observe → soak → enforce.
Ship policy on a curve, never a cliff. Three modes with consistent signed verdicts at each stage.
Executable docs ship with the install
The full reference for this topic — configuration files, code samples, CLI flags, API endpoints — ships inside every dpndncY installation so it always matches your installed version. This public-preview page lists what the in-product docs cover.
In the in-product docs
- observe — log every decision; always forward upstream
- soak — surface verdicts as warnings; still forward
- enforce — return 403 on block verdicts
- Per-ecosystem mode (you can be in enforce for npm and observe for Maven)
- Recommended ramp timeline
- Roll-back behaviour and signed audit trail