-
Notifications
You must be signed in to change notification settings - Fork 0
Production Roadmap
The CAVRA roadmap is priority-based, not calendar-based.
Status: complete in PR #1.
Delivered CAVRA identity, CLI, MCP server, Claude Code setup, policy packs, runtime decisions, FastAPI app contract, sandbox, Docker validation, enterprise docs, and CAVRA diagrams.
Next recommended phase.
Implement strict policy schema validation, policy inheritance, signed policies, policy tests, semantic policy diff, and stable compiled policy output.
Implement signed evidence bundles, PR attestation, SIEM events, compliance reports, retention controls, and immutable storage reference exporters.
Implement approval queue, approval persistence, approver routing, Jira/ServiceNow references, Slack/Teams notifications, and break-glass workflows.
Implement governed agent identities, MCP server trust tiers, tool capability classification, default-deny unknown server mode, and registry-backed runtime decisions.
Implement database-backed API and initial console for sessions, decisions, approvals, policies, evidence, integrations, MCP trust, and agents.
Implement Go runtime backend, generated protobuf clients, local daemon, CI runner mode, parity tests, and air-gapped binary.
Implement GitHub required check, GitLab/Azure DevOps templates, SIEM exporters, ITSM connectors, OIDC/RBAC, and immutable evidence store references.
Deploy a public Before the Agent Acts sandbox with real policy decisions and downloadable evidence.
Implement SBOM, signed releases, vulnerability disclosure, security scans, dependency audit, backup/restore docs, upgrade docs, performance tests, and procurement readiness.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Technology Stack
- Unified Enterprise Roadmap
- Conclusion
- Development And Testing Archive
- Unified Enterprise Roadmap
- CLI
- API
- CAVRA Trial Field Guide
- AISPM Enterprise Live Ingestion
- Enterprise HA/DR Readiness
- Enterprise HA/DR Azure Map
- Enterprise KMS/HSM Evidence Custody
- Enterprise Immutable Audit Log
- Enterprise Compliance Mapping Packs
- Enterprise Reporting Exports
- Connector SDK And Certification
- Priority Certified Connectors
- Model Registry Connectors