-
Notifications
You must be signed in to change notification settings - Fork 0
Tenant Audit Store Operating Contract
Status date: 2026-06-02.
CAVRA Community Edition now exposes a public-safe request and response contract for tenant audit-store operating readiness. The contract lets future Enterprise and SaaS services report whether tenant evidence storage, retention posture, evidence freshness, export readiness, immutable storage, and dashboard visibility are healthy after launch.
Implemented in src/cavra/saas_control_plane.py:
-
tenant_audit_store_operatingoperation; -
build_tenant_audit_store_operating_request; -
TenantAuditStoreOperatingSummary; -
build_tenant_audit_store_operating_response.
Supported operating states:
readydegradedblockedunknown
The public repository defines shapes and validation only. Tenant archive storage, customer evidence payloads, customer retention schedules, export connector delivery, provider URLs, connector credentials, SaaS backend code, and Enterprise source code remain private.
As a SaaS operator, I can see when audit-store health, retention posture, evidence freshness, export readiness, immutable storage, or dashboard visibility would block steady-state tenant operation before promising readiness to a customer.
This contract turns audit-store operation into auditable readiness evidence. It helps enterprise customers trust that governed evidence is fresh, retained, exportable, and observable after onboarding.
Public tests cover request serialization, default operating checks, invalid status rejection, sensitive payload rejection, summary serialization, mismatched request rejection, and private-module handoff messaging.
Delivered in public billing/subscription boundary documentation. Continue with
private hosted policy registry readiness evidence in cavra-enterprise.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Conclusion