67 lines
2.3 KiB
Markdown
67 lines
2.3 KiB
Markdown
# Promotion Gate Ownership Contract
|
|
|
|
## Purpose
|
|
|
|
This contract freezes ownership for promotion gate decisions and defines the
|
|
Policy-to-Orchestrator interface.
|
|
|
|
## Ownership Rules
|
|
|
|
- Policy Engine owns PASS/FAIL gate evaluation semantics.
|
|
- Concelier owns advisory ingestion and linkset publication only.
|
|
- Release Orchestrator executes promotion state transitions using Policy outputs.
|
|
- Authority enforces identity/scope boundaries for all callers.
|
|
|
|
## Explicit Non-Goals for Concelier
|
|
|
|
- No PASS/FAIL decisioning for promotion gates.
|
|
- No direct production of promotion allow/deny verdicts.
|
|
- No mutation of Policy-derived effective findings.
|
|
|
|
## Policy Evaluation Interface
|
|
|
|
```json
|
|
{
|
|
"request": {
|
|
"tenantId": "string",
|
|
"promotionId": "guid",
|
|
"targetEnvironment": "string",
|
|
"artifactDigest": "sha256:...",
|
|
"evidenceRef": "guid",
|
|
"policyBundleDigest": "sha256:..."
|
|
},
|
|
"response": {
|
|
"decision": "allow|deny|pending",
|
|
"reasonCodes": ["string"],
|
|
"policyDigest": "sha256:...",
|
|
"determinismHash": "sha256:...",
|
|
"evaluatedAtUtc": "2026-02-10T00:00:00Z"
|
|
}
|
|
}
|
|
```
|
|
|
|
## Determinism and Fail-Closed Rules
|
|
|
|
- Identical request payloads must produce identical decision outputs.
|
|
- Missing or invalid policy inputs MUST return explicit deny or pending according
|
|
to policy profile; no implicit allow.
|
|
- Reason codes must be stable and sortable for replay/audit.
|
|
|
|
## Required Test Coverage
|
|
|
|
Promotion/Orchestrator side:
|
|
- `src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Gate/PolicyGateTests.cs`
|
|
- `src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Decision/DecisionEngineTests.cs`
|
|
- `src/ReleaseOrchestrator/__Tests/StellaOps.ReleaseOrchestrator.Promotion.Tests/Gate/GateEvaluatorTests.cs`
|
|
|
|
Policy side:
|
|
- `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Gates/PolicyGateEvaluatorTests.cs`
|
|
- `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Determinism/PolicyEngineDeterminismTests.cs`
|
|
- `src/Policy/__Tests/StellaOps.Policy.Engine.Tests/Gates/Determinization/DeterminizationGateTests.cs`
|
|
|
|
## Integration References
|
|
|
|
- Evidence contract: `docs/modules/evidence-locker/promotion-evidence-contract.md`
|
|
- Promotion APIs: `docs/modules/release-jobengine/api/promotions.md`
|
|
- Runtime closure plan: `docs/modules/release-jobengine/promotion-runtime-gap-closure-plan.md`
|