-source documentation.
Validation:
- Public tests cover Ed25519 policy signing and verification, CLI keygen/sign/ verify, runtime mode behavior, and golden decision snapshot regressions.
- Public documentation contains no Enterprise source code, customer records, customer policy packs, production private keys, KMS/HSM identifiers, signing service internals, SaaS backend implementation, license-service internals, or private approval-router integrations.
Recommended next issue: begin console closeout for a minimal operator experience by surfacing policy signing status, runtime mode selection, golden decision status, deployment readiness, and release evidence links.
Status: complete for public-safe roadmap reconciliation after private Enterprise PR #111 and public PR #211.
Completed implementation:
- Added a public-safe roadmap status audit and next-batch plan.
- Marked stale hosted policy registry, tenant audit-store, SaaS operating automation, final launch retrospective closeout, and final archive sync roadmap items as delivered for the current scope.
- Defined the next production-readiness batch as Community GA Control Hardening.
- Advanced the recommended next PR to the public policy signing key workflow.
- Updated README navigation, production roadmap, roadmap status, and wiki navigation.
Validation:
- Public documentation contains no Enterprise source code, customer records, customer health records, account records, finance records, billing records, payment-provider secrets, license keys, signing material, artifact signing keys, registry credentials, production provisioning payloads, tenant secrets, SaaS backend implementation, private approval-router integrations, or paid policy packs.
Recommended next issue: implement the public policy signing key workflow with tests and documentation, then continue the Community GA Control Hardening batch.
Status: complete for public-safe documentation sync after private Enterprise PR #111.
Completed implementation:
- Documented that private final launch retrospective closeout evidence is
delivered in
cavra-enterprisePR #111. - Added public-safe final launch retrospective closeout documentation and wiki-ready documentation.
- Updated README navigation, Enterprise trial documentation, production roadmap, roadmap status, and wiki navigation.
Validation:
- Public documentation contains no Enterprise source code, customer records, customer health records, account records, finance records, billing records, payment-provider secrets, license keys, signing material, artifact signing keys, registry credentials, production provisioning payloads, tenant secrets, SaaS backend implementation, or paid policy packs.
Recommended next issue: run a roadmap status audit and define the next production-readiness batch now that the private trial launch closeout chain is public-safe documented through final retrospective closeout.
Status: complete for public-safe Community contracts after private Enterprise PRs #70-#73.
Completed implementation:
- Added
customer_operating_dashboardandsupport_handoff_readinessoperations to the public SaaS Control Plane contract. - Added public-safe request builders, response summaries, response builders, validation, and serialization tests.
- Added architecture and wiki-ready documentation.
- Updated README, roadmap, production roadmap, roadmap status, and wiki navigation.
Validation:
- Public tests cover request serialization, default check lists, invalid status rejection, sensitive payload rejection, summary serialization, mismatched request rejection, and private-module handoff messaging.
- Public documentation contains no customer records, customer health scores, support ticket contents, customer-success notes, production dashboard URLs, billing-provider integration code, invoice data, license-service source code, license keys, signing material, provider account IDs, webhook URLs, connector credentials, SaaS backend implementation, or Enterprise source code.
Recommended next issue: continue private SaaS operating automation required for trial-to-paid customer scale.
Status: complete for public-safe documentation sync after private Enterprise PRs #70-#73.
Completed implementation:
- Documented that private billing and license-service observability evidence is
delivered in
cavra-enterprisePR #70. - Documented that private support and customer-success operating handoff
evidence is delivered in
cavra-enterprisePR #71. - Documented that private operating dashboard and support escalation rollup
evidence is delivered in
cavra-enterprisePR #72. - Documented that private final SaaS customer operating closeout evidence is
delivered in
cavra-enterprisePR #73. - Added public-safe batch sync documentation and wiki-ready documentation.
- Updated README, roadmap, production roadmap, roadmap status, and wiki navigation.
Validation:
- Public documentation contains no Enterprise source code, SaaS backend implementation, billing-provider integration code, billing records, invoice data, customer contracts, account notes, support ticket contents, customer health scores, private customer identifiers, production dashboard URLs, provider account IDs, webhook URLs, connector credentials, license keys, signing material, paid policy packs, private policy registry logic, or customer audit payloads.
Recommended next issue: define public-safe customer operating dashboard and support handoff contracts, then continue private SaaS operating automation required for trial-to-paid customer scale.
Status: complete for public-safe documentation sync after private Enterprise PRs #67-#69.
Completed implementation:
- Documented that private hosted policy registry readiness evidence is delivered
in
cavra-enterprisePR #67. - Documented that private tenant audit-store operating evidence is delivered in
cavra-enterprisePR #68. - Documented that private SaaS operating readiness rollup evidence is delivered
in
cavra-enterprisePR #69. - Added public-safe batch sync documentation and wiki-ready documentation.
- Updated README, roadmap, production roadmap, roadmap status, and wiki navigation.
Validation:
- Public documentation contains no Enterprise source code, paid policy packs, customer catalogs, customer audit payloads, database DSNs, object storage locations, KMS identifiers, SaaS API URLs, provider account IDs, license keys, billing secrets, webhook URLs, connector credentials, or private SaaS backend implementation.
Recommended next issue: implement private billing/subscription and
license-service observability evidence in cavra-enterprise.
Status: complete for public billing/subscription boundary documentation.
Completed implementation:
- Added public-safe billing and subscription boundary documentation.
- Defined public-safe subscription state vocabulary for future private Enterprise and SaaS services.
- Documented billing-provider ownership, subscription state, renewal handoff, license-service observability, support handoff, and operating evidence expectations.
- Added a synthetic public-safe operating summary example.
- Added wiki-ready documentation and navigation.
- Updated README, roadmap, production roadmap, roadmap status, and productization next-step guidance.
Validation:
- Public documentation contains no billing provider integration code, payment provider credentials, invoice records, customer payment data, commercial contracts, subscription provider webhooks, license-service source code, license keys, signing material, entitlement records, provider URLs, connector credentials, SaaS backend code, or Enterprise source code.
Recommended next issue: delivered in private Enterprise PRs #67-#69 and this
public post-onboarding SaaS operating batch sync. Continue with private
billing/subscription and license-service observability evidence in
cavra-enterprise.
Status: complete for the public tenant audit-store operating contract slice.
Completed implementation:
- Added the public-safe
tenant_audit_store_operatingSaaS Control Plane operation. - Added tenant audit-store operating request construction for tenant, retention profile, evidence freshness window, and operating checks.
- Added
TenantAuditStoreOperatingSummaryfor health status, retention status, evidence freshness status, export status, latest evidence timestamp, supported export formats, blockers, and private validation metadata. - Added tenant audit-store operating response messaging that lists private audit store, retention enforcement, evidence freshness monitor, export connector service, and operating dashboard modules.
- Added architecture and wiki documentation for tenant audit-store operating boundaries.
Validation:
- Public tests cover request serialization, default operating checks, empty check rejection, token-like value rejection, summary serialization, invalid state rejection, mismatched request rejection, and private-module handoff messaging.
Recommended next issue: delivered in public billing/subscription boundary
documentation and private Enterprise PRs #67-#69. Continue with private
billing/subscription and license-service observability evidence in
cavra-enterprise.
Status: complete for the public hosted policy registry readiness contract slice.
Completed implementation:
- Added the public-safe
policy_registry_readinessSaaS Control Plane operation. - Added hosted policy registry readiness request construction for tenant, catalog scope, optional policy-pack references, and readiness checks.
- Added
PolicyRegistryReadinessSummaryfor readiness state, catalog state, catalog version, policy-pack count, checked timestamp, blockers, and private validation metadata. - Added hosted policy registry readiness response messaging that lists private registry, artifact store, entitlement registry, approval workflow, and rollout telemetry modules.
- Added architecture and wiki documentation for hosted policy registry readiness boundaries.
Validation:
- Public tests cover request serialization, default readiness checks, empty check rejection, token-like value rejection, summary serialization, invalid state rejection, negative policy-pack count rejection, and private-module handoff messaging.
Recommended next issue: delivered in the public tenant audit-store operating
contract and public billing/subscription boundary documentation. Continue with
private hosted policy registry readiness evidence in cavra-enterprise.
Status: complete for the roadmap status pass after SaaS tenant onboarding and entitlement readiness.
Completed planning:
- Confirmed Trial and SaaS commercialization readiness is complete.
- Confirmed SaaS tenant onboarding and entitlement readiness is complete.
- Defined the next production-readiness slice as post-onboarding SaaS operating readiness.
- Proposed the next PR sequence: public hosted policy registry readiness contract, public tenant audit-store operating contract, public billing/subscription boundary documentation, private hosted policy registry readiness evidence, private tenant audit-store operating evidence, private billing/subscription and license-service observability evidence, and public docs/wiki sync.
- Preserved the public boundary for Enterprise source, customer data, private policy packs, billing records, license keys, provider URLs, connector credentials, and SaaS backend code.
Recommended next issue: delivered in the public hosted policy registry
readiness contract, public tenant audit-store operating contract, and public
billing/subscription boundary documentation. Continue with private hosted
policy registry readiness evidence in cavra-enterprise.
Status: complete for the public-safe documentation sync after the SaaS tenant onboarding and entitlement readiness batch.
Completed implementation:
- Public tenant onboarding contract.
- Public entitlement status contract.
- Private tenant onboarding readiness evidence in
cavra-enterprisePR #63. - Private entitlement and license-service handoff evidence in
cavra-enterprisePR #64. - Private paid-pilot promotion evidence in
cavra-enterprisePR #65. - Private customer rollout closeout evidence in
cavra-enterprisePR #66. - Public-safe batch sync documentation and wiki-ready page.
Validation:
- Public sync contains only outcome summaries, documentation links, and open-core boundaries.
- Enterprise source, customer payloads, customer identifiers, trial binaries, private Docker images, license keys, license signing material, license-service implementation, billing records, private policy packs, provider URLs, webhook secrets, connector credentials, and SaaS backend code remain outside the public Community repository.
Recommended next issue: delivered in the post-onboarding SaaS operating readiness roadmap. Continue with the public hosted policy registry readiness contract.
Status: complete for the public entitlement status contract slice.
Completed implementation:
- Added the public-safe
entitlement_statusSaaS Control Plane operation. - Added entitlement status request construction for tenant and optional feature names.
- Added
EntitlementStatusSummaryfor subscription, license, enabled feature, locked feature, expiration, and private-validation metadata. - Added entitlement status response messaging that lists private billing, license-service, subscription, and feature entitlement modules.
- Added architecture and wiki documentation for entitlement boundaries.
Validation:
- Public tests cover request serialization, response summary serialization, unknown entitlement status rejection, and private-module requirement messaging.
Recommended next issue: delivered in the tenant, entitlement, and commercialization batch sync. Continue with the public hosted policy registry readiness contract.
Status: complete for the public tenant onboarding contract slice.
Completed implementation:
- Added the public-safe
tenant_onboardingSaaS Control Plane operation. - Added tenant onboarding request construction for organization, deployment model, region, readiness requirements, and public-safe contacts.
- Added unavailable response messaging that lists private modules required for tenant activation.
- Added architecture and wiki documentation for tenant onboarding boundaries.
Validation:
- Public tests cover serialization, invalid deployment model rejection, sensitive contact-field rejection, and private-service response messaging.
Recommended next issue: implement the public entitlement status contract.
Status: complete for the roadmap status pass after the Trial and SaaS commercialization readiness batch.
Completed planning:
- Confirmed the current Trial and SaaS commercialization batch is complete.
- Identified remaining production themes across SaaS onboarding, entitlement, private license-service handoff, hosted policy registry, tenant audit-store readiness, observability, billing, support, and final release hardening.
- Defined the next production-readiness slice as SaaS tenant onboarding and entitlement readiness.
Recommended next issue: implement the public tenant onboarding contract.
Status: complete for the current Trial and SaaS commercialization readiness batch.
Completed implementation:
- Public trial-to-pilot intake plan and synthetic template.
- Public licensing interface hardening.
- Public SaaS Control Plane contract.
- Private trial package readiness gates in
cavra-enterprisePR #61. - Private customer pilot handoff evidence in
cavra-enterprisePR #62. - Public-safe batch sync documentation.
Validation:
- Public sync contains only public-safe outcome summaries.
- Private source, trial artifacts, license keys, connector credentials, customer data, provider URLs, billing secrets, signing material, and SaaS backend implementation details remain outside the public Community repository.
Recommended next issue: delivered in the SaaS tenant onboarding and entitlement readiness batch. Continue with the public hosted policy registry readiness contract.
Status: complete for the public SaaS Control Plane contract slice.
Completed implementation:
- Added public-safe SaaS Control Plane request and response dataclasses.
- Added schema-tagged builders for tenant status, license validation handoff, policy registry lookup, and evidence export requests.
- Added secret-field and token-like value rejection before public payload serialization.
- Added unavailable response messaging that directs Community users to private Enterprise or SaaS enablement.
- Added architecture and wiki documentation for the SaaS contract boundary.
Validation:
- Public tests cover contract description, request serialization, license report handoff, policy lookup validation, evidence export validation, sensitive payload rejection, and unavailable response messaging.
Recommended next issue: private trial package readiness in cavra-enterprise.
Status: complete for the public licensing interface hardening slice.
Completed implementation:
- Added
LicenseValidationReportfor public-safe local validation summaries. - Added revoked and suspended status handling.
- Hardened unknown edition, unknown status, and malformed expiry handling.
- Preserved Community no-license behavior and private validation boundaries.
- Added tests for valid trial reports, expired trials, invalid payloads, revoked status, malformed expiry, and Enterprise feature locking.
Validation:
- Public tests cover licensing report behavior and feature gating.
Recommended next issue: public SaaS Control Plane contract.
Status: complete for the public trial-to-pilot intake planning slice.
Completed implementation:
- Added the general public-safe trial-to-pilot intake guide.
- Added
cavra.trial_to_pilot_intake.v1template support while preserving the existing final-closeout intake schema. - Added a synthetic trial-to-pilot intake template under
examples/demos/trial-to-pilot-intake/. - Linked the intake flow from Enterprise trial documentation, README, roadmap, and wiki navigation.
- Kept customer responses, license keys, connector credentials, private policy packs, Enterprise source, SaaS backend source, production tenant IDs, and commercial terms outside public source control.
Validation:
- Public tests cover normalization of the new template schema into
cavra.pilot_intake.record.v1.
Recommended next issue: public SaaS Control Plane contract.
Status: planned as the next production-readiness slice.
Completed planning:
- Added
docs/production-readiness-next-slice.mdand wiki-readyProduction-Readiness-Next-Slice.md. - Defined the public, private Enterprise, and future SaaS responsibilities for trial-to-pilot commercialization.
- Proposed the next PR sequence: public trial-to-pilot intake plan, public licensing interface hardening, public SaaS Control Plane contract, private trial package readiness, private customer pilot handoff evidence, and public docs/wiki sync.
- Preserved the rule that Enterprise source, license-server logic, customer data, commercial policy packs, private connector payloads, signing keys, and SaaS secrets stay outside public source control.
Recommended next issue: public SaaS Control Plane contract.
Status: complete for the private Enterprise managed infrastructure follow-up batch through private PRs #56-#60.
Completed implementation:
- Added managed database driver package health evidence and release rollup integration in
Huzefaaa2/cavra-enterprise. - Added object storage probe scheduling, worker run evidence, retry planning, dashboard persistence, and release-readiness approval summaries.
- Added managed database driver health scheduling, worker run evidence, retry planning, dashboard persistence, and release-readiness approval summaries.
- Updated the private MVP follow-up list to show no active private MVP follow-ups remain from the current batch.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, database DSNs, object storage bucket identities, customer destinations, tenant-specific metadata, Enterprise source code, and production driver implementations outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PRs #56, #57, #58, #59, and #60.
User stories:
- As a platform owner, I can see whether managed database driver packages are installed, registered, connectable, and ready for rollout.
- As a storage owner, I can verify object-lock readiness through scheduled probe evidence and release approval summaries.
- As a release manager, I can block private rollout approval when managed database or object storage retry plans remain open.
Enterprise challenge solved:
- Turns managed database and immutable object storage prerequisites into dashboarded release-readiness evidence while preserving private connector, storage, KMS, and credential boundaries.
Recommended next issue: public SaaS Control Plane contract.
Status: complete for the private Enterprise archive alert verification export summary retry health acknowledgement and trend delivery dashboard slice.
Completed implementation:
- Added export trend summary retry worker health alert acknowledgements in
Huzefaaa2/cavra-enterprise. - Added acknowledgement trend package routing through operator destinations.
- Added acknowledgement trend package delivery dashboards.
- Added failed destination summaries for trend package delivery.
- Added tests for retry health acknowledgements and trend delivery dashboards.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #34.
User stories:
- As an operator, I can acknowledge degraded summary retry worker health alerts.
- As a customer success owner, I can see trend package delivery outcomes by destination.
- As a platform owner, I can review failed trend package destinations without exposing connector secrets.
Enterprise challenge solved:
- Closes the summary retry health alert review loop and makes acknowledgement trend package delivery observable while preserving private connector boundaries.
Recommended next issue: add archive alert verification export summary retry health acknowledgement persistence and trend delivery retry planning.
Status: complete for the private Enterprise archive alert verification export summary retry health alert routing and acknowledgement trend export slice.
Completed implementation:
- Added export trend summary retry worker health alert routing in
Huzefaaa2/cavra-enterprise. - Added alert dispatch for degraded summary retry worker health.
- Added digest-addressable SLA retry worker health acknowledgement trend exports.
- Added trend export metadata with report time, unacknowledged count, and acknowledgement rate.
- Added tests for retry health alert routing and trend export packages.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #33.
User stories:
- As an operator, I can route degraded summary retry worker health to operations destinations.
- As a customer success owner, I can export acknowledgement trend packages for rollout review.
- As a platform owner, I can share trend package digests without exposing connector secrets.
Enterprise challenge solved:
- Connects degraded summary retry execution to operational alerting and audit-ready acknowledgement trend exports while preserving private connector boundaries.
Recommended next issue: add archive alert verification export summary retry health acknowledgements and trend delivery dashboards.
Status: complete for the private Enterprise archive alert verification export summary retry worker health reporting and acknowledgement trend query filter slice.
Completed implementation:
- Added export trend summary retry worker health reports in
Huzefaaa2/cavra-enterprise. - Added live, dry-run, success, and failure counts for summary retry worker runs.
- Added failed destination aggregation for degraded summary retry worker runs.
- Added acknowledgement trend filters for rate, route, count, and generated time.
- Added tests for retry worker health reporting and acknowledgement trend filters.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #32.
User stories:
- As an operator, I can review health for summary retry worker executions.
- As a customer success owner, I can filter acknowledgement trend gaps by route and rate.
- As a platform owner, I can detect degraded summary retry runs without exposing connector secrets.
Enterprise challenge solved:
- Gives rollout owners a concise health view for summary retry execution and targeted acknowledgement trend filters while preserving private connector boundaries.
Recommended next issue: add archive alert verification export summary retry health alert routing and acknowledgement trend exports.
Status: complete for the private Enterprise archive alert verification export summary retry worker execution and acknowledgement trend persistence slice.
Completed implementation:
- Added export trend summary delivery retry worker execution and dry-run support in
Huzefaaa2/cavra-enterprise. - Added retry worker result serialization with success state and destination outcomes.
- Persisted SLA retry worker health acknowledgement trend reports with closure dashboard state.
- Added acknowledgement trend persistence queries for rollout review.
- Added tests for summary retry worker execution and persisted acknowledgement trends.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #31.
User stories:
- As an operator, I can execute or dry-run retries for failed export trend summary deliveries.
- As a customer success owner, I can reload acknowledgement trend history across rollout windows.
- As a platform owner, I can verify summary retry execution outcomes without exposing connector secrets.
Enterprise challenge solved:
- Turns failed summary package delivery into governed retry execution evidence and durable acknowledgement trends while preserving private connector boundaries.
Recommended next issue: add archive alert verification export summary retry worker health reporting and acknowledgement trend query filters.
Status: complete for the private Enterprise archive alert verification export summary delivery retry planning and acknowledgement trend report slice.
Completed implementation:
- Added retry planning for failed export trend summary package deliveries in
Huzefaaa2/cavra-enterprise. - Added bounded retry limits and next-attempt timestamps for summary delivery.
- Added SLA retry worker health alert acknowledgement trend reports.
- Added unacknowledged route summaries for customer-success review.
- Added tests for summary delivery retry plans and acknowledgement trends.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #30.
User stories:
- As an operator, I can plan retries for failed export trend summary deliveries.
- As a customer success owner, I can review acknowledgement trends for retry worker health alerts.
- As a platform owner, I can track failed summary destinations without exposing connector secrets.
Enterprise challenge solved:
- Converts summary delivery failures and health acknowledgement status into retryable operational evidence while preserving private connector boundaries.
Recommended next issue: add archive alert verification export summary retry worker execution and acknowledgement trend persistence.
Status: complete for the private Enterprise archive alert verification SLA retry worker health alert acknowledgement and export summary delivery dashboard slice.
Completed implementation:
- Added public-safe acknowledgements for SLA retry worker health alerts in
Huzefaaa2/cavra-enterprise. - Added export trend summary package routing through private operator destinations.
- Added export trend summary delivery health dashboards.
- Added failed destination summaries for summary package delivery.
- Added tests for health acknowledgements and summary delivery dashboards.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #29.
User stories:
- As an operator, I can acknowledge degraded SLA retry worker health alerts with public-safe metadata.
- As a customer success owner, I can track export trend summary delivery health by destination.
- As a platform owner, I can review failed summary delivery destinations without exposing connector secrets.
Enterprise challenge solved:
- Turns health alert review and export summary handoff into accountable operational evidence while preserving private connector boundaries.
Recommended next issue: add archive alert verification export summary delivery retry planning and acknowledgement trend reports.
Status: complete for the private Enterprise archive alert verification SLA retry worker health alert routing and export trend summary package slice.
Completed implementation:
- Added degraded SLA retry worker health alert routing through private operator destinations in
Huzefaaa2/cavra-enterprise. - Added health alert dispatch helpers that suppress healthy reports.
- Added digest-addressable export delivery trend summary packages.
- Added SHA-256 metadata for customer-success summary exports.
- Added tests for worker health alerts and summary package metadata.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #28.
User stories:
- As an operator, I can route degraded SLA retry worker health to approved destinations.
- As a customer success owner, I can export a digest-addressable trend summary package.
- As a platform owner, I can review worker health alerts and summary metadata without exposing connector secrets.
Enterprise challenge solved:
- Turns retry worker health degradation and export trend summaries into governed handoff evidence while preserving private connector boundaries.
Recommended next issue: add archive alert verification SLA retry worker health alert acknowledgements and export summary delivery dashboards.
Status: complete for the private Enterprise archive alert verification SLA retry worker health reporting and export trend query filter slice.
Completed implementation:
- Added SLA alert retry worker health reports for live and dry-run execution in
Huzefaaa2/cavra-enterprise. - Added failed destination aggregation for retry worker health.
- Added export delivery health trend query filters by failed delivery count, destination, and healthy rate.
- Added tests for worker health reports and trend filters.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #27.
User stories:
- As an operator, I can summarize SLA retry worker health across dry-run and live executions.
- As a customer success owner, I can filter export delivery trends to find degraded rollout windows.
- As a platform owner, I can review failed retry destinations without exposing connector secrets.
Enterprise challenge solved:
- Converts retry worker performance and export trend history into searchable operational evidence while preserving private connector boundaries.
Recommended next issue: add archive alert verification SLA retry worker health alert routing and export trend summary exports.
Status: complete for the private Enterprise archive alert verification SLA alert retry worker execution and export delivery trend persistence slice.
Completed implementation:
- Added dry-run and live SLA alert retry worker execution records in
Huzefaaa2/cavra-enterprise. - Added retry worker success status for completed SLA alert delivery retries.
- Added persisted export delivery health trend reports in closure dashboard state.
- Added reload/list support for export delivery trend history.
- Added tests for SLA retry worker execution and trend persistence.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #26.
User stories:
- As an operator, I can dry-run and execute SLA alert delivery retries with auditable results.
- As a customer success owner, I can reload export delivery trend history from dashboard persistence.
- As a platform owner, I can prove retry execution status without exposing provider credentials.
Enterprise challenge solved:
- Converts SLA alert delivery retries and export trend history into persisted operational evidence while preserving private connector boundaries.
Recommended next issue: add archive alert verification SLA retry worker health reporting and export trend query filters.
Status: complete for the private Enterprise archive alert verification SLA alert delivery retry planning and export delivery health trend report slice.
Completed implementation:
- Added retry planning for failed verification acknowledgement SLA alert deliveries in
Huzefaaa2/cavra-enterprise. - Added bounded retry limits and next-attempt timestamps for SLA alert delivery.
- Added export delivery health trend reports across dashboard export health dashboards.
- Added failed destination trend summaries for rollout review.
- Added tests for SLA retry planning and export delivery health trends.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #25.
User stories:
- As an operator, I can plan retries for failed SLA breach alert deliveries.
- As a customer success owner, I can track export delivery health trends across rollout windows.
- As a platform owner, I can review failed destination trends without exposing provider endpoints or customer secrets.
Enterprise challenge solved:
- Turns SLA alert delivery failures and export handoff trends into retryable, auditable operational evidence while preserving private connector boundaries.
Recommended next issue: add archive alert verification SLA alert retry worker execution and export delivery trend persistence.
Status: complete for the private Enterprise archive alert verification delivery SLA alert routing and export delivery health dashboard slice.
Completed implementation:
- Added acknowledgement SLA breach alert routing through private operator destinations in
Huzefaaa2/cavra-enterprise. - Added SLA breach dispatch helpers that avoid alert noise for healthy summaries.
- Added dashboard export delivery health dashboards with delivered, failed, and missing destination counts.
- Added public-safe failed destination summaries for rollout review.
- Added tests for SLA breach routing and export delivery health dashboards.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #24.
