Prototype policy engine for organization-wide rules #26
Description
Summary
Investigate a policy engine that enforces org-level rules like "block Python 3.13 until date X" or "security-only during freeze" across all runs.
Why
Central policy control is a key differentiator for large organizations. Integrating policy checks into the action (or future GitHub App mode) enables consistent governance without manual intervention.
What needs to happen
- Define policy schema (YAML/JSON) covering version constraints, freeze windows, security gates, etc.
- Implement a policy evaluator invoked before rewrites occur.
- Provide example policies and documentation.
- Ensure policies can be sourced from the repo or a central location.
- Add tests for policy evaluation, overrides, and failure modes.
References
- Roadmap v2.0 idea: "Policy engine".
Acceptance criteria
- Prototype demonstrates enforcing at least two policy types (date-based freeze and security-only mode).
- Documentation explains configuration and precedence.
- Tests cover successful enforcement and override scenarios.