Policy
Policy concepts
Policy defines repo guardrails and shared org rules without replacing ota.yaml.
Recommended next
Policy at a glance
Policy is the governance layer above ota.yaml. It decides what is required, what is approved, and how ota explains a mismatch when the repo and the org disagree.
If you need the supported fields, read Policy Packs. If you need a copyable baseline, view Org Policy Baseline.
What policy is
Policy is not a second contract. It is the rule layer above ota.yaml.
- Repo policy stays in
ota.yaml. - Org policy packs live in
.ota/org-policy.yaml, are discovered by walking ancestor directories from the contract path, and can therefore apply shared rules across a workspace tree. - The canonical policy pack lives at
.ota/org-policy.yaml, so users know exactly where to put shared org rules today. doctor,run,up, andexplainshould show the rule source that won.
# ota.yaml (repo contract)runtimes: node: "22" # .ota/org-policy.yaml (org layer)policies: version_policy: runtimes: node: approved_versions: - "22" agent: require_safe_tasks: trueWhat policy does
Repo guardrails
The repo contract tells ota which tasks an AI agent may run, which paths it may edit, which paths it should avoid, and which checks should run after edits. The key surfaces are safe_tasks, writable_paths, protected_paths, and verify_after_changes.
Execution provenance
Execution receipts and explain output can show where environment values and policy decisions came from so AI agents and humans see the same source of truth.
Org policy packs
A shared policy pack can require contract sections and files across repos without rewriting each repo, and a single ancestor .ota/org-policy.yaml can cover an entire workspace tree.
Workspace policy
A workspace can declare workspace.policy in ota.workspace.yaml for a shared policy source across member repos.
Later enterprise layers
Approvals, waivers, fleet reporting, and a hosted control plane come later, after the repo-local model is solid. Those layers are not the repo contract.
ota doctorota explainota doctor --json | grep -n "policy_source"Field descriptions
postureis the primary authority model; usereadiness_strictfor normal readiness slices,contract_authoringfor repo-contract authoring, andinfra_authoringfor CI/runtime-topology authoring.safe_tasksare the tasks an AI agent can run without broad risk; use them when you want a safe default set for AI-agent automation.effects.writesmakes durable task writes explicit so agent-safe tasks can be checked against writable and protected boundaries.effects.networkmakes connectivity dependence explicit for tasks that fetch dependencies or call remote services during setup or verification.effects.network_kindcan narrow that signal when the task is lockfile-backed dependency hydration, real integration testing, or another network lane that should not be flattened into generic remote-call execution.effects.external_statemarks out-of-repo mutation such as Docker, database, or hosted-service state so automation can see that blast radius before execution; prefer shipped canonical tokens likedocker,postgres,redis,s3,cloudflare, orkubernetesinstead of repo-local aliases.writable_pathsare the paths an AI agent may edit; use them when you want the edit boundary explicit instead of implied.protected_pathsare the paths an AI agent should avoid changing casually; use them for contracts, locks, or other sensitive files.exceptions.sensitive_writesis for narrow exceptions after posture is already correct; use it only when the sensitive path is already writable and that authority is intentional.- Do not use
exceptions.sensitive_writesjust to mark a file as important; if the agent should not edit it, keep it inprotected_pathsinstead. ota initstarter contracts protectota.yamlby default. If a contract-authoring slice intentionally makesota.yamlwritable, pair that withexceptions.sensitive_writes: [ota.yaml]so the authority is explicit.verify_after_changesare the tasks to rerun after edits; use them when you want the review loop to be obvious and repeatable.
tasks: setup: internal: true safe_for_agent: true effects: writes: - .venv network: true services:up: effects: external_state: - docker test: safe_for_agent: trueagent: posture: readiness_strict safe_tasks: - setup - test writable_paths: - src - docs - .venv protected_paths: - ota.yaml - package-lock.json verify_after_changes: - testExample policy pack
A policy pack is a shared org rule set. It does not replace ota.yaml; it adds constraints above it.
Use it when you want every repo to follow the same rules without rewriting those rules into each repo contract.
policies: required_sections: - runtimes - tasks - agent required_files: - AGENTS.md agent: require_safe_tasks: true require_writable_paths: true exports: require_agents_md: trueWhen to use it
- use
safe_taskswhen you want a safe default set for AI agents and CI tooling - use
writable_pathswhen you want to tell AI agents exactly what they may edit - use
protected_pathswhen certain files should not be casually rewritten by AI agents - use
verify_after_changeswhen you want an obvious post-edit verification step - use policy packs when the same rule should apply to many repos
- use one ancestor
.ota/org-policy.yamlwhen a workspace should share policy across multiple repos
# Repo-level first, then org policy overlayota doctor --jsonota upota workspace upWhat it is not
- not a ticketing system
- not a waiver workflow
- not a hidden control plane
- not a replacement for
ota.yaml
# Avoid: putting run scripts or task bodies in policypolicies: tasks: test: ./scripts/test.sh