User stories:
- As an operator, I can receive SLA breach alerts only when retry health acknowledgements are late or missing.
- As a customer success owner, I can inspect dashboard export delivery health by destination.
- As a platform owner, I can review failed export delivery destinations without exposing provider endpoints or customer secrets.
Enterprise challenge solved:
- Turns acknowledgement SLA breaches and export delivery failures into governed operational signals while preserving the private connector and credential boundary.
Recommended next issue: add archive alert verification SLA alert delivery retry planning and export delivery health trend reports.
Status: complete for the private Enterprise archive alert verification dashboard export delivery routing and acknowledgement SLA summaries slice.
Completed implementation:
- Added dashboard export package routing through private operator destinations in
Huzefaaa2/cavra-enterprise. - Added dashboard export delivery dispatch through private alert delivery connectors.
- Added acknowledgement SLA summaries for on-time, late, and missing retry health acknowledgements.
- Added late and unacknowledged route summaries for customer rollout review.
- Added tests for export package dispatch and acknowledgement SLA counts.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #23.
User stories:
- As a customer success owner, I can route dashboard export metadata to approved destinations after package generation.
- As an operator, I can see which retry health acknowledgements were on time, late, or missing.
- As a platform owner, I can review SLA summaries without exposing provider credentials or customer system metadata.
Enterprise challenge solved:
- Converts dashboard export handoff and retry acknowledgement timeliness into governed operational evidence while preserving private connector and credential boundaries.
Recommended next issue: add archive alert verification delivery SLA alert routing and export delivery health dashboards.
Status: complete for the private Enterprise archive alert verification acknowledgement trend reports and dashboard export packages slice.
Completed implementation:
- Added acknowledgement trend reports for verification retry health alerts in
Huzefaaa2/cavra-enterprise. - Added acknowledgement rates and unacknowledged route summaries.
- Added digest-addressable verification closure dashboard export packages.
- Added package metadata for closure count, alert count, acknowledgement count, trend count, and SHA-256.
- Added tests for acknowledgement trends and dashboard export metadata.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #22.
User stories:
- As a customer success owner, I can see acknowledgement rates for verification retry health alerts.
- As an operator, I can identify unacknowledged retry health routes before customer closure.
- As an auditor, I can receive a digest-addressable closure dashboard export without provider secrets.
Enterprise challenge solved:
- Converts closure dashboard state into portable, integrity-checkable operational evidence while preserving private connector and credential boundaries.
Recommended next issue: add archive alert verification delivery dashboard export delivery routing and acknowledgement SLA summaries.
Status: complete for the private Enterprise archive alert verification retry alert acknowledgements and closure dashboard query filters slice.
Completed implementation:
- Added public-safe retry health alert acknowledgement records in
Huzefaaa2/cavra-enterprise. - Added persisted acknowledgement state in the verification closure dashboard JSON payload.
- Added closure dashboard query filters for closure evidence, retry health alerts, acknowledgements, and trend reports.
- Added acknowledgement counts to closure dashboard snapshots.
- Added tests for acknowledgement persistence and tenant, route, readiness, and severity filters.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #21.
User stories:
- As an operator, I can acknowledge a verification retry health alert with public-safe ownership metadata.
- As a customer success owner, I can filter closure dashboard records by tenant, route, readiness, and severity.
- As a platform owner, I can prove retry health alerts have visible acknowledgement state without exposing private connector data.
Enterprise challenge solved:
- Turns pending verification retry health into accountable operational work and searchable dashboard state while preserving private connector and credential boundaries.
Recommended next issue: add archive alert verification delivery acknowledgement trend reports and dashboard export packages.
Status: complete for the private Enterprise archive alert verification retry alert routing and closure dashboard persistence slice.
Completed implementation:
- Added retry health alert routing through private operator alert dispatchers in
Huzefaaa2/cavra-enterprise. - Added JSON-backed verification closure dashboard persistence.
- Added persisted closure evidence, retry health alerts, and closure trend reports.
- Added dashboard snapshots for closure counts, retry health alert counts, trend report counts, and pending retry totals.
- Added tests for routed alert delivery and persisted public-safe dashboard state.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #20.
User stories:
- As an operator, I can route pending verification retry health alerts to approved destinations.
- As a customer success owner, I can persist closure evidence and trend reports in one dashboard state.
- As a platform owner, I can review closure dashboard snapshots without exposing provider credentials or customer system metadata.
Enterprise challenge solved:
- Converts retry health and closure evidence into routed operator alerts and persisted customer-success dashboard state while preserving private connector and credential boundaries.
Recommended next issue: add archive alert verification delivery retry alert acknowledgements and closure dashboard query filters.
Status: complete for the private Enterprise archive alert verification retry health alerts and customer-success closure trend reporting slice.
Completed implementation:
- Added retry-required health alert models in
Huzefaaa2/cavra-enterprisefor verification handoffs that remain pending. - Added customer-success closure trend reports for ready and pending handoff closure evidence.
- Added readiness rate, pending retry total, and pending route summaries.
- Added public-safe serialization helpers for retry health alerts and trend reports.
- Added tests for ready vs pending alerts and aggregate closure trend metrics.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #19.
User stories:
- As a customer success owner, I can see which verification handoffs still require retry before closure.
- As an operator, I can route pending handoffs based on public-safe retry health alerts.
- As a platform owner, I can trend closure readiness across customer rollout queues.
Enterprise challenge solved:
- Turns individual verification retry outcomes into operational health and trend reporting without exposing private connector implementation, credentials, endpoints, or customer system metadata.
Recommended next issue: add archive alert verification delivery retry alert routing and closure dashboard persistence.
Status: complete for the private Enterprise archive alert verification retry worker and customer-success closure evidence slice.
Completed implementation:
- Added verification handoff retry worker run models in
Huzefaaa2/cavra-enterprise. - Added dry-run retry execution for validating planned provider retries without mutating CRM, ITSM, or customer-success systems.
- Added live retry execution through the private handoff dispatcher.
- Added customer-success closure evidence once retry results make every routed provider healthy.
- Added tests for live retry closure, dry-run behavior, pending retry counts, and public-safe serialization.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #18.
User stories:
- As a customer success owner, I can close a deployment verification handoff only after every routed provider has a healthy latest result.
- As an operator, I can dry-run retry execution before mutating customer-success, CRM, or ITSM systems.
- As a platform owner, I can attach public-safe closure evidence to pilot rollout records.
Enterprise challenge solved:
- Turns failed verification handoff providers into governed retry execution and closure evidence without exposing private connector implementation, credentials, endpoints, or customer system metadata.
Recommended next issue: add archive alert verification delivery retry health alerts and closure trend reporting.
Status: complete for the private Enterprise archive alert verification delivery health dashboards and retry planning slice.
Completed implementation:
- Added verification handoff delivery health dashboard models in
Huzefaaa2/cavra-enterprise. - Added provider-level summaries for created, failed, and skipped handoff outcomes.
- Added retry planning for failed or skipped verification handoff providers.
- Added JSON-serializable dashboard output for customer-success and operator follow-up.
- Added tests for failed provider retries, missing connector retries, dashboard counts, and retry timing.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #17.
User stories:
- As a customer success owner, I can see whether each verification handoff provider received the deployment report.
- As an operator, I can identify failed or skipped handoff providers and know when the next retry should occur.
- As a platform owner, I can attach public-safe handoff delivery health to customer rollout evidence.
Enterprise challenge solved:
- Converts verification report handoff outcomes into governed delivery health and retry evidence without exposing private connector implementation, credentials, endpoints, or customer system metadata.
Recommended next issue: add archive alert verification delivery retry workers and customer-success closure evidence.
Status: complete for the private Enterprise archive alert verification report delivery routing and customer-success handoff automation slice.
Completed implementation:
- Added verification report route selection in
Huzefaaa2/cavra-enterprise. - Added public-safe handoff plan generation for customer-success, CRM, and ITSM delivery routes.
- Added dispatch automation through private handoff connectors with tenant-scoped authorization.
- Added route blocking when a passing-report-only route receives a nonpassing verification report.
- Added tests for customer-success ready routes, operator follow-up routes, connector dispatch, and route guard behavior.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #16.
User stories:
- As a customer success owner, I can receive a public-safe deployment verification handoff after archive alert checks pass.
- As an operator, I can route failed verification reports into follow-up workflows without exposing provider secrets.
- As a platform owner, I can prove the delivery route used for a customer handoff.
Enterprise challenge solved:
- Turns deployment verification reports into governed customer-success and operator handoff workflows while preserving private connector and credential boundaries.
Recommended next issue: add archive alert verification delivery health dashboards and retry planning.
Status: complete for the private Enterprise archive alert smoke-test scheduling, evidence export, and customer verification report slice.
Completed implementation:
- Added scheduled archive alert smoke-test runner and schedule advancement in
Huzefaaa2/cavra-enterprise. - Added public-safe smoke-test evidence export with SHA-256 digest metadata.
- Added customer-facing deployment verification reports that summarize readiness, tested transports, failed assertions, evidence digests, and recommendations.
- Added Kubernetes CronJob guidance and Helm smoke-test evidence settings for private deployments.
- Added tests for scheduled runs, evidence export, verification report success, and follow-up recommendations.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #15.
User stories:
- As a platform owner, I can schedule recurring archive alert smoke tests and retain public-safe evidence.
- As a sales engineer, I can share a deployment verification report with a customer without exposing provider secrets.
- As a customer success owner, I can see whether archive alert routing is ready for pilot handoff.
Enterprise challenge solved:
- Converts one-time smoke tests into repeatable customer-facing deployment verification, reducing rollout risk for paid pilots and self-hosted Enterprise deployments.
Recommended next issue: delivered above as archive alert verification report delivery routing and customer-success handoff automation.
Status: complete for the private Enterprise archive alert smoke-test execution and dashboard assertion slice.
Completed implementation:
- Added provider-specific archive alert smoke-test execution jobs in
Huzefaaa2/cavra-enterprise. - Added synthetic alert dispatch through configured private deployment connectors.
- Added post-delivery dashboard assertions for alert records, delivery records, retry plans, and snapshot counts.
- Added a Kubernetes smoke-test Job example and Helm smoke-test values for private deployments.
- Added private operator documentation for executing smoke tests after readiness passes.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #14.
User stories:
- As a platform owner, I can run one smoke-test job per configured archive alert provider before enabling production recurrence.
- As an operator, I can verify that delivered and failed provider attempts are visible in the archive health dashboard.
- As a compliance owner, I can prove failed smoke-test deliveries have retry plans without exposing provider credentials.
Enterprise challenge solved:
- Turns archive alert deployment readiness into executable deployment verification, reducing silent connector failures before customer pilot or production rollout.
Recommended next issue: delivered above as archive alert smoke-test scheduling, evidence export, and customer-facing deployment verification reports.
Status: complete for the private Enterprise archive alert deployment runbook and smoke-test guidance slice.
Completed implementation:
- Added archive alert deployment runbook helpers in
Huzefaaa2/cavra-enterprise. - Added public-safe readiness packet generation with operator rollout steps and provider smoke-test plans.
- Added Kubernetes deployment examples and Helm values for private archive alert workers.
- Added an operator runbook covering runtime configuration, readiness checks, provider smoke tests, Kubernetes rollout, Helm rollout, and rollback.
- Added tests for required environment variable mapping, provider smoke-test command generation, and readiness summaries.
- Kept provider endpoints, webhook URLs, API tokens, routing keys, account IDs, customer destinations, and tenant-specific metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #13.
User stories:
- As a platform owner, I can deploy archive alert workers from private Kubernetes or Helm examples without committing secrets.
- As an operator, I can run readiness and provider smoke-test guidance before enabling scheduled archive health workers.
- As a security owner, I can verify that alert provider configuration is injected from a secret manager and never printed in evidence.
Enterprise challenge solved:
- Converts production archive alert wiring into repeatable deployment guidance with public-safe readiness output, reducing implementation variance across self-hosted Enterprise and future SaaS deployments.
Recommended next issue: delivered above as archive alert smoke-test execution jobs and post-delivery dashboard assertions.
Status: complete for the private Enterprise archive alert deployment wiring slice.
Completed implementation:
- Added production deployment wiring for archive alert dashboard storage and live alert transports in
Huzefaaa2/cavra-enterprise. - Added public-safe deployment validation for missing runtime configuration.
- Added dashboard backend selection for JSON or managed database persistence.
- Added retry policy and enabled alert transport selection from runtime configuration.
- Added dispatcher, retry planner, dashboard API, and coordinator construction tests.
- Kept endpoint URLs, tokens, routing keys, database credentials, provider secrets, customer destinations, and account metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #12.
User stories:
- As a platform owner, I can wire archive health dashboard storage and live transports from runtime configuration.
- As an operator, I can validate missing deployment inputs before scheduled archive health workers run.
- As a security owner, I can enable only approved alert transports without exposing runtime secrets.
Enterprise challenge solved:
- Turns private archive alert capabilities into deployable production wiring with readiness validation and provider selection.
Recommended next issue: delivered above as archive alert deployment runbooks, Kubernetes/Helm examples, and provider smoke-test guidance.
Status: complete for the private Enterprise managed archive dashboard storage and live alert transport five-step batch.
Completed implementation:
- Added managed database-backed archive health dashboard persistence through the tenant database adapter contract in
Huzefaaa2/cavra-enterprise. - Added a shared dashboard persistence protocol so JSON and managed database storage use the same API surface.
- Added live provider alert transport adapters for Slack, Teams, Splunk HEC, Jira, ServiceNow, and PagerDuty.
- Added webhook/no-token delivery support and runtime-auth provider delivery support for live transport adapters.
- Added tests for managed database dashboard persistence, provider-shaped payloads, webhook delivery, and runtime-auth delivery.
- Kept provider endpoint URLs, routing keys, webhook URLs, API tokens, customer destinations, and account metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #11.
User stories:
- As an operator, I can persist archive health dashboard state through managed database storage instead of local files.
- As a platform owner, I can route archive health alerts to live provider payload formats without committing provider credentials.
- As a compliance owner, I can retain consistent dashboard query and acknowledgement behavior across JSON and database-backed deployments.
Enterprise challenge solved:
- Moves archive health alerting closer to production deployment by adding managed persistence and live provider adapter boundaries while preserving runtime-only credential handling.
Recommended next issue: delivered above as archive alert deployment wiring.
Status: complete for the private Enterprise archive alert transport and dashboard API persistence five-step batch.
Completed implementation:
- Added HTTP alert transport packages for email, ChatOps, SIEM, ITSM, and pager systems in
Huzefaaa2/cavra-enterprise. - Added runtime endpoint validation, auth-provider support, rate-limit retry handling, and public-safe delivery results.
- Added provider-shaped payload adapters for email, ChatOps, SIEM, ITSM, and pager delivery.
- Added JSON-backed archive health dashboard API persistence plus report, alert, delivery, retry, and acknowledgement query helpers.
- Added operator acknowledgement mutation flows and transport/dashboard API tests.
- Kept endpoint URLs, tokens, provider credentials, customer destinations, and account metadata outside public source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. -
git diff --checkin the private repo. - GitHub
testpassed on private PR #10.
User stories:
- As an operator, I can send archive health alerts through private transport packages while retaining public-safe delivery evidence.
- As a compliance owner, I can query persisted dashboard state for unhealthy reports, failed deliveries, retry plans, and acknowledgements.
- As a platform owner, I can use runtime endpoint and authentication configuration without committing delivery credentials.
Enterprise challenge solved:
- Converts archive health alerting from local delivery records into deployment-ready transport and dashboard API workflows that can later plug into managed storage and live provider adapters.
Recommended next issue: delivered above as managed archive dashboard storage and live alert transports.
Status: complete for the private Enterprise archive alert delivery and dashboard persistence five-step batch.
Completed implementation:
- Added alert delivery connector contracts and local delivery validation in
Huzefaaa2/cavra-enterprise. - Added managed delivery boundaries for email, ChatOps, SIEM, ITSM, and pager systems.
- Added archive health dashboard persistence for reports, alerts, deliveries, retry plans, and acknowledgements.
- Added retry planning for failed alert deliveries.
- Added a delivery coordinator to persist worker results, dispatch alerts, and create retry plans.
- Kept alert transport credentials, webhooks, pager tokens, customer channels, SIEM/ITSM destinations, and account metadata outside source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #9.
User stories:
- As an operator, I can send archive health alerts through configured delivery boundaries without exposing transport credentials.
- As a compliance owner, I can see persisted archive health reports, alerts, delivery attempts, retry plans, and acknowledgements.
- As a security owner, I can keep delivery credentials and customer-specific destinations in private deployment packages.
Enterprise challenge solved:
- Turns scheduled archive health alerts into an operational workflow with delivery state, retry planning, acknowledgement records, and dashboard-ready persistence.
Recommended next issue: delivered above as archive alert transport packages and dashboard API persistence.
Status: complete for the private Enterprise scheduled archive health worker and operator alert routing slice.
Completed implementation:
- Added scheduled archive health work items and schedule advancement in
Huzefaaa2/cavra-enterprise. - Added scheduled worker execution for due immutable archive bundle checks.
- Added operator alert route and alert payload models.
- Routed unhealthy archive reports to public-safe operator alert destinations.
- Kept alert transport credentials, customer archive secrets, destination webhooks, pager tokens, and SIEM/ITSM connector secrets outside source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #8.
User stories:
- As an operator, I can schedule recurring archive validation without manually triggering every health check.
- As a compliance owner, I can receive a public-safe alert when archived evidence fails checksum or retention validation.
- As a security owner, I can keep alert delivery credentials and destination secrets in deployment-specific private packages.
Enterprise challenge solved:
- Turns archive health validation into an operational control by adding recurring execution and routeable alert records before delivery connectors and dashboards are introduced.
Recommended next issue: delivered above as archive alert delivery and dashboard persistence.
Status: complete for the private Enterprise cloud object-lock deployment recipe and archive health validation slice.
Completed implementation:
- Added cloud object-lock deployment recipes for AWS S3, Azure Blob, and Google Cloud Storage in
Huzefaaa2/cavra-enterprise. - Added archive health validation for stored audit bundle checksums, retention locks, legal-hold state, byte counts, and manifest presence.
- Extended immutable object storage adapters with read and metadata methods for validation.
- Documented private deployment boundaries and health validation expectations.
- Kept cloud credentials, account IDs, customer archive locations, bucket names, private keys, and provider SDK secrets outside source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #7.
User stories:
- As a platform engineer, I can follow provider-specific object-lock requirements before connecting production archive storage.
- As a compliance owner, I can verify archived evidence objects still match expected checksums and retention metadata.
- As a security owner, I can keep cloud provider credentials and customer archive locations out of source control.
Enterprise challenge solved:
- Bridges immutable archive design and production operations by defining deployable object-lock requirements and a health-check contract before scheduled archive monitoring is introduced.
Recommended next issue: delivered above as scheduled archive health workers and operator alert routing.
Status: complete for the private Enterprise immutable object storage adapter slice.
Completed implementation:
- Added immutable object storage adapter contracts for private audit export bundles in
Huzefaaa2/cavra-enterprise. - Added local filesystem-backed immutable object storage for development and validation.
- Added managed cloud adapter boundaries for AWS S3, Azure Blob, and Google Cloud Storage provider packages.
- Wired
ImmutableAuditExporterto optionally mirrorevents.jsonandmanifest.jsoninto configured object storage. - Added retention and legal-hold metadata to stored object references and local metadata sidecars.
- Kept cloud credentials, customer archive locations, provider account IDs, and object-store secrets outside source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #6.
User stories:
- As a compliance owner, I can mirror audit exports into immutable object storage with retention and legal-hold metadata.
- As a platform engineer, I can validate archive behavior locally before wiring production cloud provider packages.
- As a security owner, I can keep archive credentials and customer storage locations in the deployment secret manager.
Enterprise challenge solved:
- Moves Enterprise audit exports from local retention bundles toward customer-ready immutable archives without exposing cloud-provider credentials or implementation secrets in the public repo.
Recommended next issue: delivered above as cloud object-lock deployment recipes and archive health validation.
Status: complete for the private Enterprise provider authentication and rate-limit handling slice.
Completed implementation:
- Added private connector auth providers for OAuth client credentials, bearer tokens, API keys, and HTTP basic API-token flows in
Huzefaaa2/cavra-enterprise. - Added provider helper factories for Salesforce, HubSpot, Jira, ServiceNow, and Archer runtime auth.
- Added retryable rate-limit handling for provider
429,500,502,503, and504responses. - Added
Retry-Aftersupport with configurable maximum retry delay. - Updated private HTTP handoff workers so explicit auth providers can run without legacy endpoint bearer tokens.
- Kept provider credentials, customer data, token values, and connector secrets outside source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #5.
User stories:
- As an enterprise platform engineer, I can configure provider-specific connector auth from the deployment secret manager.
- As a service owner, I can tolerate provider rate limits and transient service failures without losing handoff work immediately.
- As a security owner, I can verify that connector auth secrets are runtime-only and not committed to source.
Enterprise challenge solved:
- Moves Enterprise connector execution closer to production provider integrations by separating runtime authentication and retry policy from public-safe payload contracts.
Recommended next issue: delivered above as immutable object storage adapters.
Status: complete for the private Enterprise provider-native adapter and audit-retention slice.
Completed implementation:
- Added provider-native handoff payload adapters for Salesforce, HubSpot, Jira, ServiceNow, and Archer in
Huzefaaa2/cavra-enterprise. - Updated private HTTP handoff workers so provider-native adapters can shape payloads while runtime endpoint and token handling remains separate.
- Added immutable audit export bundles with event and manifest checksums.
- Added retention lock timestamps and legal-hold deletion checks.
- Kept provider credentials, customer data, tenant payloads, and storage credentials outside source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #4.
User stories:
- As a sales engineer, I can dispatch handoff work in shapes expected by Salesforce or HubSpot.
- As a service owner, I can dispatch implementation tasks in Jira or ServiceNow format.
- As a compliance owner, I can export audit records with retention metadata and legal-hold controls.
Enterprise challenge solved:
- Moves Enterprise handoff from generic HTTP task delivery toward customer-selected operational systems, and adds retention-ready audit exports for regulated pilots.
Recommended next issue: delivered above as provider-specific authentication and rate-limit handling.
Status: complete for the next five private Enterprise MVP slices.
Completed implementation:
- Added managed tenant database configuration and adapter contracts in
Huzefaaa2/cavra-enterprise. - Added private schema migration metadata for pilot-intake storage.
- Added a private CRM HTTP handoff worker.
- Added private ITSM and GRC HTTP handoff workers.
- Added private customer-success and tenant-management HTTP handoff workers.
- Kept all database credentials, connector tokens, and customer payloads outside source control.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #3.
User stories:
- As an Enterprise operator, I can configure tenant storage through a managed database adapter contract.
- As a delivery owner, I can dispatch pilot handoff tasks to CRM, ITSM, GRC, customer success, and tenant-management endpoints.
- As a security reviewer, I can verify that connector workers require runtime endpoint/token configuration and HTTPS by default.
Enterprise challenge solved:
- Turns the public-safe pilot handoff plan into private operational execution paths while preserving source, credential, and customer-data boundaries.
Recommended next issue: delivered above as provider-native adapters and immutable audit export/retention enforcement.
Status: complete for the private Enterprise KMS-style envelope encryption slice.
Completed implementation:
- Added private
EnvelopeEncryptedPayloadCodecandEnvelopeKeyProvidercontracts inHuzefaaa2/cavra-enterprise. - Added per-record data-key encryption for private pilot-intake payloads.
- Added wrapped data-key metadata and local development wrapping provider support with caller-supplied key material.
- Bound private payload decrypt operations to tenant and intake context.
- Updated the private pilot-intake store to support envelope encryption while preserving direct encryption compatibility.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #2.
User stories:
- As an Enterprise security architect, I can separate payload encryption from key-wrapping ownership.
- As a SaaS operator, I can plug in customer-managed or SaaS-managed KMS providers without changing pilot-intake storage semantics.
- As an auditor, I can verify that decrypt operations are tenant and record-context bound.
Enterprise challenge solved:
- Moves private pilot storage toward customer/SaaS-managed key custody while keeping key material and KMS adapters out of the public Community repository.
Recommended next issue: delivered above as managed tenant storage and connector handoff workers.
Status: complete for the private Enterprise SSO claim-binding slice.
Completed implementation:
- Added private
cavra_enterprise.identityclaim-binding helpers inHuzefaaa2/cavra-enterprise. - Added configurable mappings for subject, tenant, email, roles, groups, issuer, and audience claims.
- Added group-to-role mapping for Enterprise pilot roles.
- Added guardrails for missing required claims, tenant mismatch, issuer mismatch, and audience mismatch.
- Added tests proving bound SSO claims can authorize tenant-scoped pilot intake updates.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed on private PR #1.
User stories:
- As an Enterprise administrator, I can map IdP claims into CAVRA tenant and role claims.
- As a security reviewer, I can require tenant, issuer, and audience alignment before private record mutation.
- As a pilot owner, I can use SSO-derived roles and groups instead of local-only test claims.
Enterprise challenge solved:
- Moves private pilot authorization from local test claims toward production IdP integration without putting IdP secrets, token verification internals, or private identity gateway code in the public Community repository.
Recommended next issue: delivered above as private Enterprise envelope encryption.
Status: complete for the first private Enterprise MVP bootstrap slice.
Completed implementation:
- Created private repository
Huzefaaa2/cavra-enterprise. - Added the private
cavra_enterprisepackage scaffold. - Added tenant-scoped encrypted pilot-intake storage, authenticated update authorization, audit events, and connector handoff dispatcher interfaces.
- Added private CI and tests for encryption, cross-tenant authorization blocking, audit events, and connector dispatch behavior.
- Updated public documentation without copying private source into the Community repository.
Validation:
-
.venv/bin/python -m ruff check src testsin the private repo. -
.venv/bin/python -m pytest -qin the private repo. - GitHub
enterprise-cipassed onmain.
Repository hardening:
- Dependabot vulnerability alerts are enabled.
