Drift policy presets
A drift policy defines what happens when a bound watch reports breaking or warning drift — notify, block new runs, open a draft PR, or kill in-flight agents.
Attach a policy to each agent binding in console or via policy: in agents.yaml. Policies are org-scoped rows in drift_policies.
Preset catalog
| Preset | on_breaking | on_warning | Ack required | Typical use |
|---|---|---|---|---|
notify-only |
notify |
notify |
No | Default — alerts only; preflight returns 200 with warnings |
dev-flexible |
draft_pr |
notify |
No | SchemaSync opens draft PR; no runtime kill |
staging-strict |
block_new_runs |
notify |
Optional | Preflight and CI return 409; blocks orchestrator starts |
production-guard |
kill_in_flight |
notify |
Yes | FuseGuard trip + signed runtime webhook; ack before unblock |
Breaking actions
| Action | Preflight | Runtime | Remediation |
|---|---|---|---|
notify | 200, allowed: true with drift context | No block | Human triage from alerts |
draft_pr | 200 | No kill | SchemaSync draft PR queued |
block_new_runs | 409 policyBlocked: true | Blocks new orchestrator runs | Ack incident to clear |
kill_in_flight | 409 | Kill via FuseGuard + runtime webhook | Ack + verify contract fix |
Policy object fields
When creating custom policies via API or console SettingsDrift policies:
| Field | Values | Default |
|---|---|---|
onBreaking | notify · draft_pr · block_new_runs · kill_in_flight | notify |
onWarning | notify | notify |
requireAckToUnblock | boolean | false (preset-dependent) |
autoResolveIncident | boolean | true |
Console
Create and assign policies under ConsoleSettingsDrift policies. Bindings reference a policy by name or ID. The Contract Optimizer nudges bindings stuck on notify-only when breaking drift repeats.
Preflight interaction
POST /api/preflight with agentId evaluates all bound watches and the binding policy. See preflight guide for 200 vs 409 responses.