Skip to main content

Governance Workflow Guide

This guide covers the policy governance workflow in the TealTiger Playground — how policies move through approval stages, how to handle emergencies, and how to use impact analysis to make informed decisions before promoting changes.
Governance features require authentication and a team workspace. See the Getting Started Guide for setup.

Policy States

Every policy in a workspace has one of four states, shown as a colored badge on the policy card:
StateBadge ColorDescription
DraftGrayWork in progress. Authors can freely edit the policy code and metadata.
ReviewYellowSubmitted for approval. Designated approvers are notified and can approve or reject.
ApprovedGreenAll required approvals received. The policy is locked — edits require a new version.
ProductionBlueDeployed and active. Like Approved, the policy is immutable at this version.

Immutability Rule

Policies in Approved or Production state cannot be edited directly. To make changes, create a new version — the original version remains intact in the version history. This ensures a complete audit trail of every policy that was ever approved or deployed.

State Transitions

Policies follow a forward lifecycle, with rollback paths available when needed: 
         ┌──────────────────────────────────────┐
         │            Rollback paths             │
         ▼                                       │
      Draft ──→ Review ──→ Approved ──→ Production
         ▲         │                       │
         │         │       Rollback        │
         └─────────┘◄──────────────────────┘
        (Rejection)

Forward Transitions

FromToRequires Approval?Who Can Do It
DraftReviewNoPolicy author (Editor/Owner)
ReviewApprovedYesDesignated approvers
ApprovedProductionNoOwner/Editor

Rollback Transitions

FromToRequires Approval?When to Use
ReviewDraftNoRejection — approver sends policy back for changes
ApprovedDraftNoRollback before deployment
ProductionDraftNoRollback a deployed policy
Rolling back creates a new Draft version, preserving the full history.

Approval Process

The approval workflow ensures policies are reviewed before reaching production.

Configuring Approvers

  1. Open Workspace SettingsGovernance
  2. Set the number of required approvers (1–5)
  3. Add team members as designated approvers
  4. Click Save

Submitting for Review

  1. Open a policy in Draft state
  2. Click “Request Approval”
  3. The policy moves to Review state
  4. All designated approvers receive a notification

Reviewing a Policy

  1. Open the policy — you’ll see the Approval Panel on the right side
  2. Review the code changes using the Diff View
  3. Add inline comments on specific lines if you have feedback
  4. Choose: Approve (optional comment) or Reject (required reason)

Promoting to Production

After a policy reaches Approved state:
  1. Open the policy
  2. Click “Deploy to Production”
  3. Confirm the deployment
  4. The policy moves to Production state
All state transitions are logged in the Audit Trail.

Emergency Bypass

Sometimes a critical fix needs to skip the normal approval process.

Prerequisites

  • Emergency bypass must be enabled in Workspace Settings
  • Only workspace Owners can perform an emergency bypass

Using Emergency Bypass

  1. Click the “Emergency Bypass” button
  2. Enter a detailed reason (required)
  3. Click “Confirm Bypass”
  4. The policy is promoted immediately
Every emergency bypass creates an audit event with the user, reason, and state transition. These events are prominently flagged in compliance reports.

Impact Analysis

Before promoting a policy, run an impact analysis to understand how changes affect existing test scenarios.

Running Impact Analysis

  1. Open a policy with pending changes
  2. Click “Run Impact Analysis”
  3. Results appear in the Impact Analysis Panel

Understanding Results

Change TypeThresholdSeverityExample
DecisionAny changeBreakingALLOW → DENY or DENY → ALLOW
Cost±10%WarningEstimated cost changed by more than 10%
Latency±20%WarningExecution time changed by more than 20%
MetadataAny changeInfoTags, description, or other metadata changed

Recommendations

RecommendationMeaning
ApproveNo breaking changes detected. Safe to promote.
ReviewWarnings found. Review the changes before promoting.
RejectBreaking changes detected. Address issues before promoting.

Auto-Approval Rules

For low-risk changes, configure rules that automatically approve policy versions.
RuleConditionDefault Threshold
Lines Changedlines_changed_lt5 lines
Metadata Onlymetadata_onlyN/A
Comment Onlycomment_onlyN/A
Configure in Workspace SettingsGovernanceAuto-Approval Rules.

Best Practices

Workspace Setup

  • Start with 2 required approvers for production policies
  • Assign approvers from different roles for diverse review perspectives
  • Enable emergency bypass but establish team norms for when it’s acceptable

Policy Development

  • Keep policies small and focused — one concern per policy
  • Write test scenarios before requesting review
  • Use meaningful version bumps

Production Governance

  • Review emergency bypass events weekly
  • Use auto-approval only for truly low-risk changes
  • Monitor the audit trail for unusual patterns
  • Export compliance reports monthly