- Squash-only merge policy and delete-branch-on-merge are enabled.
- Branch protection and secret scanning are blocked by the current GitHub plan for private repositories and should be enabled when the plan supports them.
User stories:
- As an enterprise platform owner, I can keep customer pilot intake records in a private tenant-scoped store.
- As a security reviewer, I can verify that private payloads are encrypted at rest and tenant updates require authenticated claims.
- As a delivery owner, I can route public-safe handoff plans to private connector workers without exposing connector credentials in Community code.
Enterprise challenge solved:
- Starts the commercial Enterprise implementation path while preserving the public/private source boundary required by the open-core model.
Recommended next issue: delivered above as private Enterprise SSO claim binding.
Status: complete for the current public-safe private persistence and connector handoff contract slice.
Completed implementation:
- Added
POST /pilot-intakes/{intake_id}/private-handoff-plan. - Added tenant persistence, authorization, encrypted storage, and private connector task contracts.
- Added handoff task providers for CRM, ITSM, GRC, SaaS tenant, Enterprise repository, customer success, and security review workflows.
- Added tests proving the handoff plan contains no connector credentials, customer payloads, license material, or Community-side mutation.
- Updated README, enterprise docs, roadmap, feature inventory, productization report, and wiki documentation.
Validation:
node --check apps/sandbox-ui/config.jsnode --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh && git diff --checkpython3 -m ruff check src testspython3 -m pytest -q
User stories:
- As a sales engineer, I can convert a saved pilot intake into a private implementation handoff plan.
- As a SaaS architect, I can see the tenant isolation, authorization, and encrypted storage controls that private services must implement.
- As a security reviewer, I can verify that Community code only emits public-safe task intent and does not mutate private customer systems.
Enterprise challenge solved:
- Bridges public pilot readiness into private Enterprise/SaaS implementation planning without leaking customer data, connector credentials, commercial workflow logic, or tenant service code.
Recommended next issue: delivered above as the private Enterprise repository bootstrap.
Status: complete for the current public-safe pilot intake API scaffold and Evidence Console save integration.
Completed implementation:
- Added pilot intake normalization, readiness scoring, sensitive-field rejection, and JSON persistence in
src/cavra/pilot_intake.py. - Added
POST /pilot-intakes,GET /pilot-intakes,GET /pilot-intakes/{intake_id}, andGET /pilot-intakes/{intake_id}/readiness. - Added
CAVRA_PILOT_INTAKE_STOREfor self-hosted/local persistence. - Added Evidence Console save action for configured CAVRA API deployments and local-only messaging for hosted public demo mode.
- Added API/docs coverage for open-core storage boundaries.
Validation:
node --check apps/sandbox-ui/config.jsnode --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh && git diff --checkpython3 -m ruff check src testspython3 -m pytest -q
User stories:
- As a sales engineer, I can save a pilot intake snapshot into a configured CAVRA API during a self-hosted demo.
- As a platform owner, I can retrieve pilot intake readiness and see which areas still need input.
- As a security architect, I can rely on the public scaffold rejecting obvious secret-bearing fields before persistence.
Enterprise challenge solved:
- Turns buyer readiness into a structured API object that can later move into private tenant storage without placing customer records or commercial implementation logic in the public Community repository.
Recommended next issue: delivered above as the public-safe private handoff plan.
Status: complete for the current public Evidence Console pilot readiness panel slice.
Completed implementation:
- Added a Production Pilot Readiness panel to the Evidence Console.
- Added downloadable pilot intake template access from the hosted sandbox artifact.
- Added readiness cards for repository, agent, CI/CD, connector, SSO/RBAC, and retention scope.
- Added a buyer checklist that turns pilot intake fields into operational next steps.
- Added Enterprise/SaaS handoff links and a public-safe readiness evidence summary.
- Updated README, enterprise pilot intake documentation, demo README, roadmap, feature inventory, productization report, GitHub Pages artifact packaging, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.jsnode --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh && git diff --checkpython3 -m ruff check src testspython3 -m pytest -q
User stories:
- As a customer evaluator, I can see whether trial-to-pilot prerequisites are ready from the public Evidence Console.
- As a sales engineer, I can download the pilot intake template and link the customer to handoff guidance during a demo.
- As a platform owner, I can understand which private Enterprise or SaaS setup details must be captured outside the public Community repository.
Enterprise challenge solved:
- Converts a static pilot intake template into a buyer-facing readiness experience while preserving the open-core boundary for customer data, private connectors, production identities, and commercial implementation.
Recommended next issue: delivered above as the public-safe pilot intake API and persistence scaffold.
Status: complete for the current production pilot intake, readiness checklist, and Enterprise/SaaS handoff slice.
Completed implementation:
- Added production pilot intake worksheets for repository, agent, CI/CD, connector, identity, retention, and pilot exit decisions.
- Added pilot readiness checklists for repository/agent, CI/CD, connector, SSO/RBAC, retention/audit, and commercial handoff readiness.
- Added Enterprise and SaaS handoff guidance with deployment path decision criteria and responsibility boundaries.
- Added a synthetic public-safe pilot intake template at
examples/demos/final-closeout-trial/pilot-intake-template.json. - Added
docs/diagrams/final-closeout-production-pilot-intake.svg. - Updated README, enterprise trial docs, demo README, feature inventory, productization report, roadmap, wiki navigation, and diagram indexes.
Validation:
python3 -m json.tool examples/demos/final-closeout-trial/pilot-intake-template.jsonpython3 -m json.tool examples/demos/final-closeout-trial/sample-evidence-package.jsonbash scripts/validate-boundaries.sh && git diff --checknode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jspython3 -m ruff check src testspython3 -m pytest -q
User stories:
- As a sales engineer, I can convert a successful trial into a scoped production pilot intake.
- As a customer platform owner, I can document repositories, agents, CI/CD, connectors, identity, and retention prerequisites before implementation.
- As a commercial owner, I can select self-hosted Enterprise, SaaS, or hybrid handoff without exposing private implementation in the public repository.
Enterprise challenge solved:
- Turns final closeout trial interest into a structured paid-pilot readiness package while preserving public/private boundaries for Enterprise source, secrets, customer templates, and production evidence.
Recommended next issue: delivered above as the Evidence Console production pilot readiness panel.
Status: complete for the current interactive public sandbox and Evidence Console onboarding slice.
Completed implementation:
- Added a final closeout scenario selector to the public sandbox hero.
- Added a final closeout trial run path that renders synthetic release-governance events, CAVRA decisions, and public-safe evidence JSON.
- Added release-criteria summary cards for release decision, closeout state, retention approval, and retry posture.
- Added Evidence Console docs links for the walkthrough, sample evidence guide, sales-engineering demo script, and release criteria.
- Added the final closeout trial sample evidence package to the GitHub Pages artifact and smoke test.
- Added final closeout trial evidence metadata to the sample Evidence Search flow.
- Updated README, sandbox docs, feature inventory, productization report, roadmap, wiki navigation, and release notes.
Validation:
python3 -m json.tool examples/demos/final-closeout-trial/sample-evidence-package.jsonbash scripts/validate-boundaries.sh && git diff --checknode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jspython3 -m ruff check src testspython3 -m pytest -q
User stories:
- As a customer evaluator, I can select the final closeout trial scenario and inspect the evidence chain without installing Enterprise code.
- As a sales engineer, I can use the hosted Evidence Console to show release criteria and onboarding docs during a demo.
- As a platform owner, I can download the synthetic sample evidence package from the public sandbox.
Enterprise challenge solved:
- Turns static final closeout onboarding assets into an interactive public product experience that shortens evaluation while keeping Enterprise implementation, secrets, and customer material out of the public repository.
Recommended next issue: delivered above as the final closeout production pilot intake package.
Status: complete for the current customer onboarding, sample evidence, and sales-engineering enablement slice.
Completed implementation:
- Added a final closeout trial walkthrough for customer evaluators.
- Added a public-safe synthetic final closeout sample evidence package under
examples/demos/final-closeout-trial/. - Added a sample evidence guide and sales-engineering demo script.
- Added
docs/diagrams/final-closeout-trial-onboarding.svg. - Updated README, demo scenarios, enterprise trial docs, feature inventory, productization report, roadmap, wiki navigation, and diagram indexes.
Validation:
python3 -m json.tool examples/demos/final-closeout-trial/sample-evidence-package.jsonbash scripts/validate-boundaries.sh && git diff --checkpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jspython3 -m pytest -q
User stories:
- As a customer evaluator, I can follow a guided final closeout trial with synthetic evidence.
- As a sales engineer, I can explain the final closeout value proposition and upgrade path consistently.
- As a security architect, I can verify that the onboarding package does not expose Enterprise source code, connector credentials, signing keys, or customer material.
Enterprise challenge solved:
- Converts the final closeout workflow into a repeatable buyer evaluation package that supports adoption while keeping Community and Enterprise responsibilities explicit.
Recommended next issue: delivered above as the interactive final closeout public sandbox flow.
Status: complete for the current operator guidance, release criteria, and customer trial documentation slice.
Completed implementation:
- Added release-governance final closeout operator guidance with runbook checklists, role responsibilities, retained evidence, escalation rules, and open-core boundaries.
- Added final closeout release criteria for Community release governance, Enterprise trial demonstrations, and future SaaS onboarding.
- Added customer-facing final closeout trial guidance that explains Community metadata, Enterprise/SaaS enforcement boundaries, and public-safe trial success criteria.
- Added
docs/diagrams/release-governance-final-closeout-operator-guide.svg. - Updated
docs/enterprise/trial.md, README, feature inventory, productization report, roadmap, wiki navigation, and diagram indexes.
Validation:
bash scripts/validate-boundaries.sh && git diff --checkpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jspython3 -m pytest -q
User stories:
- As a release manager, I can follow a final closeout runbook before accepting release governance evidence.
- As an auditor, I can evaluate final closeout release criteria without receiving private connector credentials or archive secrets.
- As a trial owner, I can explain what Community demonstrates and what Enterprise or SaaS enforces.
Enterprise challenge solved:
- Turns the completed final closeout workflow into an adoption-ready, auditable operating package while preserving the open-core boundary between public metadata and private enforcement.
Recommended next issue: delivered above as final closeout trial onboarding assets.
Status: complete for the current retention health, alert, and closeout retry slice.
Completed implementation:
- Added final closeout retention health reports for retained artifact bundles, retention approval state, expiry windows, and failed closeout deliveries.
- Added closeout retention health alert plans and redacted connector delivery metadata.
- Added final closeout delivery retry plans, retry worker runs, and retry execution records.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-closeout-retention-health. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-closeout-retention-health-alerts/deliver. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-release-closeout-summary/delivery-retry-plan. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-release-closeout-summary/delivery-retry-worker-run. - Added Evidence Console controls for Retention Health, Send Retention Alert, Plan Closeout Retry, and Run Closeout Retry.
- Added
docs/go-backend-rollback-drill-final-closeout-health-retry.md,docs/wiki/Go-Backend-Rollback-Drill-Final-Closeout-Health-Retry.md, anddocs/diagrams/go-backend-rollback-drill-final-closeout-health-retry.svg. - Updated README, API docs, feature inventory, productization report, diagrams, roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can see whether final closeout evidence remains inside the approved retention posture.
- As an auditor, I can review public-safe health findings for retained closeout bundles.
- As a platform operator, I can plan and dry-run retries for failed final closeout deliveries.
Enterprise challenge solved:
- Prevents final closeout evidence from silently expiring or failing delivery while preserving private retention enforcement, archive mutations, and connector secrets outside Community Edition.
Recommended next issue: delivered above as release-governance final closeout operator guidance, release criteria, and trial documentation.
Status: complete for the current closeout delivery, retention review, and artifact bundle slice.
Completed implementation:
- Added final closeout summary delivery events and connector delivery metadata.
- Added retention review request records and retention approval decisions.
- Added downloadable JSON closeout artifact bundles with summary, readiness bundle, signed manifest, file hashes, and public evidence refs.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-release-closeout-summary/deliver. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-closeout-retention-review. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-closeout-retention-review/{review_id}/decisions. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-closeout-artifact-bundle. - Added Evidence Console controls for Deliver Closeout, Retention Review, Approve Retention, and Download Closeout Bundle.
- Added
docs/go-backend-rollback-drill-final-closeout-delivery-retention.md,docs/wiki/Go-Backend-Rollback-Drill-Final-Closeout-Delivery-Retention.md, anddocs/diagrams/go-backend-rollback-drill-final-closeout-delivery-retention.svg. - Updated README, API docs, feature inventory, productization report, diagrams, roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can deliver closeout evidence to audit or GRC destinations.
- As an auditor, I can download one public-safe closeout bundle for review.
- As a platform owner, I can prove retention review approval without exposing private archive systems.
Enterprise challenge solved:
- Gives regulated teams a public-safe closeout delivery and download workflow while keeping retention enforcement, archive writes, signing keys, and connector secrets in Enterprise or operator-owned systems.
Recommended next issue: delivered above as final closeout retention health and retry automation.
Status: complete for the current final reporting readiness bundle and release closeout slice.
Completed implementation:
- Added hash-addressed final reporting readiness bundles with readiness, approval, packet verification, auditor export, retry execution, archive reference, archive health, and alert acknowledgement evidence.
- Added signed archive manifest records that attach external signature metadata without storing private signing keys in Community Edition.
- Added release closeout summaries that report closed/open state, blockers, signed manifest posture, archive object coverage, and public evidence refs.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-readiness-bundle. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-signed-archive-manifest. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-release-closeout-summary. - Added Evidence Console controls for Readiness Bundle, Sign Archive Manifest, and Closeout Summary.
- Added
docs/go-backend-rollback-drill-final-readiness-bundle-closeout.md,docs/wiki/Go-Backend-Rollback-Drill-Final-Readiness-Bundle-Closeout.md, anddocs/diagrams/go-backend-rollback-drill-final-readiness-bundle-closeout.svg. - Updated README, API docs, feature inventory, productization report, diagrams, roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can build one final reporting bundle before closing a promoted Go backend rollback drill.
- As an auditor, I can verify archive custody through a manifest hash and external signature reference without receiving private keys.
- As a platform owner, I can see whether final reporting is closed and which blockers remain.
Enterprise challenge solved:
- Converts final rollback drill reporting into a public-safe closeout artifact chain while preserving private signing, archive write, GRC delivery, and retention workflows for Enterprise or operator-owned systems.
Recommended next issue: add final closeout bundle delivery workflow with retention review approvals and downloadable closeout artifact bundles.
Status: complete for the current auditor export retry worker and archive health alert acknowledgement slice.
Completed implementation:
- Added final auditor export delivery retry worker runs with dry-run default and explicit live execution records.
- Added final archive reference health alert delivery plans and connector delivery metadata.
- Added archive health alert acknowledgement, history, and dashboard APIs.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-auditor-export/delivery-retry-worker-run. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-archive-reference-health-alerts/deliver. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-archive-reference-health-alerts/{health_id}/acknowledgements. - Added Evidence Console controls for Run Auditor Retry, Send Archive Alert, and Ack Archive Alert.
- Added
docs/go-backend-rollback-drill-auditor-export-retry-worker-archive-alert-acks.md,docs/wiki/Go-Backend-Rollback-Drill-Auditor-Export-Retry-Worker-Archive-Alert-Acks.md, anddocs/diagrams/go-backend-rollback-drill-auditor-export-retry-worker-archive-alert-acks.svg. - Updated README, API docs, feature inventory, productization report, diagrams, roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can execute a governed retry worker for failed final auditor export deliveries.
- As an auditor, I can verify archive custody alerts were delivered and acknowledged.
- As a platform owner, I can prove final reporting retry and archive alert review without exposing connector secrets.
Enterprise challenge solved:
- Closes the public-safe final reporting evidence loop for auditor export redelivery and archive custody alert acknowledgement while preserving the private Enterprise boundary for connector and archive implementations.
Recommended next issue: add final reporting readiness bundle export with signed archive manifest and release closeout summary.
Status: complete for the current auditor export retry planning and archive health slice.
Completed implementation:
- Added final auditor export delivery retry plans using redacted connector delivery metadata.
- Added archive reference health reports for verified final auditor exports.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-auditor-export/delivery-retry-plan. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-archive-reference-health. - Added Evidence Console controls for Plan Auditor Retry and Archive Health.
- Added dashboard metrics for auditor retry plans, retryable auditor deliveries, archive health reports, and archive health alerts.
- Added
docs/go-backend-rollback-drill-auditor-export-retry-archive-health.md,docs/wiki/Go-Backend-Rollback-Drill-Auditor-Export-Retry-Archive-Health.md, anddocs/diagrams/go-backend-rollback-drill-auditor-export-retry-archive-health.svg. - Updated README, API docs, feature inventory, productization report, diagrams, roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can see which failed final auditor export deliveries are safe to retry.
- As an auditor, I can verify whether final auditor exports have immutable archive custody references.
- As a platform owner, I can find archive custody gaps without exposing storage credentials, connector secrets, private endpoints, or customer payloads.
Enterprise challenge solved:
- Makes final auditor delivery retry posture and archive completeness measurable in Community Edition while preserving the private Enterprise boundary for connector redelivery and archive write operations.
Recommended next issue: add final auditor export retry worker execution records and archive health alert delivery acknowledgements.
Status: complete for the current final auditor export delivery and archive reference slice.
Completed implementation:
- Added final reporting auditor export delivery events and redacted connector delivery metadata.
- Added immutable archive reference objects and metadata for verified final reporting auditor exports.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-auditor-export/deliver. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-immutable-archive-reference. - Added Evidence Console controls for Deliver Auditor and Archive Ref.
- Added dashboard metrics for auditor export deliveries, failed auditor export deliveries, and archive references.
- Added
docs/go-backend-rollback-drill-auditor-export-routing-archive.md,docs/wiki/Go-Backend-Rollback-Drill-Auditor-Export-Routing-Archive.md, anddocs/diagrams/go-backend-rollback-drill-auditor-export-routing-archive.svg. - Updated README, API docs, feature inventory, productization report, diagrams, roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can route the verified rollback drill auditor packet to a release or audit destination.
- As an auditor, I can see the exported evidence packet and immutable archive reference in one searchable evidence history.
- As a platform owner, I can prove delivery and archive custody without exposing connector secrets, archive credentials, private endpoints, or customer payloads.
Enterprise challenge solved:
- Turns final rollback drill auditor export delivery and archive custody into governed public-safe metadata while preserving the private Enterprise boundary for authenticated connector and archive implementations.
Recommended next issue: add auditor export delivery retry planning, archive reference verification health checks, and Evidence Console drill-downs for archive custody gaps.
Status: complete for the current Community Edition readiness-report slice.
Completed implementation:
- Added the AI agent enforcement and anti-bypass model to README, docs, and wiki.
- Added
cavra agent enforcement-readinessfor local repository enforcement inspection. - Added
GET /agents/enforcement-readinessfor console/API visibility. - Added optional provider settings input through
--settingsandCAVRA_AGENT_ENFORCEMENT_SETTINGS. - Added checks for
cavra-required-check, evidence artifacts, agent manifests, PR templates, CODEOWNERS, branch protection expectations, required checks, security checks, and risky workflow permissions.
Validation:
python3 -m pytest tests/test_agent_enforcement.py tests/test_cli.py::test_agent_enforcement_readiness_cli_reports_schema tests/test_api.py::test_api_agent_enforcement_readiness -qpython3 -m ruff check src/cavra/agent_enforcement.py src/cavra/cli.py src/cavra/api.py tests/test_agent_enforcement.py tests/test_cli.py tests/test_api.py
User stories:
- As a platform owner, I can prove whether an AI-agent repository has the enforcement files and external branch controls CAVRA expects.
- As a security architect, I can see when required checks, branch protection, or workflow permissions create bypass risk.
- As an auditor, I can export a public-safe readiness report without exposing repository tokens or private provider secrets.
Enterprise challenge solved:
- Turns the anti-bypass methodology into an inspectable control, making CAVRA easier to adopt in regulated repositories before centralized Enterprise enforcement exists.
Recommended next issue: delivered below as recovery health alert retry worker execution and executive retry health alert delivery.
Phase 7 Go Backend Rollback Drill Recovery Health Alert Retry Worker And Executive Retry Health Alerts
Status: complete for the current recovery health alert retry worker and executive retry health alert delivery slice.
Completed implementation:
- Added recovery escalation retry health alert delivery retry worker runs with dry-run defaults and explicit live execution.
- Added recovery escalation retry health alert delivery retry execution records with delivery status, retry plan linkage, health ID linkage, and public evidence refs.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/retry-health-alerts/retry-worker-run. - Added executive report delivery retry health alert plans, events, acknowledgements, history filters, and dashboard summaries.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/delivery-retry-health-alerts/deliver. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/delivery-retry-health-alerts/{health_id}/acknowledgements. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/delivery-retry-health-alerts. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/delivery-retry-health-alert-dashboard. - Added Evidence Console controls for Run Health Alert Retry and Send Exec Health Alert.
- Added dashboard metrics for recovery health alert retry worker runs, retry execution records, executive retry health alert plans, acknowledgements, deliveries, and failed deliveries.
- Added
docs/go-backend-rollback-drill-recovery-health-alert-retry-worker-and-executive-retry-health-alerts.md,docs/wiki/Go-Backend-Rollback-Drill-Recovery-Health-Alert-Retry-Worker-And-Executive-Retry-Health-Alerts.md, anddocs/diagrams/go-backend-rollback-drill-recovery-health-alert-retry-worker-and-executive-retry-health-alerts.svg. - Updated README, API docs, feature inventory, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -q- Full validation is run before merge for every phase.
User stories:
- As a release manager, I can execute a governed retry for failed recovery health alert delivery.
- As an executive stakeholder, I can receive a concise alert when executive report delivery retry health is degraded.
- As an auditor, I can trace retry worker run, connector delivery, execution record, alert plan, and acknowledgement evidence.
- As a platform owner, I can keep health alert retry and executive reporting loops observable without exposing private connector configuration.
Enterprise challenge solved:
- Completes the public-safe delivery loop for recovery health alert reliability and executive retry health escalation.
- Makes the final rollback drill reporting path auditable without placing connector secrets, customer payloads, or private enterprise code in the Community repository.
Recommended next issue: delivered below as executive health alert retry and final closure.
Status: complete for the current executive health alert retry and closure dashboard slice.
Completed implementation:
- Added executive retry health alert delivery retry plans with retry, wait, and suppress decisions.
- Added executive retry health alert retry worker runs with dry-run defaults and explicit live execution.
- Added execution records for live executive health alert redelivery attempts.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/delivery-retry-health-alerts/retry-plan. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/delivery-retry-health-alerts/retry-worker-run. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-closure-dashboard. - Added Evidence Console controls for Plan Exec Alert Retry, Run Exec Alert Retry, and Final Closure.
- Added dashboard metrics for executive health alert retry plans, retryable count, retry worker runs, execution records, successes, and failures.
- Added
docs/go-backend-rollback-drill-executive-health-alert-retry-and-final-closure.md,docs/wiki/Go-Backend-Rollback-Drill-Executive-Health-Alert-Retry-And-Final-Closure.md, anddocs/diagrams/go-backend-rollback-drill-executive-health-alert-retry-final-closure.svg. - Updated README, API docs, feature inventory, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can retry failed executive retry health alert delivery with explicit worker evidence.
- As an auditor, I can verify whether rollback drill reporting is closed or still has open reporting risks.
- As a platform owner, I can see failed executive alert delivery, retry execution, and acknowledgement gaps in one closure dashboard.
Enterprise challenge solved:
- Makes the last mile of executive rollback drill reporting governed and auditable without exposing connector secrets, customer payloads, or private enterprise code.
Recommended next issue: delivered below as final readiness and operator runbook export.
Status: complete for the current final readiness and operator runbook export slice.
Completed implementation:
- Added final reporting release-readiness summaries with pass/fail checks, release decision, open item counts, and public-safe evidence counts.
- Added final reporting operator runbook exports with Markdown content and private-boundary instructions.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-release-readiness. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-operator-runbook-export. - Added Evidence Console controls for Release Readiness and Export Runbook.
- Added dashboard metrics for readiness summary count, release-ready count, and operator runbook export count.
- Added
docs/go-backend-rollback-drill-final-readiness-runbook-export.md,docs/wiki/Go-Backend-Rollback-Drill-Final-Readiness-Runbook-Export.md, anddocs/diagrams/go-backend-rollback-drill-final-readiness-runbook-export.svg. - Updated README, API docs, feature inventory, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can see whether final rollback drill reporting is ready for release closure.
- As an auditor, I can inspect the checks and evidence counts used to hold or approve release closure.
- As an operator, I can export a public-safe runbook that explains what evidence to attach and what actions remain private.
Enterprise challenge solved:
- Turns the final rollback drill reporting loop into a repeatable release gate with exportable operator instructions while keeping secrets and enterprise automation outside the public Community repository.
Recommended next issue: delivered below as readiness approval and release record attachment.
Status: complete for the current readiness approval and release record attachment slice.
Completed implementation:
- Added final reporting release-readiness approval decisions with blocked-readiness override controls.
- Added final reporting release record attachment evidence bound to approved readiness decisions.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-release-readiness/{summary_id}/approval-decisions. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-release-record-attachment. - Added Evidence Console controls for Approve Readiness and Attach Release Record.
- Added dashboard metrics for final readiness approval count, approved count, and release record attachment count.
- Added
docs/go-backend-rollback-drill-readiness-approval-release-record.md,docs/wiki/Go-Backend-Rollback-Drill-Readiness-Approval-Release-Record.md, anddocs/diagrams/go-backend-rollback-drill-readiness-approval-release-record.svg. - Updated README, API docs, feature inventory, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can approve final readiness with explicit governance evidence.
- As an auditor, I can trace which readiness summary was approved and which release record received the evidence package.
- As an operator, I can capture release record attachment evidence without exposing connector credentials or customer payloads.
Enterprise challenge solved:
- Bridges final readiness, approval, and release-record evidence while preserving the Community/Enterprise boundary for private release-system automation.
