Policy, Route, and Risk

DriftGate separates decision controls into explicit domains.

Policy

Policy references define allowed behavior and decision outcomes.

Route

Route references determine provider/model/region execution targets.

Risk

Risk metadata allows score-driven decisions (allow, deny, review).

Inheritance Rules

1. Execution-level values override session defaults
2. Session defaults override backend workspace/org defaults
3. Missing values defer to backend defaults

Operational Guidance

• Pin policy versions for high-assurance workflows
• Keep route defaults region-aware
• Track score drift over time before enforcement changes