Production policy

Tools · Guardrails

The rules every agent must follow in production · autonomy, recovery, audit, release gates

Active policy secops-policy@v3.2

14 rules · applies to all 5 agents

Last changed 2 weeks ago by @alice · ratified at Sprint 6 Retro. All changes require approval from @alice or @j.reviewer; commits are GPG-signed and append-only.

Rules

Pending

Approval req.

Deny rules

Autonomy rules · 4

Auto-merge threshold T1

severity ≤ medium AND playbook.uses ≥ 10 AND playbook.success ≥ 95%. Currently met by spring-sql-injection only.

changed 2w ago by @alice

Auto-approve threshold T2

Agent may post an approval vote on MRs but a human must merge. Default for all playbooks with uses ≥ 3.

changed 3w ago by @j.reviewer

Critical-severity override T4 Pending

Critical findings always route to human approval, regardless of playbook tier. Proposed change: add backup approver (@bob) when primary is OOO > 24h.

from Sprint 6 Retro approval req

Complexity escalation T3

Auto-demote to engineering epic when: files > 3 OR est. work > 1d OR ≥5 findings same vuln class.

changed 2w ago by @alice

Recovery & rollback · 3

Auto-rollback triggers

Revert merged fix within 15 min if: pipeline.fail OR error.rate > 2× baseline (10min) OR p95.latency > 1.5×.

scope: all T1 merges approval req

Max retry attempts

Agent retries a failing fix up to 3 times, then escalates to human queue. Backoff: 2m / 5m / 10m.

last triggered 4d ago · SEC-1740

Blast radius cap

A single agent run cannot modify more than 10 files or open more than 3 MRs. Exceeding either pauses the agent and pings #sec-ops.

scope: DEV agent approval req

Audit trail · 3

GPG-signed commits

Every agent commit is signed with a per-agent GPG key. Unsigned commits are rejected by branch protection.

verified for last 38 MRs

Log retention

Agent traces and decisions retained in LangSmith for 90 days, archived to S3 (immutable) for 2 years.

storage used: 4.2 GB

Append-only policy changes

All edits to this policy are versioned in git; rollback only by reverting to a prior tagged version. No silent edits.

repo: secops/policy

Release gates · 4

No open critical findings

Block deploys to prod if any Critical finding is open and older than its 7-day SLA.

currently passing approval req

DAST suite pass

Nightly DAST run against staging must pass before promote-to-prod. Failed checks block until next green run.

last run: green · 2h ago

Two-approver merge to main

Agent vote counts as one approver. A human still required for the second approval, except on T1 auto-merge playbooks.

scope: main, release/* approval req

Quarantined services

Agents may not modify auth-service.* or db.migrations without explicit per-MR override from @alice.

2 paths quarantined approval req

Version history

v3.2 Documented T-tier escalation rules with examples · added complexity caps · current HEAD 2w ago
@alice

v3.1 Tightened blast radius from 15 files → 10 files after near-miss in billing-service 5w ago
@j.reviewer

v3.0 Introduced 4-tier autonomy model (T1–T4) and per-playbook gating 3mo ago
@alice

v2.4 Added DAST gate, GPG-signed commit requirement 5mo ago
@bob

policy: secops-policy@v3.2