Recommended next issue: delivered below as closure packet verification and auditor export.
Status: complete for the current closure packet verification and auditor export slice.
Completed implementation:
- Added final reporting release closure packet verification for attached rollback drill release records.
- Added public-safe final reporting auditor exports with Markdown and JSON evidence indexes.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-release-closure-packet-verification. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/final-reporting-auditor-export. - Added Evidence Console controls for Verify Packet and Auditor Export.
- Added dashboard metrics for closure packet verification count, verified packet count, and auditor export count.
- Added
docs/go-backend-rollback-drill-closure-packet-auditor-export.md,docs/wiki/Go-Backend-Rollback-Drill-Closure-Packet-Auditor-Export.md, anddocs/diagrams/go-backend-rollback-drill-closure-packet-auditor-export.svg. - Updated README, API docs, feature inventory, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can verify that final rollback drill release evidence is complete before closing a release.
- As an auditor, I can receive one public-safe export containing the readiness, approval, runbook, verification, and evidence index.
- As a platform operator, I can generate auditor material without exposing connector credentials, customer payloads, or private workflow automation.
Enterprise challenge solved:
- Turns scattered release evidence into a repeatable closure packet and auditor export while preserving the Community/Enterprise boundary for private delivery and archive systems.
Recommended next issue: add final reporting release closure packet SIEM/GRC delivery routing and immutable archive references.
Status: complete.
Completed:
- CAVRA identity and README.
- Python package rename to
cavra. - CLI command
cavra. - MCP command
cavra-mcp-server. - Claude Code setup command
cavra init claude-code. - Runtime decisions for file, command, Git, MCP, and PR attestation.
- Regulated policy packs.
- FastAPI app contract.
- Before the Agent Acts sandbox.
- Docker image and Compose validation.
- Enterprise docs and wiki-ready pages.
Validation:
-
python3 -m pytest -qpassed. - Docker image build passed.
- Docker CLI and MCP commands passed.
- Docker Compose API and sandbox startup passed.
- Brand validation passed.
Phase 2: Policy Engine Hardening.
Status: complete.
Completed:
- Strict JSON Schema validation for CAVRA policy packs.
- Policy inheritance through
metadata.inherits. - Normalized compiled policy output.
- Semantic policy diff output.
- Policy signature metadata.
- Policy verification with tamper detection.
- Tests for validation, inheritance, diff, and signatures.
Phase 3: Evidence Hub and Attestation.
Status: complete for the current production-readiness slice.
Completed:
- Evidence bundle manifest generation.
- Bundle checksums.
- Optional HMAC manifest signature.
- PR attestation output.
- Compliance mapping output.
- SIEM event output.
- Evidence verification command.
- Splunk HEC, Microsoft Sentinel, Datadog, and generic webhook SIEM export payloads.
- S3 Object Lock and Azure immutable blob immutable storage reference plans.
- AWS S3 Object Lock and Azure Blob immutability deployment references.
- Ed25519 evidence manifest signatures and key generation.
- Evidence retention policy artifacts and minimum-retention verification.
- Evidence metadata indexing and API persistence.
- More elaborate C4 container diagram for enterprise architecture review.
- Evidence key IDs, trust-root verification, and rotation guidance.
- SQLite-backed evidence metadata search with filters and pagination.
- PR attestation verification reports.
- Hosted evidence console views for search and PR attestation verification.
- Initial SQLite migration for evidence metadata.
- Console API wiring for same-origin and cross-origin deployments.
- JSON and SQLite evidence search filter/pagination parity.
- Idempotent SQLite migration automation with
cavra evidence migrate. - Trust-root bundle generation and enterprise distribution guidance.
Recommended next issue: continue Phase 5 with SQLite registry migrations, console registry views, predefined agent capability profiles, and MCP tool classification. Evidence artifact retrieval is now delivered in Phase 6.
Status: in progress.
Completed:
- Approval request model and JSON persistence.
- API approval queue with list, create, fetch, approve, deny, expire, attach-decision, and break-glass endpoints.
- CLI approval queue with create, list, approve, deny, expire, and break-glass commands.
- Mandatory reason, actor, approver group, expiry, and optional external reference for break-glass overrides.
- Approval outcome linkage into evidence metadata and PR attestations.
- Default approver group routing policies.
- SQLite approval persistence and migration.
- Slack, Teams, Jira, ServiceNow, and webhook reference payload exports.
- Console approval queue view.
- Repository-specific JSON/YAML routing configuration.
- Claims-based approval authorization for local OIDC-style actor claims.
- Signed OIDC/JWKS token validation with issuer, audience, expiry, and not-before checks.
- Repository RBAC policy files with group mappings and repository-scoped approval permissions.
- Credential-free Slack, Teams, Jira, ServiceNow, and webhook request specs.
- Secret-backed live provider delivery with retry, timeout, and redacted delivery evidence.
- Console approval actions for approve, deny, and expire.
- Console break-glass creation.
- Approval audit detail views for lifecycle history, evidence references, decision context, and external references.
Recommended next issue: start Phase 5 with agent registry models/API, MCP server trust tiers, capability metadata, approval state, last-seen metadata, and registry-backed runtime decisions. Evidence artifact retrieval is now delivered in Phase 6.
Status: complete for the current production-readiness slice.
Completed:
- JSON-backed registry store for governed AI-agent identities.
- Agent records with ID, type, vendor, version, capabilities, scopes, allowed repositories, allowed tools, risk tier, owner, status, last seen, and evidence references.
- MCP server trust records with server ID, trust tier, capabilities, owner, approval state, approved tools, last seen, and evidence references.
- CLI commands for registering and listing agents and MCP servers.
- API endpoints for
/agents,/agents/{agent_id},/mcp/servers,/mcp/servers/{server_id}, and/mcp/trust. - Registry-backed MCP runtime decisions for approved, unknown, blocked, pending, and out-of-scope MCP tool calls.
- Unknown MCP server default-deny behavior covered by tests.
- SQLite registry persistence and migration.
- Predefined agent capability profiles for Claude Code, Codex, Copilot, Cursor, Gemini CLI, and AWS Q Developer.
- MCP tool classification for filesystem, shell, network, database, SaaS, cloud, and repository capabilities.
- Console registry views for agent identities, MCP trust records, profiles, and classifications.
Recommended next issue: start Phase 6 with durable session and decision persistence, console session/decision views, API filters, and governed evidence artifact retrieval.
Status: started.
Completed:
- JSON activity store for runtime sessions and decisions.
- SQLite activity store and migration.
-
POST /decisionspersistence with automatic session summary updates. -
GET /decisionsfilters for session, agent, repository, policy pack, outcome, severity, and action type. -
GET /sessionsfilters for agent, repository, policy pack, and state. - Console Activity Explorer for persisted sessions and decisions.
- JSON and SQLite repository inventory stores.
- JSON and SQLite policy rollout stores.
- SQLite migration
005_repository_policy_rollout.sql. -
GETandPOSTrepository inventory API endpoints with provider, owner, policy pack, status, and risk-tier filters. -
GETandPOSTpolicy rollout API endpoints with repository, policy pack, state, mode, and owner filters. - Console repository inventory and policy rollout views.
-
cavra ops storesfor persistent API store status. -
cavra ops backupfor checksum-backed JSON and SQLite store backups. -
cavra ops restorefor checksum-validated restore to test or live paths. -
cavra ops retention-planfor JSON and Markdown retention-control artifacts. - Read-only
/operations/storesand/operations/retention-planAPI endpoints. - JSON and SQLite integration inventory stores.
- SQLite migration
006_integrations_inventory.sql. -
GETandPOSTintegration inventory API endpoints with provider, category, status, owner, environment, and health filters. - Console Enterprise Integrations inventory view.
- Policy rollout detail API and console drill-downs.
- Read-only
/console/security-boundaryendpoint. - Console security boundary panel for OIDC, RBAC, CORS, permissions, and operator notes.
- Governed evidence artifact retrieval APIs for indexed sessions.
- Console evidence artifact panel with individual artifact and bundle download links.
-
GET /console/sessionfor signed bearer-token validation. - RBAC-enforced approval and break-glass console mutations when OIDC or RBAC is configured.
- Console Session panel for actor, group, permission, and repository-scope visibility.
-
GET /policy-pack-catalogandPOST /policy-packs/draftfor read-only policy authoring previews. -
POST /policy-packs/publish-plan,POST /policy-packs/publish-request, andPOST /policy-packs/publishfor approval-bound signed policy write-back. -
POST /policy-rollouts/change-planandPOST /policy-rollouts/apply-changefor governed rollout transitions. -
GET /deployment/production-readinessand console Production Readiness panel.
Recommended next issue: delivered below as the Phase 7 scaffold and Phase 9 deployment workflow.
Status: scaffold started.
Completed:
- Go module under
go/cavra-runtime/. - Runtime evaluator for critical file, command, Git, and MCP decisions.
- JSON request/decision CLI entrypoint.
- Compiled-policy JSON loading from
cavra policy compile. - Go CLI
--policyflag for compiled policy evaluation. - Generated Go enforcement contracts from
proto/cavra/enforcement/v1/enforcement.proto. - Contract conversion helpers for runtime requests and decisions.
- Unix-socket daemon transport with one JSON
EvaluateRequestper connection. - Reusable Go daemon client helper and CLI
--daemonmode. - Daemon lifecycle
start/status/stopwith PID-file tracking and socket readiness probing. - Compiled-policy-backed daemon evaluator tests.
- Lifecycle status tests for PID-file and socket health.
- Runtime evidence references with decision IDs, correlation IDs, timestamps, and
evidence://...refs. - Trust-registry JSON loading for Go runtime and CLI
--registry. - Registry-backed MCP decisions for approved, pending, blocked, tool-scope, and capability-scope outcomes.
- All-bundled-policy compiled parity through Python-to-Go CLI validation.
- Go release package workflow with Linux/macOS/Windows binaries for
amd64andarm64. - SHA-256 checksums, SPDX-style SBOM, SLSA provenance, release evidence JSON/Markdown, and detached Ed25519 signature JSON files when signing is configured.
- Required signing for real release events and non-dry-run manual packaging.
- GitHub Release asset attachment and verifier CLI support.
- Shared parity fixture at
go/cavra-runtime/testdata/parity_cases.json. - MCP trust registry fixture at
go/cavra-runtime/testdata/mcp_registry.json. - Go unit tests that load the shared parity fixture.
- Python parity tests that validate the same fixture against authoritative
RuntimeGuard. - Dedicated
go-runtime-parityGitHub Actions job. - Required governance check execution of
go test ./....
Validation:
-
python3 -m pytest tests/test_go_runtime_parity.py tests/test_runtime.py tests/test_ci_templates.py -qpassed locally with Go-toolchain-dependent test skipped because Go is not installed on this Mac. - GitHub Actions is configured with
actions/setup-go@v5so CI can run Go tests independently of the local toolchain.
Recommended next issue: delivered below as backend-driven public sandbox runs.
Status: deployment workflow started.
Completed:
- GitHub Pages workflow at
.github/workflows/deploy-sandbox.yml. - Static artifact build from
apps/sandbox-ui. - JavaScript syntax validation with
node --check. - SVG diagram asset inclusion in the artifact.
- CAVRA brand assets included in the sandbox artifact.
- Deployment gated to
mainthroughactions/deploy-pages. - GitHub Pages enabled for Actions publishing on the repository.
- Public sandbox verified at
https://huzefaaa2.github.io/cavra/. - Downloadable sample evidence packaged in the public artifact.
- Post-deploy smoke validation for the public page, JavaScript, stylesheet, brand assets, C4 diagram, and evidence JSON.
- Public post-deploy smoke run passed from
main.
Status: complete for the current productization slice.
Completed:
- SVG runtime authority mark, favicon, horizontal logo, stacked logo, product thumbnail, and GitHub social preview.
- PNG exports for compact icons, README/document surfaces, product thumbnails, and social previews.
- README header logo.
- Sandbox console favicon, top-left CAVRA wordmark, and larger top-right hero mark below the install CTA.
- Brand asset documentation and wiki page.
Recommended next issue: use the assets in release notes and configure the repository social preview after merge.
Validation:
- Workflow YAML parses.
- Sandbox JavaScript syntax check is covered by the workflow and local validation.
Recommended next issue: delivered below as backend-driven public sandbox runs.
Status: complete for the current production-readiness slice.
Completed:
- GitHub Actions workflow check named
cavra-required-check. - Policy-pack validation, lint, tests, evidence verification, and PR attestation verification in CI.
- Evidence artifact upload for reviewer and auditor inspection.
- Reusable GitHub Actions required-check and enterprise enforcement templates.
- GitLab CI enforcement example.
- Azure Pipelines required-check template for Azure Repos Build validation policies.
- Entra ID and Okta OIDC/RBAC deployment references.
Recommended next issue: expand Go parity, validate the public sandbox URL after merge, and add post-deploy smoke checks.
Status: complete for the current documentation and product-positioning slice.
Completed implementation:
- Added
docs/ai-agent-enforcement.md. - Added
docs/wiki/AI-Agent-Enforcement-And-Anti-Bypass-Model.md. - Updated README, transparent agent methodology, agent orchestration architecture, and wiki navigation.
Product decision:
- This feature is required for enterprise credibility. CAVRA should be enforced at repository, CI, runner, release, and deployment boundaries rather than relying only on agent prompts or local wrappers.
Recommended next issue: add an automated agent enforcement readiness report that detects missing required checks, branch protection gaps, stale PR attestations, missing agent manifests, and risky workflow permissions.
Status: complete.
Completed:
- Declarative CAVRA agent manifests for product, architect, backend, frontend, test, security, docs, reviewer, and release roles.
- Agent task issue template and agent label catalog.
- Conservative GitHub Actions orchestrator scaffold that validates transparent agent manifests.
-
cavra-agentic-deliverypolicy pack for bot identity, branch naming, PR attestation, approvals, and documentation requirements. - Transparent agent methodology docs, orchestration architecture docs, wiki pages, and SVG diagram.
Recommended next issue: implement the real GitHub App orchestrator backend only after protected branch checks, evidence verification, and human approval requirements are enforced.
Status: complete for the current production-readiness slice.
Completed:
- Replaced the repository
LICENSEsource with BUSL-1.1 parameters for CAVRA. - Documented BUSL parameters in the README.
- Added
cavra release verify-go-packagefor local verification of Go release package checksums, release evidence, and detached Ed25519 signatures. - Added tamper-detection tests for signed Go release packages.
- Updated the Go release workflow to create
cavra-go-runtime-<version>.zip. - Updated the Go release workflow to attach signed packages directly to published GitHub Releases.
- Kept CI artifact upload for reviewer and auditor retrieval.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py -qpassed locally.
Recommended next issue: delivered below as SLSA provenance and release security advisory workflow.
Status: complete for the current production-readiness slice.
Completed:
- Added
cavra-runtime.provenance.intoto.jsonto Go release packages using an in-toto Statement and SLSA provenance predicate. - Added provenance verification to
cavra release verify-go-package. - Added signature coverage for the provenance statement when release signing is configured.
- Added
SECURITY.mdwith private reporting guidance, severity triage, and release advisory process. - Added vulnerability disclosure and release security advisory documentation.
- Added
.github/workflows/release-security.ymlandscripts/validate_release_security.pyto validate release security controls. - Added tests for provenance generation, provenance verification, tamper detection, and release security workflow presence.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py tests/test_release_security.py -qpassed locally. -
python3 scripts/validate_release_security.pypassed locally.
Recommended next issue: delivered below as backend-driven public sandbox runs.
Status: complete for the current growth-loop slice.
Completed:
- Connected the Run Agent Scenario button to
POST /api/sandbox/runwhen the CAVRA API is reachable. - Kept static sample fallback behavior for GitHub Pages deployments without an API.
- Added deploy-time
config.jsgeneration fromCAVRA_PUBLIC_API_BASE_URL. - Added backend sandbox run persistence into evidence metadata and activity session/decision stores.
- Added sandbox run artifact links for evidence JSON, PR attestation, and compliance mapping.
- Updated console status and evidence download behavior based on the active backend or sample run.
- Added API and CI-template tests for backend sandbox runs and Pages API configuration.
Validation:
-
python3 -m pytest tests/test_api.py::test_api_sandbox_run_uses_backend_policy_and_persists_metadata tests/test_api.py::test_api_console_config_and_cors tests/test_ci_templates.py::test_sandbox_pages_workflow_builds_static_artifact -qpassed locally. -
node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jspassed locally.
Recommended next issue: delivered below as public sandbox release-note links.
Status: complete for the current growth-loop slice.
Completed:
- Added a Release Notes panel to the public sandbox.
- Linked design-partner demos to PR context, sandbox docs, release integrity docs, release security docs, the hosted sandbox, and the production roadmap.
- Added responsive release-note styling for desktop and mobile views.
- Updated README, sandbox docs, roadmap docs, and wiki source.
- Added sandbox smoke assertions for the release-note panel.
Validation:
-
node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_brand_assets.py -qpassed locally.
Recommended next issue: delivered below as public telemetry-free run counters.
Status: complete for the current growth-loop slice.
Completed:
- Added
GET /api/sandbox/metricsfor aggregate public sandbox counters sourced from persisted activity session rows. - Added JSON and SQLite activity-store session summary support for run, decision, blocked-action, approval-required, and latest-run totals.
- Rendered compact public counters in the Evidence Console hero.
- Kept static fallback behavior explicitly non-persistent and telemetry-free when no API is reachable.
- Persisted replayed sandbox runs so repeat demos update the same backend metadata source.
- Updated README, API docs, sandbox docs, hosted deployment docs, roadmap docs, and wiki source.
- Added API and sandbox smoke assertions for the metrics endpoint and UI wiring.
Validation:
-
node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_api.py::test_api_sandbox_run_uses_backend_policy_and_persists_metadata tests/test_brand_assets.py -qpassed locally.
Recommended next issue: delivered below as keyless release attestations.
Status: complete for the current release-integrity slice.
Completed:
- Added GitHub OIDC permissions for Go release packaging:
id-token: write,attestations: write, andartifact-metadata: write. - Added
actions/attest@v4to generate a keyless provenance attestation forcavra-go-runtime-<version>.zip. - Added
github-keyless-attestation.jsonmetadata with attestation ID, URL, issuer, andgh attestation verifycommand. - Attached keyless attestation metadata alongside the Go runtime zip on GitHub Release events.
- Updated release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added workflow and release-security assertions for the keyless attestation path.
Validation:
-
python3 -m pytest tests/test_ci_templates.py::test_go_release_workflow_packages_signed_release_artifacts tests/test_release_security.py -qpassed locally. -
python3 scripts/validate_release_security.pypassed locally.
Recommended next issue: delivered below as air-gapped installer bundle verification.
Status: complete for the current release-integrity slice.
Completed:
- Added
offline-trust-root-bootstrap.jsonto Go runtime release packages. - Added the bootstrap manifest to checksums, SLSA provenance subjects, release evidence, and detached signature coverage.
- Added
cavra release verify-airgap-bundlefor offline verification ofcavra-go-runtime-<version>.zip. - Added safe zip extraction checks that reject archive path traversal before verification.
- Added offline bootstrap validation for required files and operator verification commands.
- Updated README, CLI docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added tests for signed air-gapped bundle verification, missing bootstrap detection, and unsafe archive rejection.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py -qpassed locally. -
python3 -m ruff check src/cavra/release.py src/cavra/cli.py scripts/package_go_release.py tests/test_go_release_packaging.pypassed locally.
Recommended next issue: delivered below as release-candidate upgrade validation.
Status: complete for the current release-integrity slice.
Completed:
- Added
cavra release validate-upgradefor comparing a previously approved Go release package with a candidate package. - Reused package verification so both previous and candidate releases must pass checksum, provenance, and detached-signature validation.
- Added rollback protection for semantic versions.
- Added regression checks for removed release artifact kinds, release controls, and Go runtime binary targets.
- Added JSON output for CI gates and human-readable output for release managers.
- Updated README, CLI docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added tests for valid release-candidate upgrades, rollback rejection, and missing target detection.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py -qpassed locally.
Recommended next issue: delivered below as offline trust-root distribution automation.
Status: complete for the current evidence-integrity slice.
Completed:
- Added
cavra evidence trust-distributionfor exporting public trust-root distribution packages. - Generated
evidence-trust-roots.json,trust-root-distribution-manifest.json,trust-root-distribution.md, andchecksums.txt. - Added distribution metadata for environment, distribution ID, approved channels, active/retired/revoked key IDs, and operator steps.
- Added checksum-protected offline operator handoff guidance for CI, reviewers, API services, audit tooling, and restricted networks.
- Updated README, CLI docs, evidence trust-root docs, roadmap docs, and wiki source.
- Added function and CLI tests for trust-root distribution package export.
Validation:
-
python3 -m pytest tests/test_evidence.py::test_export_trust_root_distribution_creates_offline_artifacts tests/test_cli.py::test_trust_distribution_cli_exports_offline_package -qpassed locally. -
python3 -m ruff check src/cavra/evidence.py src/cavra/cli.py tests/test_evidence.py tests/test_cli.pypassed locally.
Recommended next issue: delivered below as signed installer metadata.
Status: complete for the current release-integrity slice.
Completed:
- Added
cavra-runtime.installers.jsonto Go runtime release packages. - Recorded per-target binary path, operating system, architecture, install path, install method, checksum, and verification command.
- Added installer metadata to checksums, SLSA provenance subjects, release evidence, offline trust bootstrap required files, and detached signature coverage.
- Updated release package verification to require and validate installer metadata before package approval.
- Updated README, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added tests for installer metadata generation, signature/provenance coverage, and missing metadata rejection.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py -qpassed locally. -
python3 -m ruff check scripts/package_go_release.py src/cavra/release.py tests/test_go_release_packaging.pypassed locally.
Recommended next issue: delivered below as Go runtime installer smoke validation.
Status: complete for the current release-integrity slice.
Completed:
- Added
cavra release smoke-installersfor validating Go runtime installer metadata. - Reused signed release package verification before installer smoke checks.
- Added static validation for every installer target, binary path, install command, install path, and checksum metadata.
- Added native runtime execution smoke testing when the current OS and architecture match a packaged target.
- Added
--skip-executionfor cross-compiled package validation on nonmatching hosts. - Removed Terraform-specific product-boundary positioning from README and wiki white paper source.
- Updated README, CLI docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added tests for signed installer smoke validation.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py -qpassed locally. -
python3 -m ruff check src/cavra/release.py src/cavra/cli.py tests/test_go_release_packaging.py scripts/package_go_release.pypassed locally.
Recommended next issue: delivered below as managed endpoint deployment manifests.
Status: complete for the current release-integrity slice.
Completed:
- Added
cavra-runtime.endpoint-deployment.jsonto Go runtime release packages. - Recorded approved deployment targets for CI runners and developer workstations, including platform, endpoint channel, installer target, binary path, install command, rollout gate, rollback steps, and evidence requirements.
- Added endpoint deployment metadata to checksums, SLSA provenance subjects, release evidence, offline trust bootstrap required files, and detached signature coverage.
- Updated release package verification to require and validate endpoint deployment metadata before package approval.
- Updated README, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added tests for endpoint deployment manifest generation, signature/provenance coverage, and missing metadata rejection.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py -qpassed locally.
Recommended next issue: delivered below as managed endpoint rollout evidence capture.
Status: complete for the current release-integrity slice.
Completed:
- Added
cavra release capture-rolloutfor capturing rollout evidence from signed Go runtime packages. - Reused release package verification before writing rollout artifacts.
- Selected approved deployment targets from
cavra-runtime.endpoint-deployment.json. - Generated
managed-endpoint-rollout-evidence.json,managed-endpoint-rollout-evidence.md, and rolloutchecksums.txt. - Captured rollout ID, ring, status, actor, change record, release metadata, source artifact checksums, selected deployment targets, rollback steps, and package verification results.
- Updated README, CLI docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added tests for selected-target rollout evidence capture, CLI JSON output, and unknown target rejection.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py -qpassed locally.
Recommended next issue: delivered below as rollout evidence verification and indexing.
Status: complete for the current release-integrity slice.
Completed:
- Added
cavra release verify-rolloutfor validating managed endpoint rollout evidence. - Verified rollout artifact checksums, rollout schema, rollout status, selected deployment targets, required controls, source package artifact checksums, and referenced package verification.
- Added optional JSON and SQLite evidence metadata indexing through the existing evidence metadata stores.
- Added rollout metadata fields for rollout ID, environment, ring, status, change record, release metadata, selected deployment targets, and artifact checksum.
- Updated README, CLI docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added tests for valid rollout verification, JSON/SQLite metadata indexing, and checksum tampering rejection.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py -qpassed locally.
Recommended next issue: delivered below as rollout evidence search filters and views.
Status: complete for the current release-integrity and console-visibility slice.
Completed:
- Added rollout metadata filters to SQLite evidence search for metadata kind, rollout status, environment, and deployment target.
- Added matching JSON metadata filters to the
/evidenceAPI. - Added CLI search options for rollout evidence metadata.
- Added console Evidence Search controls and columns for endpoint rollout evidence.
- Added sample managed endpoint rollout evidence to the hosted console fallback data.
- Updated README, CLI docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added tests for JSON API filters, SQLite API filters, and SQLite evidence metadata search.
Validation:
-
python3 -m pytest tests/test_api.py::test_api_filters_json_rollout_evidence_metadata tests/test_api.py::test_api_filters_sqlite_rollout_evidence_metadata tests/test_evidence.py::test_sqlite_evidence_metadata_store_filters_rollout_metadata -qpassed locally.
Recommended next issue: delivered below as governed rollout evidence artifact retrieval.
Status: complete for the current release-integrity and audit-retrieval slice.
