Why Policy Profiles?
Enterprise buyers need a single place to answer: How autonomous is this project allowed to be? Policy profiles document that posture in version-controlled config instead of tribal knowledge. They align onboarding docs, clarify behavior, and future runtime schedulers without changing hook contracts overnight.
enterprise_policy auto-sets session mode on tier 2+ hosts for autonomous_safe and internal_dogfood. Supervised and regulated profiles default interactive. Production deploy stays human-gated. See status page for proof levels.Config Schema
New projects receive the block from templates/silver-bullet.config.json.default. /silver:init and scripts/sb-migrate-config.sh merge it forward on upgrade.
Set active_profile to the key your team adopts. Individual profile objects may include:
session_mode_default—interactiveorautonomous(target onboarding default)clarify_auto— whether/silver:clarify --autois the expected clarify pathproduction_deploy_requires_human— production promotion stays human-gated (alwaystruetoday)evidence_schema_strict— aligns withhooks.evidence_schema.strictfor regulated teamsnon_production_deploy_autonomy— dogfood-only hint for staging/sandbox deploysorchestrator_mode— alwaysparent(only supported value)
Built-in Profiles
| Profile key | Label | Intended use |
|---|---|---|
| supervised | Supervised default | Interactive sessions; blocking decisions escalated; safest onboarding for new teams. |
| autonomous_safe | Autonomous-safe | Autonomous session default with bounded clarify-auto; still human-gated for production. |
| regulated | Regulated | Maximum human gates for ship/release/deploy; strict evidence schema emphasis. |
| internal_dogfood | Internal dogfood | SB team posture — autonomous defaults, non-prod deploy autonomy documented, prod still gated. |
Autonomous-Safe Onboarding Path
Recommended flow for teams moving toward enterprise autonomy without removing safeguards:
- Install SB on a tier 2+ host (Cursor recommended for parent/worker Task support).
- Run
/silver:init— confirmorchestrator_mode: parentand reviewenterprise_policy. - Start with
active_profile: supervised; complete one full/silver:featurecycle with evidence. - When comfortable, switch to
autonomous_safeon a tier 2+ host — SessionStart writesautonomousto the mode file automatically (no interactive prompt). - Track certification progress on the status page — do not treat profile selection as proof of enterprise autonomy.
PP-* entries can overlay gates and tool requirements per team. Policy profiles complement — not replace — process-pack authority in docs/apo-catalog.json.Runtime Status
Wired today: hooks/session-start reads active_profile, persists enterprise-policy-active, and on tier 2+ hosts auto-writes the session mode file for autonomous_safe/internal_dogfood (supervised/regulated default interactive). Deploy, clarify, and evidence strict markers surface in session context when profile fields demand them.
Still partial / not fully runtime-enforced:
clarify_auto,evidence_schema_strict, and deploy-autonomy profile fields- Twelve enforcement layers and V-loop evidence requirements (global contract)
- Parent-only implementation ban at tier 2+
- Blocking
decision_classescalation rules - Sequential orchestrator queue (DAG scheduler in progress)
When runtime code consumes profiles, changes will ship with hook tests and enterprise E2E rows — not silent behavior drift.