momentiq / Dark Factory
Service 02

Policy Engine

Severity thresholds. Bypass classification. Reason taxonomy. Your gate policy lives in version control, evaluated on every aggregated verdict.

The problem

Ad-hoc CI checks ratchet. Bypasses are silent.

Most teams' "merge policy" lives in three places: a CI YAML file, a CODEOWNERS file, and a wiki page nobody reads. New rules ratchet up over time, breaking old PRs without warning. Bypasses are --no-verify — silent, unreasoned, never audited.

The result: SOC2 auditors ask "show me your override log" and there isn't one. Engineers ship rules they don't understand. Reviewers debate policy in PR threads. Everyone agrees something is broken; nobody can show you the rules as-applied to a single commit.

How it works

A declarative policy schema that grows with the codebase.

darkfactory.yaml is the policy file. It declares severity thresholds, bypass categories with reason templates, and per-rule promotion states (plannedrequiredenforcing). The engine evaluates the aggregated critic verdict against the policy, produces a structured decision, and stores it alongside the per-SHA evidence.

Bypasses require a structured reason from the taxonomy — they're not free text. A reason like pre-existing-main-blocker requires an associated issue link that the validator can dereference. Reason events are append-only in the audit trail.

  • Severity thresholds: BLOCKER / HIGH / MEDIUM / LOW — what fails the gate, what's advisory
  • Ratcheting: each policy field can be planned → required → enforcing, version-controlled
  • Bypass taxonomy: pre-existing-main-blocker, infra-flake, scope-creep-avoidance, …
  • Bypass actor allowlist + reason validation — no free-text escape hatch
  • Policy decisions ship as JSON-Schema-validated decisions, queryable in evidence store
darkfactory.yaml — policy yaml 
policy:
  severity:
    blocker:  fail-gate
    high:     fail-gate
    medium:   warn
    low:      info

  ratcheting:
    cycle-doc-validator:     enforcing
    branch-protection-audit: required
    backend-lint:            planned   # graduates next quarter

  bypass:
    allowed_actors: [chief-engineer, sre-oncall]
    reason_taxonomy:
      - id: pre-existing-main-blocker
        requires: issue_link
        ttl_days: 30
      - id: infra-flake
        requires: incident_link
        ttl_days: 7
      - id: scope-creep-avoidance
        requires: cycle_doc_section
        ttl_days: 14

Pricing relevance

Policy Engine is core platform — included in every paid tier and the OSS CLI. Custom severity calibrations and reason taxonomies are unlocked on Business; org-wide policy templates on Enterprise.

Open-source posture

darkfactory.yaml schema is OSS (committing us to backward compatibility — good for adopters). The runtime that interprets it ships in OSS CLI. Reason-classification heuristics + severity calibration ML stay hosted.

Get Started

Make your gate policy git diff-able.

Replace the GUI checkboxes and the team-tribal-knowledge ratcheting with a schema. Drift detection runs on every PR.

Request Early Access → See Pricing