Completed:
- Added a rollout-specific artifact allowlist for
managed-endpoint-rollout-evidence.json,managed-endpoint-rollout-evidence.md, andchecksums.txt. - Extended existing evidence artifact list, download, and ZIP bundle helpers to support indexed
metadata_kind=managed-endpoint-rolloutrecords. - Enforced that rollout
bundle_dirvalues must resolve insideCAVRA_EVIDENCE_ARTIFACT_ROOT. - Reused the existing
/evidence/{session_id}/artifacts,/evidence/{session_id}/artifacts/{artifact_name}, and/evidence/{session_id}/artifact-bundleendpoints for rollout records. - Updated README, evidence artifact retrieval docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added unit and API tests for rollout artifact listing, download, bundle creation, unsupported artifact rejection, and outside-root rejection.
Validation:
-
python3 -m pytest tests/test_evidence.py::test_evidence_artifact_root_lists_and_loads_rollout_files tests/test_evidence.py::test_evidence_artifact_root_rejects_rollout_bundle_outside_root tests/test_api.py::test_api_serves_configured_rollout_evidence_artifacts -qpassed locally. -
python3 -m ruff check src/cavra/evidence.py src/cavra/api.py tests/test_evidence.py tests/test_api.pypassed locally.
Recommended next issue: delivered below as rollout artifact integrity status and promotion readiness indicators.
Status: complete for the current release-integrity and console-readiness slice.
Completed:
- Added rollout artifact checksum integrity reporting to evidence artifact listings.
- Added promotion readiness status for managed endpoint rollout records based on artifact integrity and rollout state.
- Reported verified, missing, unchecked, and mismatched rollout evidence artifacts from the API.
- Added console Evidence Search readiness column for rollout records.
- Added console artifact panel details for rollout integrity, promotion readiness rationale, and rollout control status.
- Updated hosted console sample data for rollout artifact readiness.
- Updated README, evidence artifact retrieval docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added unit and API tests for verified and failed rollout artifact integrity.
Validation:
-
python3 -m pytest tests/test_evidence.py::test_evidence_artifact_root_lists_and_loads_rollout_files tests/test_evidence.py::test_evidence_artifact_root_reports_rollout_integrity_failures tests/test_api.py::test_api_serves_configured_rollout_evidence_artifacts -qpassed locally. -
python3 -m ruff check src/cavra/evidence.py src/cavra/api.py tests/test_evidence.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally.
Recommended next issue: delivered below as signed promotion approval requests.
Status: complete for the current release-integrity and approval-gating slice.
Completed:
- Added signed rollout promotion approval request generation for managed endpoint rollout evidence.
- Added
cavra release request-rollout-promotionwith JSON and Markdown request artifacts. - Required valid staged or succeeded rollout evidence before a promotion request can be generated.
- Signed promotion request payloads with Ed25519 using
CAVRA_ROLLOUT_PROMOTION_SIGNING_KEYorCAVRA_GO_RELEASE_SIGNING_KEY. - Added optional JSON and SQLite approval store persistence for generated pending approvals.
- Added
POST /evidence/{session_id}/promotion-requestfor API-backed promotion approval creation from indexed rollout evidence. - Added console promotion approval request action from the rollout artifact panel.
- Updated README, CLI docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added unit, CLI, and API tests for signed promotion approval requests.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py::test_managed_endpoint_rollout_promotion_request_is_signed_and_persisted tests/test_go_release_packaging.py::test_managed_endpoint_rollout_promotion_request_requires_ready_rollout tests/test_api.py::test_api_creates_signed_rollout_promotion_approval -qpassed locally. -
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally.
Recommended next issue: delivered below as approved promotion execution records.
Status: complete for the current release-integrity and ring-advancement slice.
Completed:
- Added approved rollout promotion execution record generation for signed promotion requests.
- Added
cavra release execute-rollout-promotionwith JSON and Markdown execution artifacts. - Required the signed promotion request to verify before execution can be recorded.
- Required the approval record to be
approvedand bound to the rollout, request, decision, and target ring. - Added
POST /evidence/{session_id}/promotion-executionfor API-backed promotion execution recording from indexed rollout evidence. - Added console promotion execution recording from the rollout artifact panel.
- Updated README, CLI docs, API docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added unit, CLI, and API tests for approved promotion execution records.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py::test_managed_endpoint_rollout_promotion_execution_requires_approved_request tests/test_api.py::test_api_creates_signed_rollout_promotion_approval -qpassed locally. -
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally.
Recommended next issue: delivered below as promotion execution search, audit drill-downs, and rollback evidence links.
Status: complete for the current rollout governance and auditability slice.
Completed:
- Indexed approved promotion executions as evidence metadata with
metadata_kind=rollout-promotion-execution. - Added search filters for target ring, approval state, promotion execution status, rollout status, environment, and deployment target.
- Added
/promotion-executionsand/promotion-executions/{execution_id}API endpoints for execution search and audit detail. - Added rollback evidence references to signed promotion requests and approved execution records.
- Added console support for promotion execution audit drill-downs from evidence search.
- Updated README, CLI docs, API docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added unit, CLI, API, and metadata-store tests for promotion execution search and audit details.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py::test_managed_endpoint_rollout_promotion_execution_requires_approved_request tests/test_api.py::test_api_creates_signed_rollout_promotion_approval tests/test_evidence.py::test_sqlite_evidence_metadata_store_filters_promotion_execution_metadata -qpassed locally. -
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py src/cavra/evidence.py tests/test_go_release_packaging.py tests/test_api.py tests/test_evidence.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally.
Recommended next issue: delivered below as approved rollback execution workflows and SIEM/ITSM audit export for promotion execution records.
Status: complete for the current rollback governance and audit export slice.
Completed:
- Added approved rollout rollback execution record generation for promotion execution records.
- Added
cavra release execute-rollout-rollbackwith JSON and Markdown rollback artifacts. - Required rollback approvals to be approved, authorize
release_rollback_endpoint_rollout, and bind to the original promotion execution. - Added rollback execution metadata indexing as
metadata_kind=rollout-rollback-execution. - Added
cavra release export-promotion-auditfor normalized CAVRA, Splunk, Sentinel, Datadog, webhook, Jira, and ServiceNow payloads. - Added
/promotion-executions/{execution_id}/audit-export,/promotion-executions/{execution_id}/rollback-execution, and/rollback-executions/{rollback_id}API endpoints. - Added console evidence rows and audit drill-downs for rollback execution metadata.
- Updated README, CLI docs, API docs, release packaging docs, advisory docs, roadmap docs, and wiki source.
- Added unit, CLI, API, and metadata-store tests for rollback execution records and audit exports.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py::test_managed_endpoint_rollout_rollback_execution_and_audit_exports tests/test_api.py::test_api_creates_signed_rollout_promotion_approval tests/test_evidence.py::test_sqlite_evidence_metadata_store_filters_rollback_execution_metadata -qpassed locally. -
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py src/cavra/evidence.py tests/test_go_release_packaging.py tests/test_api.py tests/test_evidence.pypassed locally.
Recommended next issue: delivered below as connector delivery for promotion audit exports and rollback execution records with retry evidence.
Status: complete for the current release connector delivery slice.
Completed:
- Added
cavra release deliver-promotion-auditfor sending normalized promotion audit events through configured connectors. - Added
cavra release deliver-rollback-executionfor sending rollback execution audit events through configured connectors. - Added release audit event identity fallback so connector delivery evidence records promotion execution IDs and rollback IDs.
- Added
/promotion-executions/{execution_id}/audit-export/deliverand/rollback-executions/{rollback_id}/deliverAPI endpoints. - Reused the existing connector retry and credential-redaction evidence schema for release governance delivery.
- Updated README, CLI docs, API docs, connector docs, integration inventory docs, release packaging docs, roadmap docs, and wiki source.
- Added CLI, API, and connector tests for retry counts, event IDs, and redacted delivery evidence.
Validation:
-
python3 -m pytest tests/test_go_release_packaging.py::test_managed_endpoint_rollout_rollback_execution_and_audit_exports tests/test_api.py::test_api_creates_signed_rollout_promotion_approval tests/test_integrations.py::test_deliver_connector_event_redacts_credentials_and_exports -qpassed locally. -
python3 -m ruff check src/cavra/integrations.py src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.py tests/test_integrations.pypassed locally.
Recommended next issue: delivered below as open-core edition boundaries and commercialization foundation.
Status: complete for the current open-core foundation slice.
Completed:
- Replanned CAVRA as a public Community Edition with private Enterprise, Trial, and SaaS implementation boundaries.
- Added public-safe edition detection, Enterprise dynamic hooks, licensing placeholders, trial mode, feature registry, and plugin runtime interfaces.
- Added Community starter policies, Community Docker files, Community CI and release workflows, and boundary validation script.
- Added
enterprise/README.mdwith explicit warning that Enterprise source belongs in the privatecavra-enterpriserepository. - Added public Enterprise documentation, trial documentation, SaaS Control Plane design, open-core model, plugin architecture, migration report, and private repo plan.
- Updated README, root legal/community files, and wiki source with the open-core model.
- Added tests for Community mode, Enterprise feature blocking, feature registry behavior, plugin edition rejection, trial license placeholder loading, and boundary validation failures.
Validation:
-
bash scripts/validate-boundaries.sh .passed. -
python3 -m pytest tests/test_open_core_model.py -qpassed with 6 tests. -
python3 -m ruff check src testspassed. -
python3 -m pytest -qpassed with 191 tests and 4 skipped.
Recommended next issue: delivered below as persisted delivery history views and alerting dashboards for release governance connectors.
Status: complete for the current release governance delivery visibility slice.
Completed:
- Added
release-connector-deliveryevidence metadata records for promotion audit and rollback execution connector deliveries. - Added CLI indexing options for
cavra release deliver-promotion-auditandcavra release deliver-rollback-execution. - Added
cavra release connector-delivery-historyfor provider, event, source ID, and success-state history filters. - Added
cavra release connector-delivery-dashboardfor delivery totals, success rate, provider summaries, and warning or critical alerts. - Added
/release-connector-deliveriesand/release-connector-deliveries/dashboardAPI endpoints. - Updated the Evidence Console with a Release Connector Delivery panel showing dashboard metrics, alerts, and delivery rows.
- Updated README, CLI docs, API docs, connector docs, release packaging docs, release advisory docs, roadmap docs, and wiki source.
- Added unit, CLI, and API tests for delivery metadata, history filters, and dashboard alerts.
Validation:
-
python3 -m pytest tests/test_integrations.py::test_connector_delivery_metadata_history_and_dashboard tests/test_go_release_packaging.py::test_managed_endpoint_rollout_rollback_execution_and_audit_exports tests/test_api.py::test_api_creates_signed_rollout_promotion_approval -qpassed locally. -
python3 -m ruff check src/cavra/integrations.py src/cavra/api.py src/cavra/cli.py tests/test_integrations.py tests/test_go_release_packaging.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally.
Recommended next issue: delivered below as release channel manifests and managed workstation updater policy.
Status: complete for the current release package channel governance slice.
Completed:
- Added
cavra-runtime.channels.jsonto Go runtime release packages with canary, beta, and stable channel metadata. - Added
cavra-runtime.updater-policy.jsonwith manual approval requirements, staged rollout rings, hold conditions, and rollback requirements. - Extended release checksums, release evidence, provenance inputs, and offline bootstrap required files to include the channel manifest and updater policy.
- Extended
cavra release verify-go-packageto reject packages missing channel or updater policy artifacts and to validate approval, no-auto-update, workstation target, rollback, and verification-command controls. - Added
cavra release channel-manifestandcavra release updater-policycommands for release managers and endpoint owners to inspect generated artifacts. - Updated README, CLI docs, release packaging docs, roadmap docs, release advisory docs, and wiki source.
- Added tests for package generation, verifier acceptance, CLI inspection, artifact signing coverage, and missing channel/updater rejection.
Validation:
-
python3 -m ruff check scripts/package_go_release.py src/cavra/release.py src/cavra/cli.py tests/test_go_release_packaging.pypassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_go_release_packaging_creates_sbom_checksums_and_evidence tests/test_go_release_packaging.py::test_go_release_verifier_accepts_signed_package_and_rejects_tampering tests/test_go_release_packaging.py::test_go_release_verifier_rejects_missing_channel_and_updater_policy -qpassed locally.
Recommended next issue: delivered below as release-channel promotion approvals and endpoint-management export bundles.
Status: complete for the current release channel publication slice.
Completed:
- Added signed
release-channel-promotion-request.jsonartifacts for canary, beta, and stable channel promotion approval workflows. - Bound channel promotion requests to
cavra-runtime.channels.json,cavra-runtime.updater-policy.json, release evidence, signed package verification, and endpoint change approval records. - Added
cavra release request-channel-promotionwith optional JSON and SQLite approval-store persistence. - Added
cavra release export-endpoint-managementfor Jamf, Intune, and Linux fleet export bundles. - Generated provider artifacts including
jamf-policy.json,intune-win32-app.json,linux-fleet-manifest.json,linux-install-cavra-runtime.sh, export manifest, Markdown summary, and checksums. - Added signature verification for release-channel promotion requests and tests for provider bundle generation.
- Updated README, CLI docs, Go release packaging docs, release advisory docs, roadmap docs, and wiki source.
Validation:
-
python3 -m ruff check src/cavra/release.py src/cavra/cli.py tests/test_go_release_packaging.pypassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_release_channel_promotion_request_and_endpoint_exports -qpassed locally.
Recommended next issue: delivered below as release channel publishing history views.
Status: complete for the current release channel visibility slice.
Completed:
- Added release metadata builders for
release-channel-promotion-requestandendpoint-management-exportrecords. - Added optional JSON and SQLite evidence metadata indexing to
cavra release request-channel-promotionandcavra release export-endpoint-management. - Added
/release-channel-promotionsand/release-channel-promotions/{request_id}API endpoints for channel, target ring, approval state, and approval ID history views. - Added
/endpoint-management-exports,/endpoint-management-exports/{export_id}, and/endpoint-management-exports/dashboardAPI endpoints for provider, channel, approval, file, and dashboard summaries. - Updated the Evidence Console with a Release Channel Publishing panel that combines promotion request rows, endpoint export rows, provider metrics, and pending approval indicators.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, and wiki source.
- Added tests for CLI metadata indexing and API history/dashboard retrieval.
Validation:
-
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_release_channel_promotion_request_and_endpoint_exports tests/test_api.py::test_api_release_channel_and_endpoint_export_history -qpassed locally.
Recommended next issue: delivered below as governed endpoint export artifact downloads.
Status: complete for the current endpoint export artifact retrieval slice.
Completed:
- Added an endpoint-management export artifact allowlist for manifest JSON, summary Markdown, Jamf policy JSON, Intune app JSON, Linux fleet manifest JSON, Linux install script, and
checksums.txt. - Enforced that endpoint export
bundle_dirvalues must resolve insideCAVRA_EVIDENCE_ARTIFACT_ROOT. - Added endpoint export artifact integrity status with verified, missing, unchecked, and checksum-mismatched files.
- Added checksum verification before provider files are served from the API.
- Added
/endpoint-management-exports/{export_id}/artifacts,/endpoint-management-exports/{export_id}/artifacts/{artifact_name}, and/endpoint-management-exports/{export_id}/artifact-bundle. - Updated the Evidence Console with endpoint export artifact inspection, download readiness, integrity details, and governed download links.
- Updated README, API docs, Go release packaging docs, release advisory docs, roadmap docs, and wiki source.
- Added API tests for successful artifact listing, provider file downloads, bundle downloads, unsupported artifact rejection, tamper detection, and checksum-enforced download blocking.
Validation:
-
python3 -m ruff check src/cavra/evidence.py src/cavra/api.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_api.py::test_api_serves_endpoint_management_export_artifacts_with_integrity -qpassed locally.
Recommended next issue: add endpoint-management export publication records and connector delivery to Jamf, Intune, and Linux fleet managers.
Status: complete for the current endpoint-management publication delivery slice.
Completed:
- Added Jamf, Intune, and Linux as supported connector delivery providers.
- Added endpoint-management publication event construction with checksum-aware artifact references and provider-specific payload selection.
- Added
cavra release deliver-endpoint-exportto publish endpoint exports through configured endpoint-management connectors. - Added
cavra release endpoint-publication-historyandcavra release endpoint-publication-dashboardfor persisted publication delivery review. - Added
/endpoint-management-exports/{export_id}/publish,/endpoint-management-publications, and/endpoint-management-publications/dashboardAPI endpoints. - Indexed delivery records as
metadata_kind=endpoint-management-publication-deliverywith export ID, publication ID, provider status, attempt counts, failed providers, and delivery evidence references. - Updated the Evidence Console with an Endpoint Publication Delivery panel for provider status, failed publication alerts, and attempt history.
- Updated README, CLI docs, API docs, connector docs, Go release packaging docs, feature inventory, release advisory docs, roadmap docs, and wiki source.
- Added tests for endpoint provider payload routing, CLI publication delivery indexing, and API publication delivery history/dashboard retrieval.
Validation:
-
python3 -m ruff check src testspassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_integrations.py::test_endpoint_management_connectors_use_provider_payloads tests/test_go_release_packaging.py::test_release_channel_promotion_request_and_endpoint_exports tests/test_api.py::test_api_serves_endpoint_management_export_artifacts_with_integrity -qpassed locally.
Recommended next issue: add managed endpoint deployment reconciliation and drift monitoring for published CAVRA runtime versions.
Status: complete for the current endpoint drift visibility slice.
Completed:
- Added managed endpoint reconciliation report generation from signed
cavra-runtime.endpoint-deployment.jsondesired state and observed endpoint inventory. - Detected runtime version drift, binary checksum drift, missing deployment target observations, unknown targets, and stale endpoint observations.
- Added
cavra release reconcile-endpoint-deploymentwith JSON and Markdown reconciliation artifacts plus checksums. - Indexed reconciliation records as
metadata_kind=managed-endpoint-reconciliation. - Added
cavra release endpoint-reconciliation-historyandcavra release endpoint-reconciliation-dashboard. - Added
POST /endpoint-deployment/reconcile,/endpoint-reconciliations, and/endpoint-reconciliations/dashboard. - Updated the Evidence Console with an Endpoint Drift Monitoring panel for report status, alert level, compliant endpoints, drifted endpoints, and missing targets.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for reconciliation drift detection, CLI metadata indexing, and API reconciliation history/dashboard retrieval.
Validation:
-
python3 -m ruff check src testspassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_managed_endpoint_reconciliation_detects_drift_and_indexes_metadata tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -qpassed locally.
Recommended next issue: delivered below as endpoint drift remediation plans with approval-bound republish and rollback workflows.
Status: complete for the current approval-bound endpoint remediation slice.
Completed:
- Added endpoint drift remediation request generation from managed endpoint reconciliation reports.
- Converted version drift, binary checksum drift, missing observations, stale observations, and unknown targets into republish, rollback, refresh, or review actions.
- Added approval requests bound to reconciliation ID, request ID, drift summary, strategy, and action count.
- Added approved remediation execution records that preserve the public Community boundary by recording governance evidence without mutating endpoints.
- Added
cavra release request-endpoint-remediation,execute-endpoint-remediation,endpoint-remediation-history, andendpoint-remediation-dashboard. - Added
POST /endpoint-reconciliations/{reconciliation_id}/remediation-request,POST /endpoint-remediations/{request_id}/execute,/endpoint-remediations, and/endpoint-remediations/dashboard. - Updated the Evidence Console with an Endpoint Drift Remediation panel for request, execution, approval, strategy, and action status.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for approval-required remediation execution, CLI metadata indexing, API request/approval/execution flow, and remediation dashboard history.
Validation:
-
python3 -m py_compile src/cavra/release.py src/cavra/cli.py src/cavra/api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -qpassed locally.
Recommended next issue: delivered below as endpoint inventory ingestion for Jamf, Intune, Linux fleet, and EDR exports.
Status: complete for the current public-safe endpoint inventory ingestion slice.
Completed:
- Added provider inventory normalization for Jamf, Intune, Linux fleet, and EDR export payloads.
- Emitted canonical
cavra.endpoint-observations.v1inventory files that can feed managed endpoint reconciliation directly. - Added ingestion evidence records indexed as
metadata_kind=endpoint-inventory-ingestion. - Added
cavra release ingest-endpoint-inventory,endpoint-inventory-history, andendpoint-inventory-dashboard. - Added
POST /endpoint-inventory/ingest,/endpoint-inventory-ingestions, and/endpoint-inventory-ingestions/dashboard. - Updated the Evidence Console with an Endpoint Inventory Ingestion panel for provider, channel, target, endpoint, and missing-target coverage.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for provider export normalization, CLI metadata indexing, API ingestion history/dashboard retrieval, and reconciliation using normalized inventory.
Validation:
-
python3 -m py_compile src/cavra/release.py src/cavra/cli.py src/cavra/api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_endpoint_inventory_ingestion_normalizes_provider_exports_and_indexes_metadata tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -qpassed locally.
Recommended next issue: add endpoint inventory freshness SLA alerts and reconciliation automation that can open remediation requests from new ingestions.
Status: complete for the current public-safe endpoint inventory SLA and automation slice.
Completed:
- Added endpoint inventory freshness SLA reports with warning and critical age thresholds by provider, channel, and deployment target.
- Indexed freshness reports as
metadata_kind=endpoint-inventory-freshness-report. - Added
cavra release endpoint-inventory-freshness,endpoint-inventory-freshness-history, andendpoint-inventory-freshness-dashboard. - Added reconciliation automation from indexed inventory ingestions that compares the normalized inventory with a signed desired endpoint deployment manifest.
- Added
metadata_kind=endpoint-reconciliation-automationrecords and automatic pending remediation request creation when drift is detected. - Added
cavra release automate-endpoint-reconciliation,endpoint-reconciliation-automation-history, andendpoint-reconciliation-automation-dashboard. - Added
POST /endpoint-inventory/freshness-report,/endpoint-inventory-freshness,/endpoint-inventory-freshness/dashboard,POST /endpoint-inventory-ingestions/{inventory_id}/reconcile,/endpoint-reconciliation-automations, and/endpoint-reconciliation-automations/dashboard. - Updated the Evidence Console with an Endpoint Inventory Freshness panel for report status, warning counts, critical counts, and alert details.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for freshness SLA evaluation, CLI metadata indexing, API freshness endpoints, and automated reconciliation with pending remediation approvals.
Validation:
-
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_endpoint_inventory_freshness_and_automation_open_remediation tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -qpassed locally.
Recommended next issue: delivered below as endpoint remediation handoff packages for ITSM, ChatOps, and private endpoint connector queues.
Status: complete for the current public-safe endpoint remediation handoff slice.
Completed:
- Added remediation handoff package generation from endpoint drift remediation requests.
- Generated Jira, ServiceNow, Slack, Teams, and private connector queue payloads without embedding connector credentials or endpoint mutation logic.
- Preserved request ID, reconciliation ID, approval ID/state, release package metadata, channel, strategy, planned actions, evidence references, and request checksum in the handoff package.
- Added
cavra release export-endpoint-remediation-handoff,endpoint-remediation-handoff-history, andendpoint-remediation-handoff-dashboard. - Added
POST /endpoint-remediations/{request_id}/handoff,/endpoint-remediation-handoffs, and/endpoint-remediation-handoffs/dashboard. - Updated the Evidence Console with an Endpoint Remediation Handoffs panel for provider coverage, approval state, action count, and request filtering.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for handoff artifact generation, CLI metadata indexing, API handoff creation, and handoff dashboard history.
Validation:
-
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -qpassed locally.
Recommended next issue: delivered below as closed-loop endpoint remediation handoff status reconciliation.
Status: complete for the current public-safe handoff status reconciliation slice.
Completed:
- Added provider status records for Jira, ServiceNow, Slack, Teams, and private connector queue handoffs.
- Preserved handoff ID, request ID, reconciliation ID, provider, external reference, external URL, status, operator notes, approval context, and redacted callback payloads.
- Added credential redaction for callback payload keys such as tokens, secrets, passwords, API keys, authorization headers, and webhook values.
- Added
cavra release record-endpoint-remediation-handoff-status,endpoint-remediation-handoff-status-history, andendpoint-remediation-handoff-status-dashboard. - Added
POST /endpoint-remediation-handoffs/{handoff_id}/status,/endpoint-remediation-handoff-statuses, and/endpoint-remediation-handoff-statuses/dashboard. - Updated the Evidence Console with an Endpoint Handoff Status panel for provider state, external references, completed counts, blocked counts, and status event history.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for callback redaction, status artifact generation, CLI metadata indexing, API status creation, and status dashboard history.
Validation:
-
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -qpassed locally.
Recommended next issue: delivered below as endpoint remediation SLA breach, escalation, and executive release governance reporting.
Status: complete for the current public-safe SLA and executive reporting slice.
Completed:
- Added endpoint remediation SLA reports that combine handoff packages with provider callback or operator status records.
- Tracked every handoff-provider pair with warning and critical age thresholds, latest status, external reference, SLA state, severity, and recommended action.
- Added public-safe escalation payloads for Slack, Teams, Jira-style tasks, and executive summaries without connector credentials.
- Added
cavra release endpoint-remediation-sla-report,endpoint-remediation-sla-history, andendpoint-remediation-sla-dashboard. - Added
POST /endpoint-remediation-sla/report,/endpoint-remediation-sla-reports, and/endpoint-remediation-sla-reports/dashboard. - Updated the Evidence Console with an Endpoint Remediation SLA panel for report alert level, tracked items, completed counts, at-risk counts, and breached counts.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for breached SLA reports, escalation payloads, CLI metadata indexing, API report creation, and SLA dashboard history.
Validation:
-
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -qpassed locally.
Recommended next issue: delivered below as endpoint remediation SLA notification delivery through configured ITSM, ChatOps, and release governance connectors.
Status: complete for the current public-safe SLA notification delivery slice.
Completed:
- Added
cavra.endpoint_remediation_sla.notification.v1events derived from public endpoint remediation SLA reports. - Added provider-shaped notification payloads for Slack, Teams, Jira, ServiceNow, and generic webhooks without connector credentials.
- Reused the existing connector delivery runtime so notification attempts produce redacted delivery evidence and retry metadata.
