Skip to content

HOWTO: Apply a Profile Policy to a Module Run

Purpose: Attach an environment profile to a module run, enforce policy constraints, and trace governance decisions in the run record.

Difficulty: Intermediate

Track: Contract-Driven Automation

Overview

A profile defines the governance rules that apply when a module runs in a specific environment. Profiles enforce consistency across teams, prevent accidental production changes, and produce a clear audit trail of which policies were active. This HOWTO covers the full lifecycle: writing a profile, attaching it to a run, and reading the policy enforcement output.

1. Profile File Layout

  • Profile schema: environment, module, inputs, policy.
  • Where profiles live in the repository.
  • Inheriting from a base profile.

2. Defining Policy Constraints

  • Required approvals and sign-off gates.
  • Disallowed input values per environment.
  • Mandatory supporting records before promotion.
  • Time-window restrictions.

3. Attaching a Profile to a Run

  • --profile flag usage.
  • Profile resolution from pack or directory.
  • Profile version pinning.

4. Reading the Policy Enforcement Log

  • Which constraints were evaluated.
  • Policy pass / block / warn outcomes.
  • Approval gate trigger and wait behaviour.

5. Multi-Environment Promotion Flow

  • Dev → staging → production promotion with profile chain.
  • Cross-profile run-record handoff.
  • Rejecting a promotion and recording the reason.

References

License: MIT-0 for code, CC-BY-4.0 for documentation unless otherwise stated.