# Risk profiles

Purpose
- Define profile schema, lifecycle, and governance for risk scoring.

Schema essentials
- id, version, description, signals[], weights, metadata.
- signals[] fields: name, source, type (numeric, boolean, categorical), path, transform, unit.
- overrides: severity rules and decision rules.
- Optional: extends, rollout flags, valid_from, valid_until.

Severity levels
- critical, high, medium, low, informational.

Lifecycle
1. Author profiles in Policy Studio.
2. Simulate against deterministic fixtures.
3. Review and approve with DSSE signatures.
4. Promote and activate in Policy Engine.
5. Roll back by activating a previous version.

Governance and determinism
- Profiles are immutable after promotion.
- Each version carries a profile_hash and signed manifest entry.
- Simulation and production share the same evaluation codepath.
- Offline bundles include profiles and fixtures with hashes.

Explainability and observability
- Emit per-factor contributions with stable ordering.
- Track evaluation latency, factor coverage, profile hit rate, and override usage.

Related references
- risk/overview.md
- risk/factors.md
- risk/formulas.md
- risk/explainability.md
- risk/api.md