Deployment Policies

Deployment policies define ongoing rules for how and when deployments should happen. They are part of the operational guardrails system and work alongside change freeze windows.

Configuration

Create deployment policies from the OpsTrails console at Guardrails → Deployment Policies.

Field	Type	Required	Description
`name`	string	required	A descriptive name for the policy
`ruleType`	string	required	The type of rule: BLOCKED_DAYS, ALLOWED_HOURS, DAILY_CAP, COOLDOWN, ROLLBACK_RATE, or VELOCITY
`config`	object	required	Rule-specific configuration (varies by ruleType — see below)
`subjects`	string[]	optional	Limit to specific subjects (e.g., "production"). Empty = all subjects.
`sources`	string[]	optional	Limit to specific sources. Empty = all sources.
`types`	string[]	optional	Limit to specific event types. Empty = all matched types.
`notificationChannels`	channel[]	optional	Notification channels to alert on violation. Email is always sent.
`enabled`	boolean	optional	Whether the policy is active. Defaults to true.

Rule Types

BLOCKED_DAYS

Prevent deployments on specific days of the week. Violations are triggered when an event is recorded on a blocked day.

days — Array of blocked weekdays (e.g., ["SATURDAY", "SUNDAY"])
timezone — IANA timezone for day calculation (e.g., "America/New_York")

ALLOWED_HOURS

Restrict deployments to specific hours of the day. Events outside the allowed window trigger a violation.

startHour — Start of allowed window (0–23)
endHour — End of allowed window (0–23)
timezone — IANA timezone for hour calculation

DAILY_CAP

Limit the number of deployments per day. A violation is triggered when the count exceeds the cap.

maxCount — Maximum number of deployments allowed per day
timezone — IANA timezone for day boundaries

COOLDOWN

Enforce a minimum gap between deployments. A violation is triggered when a deployment occurs within the cooldown period of the previous one.

cooldownMinutes — Minimum minutes between deployments

ROLLBACK_RATE

Alert when the ratio of rollbacks to deployments exceeds a threshold within a sliding time window.

thresholdPercent — Maximum rollback percentage before alerting (0–100)
windowHours — Size of the sliding window in hours

VELOCITY

Alert on a burst of deployments within a short time window.

maxCount — Maximum number of deployments in the window
windowMinutes — Size of the sliding window in minutes

How Violations Work

When an event violates a deployment policy, notifications are sent to all linked channels. Email notifications are subject to a daily limit of one email per UTC day per policy to prevent inbox flooding. Other notification channels (webhooks, PagerDuty, Opsgenie, Google Chat) are not rate-limited.

📝 Note

Deployment policies are advisory — events are always recorded regardless of whether they violate a policy. Guardrails detect and notify, they do not block.

Filters

Use the optional filter fields — subjects, sources, and types — to narrow which events are evaluated against the policy. When a filter is empty, all values match. See Core Concepts for definitions of event fields.

Previous← Change Freeze Windows NextOverview →