Goal
Move ProofPath from hardcoded minimal verifier behavior toward explicit policy configuration.
Why this matters
The current verifier demonstrates the core action-context rules. For real integrations, teams need configurable policies such as:
- which scopes are allowed;
- which scopes require approval;
- which reversibility class is allowed per scope;
- which action scopes are blocked by default;
- which approval references are accepted.
Proposed first version
Add a simple policy file format:
scopes:
cicd.preview.deploy:
allowed: true
max_reversibility: reversible
approval_required: false
cicd.production.deploy:
allowed: true
max_reversibility: irreversible
approval_required: true
database.data.mutate:
allowed: true
max_reversibility: irreversible
approval_required: trueDeliverables
Acceptance criteria
- The first policy profile is intentionally minimal.
- It does not overclaim enterprise policy completeness.
- Unknown scope behavior is explicit.
- Approval-required scope behavior is explicit.
Related
Goal
Move ProofPath from hardcoded minimal verifier behavior toward explicit policy configuration.
Why this matters
The current verifier demonstrates the core action-context rules. For real integrations, teams need configurable policies such as:
Proposed first version
Add a simple policy file format:
Deliverables
specs/policy-profile-v0.1.md.Acceptance criteria
Related