-
Notifications
You must be signed in to change notification settings - Fork 0
Zero Trust Reference Deployments
CAVRA zero-trust reference deployments package the public Community runtime, metadata-only scanner operation, and deployment smoke gates into reproducible operator examples.
This page covers the R6.4 public reference layer: Docker Compose, Helm, Terraform, Azure Container Apps, scanner operation, and readiness evidence.
| Artifact | Path | Purpose |
|---|---|---|
| Docker Compose | examples/reference-deployments/zero-trust/docker-compose.yml |
Runs CAVRA API plus a metadata-only customer-side scanner job. |
| Helm chart | examples/reference-deployments/zero-trust/helm/cavra-zero-trust |
Kubernetes packaging baseline for private clusters and managed Kubernetes. |
| Terraform Azure | examples/reference-deployments/zero-trust/terraform/azure |
Azure Container Apps, environment, logging, and scanner app skeleton. |
| Azure Bicep | examples/reference-deployments/zero-trust/azure/container-apps.bicep |
Direct Azure Container Apps reference deployment. |
| Scanner runbook | examples/reference-deployments/zero-trust/scanner-operation-runbook.md |
Customer-side metadata-only scanner operating checklist. |
| Quickstart demo | examples/reference-deployments/zero-trust/quickstart-demo.md |
End-to-end validation commands and completion condition. |
- Fail-closed runtime behavior.
- Metadata-only scanner output.
- Tenant and workspace scope.
- Private network mode support.
- Signed evidence references.
- No raw model, training data, prompt, source code, or secret egress.
python3 scripts/validate_zero_trust_reference_deployments.py \
--catalog examples/reference-deployments/zero-trust-reference-deployments.json \
--repo-root .python3 scripts/validate_zero_trust_reference_deployments.py \
--packet examples/reference-deployments/zero-trust-reference-deployments.live.sanitized.example.json \
--repo-root . \
--require-liveCLI equivalent:
cavra deployment zero-trust-catalog --repo-root .
cavra deployment zero-trust-readiness \
examples/reference-deployments/zero-trust-reference-deployments.live.sanitized.example.json \
--repo-root . \
--require-liveLive completion condition:
ready_for_live_zero_trust_reference_deployments: true
blocker_count: 0
The public reference deployment validates packaging and contract shape. A real Enterprise deployment must replace sanitized example refs with customer live evidence from Docker Compose smoke tests, Helm rendering, Terraform validation, Azure what-if review, scanner operation, evidence export, tenant/workspace ownership, identity controls, private networking, and audit storage.
Use this page with Zero-Trust Scanner Agent, Azure Community Deployment, and Azure Trial And Enterprise Deployment.
Before the agent acts, CAVRA asks: who is acting, what will change, what policy applies, and what evidence will prove it?
| Start | Build | Operate | Assure |
|---|---|---|---|
| Quick Start | CLI | Enterprise Guide | AISPM |
| Reader Paths | Policy Syntax | Deployments | Evidence |
| Community | GUI | Troubleshooting | Conclusion |
- Foreword And Reader Paths
- Why CAVRA Exists
- Runtime Authority Model
- Architecture
- Editions
- Install And Deploy
- Community Guide
- Enterprise Guide
- CLI Reference
- GUI And Sandbox
- AISPM Guide
- Policy And Evidence
- Operations And Integrations
- Labs And Use Cases
- Appendices And FAQ
- Policy Language Reference
- Troubleshooting Playbook
- Technology Stack
- Unified Enterprise Roadmap
- Conclusion
- Development And Testing Archive
- Unified Enterprise Roadmap
- CLI
- API
- CAVRA Trial Field Guide
- AISPM Enterprise Live Ingestion
- Enterprise HA/DR Readiness
- Enterprise HA/DR Azure Map
- Enterprise KMS/HSM Evidence Custody
- Enterprise Immutable Audit Log
- Enterprise Compliance Mapping Packs
- Enterprise Reporting Exports
- Connector SDK And Certification
- Priority Certified Connectors
- Model Registry Connectors