Lesson 8 / 17
Where gates evaluate
A gate is only useful at the seam where a decision is made. Key points:
- Gates evaluate on deploy, on access requests, and on agent actions. The policy decision happens at the seam, not in a report next quarter.
- Onboarding guardrails let you set which checks a service must pass to onboard and which are advisory, per tier. The policy is yours to author, not a fixed list baked into the product.
- Guardrails block at onboarding, deny at the deploy gate, and keep scoring afterwards, so a service that drifts out of policy surfaces rather than passing once and being forgotten.