- Added
cavra release deliver-endpoint-remediation-slawith metadata indexing asrelease-connector-deliveryand sourceendpoint_remediation_sla_notification. - Added
POST /endpoint-remediation-sla-reports/{report_id}/deliverfor API-driven notification delivery. - Updated the Evidence Console with a Notify action on the Endpoint Remediation SLA panel.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for notification event payloads, provider payload routing, CLI delivery evidence, and API delivery indexing.
Validation:
-
python3 -m ruff check src/cavra/release.py src/cavra/integrations.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.py tests/test_integrations.pypassed locally. -
node --check apps/sandbox-ui/sandbox.jspassed locally. -
python3 -m pytest tests/test_integrations.py::test_chatops_and_itsm_connectors_use_provider_payloads tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -qpassed locally.
Recommended next issue: delivered below as endpoint remediation SLA notification routing policies, acknowledgement tracking, and duplicate suppression windows.
Status: complete for the current public-safe notification governance slice.
Completed:
- Added endpoint remediation SLA notification routing plans that select providers from policy rules, configured connectors, severity defaults, or operator-requested providers.
- Added duplicate suppression windows based on prior notification delivery metadata so repeated SLA reports avoid noisy ITSM and ChatOps events.
- Added acknowledgement records for
acknowledged,dismissed,escalated, andresolvednotification states. - Added CLI commands for notification acknowledgement, notification history, and notification dashboards.
- Added API endpoints for notification acknowledgement, notification history, and notification dashboards.
- Updated the Evidence Console endpoint remediation SLA panel with notification, outstanding acknowledgement, and suppression metrics.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added focused tests for routing policy selection, duplicate suppression, acknowledgements, CLI history and dashboards, API delivery indexing, and multi-provider connector delivery.
Validation:
python3 -m ruff check src/cavra/release.py src/cavra/integrations.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.py tests/test_integrations.pynode --check apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_integrations.py::test_deliver_connector_event_accepts_comma_separated_providers tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -q
Recommended next issue: delivered below as endpoint remediation notification escalation ladders and owner-specific service-level objectives.
Status: complete for the current public-safe escalation planning slice.
Completed:
- Added endpoint remediation SLA escalation plans derived from public notification plan, acknowledgement, and redacted delivery metadata.
- Added owner-specific acknowledgement and resolution SLO evaluation with configurable default SLOs and owner overrides.
- Added escalation ladder levels with age thresholds, escalation providers, and recommended actions without storing connector credentials.
- Added CLI commands for escalation plan generation, escalation history, and escalation dashboards.
- Added API endpoints for escalation plan generation, escalation history, and escalation dashboards.
- Updated the Evidence Console endpoint remediation SLA panel with active escalation and owner SLO metrics.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added focused tests for owner SLO breach evaluation, escalation metadata indexing, CLI history and dashboard output, API escalation endpoints, and console metric loading.
Validation:
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pynode --check apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_drift -q
Recommended next issue: delivered below as endpoint remediation escalation delivery actions and owner review workflows.
Status: complete for the current public-safe escalation delivery and owner review slice.
Completed implementation:
- Added
cavra.endpoint_remediation_sla.escalation_delivery.v1connector events derived from active escalation plans without connector credentials or endpoint mutation logic. - Added escalation delivery metadata indexing through
release-connector-deliverywithconnector_delivery_source=endpoint_remediation_sla_escalation_delivery. - Added owner review records as
metadata_kind=endpoint-remediation-sla-escalation-reviewwith accepted, deferred, resolved, false-positive, and escalated states. - Added CLI commands for escalation delivery, escalation owner review, escalation action history, and escalation action dashboards.
- Added API endpoints for escalation delivery, owner reviews, escalation action history, and escalation action dashboards.
- Updated the Evidence Console endpoint remediation SLA panel with escalation delivery and owner review metrics.
- Added tests for public-safe escalation delivery events, owner review metadata, CLI actions, API endpoints, and dashboard summaries.
Validation:
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pynode --check apps/sandbox-ui/sandbox.jspython3 -m pytest -q tests/test_go_release_packaging.py tests/test_api.py
Recommended next issue: add endpoint remediation escalation recurrence policies, owner calendars, and maintenance-window suppression.
Status: complete for the current public-safe recurrence planning slice.
Completed implementation:
- Added
cavra.endpoint_remediation_sla.escalation_recurrence_plan.v1plans derived from escalation plans, delivery metadata, and owner review records. - Added recurrence intervals and maximum recurrence counts so unresolved escalation routes can be re-evaluated without duplicate follow-up noise.
- Added public-safe owner calendar availability checks with business-hours and unavailable-window support.
- Added maintenance-window suppression scoped by plan, report, provider, or owner without storing connector credentials or endpoint mutation logic.
- Added CLI commands for recurrence plan generation, recurrence history, and recurrence dashboards.
- Added API endpoints for recurrence plan generation, recurrence history, and recurrence dashboards.
- Updated the Evidence Console endpoint remediation SLA panel with recurrence-ready and suppressed-route metrics.
- Added tests for recurrence metadata indexing, maintenance-window suppression, CLI recurrence commands, API recurrence endpoints, and dashboard summaries.
Validation:
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pynode --check apps/sandbox-ui/sandbox.jspython3 -m pytest -q tests/test_go_release_packaging.py tests/test_api.py
Recommended next issue: delivered below as endpoint remediation recurrence delivery batches and suppression audits.
Status: complete for the current public-safe recurrence delivery and suppression audit slice.
Completed implementation:
- Added
cavra.endpoint_remediation_sla.escalation_recurrence_delivery.v1connector events derived only from recurrence routes whose action isdeliver. - Excluded suppressed and waiting recurrence routes from connector payloads while preserving their reasons in audit evidence.
- Added suppression audit exports with JSON, Markdown, and checksum files for maintenance windows, owner unavailability, maximum recurrence limits, and recurrence interval waits.
- Added suppression audit metadata indexing as
endpoint-remediation-sla-escalation-suppression-audit. - Added recurrence delivery metadata indexing through
release-connector-deliverywithconnector_delivery_source=endpoint_remediation_sla_escalation_recurrence_delivery. - Added CLI commands for recurrence delivery batching and suppression audit exports.
- Added API endpoints for recurrence delivery batching and suppression audit retrieval.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for recurrence delivery event filtering, suppression audit metadata, CLI export paths, API endpoints, and action dashboard summaries.
Validation:
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypython3 -m pytest -q tests/test_go_release_packaging.py tests/test_api.py
Recommended next issue: delivered below as recurrence retry policies, owner digests, and suppression trends.
Status: complete for the current public-safe recurrence retry and analytics slice.
Completed implementation:
- Added recurrence retry plans derived from failed
endpoint_remediation_sla_escalation_recurrence_deliverymetadata. - Added retry policy controls for maximum retry attempts, retry delay, and backoff without storing connector credentials.
- Added owner digest notification events that group unresolved recurrence routes by owner and provider.
- Added owner digest connector delivery metadata through
connector_delivery_source=endpoint_remediation_sla_escalation_owner_digest. - Added suppression trend analytics by reason category, owner, and provider.
- Added CLI commands for retry plans, owner digest delivery, and suppression trend reports.
- Added API endpoints for retry plans, owner digest delivery, and suppression trend reports.
- Updated README, CLI docs, API docs, Go release packaging docs, release advisory docs, roadmap docs, feature inventory, and wiki source.
- Added tests for retry decision planning, owner digest event generation, suppression trend metadata, CLI commands, API endpoints, and action dashboard counts.
Validation:
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypython3 -m pytest -q tests/test_go_release_packaging.py tests/test_api.py
Recommended next issue: delivered below as Evidence Console recurrence operations filters and export drill-downs.
Status: complete for the current recurrence operations console slice.
Completed implementation:
- Added a Recurrence Operations panel to the Evidence Console.
- Added retry-plan, owner-digest, and suppression-trend tables backed by persisted
endpoint-remediation-sla-escalation-actionsmetadata. - Added owner, provider, action, and suppression category filters.
- Added dashboard counters for retry plans, retryable routes, waiting routes, suppressed routes, owner digests, unresolved owner routes, trend events, top suppression category, and failed deliveries.
- Added JSON detail drill-downs and local export actions for retry plans, owner digests, and suppression trends.
- Added public sample recurrence operations data so the static sandbox remains useful without a deployed API.
- Updated README, sandbox docs, roadmap docs, and wiki source.
Validation:
node --check apps/sandbox-ui/sandbox.jspython3 -m ruff check src testsbash scripts/validate-boundaries.sh .git diff --checkpython3 -m pytest -q
Recommended next issue: delivered below as scheduled recurrence automation workers.
Status: complete for the current public-safe recurrence automation slice.
Completed implementation:
- Added
cavra.endpoint_remediation_sla.escalation_recurrence_automation_run.v1worker-run artifacts. - Added dry-run-by-default worker orchestration for retry-plan creation, owner digest generation, suppression trend generation, and follow-up action planning.
- Added schedule-window idempotency keys based on the worker interval and recurrence metadata inputs.
- Added optional
--executedelivery for owner digests through configured connectors while preserving dry-run as the safe default. - Added metadata indexing for worker runs as
endpoint-remediation-sla-escalation-recurrence-automation-run. - Added CLI commands for recurrence automation run, history, and dashboard summaries.
- Added API endpoints for recurrence automation run, history, and dashboard summaries.
- Updated README, CLI docs, API docs, Go release packaging docs, roadmap docs, feature inventory, and wiki source.
- Added tests for worker artifact construction, metadata indexing, CLI execution, API execution, history, dashboard, and console config endpoint discovery.
Validation:
python3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pypython3 -m pytest -q tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_driftpython3 -m ruff check src testsnode --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh .git diff --checkpython3 -m pytest -q
Recommended next issue: delivered below as Evidence Console recurrence automation worker history.
Status: complete for the current console visibility slice.
Completed implementation:
- Added a Worker Runs table to the Evidence Console Recurrence Operations panel.
- Added dry-run versus executed worker filtering.
- Added dashboard cards for worker run count, dry-run count, executed count, worker retryable routes, worker digests, and worker trend events.
- Added API-backed loading from
/endpoint-remediation-sla-escalation-recurrence-automationsand/endpoint-remediation-sla-escalation-recurrence-automations/dashboard. - Added static sample automation-run evidence so the hosted sandbox remains useful without a deployed API.
- Added JSON detail drill-downs and local export actions for automation run payloads, follow-up actions, and skipped delivery reasons.
- Updated README, sandbox docs, roadmap docs, feature inventory, and wiki source.
Validation:
node --check apps/sandbox-ui/sandbox.jspython3 -m ruff check src testsbash scripts/validate-boundaries.sh .git diff --checkpython3 -m pytest -q
Recommended next issue: delivered below as recurrence automation deployment templates.
Status: complete for the current public-safe deployment-template slice.
Completed implementation:
- Added a GitHub Actions scheduled workflow template for dry-run recurrence automation and guarded manual execute mode.
- Added a Kubernetes CronJob template with persistent worker state, optional connector config, non-root execution, and overlap prevention.
- Added systemd service, timer, and environment examples for self-hosted Linux workers.
- Added recurrence automation deployment documentation covering dry-run defaults, execute-mode gating, connector configuration, rollback, disable procedures, user stories, and enterprise value.
- Added tests that validate template defaults, schedule intervals, guarded execute mode, and public-safe connector handling.
- Updated README, roadmap docs, feature inventory, and wiki source.
Validation:
python3 -m pytest -q tests/test_recurrence_automation_deployment_templates.pypython3 -m ruff check src testsnode --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh .git diff --checkpython3 -m pytest -q
Recommended next issue: delivered below as recurrence automation health reporting.
Status: complete for the current public-safe health reporting slice.
Completed implementation:
- Added recurrence automation health summaries for missed worker runs, failed run records, stale recurrence metadata, disabled schedules, and owner-digest connector delivery failures.
- Added CLI command
cavra release endpoint-remediation-sla-escalation-recurrence-automation-health. - Added API endpoint
/endpoint-remediation-sla-escalation-recurrence-automations/healthand console config discovery. - Updated the Evidence Console Recurrence Operations dashboard with health status, missed run, failed job, stale metadata, connector failure, and latest-run age cards.
- Updated README, API/CLI references, roadmap docs, feature inventory, and wiki source.
- Added tests for release-layer health summaries, CLI output, API endpoint discovery, and API health responses.
Validation:
python3 -m pytest -q tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_driftpython3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pynode --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh .git diff --checkpython3 -m pytest -q
Recommended next issue: delivered below as recurrence automation health alert delivery and acknowledgements.
Status: complete for the current public-safe health alert delivery and acknowledgement slice.
Completed implementation:
- Added recurrence automation health alert events, routing plans, duplicate suppression, and connector delivery metadata using the existing public-safe connector framework.
- Added acknowledgement records for health alerts with provider, reviewer, state, external reference, and notes.
- Added CLI commands for health alert delivery, acknowledgement, history, and dashboard views.
- Added API endpoints for health alert delivery, acknowledgement, history, dashboard, and console config discovery.
- Updated the Evidence Console Recurrence Operations panel with health alert plan, delivery, acknowledgement, and outstanding acknowledgement metrics plus detail drill-downs.
- Updated README, API/CLI references, roadmap docs, deployment guidance, feature inventory, and wiki source.
- Added tests for release-layer health alert plans, events, acknowledgements, delivery history, dashboards, CLI, and API coverage.
Validation:
python3 -m pytest -q tests/test_go_release_packaging.py::test_endpoint_drift_remediation_requires_approval_and_indexes_execution tests/test_api.py::test_api_reconciles_managed_endpoint_deployment_driftpython3 -m ruff check src/cavra/release.py src/cavra/cli.py src/cavra/api.py tests/test_go_release_packaging.py tests/test_api.pynode --check apps/sandbox-ui/sandbox.js
Recommended next issue: delivered below as approval-backed release governance Go parity.
Status: complete for the current public-safe release governance record parity slice.
Completed implementation:
- Added
release_governance_recordsupport to the Go runtime evaluator with approval-state checks for promotion, rollback, endpoint remediation request, and endpoint remediation execution metadata. - Added public-safe Go fixtures for pending, approved, denied, and missing-approval release governance records.
- Added Go runtime tests and Python fixture-shape validation for the new release governance parity cases.
- Updated README, Go runtime docs, roadmap docs, feature inventory, and wiki source.
Validation:
python3 -m pytest -q tests/test_go_runtime_parity.pypython3 -m ruff check tests/test_go_runtime_parity.pynode --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh .
Note: local Go validation could not run because the Go toolchain is not installed in this environment; CI will run the Go parity job.
Recommended next issue: delivered below as sandbox deployment Node.js 24 runner compatibility.
Status: complete for the current hosted sandbox deployment maintenance slice.
Completed implementation:
- Opted
.github/workflows/deploy-sandbox.ymlintoFORCE_JAVASCRIPT_ACTIONS_TO_NODE24so JavaScript-based GitHub Actions run on Node.js 24 ahead of the hosted-runner Node.js 20 deprecation path. - Added workflow-template test coverage for the Node.js 24 opt-in.
- Updated sandbox deployment documentation, README, roadmap docs, and wiki source.
Validation:
python3 -m pytest -q tests/test_ci_templates.pynode --check apps/sandbox-ui/config.jsnode --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh .git diff --check
Recommended next issue: delivered below as expanded release governance Go record parity.
Status: complete for the current public-safe release governance metadata parity slice.
Completed implementation:
- Expanded
release_governance_recordevaluation to recognize delivery failures, critical alert levels, drift states, blocked handoff status, blocked counts, SLA breach counts, failed delivery counts, and known release governance metadata kinds. - Added fixtures for endpoint publication delivery, failed release connector delivery, endpoint inventory freshness, managed endpoint reconciliation drift, clean SLA reports, blocked handoff status, and pending endpoint remediation handoff approvals.
- Updated Go parity fixture-shape assertions, README, Go runtime docs, feature inventory, roadmap docs, and wiki source.
Validation:
python3 -m pytest -q tests/test_go_runtime_parity.pycd go/cavra-runtime && go test ./...python3 -m json.tool go/cavra-runtime/testdata/release_governance_records.json
Recommended next issue: delivered below as typed release governance enforcement contracts.
Status: complete for the current public-safe release governance contract slice.
Completed implementation:
- Added
ReleaseGovernanceEvidencetoproto/cavra/enforcement/v1/enforcement.protofor public-safe release metadata fields including approval state, delivery status, alert level, drift status, handoff status, and count-based risk signals. - Regenerated
go/cavra-runtime/enforcement/v1/contracts.gowith typed release-governance payload support and conversion into runtime release-governance records. - Added contract-level fixtures for approved promotion execution, failed connector delivery, and critical inventory freshness report requests.
- Added Go contract tests that validate protobuf fields and evaluate typed release-governance contract fixtures through the runtime.
- Updated README, Go contract docs, roadmap docs, feature inventory, and wiki source.
Validation:
cd go/cavra-runtime && go test ./...python3 scripts/generate_go_enforcement_contracts.pypython3 -m json.tool go/cavra-runtime/testdata/release_governance_contracts.json
Recommended next issue: delivered below as typed release governance daemon and CI runner examples.
Status: complete for the current public-safe daemon and CI runner example slice.
Completed implementation:
- Added typed release-governance
EvaluateRequestJSON examples for approved promotion execution, failed connector delivery, and critical endpoint inventory freshness. - Added GitHub Actions, GitLab CI, and Azure Pipelines templates that start the Go daemon, send a typed
release_governancerequest through--daemon, validate the expected decision and rule, and publish daemon evidence artifacts. - Updated Go daemon transport and Go enforcement contract documentation to show the typed request path and CI runner usage.
- Updated README, roadmap docs, feature inventory, phase log, and wiki source.
Validation:
python3 -m pytest -q tests/test_ci_templates.py tests/test_go_daemon_transport.pycd go/cavra-runtime && go test ./...python3 -m json.tool examples/go-runtime/typed-release-governance/approved-promotion.jsonpython3 -m json.tool examples/go-runtime/typed-release-governance/failed-connector-delivery.jsonpython3 -m json.tool examples/go-runtime/typed-release-governance/critical-inventory-freshness.json
Recommended next issue: delivered below as signed CI runner binary packaging and reusable runner actions.
Status: complete for the current public-safe signed runner packaging slice.
Completed implementation:
- Added a reusable release-governance runner shell wrapper that starts the Go daemon, sends a typed request, validates the expected decision and rule, fails closed on blocking decisions, and writes daemon evidence artifacts.
- Added a GitHub composite action that wraps the runner script for repository or packaged-action usage.
- Extended Go release packaging to include
cavra-runtime.ci-runner-bundles.json,ci-runners/cavra-release-governance-runner.sh, andci-runners/github-action/action.ymlin the signed release package. - Extended Go release verification to require and validate CI runner bundle metadata, runner wrapper digests, CI deployment target bindings, package verification guidance, keyless attestation guidance, and daemon evidence outputs.
- Updated README, Go release packaging docs, Go daemon transport docs, Go runtime README, feature inventory, roadmap, and wiki source.
Validation:
python3 -m pytest tests/test_go_release_packaging.py::test_go_release_packaging_creates_sbom_checksums_and_evidence tests/test_go_release_packaging.py::test_go_release_verifier_accepts_signed_package_and_rejects_tampering tests/test_go_release_packaging.py::test_go_release_verifier_rejects_missing_ci_runner_bundle_metadata -qpython3 -m pytest tests/test_ci_templates.py::test_github_release_governance_composite_action_uses_packaged_runner_wrapper tests/test_ci_templates.py::test_release_governance_runner_wrapper_runs_daemon_and_fails_closed -qpython3 scripts/validate_release_security.py
Recommended next issue: delivered below as runner authentication and signed streaming evidence.
Status: complete for the current public-safe HMAC runner authentication and evidence stream signing slice.
Completed implementation:
- Added
RunnerAuthenticationandRunnerIdentityto the generated Go enforcement contract and protobuf source. - Added optional daemon-side runner authentication with
--runner-auth-key,--runner-auth-key-id, and signedrunner_authclaims onEvaluateRequest. - Added client-side
--runner-auth-claimssupport so packaged runner scripts can attach signed CI provider, repository, workflow, ref, SHA, actor, job, and runner identity claims. - Added hash-chained daemon evidence records with sequence numbers, previous hashes, record hashes, optional
HMAC-SHA256signatures, and key IDs. - Updated the release-governance runner wrapper and GitHub composite action to support
CAVRA_RUNNER_AUTH_HMAC_KEY,CAVRA_RUNNER_AUTH_KEY_ID,CAVRA_DAEMON_EVIDENCE_HMAC_KEY, andCAVRA_DAEMON_EVIDENCE_KEY_ID. - Extended signed CI runner bundle metadata and release verification controls to require runner authentication and signed evidence stream guidance.
- Updated README, Go daemon transport docs, Go release packaging docs, Go contract docs, Go runtime README, feature inventory, productization report, roadmap, and wiki source.
Validation:
cd go/cavra-runtime && go test ./...python3 -m pytest tests/test_go_release_packaging.py::test_go_release_packaging_creates_sbom_checksums_and_evidence tests/test_ci_templates.py::test_github_release_governance_composite_action_uses_packaged_runner_wrapper tests/test_ci_templates.py::test_release_governance_runner_wrapper_runs_daemon_and_fails_closed tests/test_go_daemon_transport.py tests/test_go_enforcement_contracts.py -qpython3 scripts/validate_release_security.pybash -n examples/ci-runners/cavra-release-governance-runner.sh- Built
go/cavra-runtime/cmd/cavra-runtimeand smoke-testedexamples/ci-runners/cavra-release-governance-runner.shwith runner auth and evidence HMAC keys.
Recommended next issue: delivered below as runner OIDC verification and daemon evidence verifier CLI.
Status: complete for the current public-safe runner JWT verification and daemon evidence verification slice.
Completed implementation:
- Added
OIDC-JWTrunner authentication alongside existingHMAC-SHA256runner signatures. - Added daemon-side RS256/JWKS verification for CI-provider runner tokens with issuer, audience, expiry, not-before, provider, repository, and runner identity claim checks.
- Added client-side
--runner-auth-oidc-tokenand--runner-auth-oidc-token-filesupport and daemon-side--runner-oidc-issuer,--runner-oidc-audience,--runner-oidc-jwks, and--runner-oidc-jwks-urlconfiguration. - Redacted OIDC bearer JWTs from daemon evidence records while preserving runner identity metadata.
- Added
--verify-evidenceto validate daemon evidence sequence numbers, previous hashes, record hashes, signature key IDs, and HMAC signatures. - Updated reusable CI runner wrappers, GitHub composite action inputs, release bundle metadata, release verification controls, README, Go runtime docs, Go daemon transport docs, Go release packaging docs, feature inventory, roadmap, and wiki source.
Validation:
cd go/cavra-runtime && go test ./...python3 -m pytest tests/test_ci_templates.py::test_github_release_governance_composite_action_uses_packaged_runner_wrapper tests/test_ci_templates.py::test_release_governance_runner_wrapper_runs_daemon_and_fails_closed tests/test_go_release_packaging.py::test_go_release_packaging_creates_sbom_checksums_and_evidence tests/test_go_daemon_transport.py tests/test_identity_references.py tests/test_immutable_storage_references.py -qpython3 scripts/validate_release_security.pybash -n examples/ci-runners/cavra-release-governance-runner.sh
Recommended next issue: delivered below as provider-native OIDC token acquisition and runner evidence key custody.
Status: complete for the current public-safe CI provider acquisition and key-custody documentation slice.
Completed implementation:
- Added runner wrapper auto-acquisition for GitHub Actions OIDC tokens through
ACTIONS_ID_TOKEN_REQUEST_URLandACTIONS_ID_TOKEN_REQUEST_TOKEN. - Added GitLab CI
id_tokenssupport throughCAVRA_GITLAB_OIDC_TOKEN,GITLAB_OIDC_TOKEN,CAVRA_RUNNER_AUTH_OIDC_TOKEN_ENV, orCI_JOB_JWT_V2. - Added Azure Pipelines token acquisition support through
SYSTEM_OIDCREQUESTURIplusSYSTEM_ACCESSTOKENorCAVRA_AZURE_OIDC_REQUEST_TOKEN, withCAVRA_AZURE_OIDC_TOKENas an explicit fallback. - Added GitHub composite action inputs for OIDC auto-acquisition and GitLab token environment selection.
- Updated GitHub Actions, GitLab CI, and Azure Pipelines examples to publish
release-governance-evidence-verification.jsonas an audit artifact. - Added
docs/runner-auth-evidence-key-custody.mdfor OIDC preference, HMAC fallback, key IDs, rotation cadence, JWKS trust, and release-governance evidence retention. - Extended release package metadata, release verification controls, README, Go daemon transport docs, Go release packaging docs, Go runtime README, feature inventory, roadmap, and wiki source.
Validation:
python3 -m pytest tests/test_ci_templates.py tests/test_go_release_packaging.py::test_go_release_packaging_creates_sbom_checksums_and_evidence tests/test_identity_references.py tests/test_immutable_storage_references.py -qpython3 scripts/validate_release_security.pybash -n examples/ci-runners/cavra-release-governance-runner.sh
Recommended next issue: delivered below as Go release-governance parity expansion and reproducible air-gapped build metadata.
Status: complete for the current public-safe parity and reproducibility slice.
Completed implementation:
- Added Python
RuntimeGuardrelease-governance evaluation for the same public-safe record fixture used by the Go runtime. - Expanded Go release-governance record parity with rollout evidence verification and rollout artifact integrity cases.
- Added critical signal handling for failed rollout verification and artifact integrity mismatches.
- Added
cavra-runtime.reproducibility.jsonto Go release packages with deterministic build environment, Go flags, linker flags, target binaries, SHA-256 digests, and air-gapped rebuild commands. - Updated the Go release workflow to build with
SOURCE_DATE_EPOCH,CGO_ENABLED=0,GOFLAGS="-trimpath -mod=readonly -buildvcs=false", and-ldflags="-s -w -buildid=". - Extended
cavra release verify-go-packageto require and validate the reproducibility manifest. - Added
docs/go-reproducible-airgap-builds.mdand refreshed README, roadmap, feature inventory, Go parity, Go packaging, and wiki source documentation.
