Skip to main content

Policy evaluation

This page explains how policies are evaluated across authorize and commit.

Evaluation stages

Authorize stage

Authorize performs admission checks:

  1. seat checks (when seat policy exists and seat id is provided)
  2. feature resolution and entitlement check
  3. active policy window resolution from current bundle
  4. quota and rate admission checks
  5. budget/funding feasibility checks (billing-mode dependent)
  6. lease issuance

Authorize requires at least one active quota window for the feature.

Commit stage

Commit performs settlement checks:

  1. lease validation and state/expiry checks
  2. quota window reconciliation from lease metadata
  3. meter-to-feature allowlist checks
  4. pricing resolution
  5. quota counter updates for applied quantity
  6. funding allocation and settlement writes

If policy context is missing or invalid at commit time, commit can be quarantined instead of fully rejected.

Window resolution rules

  • Only active, non-disabled policies in an active bundle are considered.
  • Rate and quota windows are evaluated per feature.
  • Seats are evaluated through seat state, not quota/rate windows.
  • Wildcard fallback can provide baseline windows when feature-specific policies are not present.

Counter behavior

  • Rate windows are incremented during authorize admission.
  • Quota windows are consumed during commit for applied quantity.
  • Counter keys include feature and window identity, so windowed usage is deterministic.

Quarantine conditions

Common commit-time quarantine causes:

  • no matching policy window from lease context
  • disallowed meter mapping for the feature
  • missing pricing for one or more meters
  • late commit beyond accepted grace
  • non-active lease state

Quarantined commits keep auditability but neutralize applied quantity and settlement amount.

Determinism recommendations

  • Keep one stable bundle strategy per account at any given timestamp.
  • Avoid ambiguous overlapping plan windows when bundle keys differ.
  • Treat authorize output as time-bound admission intent; treat commit as financial truth.

Next