Policy Versioning and Upgrades

Alpha

DSAR is currently in alpha. APIs, package surfaces, configuration, and documentation may change as the project evolves.

This document defines the T04 policy lifecycle model for immutable versioning, scoped pinning, and approval-gated upgrades.

Components

@dsar/policy-packs: Registry, pinning resolution, legal-impact diffing, proposal workflow, and audit events.
@dsar/backend: Route handler stubs for propose, approve, and apply operations.

Publish policy version into immutable registry (name, jurisdiction, version, checksum, publishedAt).
Propose tenant/workspace upgrade from fromVersion to toVersion.
Review categorized diff output (deadline/verification/appeals/retention/communication).
Approver with role admin or compliance_admin approves proposal.
Apply atomically updates pin to target version and emits audit event.

Diff output includes:

deadline-impacting clock changes (base deadline, clarification/verification pause semantics, extension allowances)
verification requirements and delete-after-processing behavior
appeals requirements and deadlines
retention minimum changes for key artefact classes
communication requirements (for example manifest requirement changes)

clockBehaviorSummary is included for approval/apply visibility and audit traceability.