Validation:
python3 -m pytest tests/test_go_runtime_parity.py tests/test_go_release_packaging.py -qcd go/cavra-runtime && go test ./...python3 -m ruff check src/cavra/runtime.py scripts/package_go_release.py tests/test_go_runtime_parity.py tests/test_go_release_packaging.py
Recommended next issue: delivered below as high-risk release-governance contract fixtures.
Status: complete for the current public-safe generated contract fixture slice.
Completed implementation:
- Extended
ReleaseGovernanceEvidenceinproto/cavra/enforcement/v1/enforcement.protowith typed rollout verification, artifact integrity, audit export, and rollback reference fields. - Regenerated
go/cavra-runtime/enforcement/v1/contracts.gothroughscripts/generate_go_enforcement_contracts.py. - Added contract fixture cases for failed rollout evidence verification, artifact integrity mismatch, successful promotion audit export, and failed rollback audit export.
- Updated Python and Go runtime critical signal handling for audit export failures.
- Added Python parity coverage for the proto-shaped release-governance contract fixture set.
- Updated README, Go contract docs, Go parity docs, roadmap, feature inventory, and wiki source documentation.
Validation:
python3 -m pytest tests/test_go_enforcement_contracts.py tests/test_go_runtime_parity.py -qcd go/cavra-runtime && go test ./...python3 -m ruff check src/cavra/runtime.py scripts/generate_go_enforcement_contracts.py tests/test_go_enforcement_contracts.py tests/test_go_runtime_parity.py
Recommended next issue: add operational drill history for returning promoted environments to Python-only mode.
Status: complete for the current high-risk built-in Go policy parity slice.
Completed implementation:
- Added Go built-in policy parity for
cavra-cloud-iam,cavra-kubernetes-prod,cavra-terraform-prod,cavra-github-enterprise,cavra-owasp-llm-agentic, andcavra-agentic-delivery. - Expanded
go/cavra-runtime/testdata/parity_cases.jsonwith high-risk Cloud IAM mutation, Kubernetes production apply, Terraform/OpenTofu destructive operation, GitHub force/admin operation, OWASP pipe-shell command injection, and agentic delivery repository-setting cases. - Added positive read-only/test allowances for Cloud IAM, Kubernetes diff, OpenTofu plan, and agentic delivery test commands.
- Added Python fixture-shape coverage to ensure the high-risk command and cloud/IaC policy packs remain represented in the shared parity suite.
- Added
docs/high-risk-command-cloud-iac-parity.md, wiki documentation, and a dedicated SVG diagram for parity evidence. - Updated README, roadmap, feature inventory, Go parity docs, productization report, and wiki source documentation.
Validation:
python3 -m pytest tests/test_go_runtime_parity.py -qcd go/cavra-runtime && go test ./...python3 -m pytest -qpython3 -m ruff check src/ tests/ scripts/package_go_release.py scripts/validate_release_security.py scripts/generate_go_enforcement_contracts.pypython3 scripts/validate_release_security.py && bash scripts/validate-boundaries.sh .node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
Recommended next issue: add operational drill history for returning promoted environments to Python-only mode.
Status: complete for the current public-safe production signing operations slice.
Completed implementation:
- Added
cavra-runtime.signing-operations.jsonto Go runtime release packages with active key ID, Ed25519 algorithm, private-key custody boundary, rotation policy, emergency revocation evidence, and operator steps. - Added the signing operations manifest to release checksums, SLSA provenance subjects, detached signatures, release evidence artifacts, and offline trust bootstrap required files.
- Extended
cavra release verify-go-packageto require and validate signing operations controls before package promotion. - Added tests for generated signing operations metadata, signed package verification, and missing manifest rejection.
- Added
docs/release-signing-operations.md, wiki documentation, and a dedicated SVG diagram for users and auditors. - Updated README, Go release packaging docs, roadmap, feature inventory, productization report, and wiki source documentation.
Validation:
python3 -m pytest tests/test_go_release_packaging.py -qpython3 -m pytest -qcd go/cavra-runtime && go test ./...python3 -m ruff check src/ tests/ scripts/package_go_release.py scripts/validate_release_security.py scripts/generate_go_enforcement_contracts.pypython3 scripts/validate_release_security.py && bash scripts/validate-boundaries.sh . && git diff --checknode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
Recommended next issue: add operational drill history for returning promoted environments to Python-only mode.
Status: complete for the current public-safe pilot integration slice.
Completed implementation:
- Added
src/cavra/go_backend.pywith disabled, shadow, and enforce modes. - Added readiness checks for runtime binary path, compiled policy path, optional registry path, Python fallback, and parity gate evidence.
- Added audited pilot evaluation that runs Python first, invokes Go only when enabled, compares
decision,rule_id, andseverity, and falls back to Python on failure or mismatch. - Added CLI commands
cavra runtime go-pilot-readinessandcavra runtime go-pilot-evaluate. - Added FastAPI endpoints
/runtime/go-pilot/readinessand/runtime/go-pilot/evaluate. - Added Go backend pilot status to
/deployment/production-readiness,/console/config, and the Evidence Console Production Readiness panel. - Added
docs/go-backend-pilot.md,docs/wiki/Go-Backend-Pilot.md, anddocs/diagrams/go-backend-pilot.svg. - Updated README, production roadmap, feature inventory, production deployment validation, Go parity docs, Go roadmap, productization report, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_policy_authoring.py::test_production_readiness_report_marks_missing_controls tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_pilot_readiness_and_evaluation tests/test_cli.py::test_runtime_go_pilot_readiness_cli_reports_disabled -qpython3 -m ruff check src/cavra/go_backend.py src/cavra/cli.py src/cavra/api.py src/cavra/policy_authoring.py tests/test_go_backend.py tests/test_api.py tests/test_cli.py tests/test_policy_authoring.pypython3 -m pytest -qcd go/cavra-runtime && go test ./...python3 -m ruff check src/ tests/ scripts/package_go_release.py scripts/validate_release_security.py scripts/generate_go_enforcement_contracts.pypython3 scripts/validate_release_security.py && bash scripts/validate-boundaries.sh .node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js && git diff --check
Recommended next issue: add operational drill history for returning promoted environments to Python-only mode.
Status: complete for the current public-safe CI runner and workstation readiness slice.
Completed implementation:
- Added Go backend deployment readiness checks to
src/cavra/go_backend.py. - Added environment support for
CAVRA_GO_RUNTIME_PACKAGE_DIR,CAVRA_GO_ENDPOINT_DEPLOYMENT_MANIFEST,CAVRA_GO_CI_RUNNER_BUNDLES,CAVRA_GO_WORKSTATION_CHANNELS, andCAVRA_GO_WORKSTATION_UPDATER_POLICY. - Added CLI command
cavra runtime go-deployment-readiness. - Added FastAPI endpoint
/runtime/go-pilot/deployment-readiness. - Added
go_backend_deploymentto/deployment/production-readinessand surfaced Go deployment status in the Evidence Console Production Readiness panel. - Added tests for disabled, missing, and valid CI runner/workstation metadata readiness.
- Added
docs/go-backend-deployment-readiness.md,docs/wiki/Go-Backend-Deployment-Readiness.md, anddocs/diagrams/go-backend-deployment-readiness.svg. - Updated README, production roadmap, current feature inventory, production deployment validation, Go parity docs, Go roadmap, productization report, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_deployment_readiness tests/test_cli.py::test_runtime_go_deployment_readiness_cli_reports_not_configured tests/test_policy_authoring.py::test_production_readiness_report_marks_missing_controls -qpython3 -m ruff check src/cavra/go_backend.py src/cavra/cli.py src/cavra/api.py src/cavra/policy_authoring.py tests/test_go_backend.py tests/test_api.py tests/test_cli.py tests/test_policy_authoring.pypython3 -m pytest -qcd go/cavra-runtime && go test ./...python3 -m ruff check src/ tests/ scripts/package_go_release.py scripts/validate_release_security.py scripts/generate_go_enforcement_contracts.pypython3 scripts/validate_release_security.py && bash scripts/validate-boundaries.sh .node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js && git diff --check
Recommended next issue: add operational drill history for returning promoted environments to Python-only mode.
Status: complete for the current public-safe optional backend promotion slice.
Completed implementation:
- Added
promotedmode to the opt-in Go backend configuration while keeping Python as the default backend. - Added
CAVRA_GO_PROMOTION_EVIDENCEandpromotion_evidence_pathsupport for approved public-safe promotion evidence. - Added
go_promotion_readiness_reportwith runtime readiness, deployment readiness, audited parity evidence, and approval checks. - Added fail-closed promoted-mode evaluation so Go is selected only when promotion readiness is
ready; otherwise CAVRA falls back to Python. - Added CLI command
cavra runtime go-promotion-readiness. - Added FastAPI endpoint
/runtime/go-pilot/promotion-readiness. - Added
go_backend_promotionto/deployment/production-readiness,/console/config, and the Evidence Console Production Readiness panel. - Added tests for default
not_requested, missing evidence, valid evidence, promoted-mode fallback, and promoted-mode Go selection. - Added
docs/go-backend-promotion.md,docs/wiki/Go-Backend-Promotion.md, anddocs/diagrams/go-backend-promotion.svg. - Updated README, feature inventory, production deployment validation, Go parity docs, pilot/deployment docs, productization docs, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_promotion_readiness tests/test_cli.py::test_runtime_go_promotion_readiness_cli_reports_not_requested tests/test_policy_authoring.py::test_production_readiness_report_marks_missing_controls -qpython3 -m ruff check src/cavra/go_backend.py src/cavra/cli.py src/cavra/api.py src/cavra/policy_authoring.py tests/test_go_backend.py tests/test_api.py tests/test_cli.py tests/test_policy_authoring.pypython3 -m pytest -qcd go/cavra-runtime && go test ./...python3 -m ruff check src/ tests/ scripts/package_go_release.py scripts/validate_release_security.py scripts/generate_go_enforcement_contracts.pypython3 scripts/validate_release_security.py && bash scripts/validate-boundaries.sh .node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js && git diff --check
Recommended next issue: add operational drill history for returning promoted environments to Python-only mode.
Status: complete for the current public-safe promoted backend rollback-control slice.
Completed implementation:
- Added
CAVRA_GO_ROLLBACK_PLANandrollback_plan_pathsupport to the Go backend configuration. - Added
go_rollback_readiness_reportwith rollback plan, approval, disabled-mode target, required control, recovery-step, and evidence-reference checks. - Added fail-closed promoted-mode evaluation so Go is selected only when both promotion readiness and rollback readiness are
ready. - Added CLI command
cavra runtime go-rollback-readiness. - Added FastAPI endpoint
/runtime/go-pilot/rollback-readiness. - Added
go_backend_rollbackto/deployment/production-readiness,/console/config, and the Evidence Console Production Readiness panel. - Added tests for default
not_requested, missing rollback plan, valid rollback plan, promoted-mode rollback fallback, and promoted-mode Go selection with rollback controls. - Added
docs/go-backend-rollback.md,docs/wiki/Go-Backend-Rollback.md, anddocs/diagrams/go-backend-rollback.svg. - Updated README, feature inventory, production deployment validation, Go parity docs, pilot/promotion docs, productization docs, production roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_rollback_readiness tests/test_cli.py::test_runtime_go_rollback_readiness_cli_reports_not_requested tests/test_policy_authoring.py::test_production_readiness_report_marks_missing_controls -qpython3 -m ruff check src/cavra/go_backend.py src/cavra/cli.py src/cavra/api.py src/cavra/policy_authoring.py tests/test_go_backend.py tests/test_api.py tests/test_cli.py tests/test_policy_authoring.pypython3 -m pytest -qcd go/cavra-runtime && go test ./...python3 -m ruff check src/ tests/ scripts/package_go_release.py scripts/validate_release_security.py scripts/generate_go_enforcement_contracts.pypython3 scripts/validate_release_security.py && bash scripts/validate-boundaries.sh .node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js && git diff --check
Recommended next issue: delivered below as rollback rehearsal evidence and dashboard visibility.
Status: complete for the current public-safe promoted backend rollback-rehearsal slice.
Completed implementation:
- Added
CAVRA_GO_ROLLBACK_REHEARSAL_EVIDENCEandrollback_rehearsal_pathsupport to the Go backend configuration. - Added
go_rollback_rehearsal_reportwith rehearsal metadata, fallback verification, recovery SLA, runbook, approval linkage, and evidence-reference checks. - Added fail-closed promoted-mode evaluation so Go is selected only when promotion readiness, rollback readiness, and rollback rehearsal evidence are
ready. - Added CLI command
cavra runtime go-rollback-rehearsal. - Added FastAPI endpoint
/runtime/go-pilot/rollback-rehearsal. - Added
go_backend_rollback_rehearsalto/deployment/production-readiness,/console/config, and the Evidence Console Production Readiness panel. - Added dashboard fields for rehearsal status, recovery target, and rehearsal evidence references.
- Added tests for default
not_requested, missing rehearsal evidence, valid rehearsal evidence, promoted-mode rehearsal fallback, and promoted-mode Go selection with rehearsal evidence. - Added
docs/go-backend-rollback-rehearsal.md,docs/wiki/Go-Backend-Rollback-Rehearsal.md, anddocs/diagrams/go-backend-rollback-rehearsal.svg. - Updated README, feature inventory, production deployment validation, Go parity docs, pilot/promotion/rollback docs, productization docs, production roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_cli.py tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_rollback_rehearsal tests/test_policy_authoring.py -qpython3 -m pytest -qcd go/cavra-runtime && go test ./...python3 -m ruff check src/ tests/ scripts/package_go_release.py scripts/validate_release_security.py scripts/generate_go_enforcement_contracts.pypython3 scripts/validate_release_security.py && bash scripts/validate-boundaries.sh .node --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js && git diff --check
User stories:
- As an incident commander, I can prove rollback has been rehearsed before Go becomes the selected optional backend.
- As a platform owner, I can see rehearsal status, recovery time, and evidence references in the Evidence Console.
- As a security reviewer, I can require that rehearsal evidence maps to the approved rollback plan.
- As an auditor, I can attach public-safe rehearsal metadata to release evidence without exposing private endpoint details.
Enterprise challenge solved:
- Turns rollback from a written plan into exercised evidence before promoted Go backend use.
- Gives enterprise reviewers dashboard visibility into recovery timing and fallback verification.
- Keeps private runbooks, secrets, endpoint scripts, and customer data outside the public Community Edition.
Recommended next issue: delivered below as rollback drill history.
Status: complete for the current public-safe promoted backend drill-history slice.
Completed implementation:
- Added
CAVRA_GO_ROLLBACK_DRILL_HISTORY,CAVRA_GO_ROLLBACK_DRILL_MAX_AGE_DAYS, and Go backend configuration fields for rollback drill history. - Added
go_rollback_drill_history_reportwith latest drill, target mode, fallback verification, recovery SLA, freshness, runbook, and evidence-reference checks. - Added fail-closed promoted-mode evaluation so Go is selected only when promotion readiness, rollback readiness, rollback rehearsal evidence, and drill history are
ready. - Added CLI command
cavra runtime go-rollback-drills. - Added FastAPI endpoint
/runtime/go-pilot/rollback-drills. - Added
go_backend_rollback_drill_historyto/deployment/production-readiness,/console/config, and the Evidence Console Production Readiness panel. - Added dashboard fields for drill status, latest drill ID, timestamp, and evidence references.
- Added tests for default
not_requested, missing drill history, valid fresh drill history, promoted-mode drill fallback, and promoted-mode Go selection with drill history. - Added
docs/go-backend-rollback-drill-history.md,docs/wiki/Go-Backend-Rollback-Drill-History.md, anddocs/diagrams/go-backend-rollback-drill-history.svg. - Updated README, feature inventory, production deployment validation, Go parity docs, pilot/promotion/rehearsal docs, productization docs, production roadmap, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_cli.py tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_rollback_drills tests/test_policy_authoring.py -q
User stories:
- As an incident commander, I can prove that return-to-Python rollback is practiced on an operational cadence.
- As a platform owner, I can see the latest drill ID, timestamp, recovery target, and evidence references in the Evidence Console.
- As a security reviewer, I can block promoted mode when rollback drills become stale.
- As an auditor, I can review drill history without exposing private customer or endpoint details.
Enterprise challenge solved:
- Converts rollback practice into a production readiness gate instead of informal operational memory.
- Gives enterprise reviewers evidence that promoted Go backend use remains reversible over time.
- Keeps private runbooks, endpoint identifiers, customer names, and secrets outside the public Community Edition.
Recommended next issue: delivered below as rollback drill notification acknowledgement and escalation.
Status: complete for the current public-safe promoted backend drill-scheduling and stale-notification slice.
Completed implementation:
- Added
CAVRA_GO_ROLLBACK_DRILL_SCHEDULE,CAVRA_GO_ROLLBACK_DRILL_DUE_SOON_DAYS, and Go backend configuration fields for recurring rollback drill schedules. - Added
go_rollback_drill_schedule_reportwith active cadence, next due date, stale detection, due-soon detection, owner, route, and runbook checks. - Added fail-closed promoted-mode evaluation so Go is selected only when rollback drill history is fresh and the schedule is
readyordue_soon. - Added public-safe notification plan and event builders for stale or due-soon rollback drills.
- Added CLI commands
cavra runtime go-rollback-drill-scheduleandcavra runtime go-rollback-drill-notification-plan. - Added FastAPI endpoints
/runtime/go-pilot/rollback-drill-scheduleand/runtime/go-pilot/rollback-drill-notifications/deliver. - Added
go_backend_rollback_drill_scheduleto/deployment/production-readiness,/console/config, and the Evidence Console Production Readiness panel. - Added dashboard fields for drill schedule status, next due date, and notification providers.
- Added tests for default
not_requested, stale schedules, due-soon notification routes, promoted-mode schedule fallback, CLI commands, API schedule status, API notification delivery, and production readiness. - Added
docs/go-backend-rollback-drill-scheduling.md,docs/wiki/Go-Backend-Rollback-Drill-Scheduling.md, anddocs/diagrams/go-backend-rollback-drill-scheduling.svg. - Updated README, feature inventory, production deployment validation, Go parity docs, pilot/promotion/rollback/rehearsal/drill-history docs, productization docs, production roadmap, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_cli.py tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_rollback_drills tests/test_api.py::test_api_go_backend_rollback_drill_schedule tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery tests/test_policy_authoring.py -q
User stories:
- As a release manager, I can define the cadence for promoted Go backend rollback drills.
- As an incident commander, I can see when the next Python fallback drill is due.
- As a platform owner, I can route stale drill notifications to release governance connectors.
- As an auditor, I can review schedule metadata and delivery evidence without seeing connector secrets.
Enterprise challenge solved:
- Keeps rollback confidence operational after initial promotion.
- Turns stale drill schedules into visible readiness failures and connector-backed notification evidence.
- Keeps connector credentials, private URLs, customer names, and endpoint details outside the public Community Edition.
Recommended next issue: delivered below as rollback drill notification acknowledgement and escalation.
Status: complete for the current public-safe missed drill notification follow-up slice.
Completed implementation:
- Added public-safe rollback drill notification acknowledgement records using
cavra.go-backend-pilot.rollback-drill-notification-ack.v1. - Added acknowledgement metadata indexing with
metadata_kind=go-backend-rollback-drill-notification-ack. - Added notification history filtering across drill notification plans, redacted connector delivery records, acknowledgements, and escalation plans.
- Added notification dashboard metrics for delivery count, failed deliveries, acknowledgement count, and outstanding acknowledgement routes.
- Added missed-notification escalation planning with acknowledgement SLO policy and route-level recommended actions.
- Added escalation metadata indexing with
metadata_kind=go-backend-rollback-drill-notification-escalation-plan. - Added CLI commands
cavra runtime go-rollback-drill-notification-ackandcavra runtime go-rollback-drill-escalation-plan. - Added FastAPI endpoints
/runtime/go-pilot/rollback-drill-notifications/{schedule_id}/acknowledgements,/runtime/go-pilot/rollback-drill-notifications,/runtime/go-pilot/rollback-drill-notifications/dashboard, and/runtime/go-pilot/rollback-drill-notifications/escalation-plan. - Added tests for acknowledgement metadata, dashboard outstanding route tracking, escalation breach detection, CLI commands, API acknowledgement, API history, API dashboard, and API escalation planning.
- Added
docs/go-backend-rollback-drill-notification-escalation.md,docs/wiki/Go-Backend-Rollback-Drill-Notification-Escalation.md, anddocs/diagrams/go-backend-rollback-drill-notification-escalation.svg. - Updated README, API docs, CLI docs, feature inventory, production roadmap, scheduling docs, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_cli.py tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -q
User stories:
- As a release manager, I can prove that stale rollback drill notifications were acknowledged.
- As an incident commander, I can identify which notification route still needs owner action.
- As a platform owner, I can escalate missed drill notifications before promoted Go backend rollback confidence decays.
- As an auditor, I can review acknowledgement and escalation metadata without seeing connector credentials.
Enterprise challenge solved:
- Turns connector delivery into accountable owner follow-up.
- Produces public-safe escalation evidence for missed drill notifications.
- Keeps connector credentials, private routing logic, customer names, and endpoint details outside the public Community Edition.
Recommended next issue: delivered below as rollback drill owner routing and maintenance-window suppression.
Status: complete for the current public-safe owner routing and maintenance-window suppression slice.
Completed implementation:
- Added public-safe rollback drill
owner_routes,maintenance_windows, andowner_calendarssupport in schedule metadata. - Added route-level notification decisions with
deliver,suppress, maintenance-window suppression, and owner-calendar suppression reasons. - Added owner-specific provider selection, acknowledgement SLOs, and escalation owner metadata for promoted backend rollback drill notifications.
- Updated notification plan metadata with selected providers, acknowledgement-required providers, route decisions, deliverable route counts, suppressed route counts, maintenance suppression counts, and calendar suppression counts.
- Updated missed-notification escalation planning to use owner-specific acknowledgement SLOs from routing policy.
- Added CLI
--routing-policysupport tocavra runtime go-rollback-drill-notification-planandcavra runtime go-rollback-drill-escalation-plan. - Added API
routing_policysupport to/runtime/go-pilot/rollback-drill-notifications/deliver. - Added tests for owner route selection, maintenance-window suppression, owner-calendar suppression, owner-specific escalation SLOs, CLI routing policy loading, and API routing policy handling.
- Added
docs/go-backend-rollback-drill-routing.md,docs/wiki/Go-Backend-Rollback-Drill-Routing.md, anddocs/diagrams/go-backend-rollback-drill-routing.svg. - Updated README, API docs, feature inventory, production roadmap, scheduling docs, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_go_backend.py tests/test_cli.py tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -q
User stories:
- As a release manager, I can route rollback drill notifications to different providers per owner.
- As an incident commander, I can suppress drill notifications during approved maintenance windows while preserving audit metadata.
- As a platform owner, I can apply owner-specific acknowledgement SLOs for promoted backend rollback confidence.
- As an auditor, I can review route decisions without seeing private connector credentials or customer calendar data.
Enterprise challenge solved:
- Aligns rollback drill notification delivery with enterprise change freezes and team-specific ownership.
- Preserves public-safe route decision evidence for auditors and release governance.
- Keeps connector credentials, private routing logic, customer names, and internal calendar exports outside the public Community Edition.
Recommended next issue: delivered below as Evidence Console drill notification acknowledgement and escalation drill-down views.
Status: complete for the current public-safe Evidence Console drill notification review slice.
Completed implementation:
- Added a Go Rollback Drill Notifications console section with dashboard metrics for plans, deliveries, failed deliveries, acknowledgements, outstanding routes, escalation routes, and breached routes.
- Added provider, acknowledgement state, and metadata kind filters for rollback drill notification records.
- Added notification history rows for plans, redacted connector delivery metadata, acknowledgement records, and escalation plans.
- Added escalation route rows with schedule, provider, owner, acknowledgement state, route age, acknowledgement SLO, and recommended action.
- Added JSON detail and export actions for notification records and route-level escalation payloads.
- Added local public-safe sample metadata so the Community Edition dashboard works without a live API.
- Added
docs/go-backend-rollback-drill-console.md,docs/wiki/Go-Backend-Rollback-Drill-Console.md, anddocs/diagrams/go-backend-rollback-drill-console.svg. - Updated README, feature inventory, production roadmap, productization report, escalation docs, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.js apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_go_backend.py tests/test_cli.py tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -q
User stories:
- As a release manager, I can review whether stale rollback drill notifications were acknowledged.
- As an incident commander, I can find the owner, provider, and route that missed the acknowledgement SLO.
- As a platform owner, I can export route-level escalation metadata for operational review.
- As an auditor, I can inspect public-safe notification evidence without seeing connector credentials.
Enterprise challenge solved:
- Converts delivered alerts into operator-readable accountability views.
- Makes missed rollback drill follow-up visible before promoted backend confidence decays.
- Keeps connector credentials, private URLs, customer data, and Enterprise source outside the public Community Edition.
Recommended next issue: delivered below as persisted drill routing history filters and suppression trend summaries.
Status: complete for the current public-safe routing history and suppression trend slice.
Completed implementation:
- Added flattened rollback drill notification route history from persisted notification plan metadata.
- Added route filters for schedule ID, owner, provider, action, suppression category, limit, and offset.
- Added suppression trend summaries with category, owner, provider, schedule, maintenance-window, owner-calendar, and healthy-schedule counts.
- Added persisted trend metadata kind
go-backend-rollback-drill-routing-suppression-trend. - Added FastAPI endpoints
/runtime/go-pilot/rollback-drill-notifications/routesand/runtime/go-pilot/rollback-drill-notifications/suppression-trends. - Added console config endpoint discovery keys for route history and suppression trend APIs.
