> ## Documentation Index
> Fetch the complete documentation index at: https://docs.domino.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Gates

After bundles are approved through the governance lifecycle, gates enforce those approval requirements by controlling specific user actions in real time.

Gates help teams limit risk, automate compliance, and respond quickly to policy changes. Gating decisions are applied automatically and recorded for audit.

You need the **GovernanceAdmin** role to define gates in policies. [Roles and security](/cloud/platform-capabilities/features/governance/roles-and-security) has details on role assignment.

Domino evaluates gated actions when you create or restart an Application or deploy an Endpoint, blocking users from completing these actions until the required approval is granted.

Common use cases include:

* Blocking GPU or high-cost hardware tiers until reviews are complete

* Controlling deployments to specific data planes

* Rechecking approval status on restart to maintain compliance

Gates apply only to governed actions in projects where a bundle with gating policies has been attached.

## Define gates in a policy

Governance Admins define gates as part of a policy using YAML. Each gate includes:

* One or more rules that define the governed action and its parameters

* A list of required approvals for the action to proceed

**Example: Define gates in YAML**\
In this example, the gate blocks creation of apps that use the `large-k8s` or `gpu-small-k8s` hardware tiers unless the `Validation sign off` stage has been completed:

```yaml theme={null}
gates:
  - name: Prod
    rules:
      - action: CreateApp
        parameters:
          hardwareTierId:
            - large-k8s
            - gpu-small-k8s
    approvals:
      - Validation sign off
```

## Activate gating in a project

When a practitioner attaches a bundle with gating policies to a project, the system begins enforcing the gate rules. Only governed actions and parameters are affected. All other activity proceeds normally.

Gates remain active as long as the bundle is attached and the policy requires the relevant approvals.

## Manage gate approvals

Gates rely on the same approval stages used elsewhere in governance. Admins or approvers can grant or revoke approvals at any time.

When approval status changes, the system updates gate behavior automatically. This affects both new actions and restarts of governed resources.

## How gating enforcement works

When a user attempts a governed action, the system evaluates gate rules in real time. If the action and its parameters match a gated rule, the system checks for approval before allowing it to proceed.

* **During creation**: invalid configuration options are blocked in the UI

* **On restart**: users receive an error if a previously approved configuration no longer meets policy requirements

## How gate decisions are enforced and tracked

Gating decisions are enforced by two internal services:

* **Governance Service** manages policies, approvals, and gate definitions

* **Rules Service** applies gate logic and determines whether to allow or block actions in real time

Gate rules are stored in the shared governance database. When a policy is activated, the Rules Service sets all governed actions to `"deny"` by default. Actions are allowed only after the required approvals are granted.

All rule evaluations and gating outcomes are:

* Recorded in the **Audit Log**

* Tracked in **MixPanel** to support compliance reporting and usage analysis

## Next steps

* [Work with bundles](/cloud/platform-capabilities/features/governance/work-with-bundles): package models and artifacts for review

* [Automated checks](/cloud/platform-capabilities/features/governance/evidence/automated-evidence-collection): run validation checks during bundle progression

* [Monitoring checks](/cloud/platform-capabilities/features/governance/evidence/monitoring-checks-in-governance): respond to drift and data quality alerts from deployed models

* [Add findings to a bundle](/cloud/platform-capabilities/features/governance/work-with-bundles/add-findings-to-bundle): document review decisions and track issues

* [Send bundles for review](/cloud/platform-capabilities/features/governance/work-with-bundles/review-bundles): submit bundles for formal approval
