Policy Catalog & Forking Contracts
Summary
OP-038 freezes the Phase 1 compliance policy catalog/forking contract. It accepts SOC 2/HIPAA/GLBA starter catalog scope, OneProtect-managed baselines, tenant-managed forks, optimistic version control, tenant version history, evidence/reporting linkage, and policy lifecycle events.
Validation
- Contract schemas added for
compliance.policy.forked,compliance.policy.updated, andcompliance.policy.version_created. - AsyncAPI and OpenAPI include policy lifecycle event/API surfaces.
- Contract examples validate through
make validate-contracts.
Non-Scope
No runtime catalog data, fork/update implementation, visual editor, diff view, bulk operation, approval workflow, deployment, Terraform, Helm, or AWS change was included.