Skip to content

Migration Governance, Audit, and Safety Rails #287

Description

@PhilipWoulfe

Epic F: Migration Governance, Audit, and Safety Rails

Summary

Add governance controls and safety rails around migration execution so data activation is intentional, auditable, and reversible.

Why This Epic

As migration capabilities expand, operational risk increases. Governance and safety controls are required to prevent accidental activation or unrecoverable bad writes.

Goals

  • Introduce explicit run states and approval checkpoints.
  • Capture immutable audit metadata for all critical actions.
  • Support controlled promotion and rollback paths.
  • Enforce permission boundaries by role.

Non-Goals

  • Replacing core migration parsing and scoring logic.
  • Building full observability platform beyond migration scope.

User Stories

Story F1: Add run states and approval gates before data becomes active

As an operator, I want clear lifecycle gates so incomplete runs cannot become active accidentally.

Story F2: Add immutable run ledger with actor, checksum, mode, and environment

As an auditor, I want a permanent run ledger so every execution is attributable and reproducible.

Story F3: Add promote run to active workflow with explicit confirmation

As an admin, I want explicit promotion confirmation so activation is deliberate and traceable.

Story F4: Add rollback/revoke workflow for bad writes

As an operator, I want rollback/revoke controls so incorrect writes can be neutralized quickly.

Story F5: Add observability dashboard for unexpected deltas and run health

As a team lead, I want health and variance visibility so problems are detected early.

Story F6: Add permission boundaries for kickoff, approve, promote, revoke

As a security reviewer, I want action-level permission controls so only authorized roles can perform sensitive operations.

Definition of Done

  • Migration lifecycle includes gated run states through activation.
  • Immutable audit ledger is available for all critical run actions.
  • Promotion and rollback workflows are implemented and documented.
  • Permission model enforces role boundaries for sensitive actions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions