Governance
Approval, authorization, and audit boundaries for WitnessOps operations.
Governance defines the authority boundary for WitnessOps operations: who can authorize actions, how exceptions are handled, and what decisions remain auditable later.
1. Problem this page solves
Execution evidence alone cannot prove governance quality if authorization, exception handling, and audit boundaries are unclear.
This page provides the governance map so readers can evaluate authority and exception posture as a system, not as isolated controls.
2. What you should understand after reading
After this page, you should understand:
- where authorization authority is defined
- how normal and exception governance paths differ
- which governance records should survive review and dispute
3. Mechanism-first governance model
Governance in WitnessOps is read in this order:
| Governance surface | What it defines | Primary page |
|---|---|---|
| Authorization boundary | principals, approval modes, required authorization record | Authorization Model |
| Exception path | when lab/scope-bypass is allowed and how it must be recorded | Lab Mode and Scope Bypass |
| Runtime enforcement linkage | how authorization decisions are enforced before execution | Policy Gates |
| Audit continuity | what evidence remains reviewable after execution | Receipts |
4. Observed vs inferred
| Layer | What is observed | What is inferred |
|---|---|---|
| Observed | explicit approval model, exception controls, and governance-linked evidence references | none beyond documented controls |
| Inferred | governance sufficiency for a specific organization or legal posture | depends on external policy and reviewer standards |
5. Trust assumptions
Governance controls reduce ambiguity, but still depend on:
- truthful identity and policy inputs from upstream systems
- correct configuration of enforcement boundaries
- accurate recording of exceptions and approvals
Governance records improve reviewability; they do not guarantee decision quality by themselves.
6. Next-page handoff
Next, read Lab Mode and Scope Bypass to inspect the explicit exception path and its trust limits.
Then use Authorization Model for the full principal and approval contract.