dpndncY

Signed bypass & approvals

A firewall you can't get past gets turned off. dpndncY's bypass is deliberate, scoped, and signed — every override produces a tamper-evident record so an auditor can see exactly who bypassed what, when, and why.

Three bypass channels

ChannelHowGood for
Signed waiverA DSSE-signed YAML waiver, committed to the repo, scoped to a package + version range + expiry.Known, reviewed exceptions you want in version control.
Expiring tokenA scoped, single-use or TTL-bounded token issued for one install.One-off unblocks in CI without editing policy.
Human approverA live approval request routed to Slack / web / API; an authorised reviewer approves or denies.Urgent, judgement-call overrides.

Waiver format

waiver.yaml
package: "npm:left-pad"
versions: ">=1.0.0 <2.0.0"
reason: "Pinned transitive; upstream fix tracked in JIRA-4821"
approved_by: "security@acme.com"
expires: "2026-09-01"

The waiver is DSSE-signed; the firewall verifies the signature before honouring it.

What gets recorded

Every bypass — successful or attempted — emits a signed firewall/v1 record carrying the package, the verdict that was overridden, the channel used, the identity, the reason, and a timestamp. The record is the same envelope format as any other decision, so it lands in the same audit trail and can be verified offline with dpndncy-verify.

Bypass is logged, never silent
There is no un-audited way past the firewall. A bypass doesn’t weaken the trail — it adds to it.

Reporting

Report on bypass usage by team, package, channel, and reason to spot patterns (the same package waived repeatedly is a backlog item, not an exception).

See also