Goal
Enforce merge decisions through policy checks instead of manual interpretation.
Why
Policy-as-code must be auditable and deterministic enough for cross-repo governance.
Required Policy Rules
- No regression below configured quality/traceability thresholds.
- No broken requirement/test references.
- Required checks must pass.
- Required Lane A artifacts must be present and schema-valid.
- Dependency/license policy must pass for merge-critical path.
Tasks
- Implement baseline policy rules and policy input schema.
- Define allow/deny output schema with machine-readable reasons.
- Add waiver model fields: approver, reason, expiry, audit reference.
- Add policy test cases for expected pass/fail and waiver scenarios.
Docs-as-code pilot tasks
- Add policy checks consuming traceability metrics/gate artifacts.
- Add license/dependency assertion input for Lane A runs.
- Validate policy decisions in CI and publish outputs.
Done When
- Seeded violating inputs are denied; compliant inputs are allowed.
- Policy decisions produce machine-readable allow/deny outputs with reasons.
- Missing Lane A artifacts or failed license policy always deny merge.
Parent: #2852
Goal
Enforce merge decisions through policy checks instead of manual interpretation.
Why
Policy-as-code must be auditable and deterministic enough for cross-repo governance.
Required Policy Rules
Tasks
Docs-as-code pilot tasks
Done When
Parent: #2852