Communityv1.2

Governance Rules
& Policies

Define, track, and score governance standards across all your schema registries — regardless of the provider. Rules are stored in event7, not in your registry, making governance truly provider-agnostic.

Open Rules API Reference

Rules vs Policies

event7 manages two types of governance entries in the same engine:

Rules

·Technically verifiable constraints
·Have an expression (CEL, JSONATA, regex)
·Can be synced to providers
·Kinds: CONDITION, TRANSFORM, VALIDATION
·Higher weight in scoring

Policies

·Organizational standards
·Describe what should be true
·Not enforced by any provider
·Kind: POLICY
·Verified via enrichments or schema inspection

Both contribute to the governance score, but rules carry more weight because they are objectively verifiable.

Rule Scopes

Every rule has a scope that defines its technical nature:

Runtime

Executed by the serializer/deserializer at produce/consume time.

CEL condition, encryption transform, JSONATA migration

Control Plane

Applied when registering a schema in the registry.

Compatibility level, validity check, integrity check

Declarative

Organizational standard, not automatically enforced.

Owner required, no transforms on RAW data

Audit

Checked after the fact for scoring and reporting.

Naming convention, max field count, doc presence

Runtime and Control Plane rules can be synced to providers. Declarative and Audit rules live only in event7.

Enforcement Lifecycle

Rules go through a lifecycle that tracks their enforcement status:

Declared

Documented, no expectation

→

Expected

Required, affects score

→

Synced

Exists in provider

→

Verified

Confirmed identical

Drifted

A mismatch was detected between event7 and the provider. The rule exists in both places but with different expressions or parameters.

Declarative and Audit rules can only be Declared or Expected. The Synced/Verified/Drifted states require a corresponding entry in the provider.

Severity Levels

Severity	Score Impact	Use for
Critical	Major	Compliance: encryption, PII protection
Error	Significant	Important standards: compatibility, required fields
Warning	Moderate	Best practices: documentation, ownership
Info	No penalty	Recommendations and guidelines

Templates

event7 ships with four governance templates based on classic data layers. Apply them to a subject or to your entire registry in one click.

RAW Layer3 rules

Minimal constraints for data collection. Backward compatibility, source metadata, no transforms.

CORE Layer5 rules

Strict governance for the canonical model. Full transitive compatibility, mandatory fields, PII encryption, ownership.

REFINED Layer3 rules

For aggregated data. Backward transitive compatibility, must reference Core types, aggregation period.

APPLICATION Layer2 rules

Lightweight for consumption views. Backward compatibility, keep schemas simple (max 30 fields).

You can also create your own templates for any governance model — Data Mesh domains, compliance frameworks (GDPR, PCI-DSS), criticality levels, or any custom category. Clone a builtin template as a starting point, or build from scratch.

Templates don't overwrite existing rules unless you explicitly choose to. You can apply multiple templates to the same registry.

Governance Score

The score gives a quick health check across three axes, calculated on the fly:

Enrichments20 pts

Description (5)
Owner (5)
Tags (5)
Classification (5)

Rules & Policies50 pts

Weighted by severity
Verifiable > declared
Runtime weighs more

Schema Quality30 pts

Compatibility (10)
Documentation (5)
References (5)
Versioning (10)

90-100

75-89

60-74

40-59

0-39

A confidence indicator (high / medium / low) reflects how many rules are objectively verifiable vs. self-declared.

Provider Compatibility

Capability	Confluent	Apicurio	Glue	Azure	Pulsar
Compatibility	✅	✅	✅	✅	✅
Validity	✅	✅	—	—	—
Data Rules (CEL)	✅	—	—	—	—
Migration Rules	✅	—	—	—	—

For providers without native rule support, event7 stores rules as declarative entries. They still contribute to scoring and governance visibility — they're just not enforced at the provider level.

Quick Start

Apply a template

Go to Rules, click "Apply Template", choose the layer that matches your schema.

Review the rules

The template creates rules with Expected enforcement. Adjust severity or add custom rules.

Check the score

Go to Dashboard or Catalog to see governance scores appear.

Add enrichments

Go to Catalog, fill in description, owner, tags, and classification.

Create custom rules

Use the rule editor for naming conventions, required fields, compliance requirements.

Roadmap

Rules & Policies CRUD	✓ Available
Templates (RAW/CORE/REFINED/APP)	✓ Available
Custom templates	✓ Available
Governance Score (3-axis + confidence)	✓ Available
Dashboard & Catalog integration	✓ Available
Provider sync — import from Confluent	Planned
Provider sync — push to Confluent	Planned
Drift detection	Planned
Automated policy evaluation	Planned

Governance Rules& Policies