Governance Rules

What are Governance Rules?

Governance rules are declarative policies defined in YAML that enforce standards across the capability lifecycle. They can be blocking (preventing deployment) or advisory (warning without blocking), and they are enforced at multiple points: spec validation during development, CI merge gates during review, and Kubernetes admission during deployment.

How they work in Naftiko

Governance rules are embedded in capability specs and validated against JSON Schema. They cover:

• Security policies – Authentication requirements, TLS enforcement, secret management patterns.
• Compliance controls – Data residency, PII handling, audit trail requirements.
• Quality standards – Naming conventions, documentation completeness, versioning rules.
• Operational constraints – Rate limits, timeout policies, circuit breaker configurations.

Why it matters

Governance rules make compliance the default path rather than a gate that slows delivery. By embedding policies in specs and enforcing them automatically, teams get fast feedback during development instead of surprises during security review. The same rules apply consistently across all capabilities in the fleet.