stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
54753bfd41afce421de8062d8bf2cb46fe638131
git.stella-ops.org/docs/modules/policy/promotion-gate-ownership-contract.md

2.3 KiB
Raw Blame History

Promotion Gate Ownership Contract

Purpose

This contract freezes ownership for promotion gate decisions and defines the Policy-to-Orchestrator interface.

Ownership Rules

  • Policy Engine owns PASS/FAIL gate evaluation semantics.
  • Concelier owns advisory ingestion and linkset publication only.
  • Release Orchestrator executes promotion state transitions using Policy outputs.
  • Authority enforces identity/scope boundaries for all callers.

Explicit Non-Goals for Concelier

  • No PASS/FAIL decisioning for promotion gates.
  • No direct production of promotion allow/deny verdicts.
  • No mutation of Policy-derived effective findings.

Policy Evaluation Interface

{
  "request": {
    "tenantId": "string",
    "promotionId": "guid",
    "targetEnvironment": "string",
    "artifactDigest": "sha256:...",
    "evidenceRef": "guid",
    "policyBundleDigest": "sha256:..."
  },
  "response": {
    "decision": "allow|deny|pending",
    "reasonCodes": ["string"],
    "policyDigest": "sha256:...",
    "determinismHash": "sha256:...",
    "evaluatedAtUtc": "2026-02-10T00:00:00Z"
  }
}

Determinism and Fail-Closed Rules

  • Identical request payloads must produce identical decision outputs.
  • Missing or invalid policy inputs MUST return explicit deny or pending according to policy profile; no implicit allow.
  • Reason codes must be stable and sortable for replay/audit.

Required Test Coverage

Promotion/Orchestrator side:

  • src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Gate/PolicyGateTests.cs
  • src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Decision/DecisionEngineTests.cs
  • src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Gate/GateEvaluatorTests.cs

Policy side:

  • src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Gates/PolicyGateEvaluatorTests.cs
  • src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Determinism/PolicyEngineDeterminismTests.cs
  • src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Gates/Determinization/DeterminizationGateTests.cs

Integration References

  • Evidence contract: docs/modules/evidence-locker/promotion-evidence-contract.md
  • Promotion APIs: docs/modules/release-jobengine/api/promotions.md
  • Runtime closure plan: docs/modules/release-jobengine/promotion-runtime-gap-closure-plan.md