How policies are written
Policies are defined in YAML using a modular structure. Each policy is made up of components like stages, approvals, inputs, and checks. Each component is declared with anartifactType and a details section that sets its behavior.
Writing policies in YAML makes them easy to version, reuse, and review, whether you’re building one from scratch or editing an existing template.
What this page covers
This page explains how to define each type of policy component using YAML. It includes examples for:- Organizing stages and approvals
- Grouping and reusing evidence
- Running metrics checks and scripted checks
- Creating input fields and guidance elements
- Defining classification logic and visibility rules
- Gating high-risk actions
Stages
Governance Admins define stages in YAML to organize evidence and approvals. Each stage can include:- One or more evidence sets (for direct evidence)
- One or more approvals, each with a name, list of approvers, and optional evidence
This example defines two stages by name:
Approvals
Approvals are defined within a stage. Each approval includes:- A name
- A list of approvers (users or organizations)
- Optional evidence, which must be satisfied before approval can be granted
In this example, the stage includes an approval named
Stage 4: validation sign off, which includes a checklist prompt for the approver:
Revalidation
Revalidation schedules are defined within an approval to enforce recurring renewal. See Periodic Revalidation for the full configuration model. Example: Define a revalidation scheduleThis example opens a 30-day renewal window, recurring every year starting from January 1st, 2026:
Sequential workflows
Sequential workflows define multi-stage approval processes where each stage must be completed before the next becomes available. Stages unlock in order, mirroring real-world review flows and helping maintain control throughout the governance process. Progression is gated by required fields. All mandatory information must be provided before a bundle can move forward, supporting structured, auditable workflows and built-in compliance. Sequential workflows are currently defined in YAML using theenforceSequentialOrder field.
Example: Define a sequential approval workflowThe following YAML example enforces sequential approvals across designated approvers within the
model-gov-org group:
Evidence and evidence sets
Evidence defines the inputs, approvals, or checks required during a stage. You can define evidence directly in a stage, or organize it into anevidenceSet for reuse and clarity.
When you define local evidence, it must be declared in full the first time it’s used. Later references can reuse it by id.
Example: Define evidence setsThis example defines a local evidence set named
sample local evidence:
Metrics checks
Metrics checks use model metadata to validate performance against thresholds. These checks run automatically and reduce manual review. Each check supports aliases to match metric names, as well as threshold logic to compare against expected values. Example: Define metrics checksThis check validates model accuracy using multiple
aliases and a minimum threshold of 0.8.
Scripted checks
Scripted checks run custom validation logic as part of a policy. Each one defines a command, parameters, and expected outputs. Scripted checks require anenvironmentID and hardwareTierID.
- Environment IDs can be found under Govern > Environments. Select an environment, and the ID is shown as the last part of the URL.
- Hardware tier IDs are listed in the Admin Portal, under Manage resources > Hardware tiers.
This scripted check runs a command-line model evaluation with input parameters and produces text and image output:
Monitoring checks
Monitoring checks connect governance to Domino Model Monitoring (DMM) to respond to drift, data quality, and other detection alerts. When an alert triggers, governance executes actions like notifications and creates findings with severity levels and owners, with all activity logged for traceability and audit compliance. Example: Define a monitoring checkThis monitoring check listens for drift and data quality alerts, then sends notifications and creates findings with assigned owners:
Input artifacts
Input artifacts define form elements used to collect user input during policy execution. These inputs appear in the governed bundle approval interface and can be used as evidence, classification references, or dynamic visibility triggers.Radio buttons
Radio buttons present users with a single-select list of labeled options. Each is defined by a display label and submitted value. Example: Define radio buttonsThis example defines a radio group with three labeled choices:
Text inputs
Text inputs collect short, freeform written responses from users. Example: Define text inputsThis example defines a single-line input field with placeholder and help text (
helpText):
Text areas
Capture longer, multi-line responses. You can customize the visible height of the input. Example: Define text areasThis example defines a 10-line
textarea input:
Select dropdowns
Select dropdowns provide a list of options where only one can be selected. Example: Define select dropdownsThis example defines a dropdown to select a base model template:
Multi-select dropdowns
Multi-select dropdowns allow selection of multiple options from a list. Example: Define multi-select dropdownsThis example defines a multi-select input for selecting data sets:
Checkbox groups
Checkbox groups display multiple options with checkboxes. Users can select any combination. Example: Define checkbox groupsThis example defines checkboxes for department selection:
Date inputs
Date inputs allow users to select or enter a date. You can specify a start date and format. Example: Define date inputsThis example defines a date input in
ISO8601 format:
Numeric inputs
Numeric inputs collect numbers within a defined range. Example: Define numeric inputsThis example defines an input for
F-score with min and max constraints:
File uploads
File upload artifacts let reviewers attach a file as evidence in the approval interface. The file is stored in the evidence notebook and automatically uploaded to the project directory. Use file uploads when reviewers must submit supporting documents, such as validation reports or compliance forms. Unlike text inputs, file uploads capture and store the document itself. Example: Define file uploadsThis example defines a file input field labeled
Model Validation Report. The uploaded file becomes part of the governed evidence.
Guidance artifacts
Guidance artifacts provide informational content to users, such as Markdown-formatted instructions or visual banners. These elements do not collect input but help orient users during policy execution.Text blocks
Text blocks display long-form guidance using Markdown syntax. Example: Define text blocksThis example shows how to include Markdown-formatted context as part of the policy:
Text banners
Text banners provide high-visibility messages to users. Example: Define text bannersThis example shows how to display a banner with a policy reference:
Classification
Classification is a top-level policy feature used to assign a risk tier (such aslow, medium, or high) to a governed bundle. You can base classifications on user inputs, define rules to evaluate them, and display tooltips to guide decisions.
Classification inputs
You can link input artifacts to a classification by assigning an alias. These inputs appear in stages like any other artifact but can be referenced in classification logic. Example: Define classification artifactsThis example defines a radio button input for model risk and links it to a classification alias:
Classification rules
Use rules to evaluate classification inputs and assign a final label. You can define simple conditions or write custom logic using scripts. Example: Define a classification ruleThis example returns
"High" if the sum of all input values is greater than or equal to 1:
This example classification rule uses evidence values to define whether the classification for this bundle should be
"High" or "Low".
Visibility rules
Visibility rules control whether certain artifacts, such as evidence sets, appear in the interface. You can base visibility on classification outcomes, user input, or any other evaluated condition. Example: Define a visibility ruleGating
Gates define policy controls for high-impact actions, like launching an app or creating a service endpoint. Each gate specifies:-
What action(s) the gate applies to, like
CreateApp, orCreateEndpoint -
Which parameter values trigger it, like
hardwareTierIdordataPlaneId - What approval(s) are required for the action to proceed
- Hardware Tier IDs control compute resources like CPU and GPU. You can find available hardware tier IDs in Hardware tiers or by contacting your administrator.
- Data plane IDs control where workloads run. You can find available data plane IDs in Data planes or by contacting your administrator.
In this example, the gate blocks creation of apps that use the
large-k8s or gpu-small-k8s hardware tiers unless the Validation sign off stage has been completed:
any keyword to apply a gate to all values of a parameter. This is useful when you want to gate an action regardless of which hardware tier or data plane is selected.
Example: Gate all hardware tiersThis gate blocks creation of apps on any hardware tier until the Validation sign off stage is complete.
Next steps
- Define policies: create and configure policies in the Policy Builder
- Gates: control governed actions based on approval status
- Roles and security: understand permissions and role assignment in Governance