Policy lifecycle
This page defines safe lifecycle management for gate policies and bundles.
Lifecycle entities
- Policy: rule definition (
rate,quota,seats). - Bundle: packaging set of policies.
- Account bundle binding: effective runtime selection for a billing account.
Lifecycle states
Bundle states:
activedisabled
Policy states:
defaultassignableceilingdisabled
Only active bundles and non-disabled policies are evaluated at runtime.
Versioning strategy
For predictable rollout, prefer bundle-level versioning:
- create a new bundle key (or managed version suffix)
- copy baseline policies
- apply policy changes in the new bundle
- verify behavior on controlled accounts
- move assignments to the new bundle
- disable old bundle after migration
This avoids in-place policy mutation risk during live traffic.
Safe change rules
- Keep policy names unique per realm.
- Do not mix unrelated changes (rate, quota, seats, wildcard) in one rollout step.
- Keep default and ceiling semantics explicit and stable for a feature/window tuple.
- Validate seat policy impact before rollout when
limit_countis finite.
Rollback strategy
- Roll back by re-pointing accounts to previous known-good bundle.
- Keep old bundle active until rollback window closes.
- Use deterministic assignment windows so support can explain historical behavior.
Governance checklist
- Every bundle change is auditable by author, reason, and effective window.
- Every high-impact policy has canary accounts before broad rollout.
- Every rollout has explicit rollback target.
Next
- Bundle selection behavior: Gate policies and bundles