/06—Policies

Governance policies

Codified rules for access, approvals, distribution, and environment promotion. Policies are applied to skills by tier or by tag.

accessTier 1 — Read access requires SSO group

active

All Tier 1 skills

Affects 38 skillsOwner platform-adminsUpdated 4d ago

approvalProduction releases require 2 approvers

active

All production environments

Affects 147 skillsOwner platform-adminsUpdated 12d ago

distributionTier 1 cannot distribute to local agents

active

Tier 1, vscode-sync · codex-agent · cursor-agent

Affects 38 skillsOwner complianceUpdated 22d ago

environmentStaging burn-in of 24h before production

active

Tier 1 & Tier 2

Affects 96 skillsOwner platform-adminsUpdated 31d ago

approvalAuto-pin on regression > 5%

draft

All production releases

Affects 0 skillsOwner platform-adminsUpdated 1d ago

accessExternal eval datasets require legal review

active

Eval datasets sourced outside the org

Affects 4 skillsOwner complianceUpdated 47d ago

accessTier 1 — Read access requires SSO group

Scope

All Tier 1 skills

State

active

Affects

38 skills

Owned by

platform-admins

Rules

Membership

Must be a member of an Okta-synced group with explicit grant

Re-auth

Required every 12h for sensitive Tier 1 skills

Exception

Break-glass via two-person approval

Recent enforcement

12m agoblockedrenata.m · attempted to distribute Tier 1 skill via vscode-sync

3h agoallowedari.chen · approved promotion of Engineering RFC Reviewer

6h agoallowedjdv · rollback Incident Triage → v2.9.4 with break-glass