Policies and Governance

Mortar policies define the deterministic rules for release authority.

Policy file (mortar.policy.yaml)

A policy file sets thresholds, scoring weights, and external integrations.

# Minimum score required to pass (0-100)
minimum_score_threshold: 80

# If true, any finding marked as 'breaking' will block CI regardless of score.
block_on_breaking: true

# If true, allows a manual waiver to bypass a blocked CI.
override_allowed: true

# Custom Scoring Weights
weights:
removed_operation: -40
removed_required_field: -35
changed_field_type: -30

# DeltaOS Governance Integration
delta_os:
enabled: true
api_url: "https://api.deltaos.dev"
tenant_id: "your-tenant-id"

Overrides & Waivers

Mortar supports authorized overrides via the mortar waive command. This ensures that even in emergencies, every policy bypass is attributed and justified in the audit trail.

Audit Trail

Every evaluation produces a signed, append-only audit record in .mortar/audit/decisions.jsonl.