Enterprise Policy Profiles

Declare how much autonomy Silver Bullet should assume for a project: supervised default, autonomous-safe onboarding, regulated gates, or internal dogfood. Profiles live in .silver-bullet.json as advisory scaffolding today.

Why Policy Profiles?

Enterprise buyers need a single place to answer: How autonomous is this project allowed to be? Policy profiles document that posture in version-controlled config instead of tribal knowledge. They align onboarding docs, clarify behavior, and future runtime schedulers without changing hook contracts overnight.

Honest scope: enterprise_policy auto-sets session mode on tier 2+ hosts for autonomous_safe and internal_dogfood. Supervised and regulated profiles default interactive. Production deploy stays human-gated. See status page for proof levels.

Config Schema

New projects receive the block from templates/silver-bullet.config.json.default. /silver:init and scripts/sb-migrate-config.sh merge it forward on upgrade.

"enterprise_policy": { "active_profile": "supervised", "profiles": { "supervised": { ... }, "autonomous_safe": { ... }, "regulated": { ... }, "internal_dogfood": { ... } } }

Set active_profile to the key your team adopts. Individual profile objects may include:

  • session_mode_defaultinteractive or autonomous (target onboarding default)
  • clarify_auto — whether /silver:clarify --auto is the expected clarify path
  • production_deploy_requires_human — production promotion stays human-gated (always true today)
  • evidence_schema_strict — aligns with hooks.evidence_schema.strict for regulated teams
  • non_production_deploy_autonomy — dogfood-only hint for staging/sandbox deploys
  • orchestrator_mode — always parent (only supported value)

Built-in Profiles

Profile keyLabelIntended use
supervisedSupervised defaultInteractive sessions; blocking decisions escalated; safest onboarding for new teams.
autonomous_safeAutonomous-safeAutonomous session default with bounded clarify-auto; still human-gated for production.
regulatedRegulatedMaximum human gates for ship/release/deploy; strict evidence schema emphasis.
internal_dogfoodInternal dogfoodSB team posture — autonomous defaults, non-prod deploy autonomy documented, prod still gated.

Autonomous-Safe Onboarding Path

Recommended flow for teams moving toward enterprise autonomy without removing safeguards:

  1. Install SB on a tier 2+ host (Cursor recommended for parent/worker Task support).
  2. Run /silver:init — confirm orchestrator_mode: parent and review enterprise_policy.
  3. Start with active_profile: supervised; complete one full /silver:feature cycle with evidence.
  4. When comfortable, switch to autonomous_safe on a tier 2+ host — SessionStart writes autonomous to the mode file automatically (no interactive prompt).
  5. Track certification progress on the status page — do not treat profile selection as proof of enterprise autonomy.
Process packs: Catalog PP-* entries can overlay gates and tool requirements per team. Policy profiles complement — not replace — process-pack authority in docs/apo-catalog.json.

Runtime Status

Wired today: hooks/session-start reads active_profile, persists enterprise-policy-active, and on tier 2+ hosts auto-writes the session mode file for autonomous_safe/internal_dogfood (supervised/regulated default interactive). Deploy, clarify, and evidence strict markers surface in session context when profile fields demand them.

Still partial / not fully runtime-enforced:

  • clarify_auto, evidence_schema_strict, and deploy-autonomy profile fields
  • Twelve enforcement layers and V-loop evidence requirements (global contract)
  • Parent-only implementation ban at tier 2+
  • Blocking decision_class escalation rules
  • Sequential orchestrator queue (DAG scheduler in progress)

When runtime code consumes profiles, changes will ship with hook tests and enterprise E2E rows — not silent behavior drift.

See Also