Policy in force at Zava

devexpgbb-org-policy v2.0.0

enforcement: block

Violations abort `apm install` (exit 1) AND fail `apm audit --ci`. PRs cannot merge with a red audit.

Source

DevExpGbb/.github/apm-policy.yml ↗

Discovery

Auto, via GitHub .github default-config pattern

Audited on

Every PR (apm audit --ci) + on every install (apm install)

Build snapshot

Fetched live at build

Every repo in the DevExpGbb org inherits a single APM policy file. You don’t opt in, you don’t copy it — apm install and apm audit --ci discover it automatically through GitHub’s .github default-config pattern.

This page is rendered from the live policy at every site build, so what you read here is what your CI is enforcing right now.

What gets enforced — area by area

The table below reads the live policy and translates each clause into a concrete dev-facing impact. Severity tags map straight to what apm audit --ci will do.

Area	Rule	What this means for you
block Where you can pull packages from	Allowed sources: DevExpGbb/, microsoft/, github/**.	Any dependency in apm.yml outside the allow list is blocked at install time. Use the exception request flow if you need a third-party package.
block Explicitly blocked packages	Blocked: github/awesome-copilot/plugins/azure-cloud-development, test-blocked/**.	These packages will never resolve — even if they sit inside an allowed org. Deny always wins over allow.
block Required baseline	Every repo must depend on: DevExpGbb/zava-agent-config/plugins/secure-baseline.	Drop secure-baseline from your apm.yml and CI fails on the required-packages check. The site catalogues it as the Foundation tier for that reason.
info Version conflicts on required packages	Resolution mode: project-wins.	You can pin a newer version of secure-baseline than the policy mandates — your pin wins. Useful for canarying.
block MCP servers you can use	Allowed: io.github.github/*, io.github.modelcontextprotocol/*.	MCP servers from packages or your mcp_servers: block must match this allow list. Anything else is rejected at install time.
block MCP transports	Allowed transports: stdio, http.	Servers using disallowed transports (e.g. raw sse) fail audit even if their name is on the allow list.
warn Self-defined MCP servers (in your repo, not from a package)	Severity: warn.	Declaring ad-hoc MCP servers in apm.yml produces a warning. Prefer publishing them as a vendored plugin under this marketplace.
info Trusting MCP servers from transitive deps	trust_transitive: false.	Only MCP servers declared by your direct dependencies activate. Anything deeper is ignored — supply-chain protection.
block Compilation targets	Allowed: vscode, claude, all.	Your apm.yml target: list must be a subset of the allow list. Targeting an unsupported runtime (e.g. a non-approved IDE) fails audit.
info Compilation strategy	Enforced: distributed.	You must compile to per-target directories, not a monolithic single-file output. Keeps personas/skills hot-reloadable per IDE.
info Source attribution	Required: true.	Compiled output must annotate where each primitive came from. Your build will refuse to emit untraceable artefacts — protects audit trails.
block Required `apm.yml` fields	Required: version, description.	Missing or empty fields fail CI. Set them once when you scaffold; the audit only re-checks on change.
info `scripts:` section in `apm.yml`	allow.	Lifecycle scripts in apm.yml are permitted.
warn Allowed content types in packages	Allowed: instructions, skill, hybrid, prompts.	A package whose content_types: includes anything not on this list (e.g. an experimental agent-binary type) fails audit at consumer side.
block Hand-edited governance directories	Action: deny for .github/agents, .github/instructions, .github/hooks.	Files in those paths that APM did not deploy fail CI. Treat the directories as APM-managed only — put hand-written content elsewhere or wrap it in a plugin.

Required baseline: what Zava expects in every repo

The policy mandates that every repo includes the secure-baseline plugin in its apm.yml. That single dependency carries the org-wide secure-coding instructions, the docs style guide, and the security-reviewer persona that every PR reviewer (human or agent) loads.

Pin secure-baseline The required dependency. Catalog page with 3-tab install snippet.

Quick start Stand up a new repo from scratch with a compliant apm.yml in under a minute.

Allowed sources & blocked packages

apm install resolves a dependency by walking the policy’s allow / deny lists in order — deny always wins. So even a repo inside an allowed org can be blocked if its path is on the deny list.

