- Blocking GPU or high-cost hardware tiers until reviews are complete
- Controlling deployments to specific data planes
- Rechecking approval status on restart to maintain compliance
Define gates in a policy
Governance Admins define gates as part of a policy using YAML. Each gate includes:- One or more rules that define the governed action and its parameters
- A list of required approvals for the action to proceed
In this example, the gate blocks creation of apps that use the
large-k8s or gpu-small-k8s hardware tiers unless the Validation sign off stage has been completed:
Activate gating in a project
When a practitioner attaches a bundle with gating policies to a project, the system begins enforcing the gate rules. Only governed actions and parameters are affected. All other activity proceeds normally. Gates remain active as long as the bundle is attached and the policy requires the relevant approvals.Manage gate approvals
Gates rely on the same approval stages used elsewhere in governance. Admins or approvers can grant or revoke approvals at any time. When approval status changes, the system updates gate behavior automatically. This affects both new actions and restarts of governed resources.How gating enforcement works
When a user attempts a governed action, the system evaluates gate rules in real time. If the action and its parameters match a gated rule, the system checks for approval before allowing it to proceed.- During creation: invalid configuration options are blocked in the UI
- On restart: users receive an error if a previously approved configuration no longer meets policy requirements
How gate decisions are enforced and tracked
Gating decisions are enforced by two internal services:- Governance Service manages policies, approvals, and gate definitions
- Rules Service applies gate logic and determines whether to allow or block actions in real time
"deny" by default. Actions are allowed only after the required approvals are granted.
All rule evaluations and gating outcomes are:
- Recorded in the Audit Log
- Tracked in MixPanel to support compliance reporting and usage analysis
Next steps
- Work with bundles: package models and artifacts for review
- Automated checks: run validation checks during bundle progression
- Monitoring checks: respond to drift and data quality alerts from deployed models
- Add findings to a bundle: document review decisions and track issues
- Send bundles for review: submit bundles for formal approval