Skip to main content

Phased Adoption of Runtime Governance (v1.2.x)

TealTiger is designed to be adopted incrementally. This page describes a phased rollout model that mirrors real enterprise security adoption: observe first, then enforce.

Why Phased Adoption Matters

Immediate hard enforcement increases risk. Phased adoption allows teams to:
  • Understand agent behavior
  • Build trust in policies
  • Avoid accidental breakage
  • Produce evidence before blocking

Phase 0 — Foundations

Goal: Prepare the system.
  • Instrument model and tool calls
  • Propagate execution identity
  • Enable audit event emission
  • Register reason codes
No policy enforcement yet.

Phase 1 — REPORT_ONLY

Goal: Observe governance outcomes without impact.
  • Policies evaluate, but never block
  • Decisions are emitted as telemetry
  • EvidenceBundle and LineageGraph are generated
This phase answers:
“What would have happened if we enforced?”

Phase 2 — MONITOR

Goal: Identify risky behavior.
  • Policies flag high‑risk actions
  • Alerts and dashboards can be built
  • Still no execution blocking
Used to tune policies and thresholds.

Phase 3 — ENFORCE (Selective)

Goal: Prevent real harm.
  • Enforce policies on:
    • Destructive tools
    • High‑cost operations
    • Sensitive data paths
  • Introduce REQUIRE_APPROVAL for gated actions
Start with small blast radius.

Phase 4 — Cost & Reliability Controls

Goal: Operational governance.
  • Enforce budgets
  • Degrade to cheaper models
  • Apply circuit‑style protections
Evidence now supports FinOps and reliability reviews.

Phase 5 — Steady State

  • Policies versioned and frozen
  • Golden corpora gate releases
  • Governance behavior is predictable and auditable

Summary

TealTiger does not require “big‑bang” enforcement. Phased adoption is the recommended and supported model for v1.2.x.