PolicyStrata

Release Decisions

Convert runner findings into pass, fail, block, review, approval, and waiver decisions.

Decision Model

Release decisions convert normalized findings into one answer: can this agent release ship? The decision attaches to a release candidate, not just a single run.

DecisionMeaning
passedAll configured gates passed.
failedAt least one fail gate needs remediation or waiver.
blockedA blocker prevents release under policy.
needs_reviewHuman review is required before release.
approvedA reviewer accepted the evidence and release can ship.
waivedA reviewer accepted specific risk for a scoped time or release.

Do not hide waivers

A waiver is a decision with scope, owner, reason, and expiration. It is not a silent pass.

Gate Examples

GateEngineDefault decision
Tenant scope requiredPolicyStratablocked
PII minimization failedPolicyStratablocked
SQL/RLS drift detectedPolicyStratablocked
Stale source dependencyDocPullneeds_review
Missing citation coverageDocPullfailed
Policy suite unavailableRunnerfailed

Gate Configuration

gates.yaml
block:
  - tenant_scope_required
  - pii_minimization_failed
  - rls_drift
fail:
  - missing_citation
  - source_unavailable
review:
  - stale_context
  - low_confidence_witness
waiver:
  requires:
    owner: true
    reason: true
    expiresAt: true

Review Flow

Run

The runner uploads findings and evidence references.

Classify

The API resolves gate rules and sets the release decision.

Review

Security, data, or platform owners inspect blockers and witnesses.

Decide

The reviewer approves, waives, blocks, or requests remediation.

On this page