- Added Evidence Console owner/action/category filters, Routing History rows, Suppression Summary rows, and exportable detail payloads.
- Added
docs/go-backend-rollback-drill-routing-history.md,docs/wiki/Go-Backend-Rollback-Drill-Routing-History.md, anddocs/diagrams/go-backend-rollback-drill-routing-history.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, routing docs, diagrams, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.js apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_go_backend.py tests/test_api.py::test_api_deployment_production_readiness tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can filter rollback drill route decisions by owner, provider, and action.
- As an incident commander, I can explain why a drill notification was suppressed during a change freeze.
- As a platform owner, I can trend suppression causes across owner routes.
- As an auditor, I can review suppression evidence without seeing connector secrets or private calendar exports.
Enterprise challenge solved:
- Converts embedded route decisions into durable audit evidence.
- Gives operators a concise suppression trend view for change freezes and owner unavailability.
- Keeps connector credentials, private URLs, customer data, and internal calendar exports outside the public Community Edition.
Recommended next issue: delivered below as authenticated drill acknowledgement controls.
Status: complete for the current authenticated console acknowledgement mutation slice.
Completed implementation:
- Added route-level Ack, Escalate, and Resolve controls to the Go Rollback Drill Notifications console section.
- Added acknowledgement actor, external reference, notes, and status controls for operator context.
- Wired console mutation calls to
POST /runtime/go-pilot/rollback-drill-notifications/{schedule_id}/acknowledgementswith the stored console bearer token. - Updated the acknowledgement endpoint to require verified actor context whenever console OIDC or RBAC is configured.
- Updated the endpoint to persist the verified console actor as
acknowledged_byin authenticated deployments. - Added console session permission reporting for
acknowledge_drill_notifications. - Added local sample acknowledgement mutation behavior for Community Edition sandbox use without a live API.
- Added
docs/go-backend-rollback-drill-acknowledgement-controls.md,docs/wiki/Go-Backend-Rollback-Drill-Acknowledgement-Controls.md, anddocs/diagrams/go-backend-rollback-drill-acknowledgement-controls.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, drill console docs, diagrams, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.js apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_api.py::test_api_go_drill_acknowledgement_requires_authenticated_console_actor tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can acknowledge a missed rollback drill notification from the console.
- As an incident commander, I can escalate or resolve a drill route while preserving who performed the action.
- As a platform owner, I can require signed console identity for drill acknowledgement mutations.
- As an auditor, I can review route acknowledgement evidence with actor identity and public-safe notes.
Enterprise challenge solved:
- Prevents spoofed browser-supplied acknowledgement identities in authenticated deployments.
- Brings drill notification mutation behavior into the same console security boundary as approvals and break-glass.
- Keeps identity provider secrets, connector credentials, customer data, and Enterprise source outside the public Community Edition.
Recommended next issue: delivered below as bulk drill acknowledgement workflows and acknowledgement audit packages.
Status: complete for the current bulk acknowledgement and public-safe audit export slice.
Completed implementation:
- Added
POST /runtime/go-pilot/rollback-drill-notifications/acknowledgements/bulkfor recording acknowledgement, escalation, dismissal, or resolution metadata across up to 100 routes. - Added
POST /runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-packagefor route-level acknowledgement audit package generation and metadata persistence. - Added public-safe audit package builders with route state, owner, provider, latest acknowledgement actor, timestamp, external reference, and notes.
- Added Evidence Console controls for Bulk Ack Outstanding, Bulk Escalate Breached, and Export Ack Audit.
- Added local sample-mode bulk acknowledgement and audit export behavior for Community Edition sandbox use without a live API.
- Added
docs/go-backend-rollback-drill-bulk-acknowledgement-audit.md,docs/wiki/Go-Backend-Rollback-Drill-Bulk-Acknowledgement-Audit.md, anddocs/diagrams/go-backend-rollback-drill-bulk-acknowledgement-audit.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, drill console docs, acknowledgement controls docs, diagrams, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.js apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_package_summarizes_routes tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery -qpython3 -m ruff check src testsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can acknowledge outstanding rollback drill routes in bulk.
- As an incident commander, I can escalate breached rollback drill routes in one operation.
- As a platform owner, I can export route-level acknowledgement audit packages from the current filter scope.
- As an auditor, I can review actor identity, route state, notes, and external references without seeing connector secrets.
Enterprise challenge solved:
- Reduces operator toil across multi-owner and multi-provider rollback drill notification workflows.
- Preserves public-safe, route-level evidence for release governance and audit review.
- Keeps connector credentials, identity provider secrets, private URLs, customer data, and Enterprise source outside the public Community Edition.
Recommended next issue: delivered below as scheduled acknowledgement audit delivery and SIEM/ITSM export routing.
Status: complete for the current acknowledgement audit delivery routing slice.
Completed implementation:
- Added
POST /runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-deliveryfor building an acknowledgement audit package, creating a delivery plan, routing it through configured connectors, and indexing redacted delivery evidence. - Added public-safe delivery plans with selected providers, cadence, schedule reference, route count, outstanding count, escalation count, and alert level.
- Added redacted connector events for Splunk, Microsoft Sentinel, Datadog, Jira, ServiceNow, Slack, Teams, and Webhook.
- Added Evidence Console Audit delivery destination selection and Deliver Ack Audit action.
- Added history support for acknowledgement audit packages, acknowledgement audit delivery plans, and acknowledgement audit connector delivery records.
- Added
docs/go-backend-rollback-drill-acknowledgement-audit-delivery.md,docs/wiki/Go-Backend-Rollback-Drill-Acknowledgement-Audit-Delivery.md, anddocs/diagrams/go-backend-rollback-drill-acknowledgement-audit-delivery.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, drill docs, diagrams, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.js apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_api.py tests/test_go_backend.py -qpython3 -m ruff check src testsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can route acknowledgement audit evidence to operational connectors from the drill console.
- As a SOC analyst, I can receive acknowledgement coverage events in SIEM tooling.
- As an ITSM owner, I can capture missed or escalated drill acknowledgement evidence in Jira or ServiceNow.
- As an auditor, I can verify delivery metadata without seeing connector credentials or Enterprise source.
Enterprise challenge solved:
- Moves rollback assurance evidence from console-only review into governed operational systems.
- Preserves a public-safe boundary between Community Edition audit routing and private Enterprise automation.
- Creates the foundation for recurring Enterprise delivery workers without committing private scheduling logic.
Recommended next issue: delivered below as acknowledgement audit delivery history filters and delivery health dashboards.
Status: complete for the current acknowledgement audit delivery history and health dashboard slice.
Completed implementation:
- Added rollback drill notification history filters for connector delivery source, delivery success, alert level, audit ID, delivery ID, and cadence.
- Added acknowledgement audit delivery health metrics to the rollback drill notification dashboard.
- Added Evidence Console Delivery source filtering and SIEM/ITSM provider filter options.
- Added Evidence Console dashboard cards for audit delivery health, audit plans, audit sends, failed audit sends, and audit success rate.
- Added
docs/go-backend-rollback-drill-audit-delivery-health.md,docs/wiki/Go-Backend-Rollback-Drill-Audit-Delivery-Health.md, anddocs/diagrams/go-backend-rollback-drill-audit-delivery-health.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.js apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_api.py tests/test_go_backend.py -qpython3 -m ruff check src testsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can see whether acknowledgement audit delivery is healthy.
- As a SOC analyst, I can isolate failed SIEM delivery attempts for rollback drill audit packages.
- As an ITSM owner, I can filter Jira or ServiceNow audit delivery attempts by provider and delivery state.
- As an auditor, I can review public-safe delivery health without connector secrets.
Enterprise challenge solved:
- Makes failed acknowledgement audit routing visible before evidence gaps become audit issues.
- Gives operations teams a searchable delivery health trail across SIEM, ITSM, ChatOps, and webhook destinations.
- Prepares the product for governed retry automation and recurring scheduled workers.
Recommended next issue: delivered below as acknowledgement audit delivery retry automation and scheduled worker execution.
Status: complete for the current acknowledgement audit delivery retry worker slice.
Completed implementation:
- Added
POST /runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/retry-planfor public-safe retry plans derived from failed acknowledgement audit delivery metadata. - Added
POST /runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/worker-runfor scheduled worker execution with dry-run mode enabled by default. - Added
GET /runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/worker-runsand/worker-dashboardfor worker history and health summaries. - Added retry plan and worker run records to rollback drill notification history and dashboard metrics.
- Added Evidence Console Plan Audit Retry and Run Audit Worker actions plus retry and worker dashboard cards.
- Added
docs/go-backend-rollback-drill-audit-delivery-retry-worker.md,docs/wiki/Go-Backend-Rollback-Drill-Audit-Delivery-Retry-Worker.md, anddocs/diagrams/go-backend-rollback-drill-audit-delivery-retry-worker.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.js apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_api.py tests/test_go_backend.py -qpython3 -m ruff check src testsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can plan retries for failed acknowledgement audit delivery attempts.
- As a platform owner, I can dry-run the scheduled retry worker before executing retries.
- As a SOC analyst, I can verify that failed SIEM audit delivery is queued for recovery.
- As an auditor, I can review retry and worker evidence without seeing connector secrets.
Enterprise challenge solved:
- Makes rollback acknowledgement audit delivery recoverable after transient connector failures.
- Creates public-safe retry worker evidence without committing Enterprise scheduler or connector secret logic.
- Gives operators an auditable path from failed delivery to governed retry selection.
Recommended next issue: delivered below as acknowledgement audit worker health alerts and retry acknowledgements.
Status: complete for the current acknowledgement audit worker health alert and retry acknowledgement slice.
Completed implementation:
- Added
GET /runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/worker-healthfor missed worker runs, stale retry metadata, retryable delivery count, connector delivery failures, and recommendations. - Added
POST /runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/worker-health-alerts/deliverfor routing public-safe worker health alerts through configured connectors. - Added worker health alert acknowledgement endpoints, alert history, and alert dashboard views.
- Added retry acknowledgement endpoint for accepted, deferred, escalated, resolved, and dismissed retry decisions.
- Added worker health alert plans, alert acknowledgements, and retry acknowledgements to rollback drill notification history and dashboard metrics.
- Added Evidence Console Send Worker Alert and Ack Retry actions plus worker alert and retry acknowledgement dashboard cards.
- Added
docs/go-backend-rollback-drill-audit-worker-health-alerts.md,docs/wiki/Go-Backend-Rollback-Drill-Audit-Worker-Health-Alerts.md, anddocs/diagrams/go-backend-rollback-drill-audit-worker-health-alerts.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
node --check apps/sandbox-ui/config.js apps/sandbox-ui/sandbox.jspython3 -m pytest tests/test_api.py tests/test_go_backend.py -qpython3 -m ruff check src testsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can route retry worker health into operational channels.
- As a platform owner, I can acknowledge retry decisions before execution.
- As a SOC analyst, I can confirm repeated SIEM delivery failures were reviewed.
- As an auditor, I can see the accountable review state for failed audit delivery retries.
Enterprise challenge solved:
- Closes the loop between failed acknowledgement audit delivery, retry planning, worker health, alert routing, and operator review.
- Keeps worker health and retry acknowledgements public-safe without exposing connector credentials or Enterprise automation code.
- Establishes the governance record needed before approval-bound live retry execution records are introduced.
Recommended next issue: add approval-bound live retry execution records and connector recovery closure evidence.
Status: complete for the current recovery retry health and executive delivery retry planning slice.
Completed implementation:
- Added recovery escalation retry health reporting for worker freshness, stale retry plans, acknowledgement gaps, failed retry execution records, and disabled schedules.
- Added executive report delivery retry planning with retry, wait, and suppress decisions for failed scheduled executive report deliveries.
- Added API endpoints for recovery retry health and executive delivery retry plans.
- Added Evidence Console actions for Retry Health and Plan Executive Retry.
- Added dashboard counts for recovery retry health reports, health alerts, executive delivery retry plans, and retryable executive delivery failures.
- Added
docs/go-backend-rollback-drill-recovery-retry-health-and-executive-delivery-retry.md,docs/wiki/Go-Backend-Rollback-Drill-Recovery-Retry-Health-And-Executive-Delivery-Retry.md, anddocs/diagrams/go-backend-rollback-drill-recovery-retry-health-and-executive-delivery-retry.svg. - Updated README, API docs, feature inventory, production roadmap, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks -qpython3 -m pytest -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can verify recovery escalation retry automation is healthy before relying on it.
- As a platform owner, I can identify executive report delivery failures that are retryable, waiting, or exhausted.
- As an auditor, I can inspect recovery retry health reports and executive delivery retry plans from public-safe evidence.
- As an incident lead, I can spot acknowledgement gaps before retry automation creates delivery side effects.
Enterprise challenge solved:
- Adds operational health to recovery retry automation and separates executive delivery retry decisions from connector secrets.
- Keeps retry planning auditable while preserving the Community and Enterprise source boundary.
Recommended next issue: add automated executive report delivery retry execution and recovery escalation retry health alert delivery.
Status: complete for the current recovery escalation and executive reporting slice.
Completed implementation:
- Added public-safe recovery escalation plans derived from retry execution records, connector recovery playbooks, and recovery closures.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalation-plan. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/{plan_id}/deliverwith redacted connector delivery evidence. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report. - Added dashboard counts for recovery escalation plans, escalation routes, and executive reports.
- Added Evidence Console controls for planning recovery escalation, delivering recovery escalation, and building executive recovery reports.
- Added
docs/go-backend-rollback-drill-recovery-escalation-executive-reporting.md,docs/wiki/Go-Backend-Rollback-Drill-Recovery-Escalation-And-Executive-Reporting.md, anddocs/diagrams/go-backend-rollback-drill-recovery-escalation-executive-reporting.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks -q- Full validation is run before merge.
User stories:
- As a release manager, I can escalate failed retry execution and open recovery work before promotion readiness is affected.
- As a platform owner, I can deliver recovery escalation notifications to the right operations channel.
- As an executive stakeholder, I can read a concise recovery status report without needing raw connector or ticket details.
- As an auditor, I can trace retry recovery reports, escalation plans, delivery attempts, and executive reports as public-safe evidence.
Enterprise challenge solved:
- Converts retry recovery evidence into operational notification workflows and leadership reporting.
- Keeps escalation delivery public-safe while preserving the open-core boundary around private connector configuration and enterprise implementation.
Recommended next issue: add recovery escalation acknowledgements, delivery retry policies, and executive report scheduling.
Status: complete for the current recovery escalation acknowledgement, retry planning, and scheduled executive report slice.
Completed implementation:
- Added public-safe recovery escalation acknowledgement records for provider review state.
- Added retry plans for failed recovery escalation connector delivery metadata.
- Added scheduled executive recovery report runs with embedded public-safe report summaries.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/{plan_id}/acknowledgements. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/retry-plan. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/schedule-run. - Added Evidence Console controls for recovery escalation acknowledgement, escalation retry planning, and scheduled executive report runs.
- Added dashboard counts for recovery escalation acknowledgements, recovery escalation retry plans, retryable escalation deliveries, and scheduled executive report runs.
- Added
docs/go-backend-rollback-drill-recovery-escalation-ack-retry-scheduling.md,docs/wiki/Go-Backend-Rollback-Drill-Recovery-Escalation-Acknowledgements-And-Scheduling.md, anddocs/diagrams/go-backend-rollback-drill-recovery-escalation-ack-retry-scheduling.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks -q- Full validation is run before merge.
User stories:
- As a release manager, I can prove a recovery escalation was reviewed by the responsible provider.
- As a platform owner, I can create retry plans for failed recovery escalation delivery.
- As an executive stakeholder, I can rely on scheduled recovery report evidence.
- As an auditor, I can trace recovery escalation, provider acknowledgement, retry planning, and scheduled reporting from one evidence stream.
Enterprise challenge solved:
- Closes the recovery escalation governance loop with review evidence, failed-delivery retry planning, and scheduled leadership reporting.
- Keeps connector retry and report scheduling public-safe while private connectors remain responsible for side effects and secret handling.
Automated recovery escalation retry execution and scheduled executive report delivery are now complete in the next slice.
Status: complete for the current recovery escalation retry execution and executive report delivery slice.
Completed implementation:
- Added a dry-run-default recovery escalation retry worker.
- Added live recovery escalation retry execution records bound to worker run, retry plan, escalation plan, provider, delivery metadata, and execution status.
- Required accepted, acknowledged, or resolved recovery escalation acknowledgement before live retry selection.
- Added scheduled executive report delivery through configured public-safe connectors.
- Added dashboard counts for recovery escalation retry worker runs, retry execution outcomes, executive report delivery attempts, and failed executive report deliveries.
- Added Evidence Console controls for recovery escalation retry worker runs and executive report delivery.
- Added
docs/go-backend-rollback-drill-recovery-escalation-retry-execution-and-executive-delivery.md,docs/wiki/Go-Backend-Rollback-Drill-Recovery-Escalation-Retry-Execution-And-Executive-Delivery.md, anddocs/diagrams/go-backend-rollback-drill-recovery-escalation-retry-execution-and-executive-delivery.svg. - Updated README, API docs, feature inventory, production roadmap, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks -q- Full validation is run before merge.
User stories:
- As a release manager, I can retry failed recovery escalation delivery only after accepted review.
- As a platform owner, I can dry-run recovery retry automation before connector side effects.
- As an executive stakeholder, I can receive scheduled recovery report summaries from approved delivery channels.
- As an auditor, I can trace retry worker selection, execution status, and executive delivery evidence from one timeline.
Enterprise challenge solved:
- Turns recovery escalation follow-through into an auditable operating loop without exposing connector secrets or private incident data.
- Keeps public Community evidence safe while private connectors own runtime side effects.
Recommended next issue: add recovery escalation retry health reporting and executive report delivery retry planning.
Status: complete for the current live retry execution and recovery closure slice.
Completed implementation:
- Added approval-bound live retry execution records for non-dry-run acknowledgement audit delivery workers.
- Bound retry execution records to worker runs, retry plans, approval decisions, delivery plans, connector delivery results, selected providers, and public evidence references.
- Added connector recovery closure records for resolved, mitigated, deferred, escalated, and reopened recovery states.
- Added rollback drill notification history and dashboard metrics for retry execution records, execution success/failure, recovery closures, and closed recoveries.
- Added Evidence Console controls for approved live retry execution and connector recovery closure.
- Added
docs/go-backend-rollback-drill-live-retry-closure-evidence.md,docs/wiki/Go-Backend-Rollback-Drill-Live-Retry-Closure-Evidence.md, anddocs/diagrams/go-backend-rollback-drill-live-retry-closure-evidence.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py tests/test_go_backend.py -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can prove live retry execution happened only after approval.
- As a platform owner, I can see whether approved retries were delivered, failed, or skipped.
- As a SOC analyst, I can close connector recovery work with verification evidence.
- As an auditor, I can trace failed delivery, retry acknowledgement, approval, execution, playbook, and closure evidence.
Enterprise challenge solved:
- Completes the governed recovery chain for failed acknowledgement audit delivery without exposing connector secrets or private recovery logic.
- Makes live retry side effects auditable and closure-ready for regulated release operations.
Recommended next issue: add retry execution dashboards, recovery SLO reporting, and closure trend analytics.
Status: complete for the current executive retry health and recovery health alert retry planning slice.
Completed implementation:
- Added executive report delivery retry health reports for missed retry workers, stale retry plans, failed executive report deliveries, failed retry executions, dry-run counts, and disabled schedules.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/delivery-retry-health. - Added recovery escalation retry health alert delivery retry plans with retry, wait, and suppress decisions.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/retry-health-alerts/retry-plan. - Added Evidence Console controls for Plan Health Alert Retry and Exec Retry Health.
- Added dashboard metrics for recovery health alert retry plans, recovery health alert retryable count, executive retry health report count, and executive retry health alert count.
- Added
docs/go-backend-rollback-drill-executive-retry-health-and-recovery-health-alert-retry.md,docs/wiki/Go-Backend-Rollback-Drill-Executive-Retry-Health-And-Recovery-Health-Alert-Retry.md, anddocs/diagrams/go-backend-rollback-drill-executive-retry-health-and-recovery-health-alert-retry.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks -q- Full validation is run before merge for every phase.
User stories:
- As a release manager, I can see whether executive report delivery retry automation is current and healthy.
- As a platform owner, I can plan retry actions for failed recovery retry health alert delivery.
- As a SOC analyst, I can distinguish failed executive report delivery from failed retry execution.
- As an auditor, I can trace retry health and alert retry plans through public-safe metadata.
Enterprise challenge solved:
- Adds the missing health and retry planning loop for executive reporting and recovery retry alert reliability without exposing connector secrets or private incident payloads.
Recommended next issue: delivered above as recovery health alert retry worker execution and executive retry health alert delivery.
Status: complete for the current executive delivery retry execution and recovery health alert delivery slice.
Completed implementation:
- Added recovery escalation retry health alert event, plan, acknowledgement, history, and dashboard builders.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/retry-health-alerts/deliver. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/retry-health-alerts/{health_id}/acknowledgements. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/retry-health-alerts. - Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-escalations/retry-health-alert-dashboard. - Added executive report delivery retry worker runs and execution records with dry-run defaults and redacted connector delivery metadata.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/recovery-executive-report/delivery-retry-worker-run. - Added Evidence Console controls for Send Retry Health Alert and Run Executive Retry.
- Added dashboard metrics for recovery retry health alert plans, health alert acknowledgements, executive delivery retry worker runs, and executive retry execution outcomes.
- Added
docs/go-backend-rollback-drill-executive-delivery-retry-execution-and-recovery-health-alerts.md,docs/wiki/Go-Backend-Rollback-Drill-Executive-Delivery-Retry-Execution-And-Recovery-Health-Alerts.md, anddocs/diagrams/go-backend-rollback-drill-executive-delivery-retry-execution-and-recovery-health-alerts.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py::test_api_console_config_and_cors tests/test_api.py::test_api_go_backend_rollback_drill_notification_delivery tests/test_go_backend.py::test_go_rollback_drill_acknowledgement_audit_retry_execution_approvals_and_recovery_playbooks -qpython3 -m ruff check src/cavra/go_backend.py src/cavra/api.py tests/test_go_backend.py tests/test_api.pynode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.js
User stories:
- As a release manager, I can route recovery retry health alerts and acknowledge provider review.
- As a platform owner, I can retry failed executive report delivery with dry-run-first controls.
- As a SOC analyst, I can distinguish retry health alert delivery from recovery escalation delivery.
- As an auditor, I can trace executive retry execution to retry plans, schedule runs, connector delivery metadata, and execution records.
Enterprise challenge solved:
- Adds operational assurance that recovery retry health alerts and executive recovery reports are delivered, retried, and acknowledged without exposing connector secrets or private incident payloads.
Recommended next issue: add closed-loop executive delivery retry health reporting and recovery health alert retry planning.
Status: complete for the current retry execution dashboard and recovery reporting slice.
Completed implementation:
- Added a public-safe retry recovery report builder for retry execution records, connector recovery playbooks, and recovery closures.
- Added
/runtime/go-pilot/rollback-drill-notifications/acknowledgements/audit-delivery/retry-recovery-report. - Added persisted retry recovery report metadata for audit search and dashboard counts.
- Added provider summaries for execution counts, failed/skipped executions, recovery playbooks, closures, open recoveries, and SLO breaches.
- Added closure trend analytics by day, closure state, and provider.
- Added an Evidence Console Retry Recovery SLO table.
- Added
docs/go-backend-rollback-drill-retry-recovery-reporting.md,docs/wiki/Go-Backend-Rollback-Drill-Retry-Recovery-Reporting.md, anddocs/diagrams/go-backend-rollback-drill-retry-recovery-reporting.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py tests/test_go_backend.py -qpython3 -m pytest -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can review approved retry execution health by provider.
- As a platform owner, I can see open connector recovery work and breached recovery SLOs.
- As a SOC analyst, I can track closure trends without exposing private incident content.
- As an auditor, I can review retry execution, recovery state, and closure proof from one report.
Enterprise challenge solved:
- Converts retry execution and recovery closure evidence into operational reporting for regulated release teams.
- Keeps provider reliability and recovery SLO management visible without exposing connector secrets or private ticket payloads.
Recommended next issue: add automated recovery escalation notifications and executive reporting.
Status: complete for the current retry execution approval and connector recovery playbook slice.
Completed implementation:
- Added retry execution approval plans and approval decisions for acknowledgement audit retry delivery.
- Enforced approved retry execution evidence before non-dry-run retry workers select live delivery work.
- Added connector recovery playbooks for repeated SIEM, ITSM, ChatOps, and webhook delivery failures.
- Added Evidence Console controls for retry approval planning, retry approval decisions, and recovery playbook generation.
- Added
docs/go-backend-rollback-drill-retry-approvals-recovery-playbooks.md,docs/wiki/Go-Backend-Rollback-Drill-Retry-Approvals-And-Recovery-Playbooks.md, anddocs/diagrams/go-backend-rollback-drill-retry-approvals-recovery-playbooks.svg. - Updated README, API docs, feature inventory, production roadmap, productization report, diagrams, and wiki navigation.
Validation:
python3 -m pytest tests/test_api.py tests/test_go_backend.py -qpython3 -m ruff check src testsnode --check apps/sandbox-ui/config.js && node --check apps/sandbox-ui/sandbox.jsbash scripts/validate-boundaries.sh
User stories:
- As a release manager, I can approve retry execution before live delivery is attempted.
- As a platform owner, I can prove retry workers do not execute unapproved retry decisions.
- As a SOC analyst, I can review recovery guidance for repeated connector failures.
- As an auditor, I can trace failed delivery, retry acknowledgement, execution approval, and recovery playbook evidence.
Enterprise challenge solved:
- Adds the governance boundary buyers expect between failed audit delivery recovery planning and live retry side effects.
- Keeps recovery playbooks public-safe while leaving credential rotation, ticket updates, and chat side effects to private connectors or operator runbooks.
Recommended next issue: add approval-bound live retry execution records and connector recovery closure evidence.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Technology Stack
- Conclusion