Allowed sources

• DevExpGbb/**
• microsoft/**
• github/**

Explicitly blocked

• github/awesome-copilot/plugins/azure-cloud-development
• test-blocked/**

MCP servers — allowed

• io.github.github/*
• io.github.modelcontextprotocol/*

”Will this work?” — common scenarios

What you want to do	What happens
Add microsoft/vscode-skills/some-skill to apm.yml	✅ Allowed — microsoft/** is on the allow list.
Add github/awesome-copilot/plugins/azure-cloud-development	🚫 Blocked — explicitly on the deny list. Even though github/** is allowed, deny wins.
Add third-party-org/cool-thing	🚫 Blocked — outside the allow list. Request an exception ↗.
Drop secure-baseline from apm.yml	🚫 CI fails on required-packages. The Foundation tier is non-negotiable.
Pin a newer secure-baseline than the policy version	✅ Allowed — require_resolution: project-wins means your pin wins. Useful for canarying upgrades.
Declare an MCP server in your repo’s apm.yml directly (not from a package)	⚠️ Warning emitted on every audit. Long-term: package it as a plugin.
Hand-edit a file in .github/agents/ or .github/instructions/	🚫 Blocked — those directories are APM-managed only. Move the content into a plugin under this marketplace.
Compile to a non-allowed target (e.g. cursor)	🚫 Blocked — compilation-target rejects it. Allowed: vscode, claude, all.

Verify your repo right now

# Audit your local checkout against the live org policy
apm audit --ci

# Same check that runs on every PR — exits non-zero on violation
apm audit --ci --policy DevExpGbb/.github

If the command exits non-zero, the output names the offending file and the rule id (e.g. dependency-allowlist, required-packages). Cross-reference the rule id with the impact table above.

Tip

Run apm audit —ci locally before you push. Same checks, same output, no waiting on a red CI run.

Request an exception

If a rule is blocking work you genuinely need, file an exception request — don’t work around it (the audit catches that anyway). The platform-governance team reviews requests in their weekly triage.

Open an exception request → Pre-filled issue template against DevExpGbb/.github with checklist for rule, justification, scope, and mitigations.

Edit the policy directly If you're an org admin, the policy lives in DevExpGbb/.github/apm-policy.yml and the change applies to every Zava repo on the next CI run.

Decision SLA. First triage within 2 business days. Time-boxed exceptions ship as a per-repo bypass; permanent changes ship as a policy edit and roll out org-wide on the next audit.

Escape hatch (one-shot). For a single CI run that absolutely must merge before triage:

apm install --no-policy   # bypasses install-time enforcement

This is logged. CI will still flag the underlying issue on the next run.

Where the policy lives

apm-policy.yml on GitHub The single source of truth — DevExpGbb/.github/apm-policy.yml.

Raw policy file The exact bytes this site rendered from at build time.

APM policy reference Upstream docs covering every field, severity escalation rules, and the inheritance chain.

APM CI policy setup guide How `apm audit --ci` discovers the policy and reports violations.

Raw policy (for reference)

View the full apm-policy.yml rendered above

name: devexpgbb-org-policy
version: "2.0.0"
enforcement: block
fetch_failure: warn

cache:
  ttl: 3600

dependencies:
  allow:
    - "DevExpGbb/**"
    - "microsoft/**"
    - "github/**"
  deny:
    - "github/awesome-copilot/plugins/azure-cloud-development"
    - "test-blocked/**"
  require:
    - "DevExpGbb/zava-agent-config/plugins/secure-baseline"
  require_resolution: project-wins

mcp:
  allow:
    - "io.github.github/*"
    - "io.github.modelcontextprotocol/*"
  deny: []
  transport:
    allow: [stdio, http]
  self_defined: warn
  trust_transitive: false

compilation:
  target:
    allow: [vscode, claude, all]
  strategy:
    enforce: distributed
  source_attribution: true

manifest:
  required_fields: [version, description]
  scripts: allow
  content_types:
    allow: [instructions, skill, hybrid, prompts]

unmanaged_files:
  action: deny
  directories:
    - .github/agents
    - .github/instructions
    - .github/hooks