Forgecroft Docs
Quickstart Guides Essentials Power Agent API Reference
Core ConceptsCLI ReferenceGo SDKAuthenticationAPI KeysRoles & PermissionsCreating WorkspacesVCS ConnectionsCredentialsState BackendsExecution ModesWorkspace AttributesDependencies & PromotionStacks OverviewCreating StacksEnvironments & VarfilesPromotion GraphManaging StacksRun LifecyclePlan vs ApplyChangesetsApprovalsLogsForce UnlockDrift DetectionTroubleshootingGovernance OverviewPolicy SetsWriting RegoRego PlaygroundApproval RulesExternal ChecksGovernance PreviewGovernance TimelineManaging TeamsNotification ChannelsNotification TargetsUser PreferencesAccess GrantsAudit EventsGitHub AppSlackCredential TypesState Backends
Guides / Governance

Governance Preview

Evaluate what governance would do to a plan without actually mutating the run status.

What Is Governance Preview?

Governance preview lets you evaluate all three governance layers (OPA policies, approval rules, external checks) against a completed plan without changing the run’s status. It’s a dry-run evaluation.

When to Use It

Running a Preview

POST /runs/{id}/governance-preview

Requirements:

Response

{
  "policy_results": [
    {
      "policy_set_name": "production-safety",
      "policy_name": "no-destroy-prod",
      "enforcement": "mandatory",
      "passed": false,
      "violations": ["Destroying a database instance in production is not allowed"]
    }
  ],
  "approval_preview": {
    "would_require_approval": true,
    "builtin_rules": [
      {
        "name": "production-destroy-approval",
        "min_approvals": 1,
        "stage": 1
      }
    ],
    "opa_requirements": [
      {
        "team": "security",
        "min": 1,
        "stage": 1,
        "reason": "IAM role creation requires security review"
      }
    ],
    "external_providers": [
      {
        "id": "provider-uuid",
        "name": "compliance-platform"
      }
    ]
  },
  "mandatory_violations": 1
}

Interpreting the Response

FieldDescription
policy_resultsFull policy evaluation results with violations
approval_preview.would_require_approvalWhether any approval would be required
approval_preview.builtin_rulesMatching approval rules
approval_preview.opa_requirementsApproval requirements from Rego require_approval rules
approval_preview.external_providersExternal check providers that would be called
mandatory_violationsCount of mandatory policy violations

If mandatory_violations > 0, the run would be rejected. If would_require_approval is true, the run would enter pending_approval.

Clearing Old Results

The preview clears old policy_results before re-evaluation, so you always get fresh results.