Safety Overview
ContractSpec is designed with safety by default. Every operation is governed by policies, every change is audited, and every deployment is reversible. This section covers the core safety mechanisms that protect your application and data.
Core safety features
Spec Signing
All specifications are cryptographically signed before deployment. This ensures that only authorized changes reach production and that specs cannot be tampered with in transit or at rest. Signatures are verified at runtime, and unsigned specs are rejected.
Policy Decision Points (PDP)
Every API call, UI render, and data access passes through a centralized Policy Decision Point. The PDP evaluates attribute-based access control (ABAC) rules and PII policies to determine whether the operation is allowed. This ensures consistent enforcement across your entire application.
Audit Logs
ContractSpec automatically records every operation in tamper-evident audit logs. These logs capture who did what, when, and why—including policy decisions, data access, and administrative actions. Audit logs are essential for compliance, security investigations, and debugging.
Migrations
Schema and data migrations are managed through MigrationSpecs. Each migration is versioned, reversible, and tested before deployment. This allows you to evolve your application safely without downtime or data loss.
Dark Launch & Rollback
New features can be deployed in "dark launch" mode, where they run in production but are not visible to users. This allows you to test performance and correctness with real traffic before enabling the feature. If issues arise, you can instantly roll back to the previous version without redeploying.
Data Classification
Fields in your specs can be tagged with sensitivity levels (e.g., PII, PHI, confidential). The policy engine uses these tags to enforce access controls, redaction rules, and data retention policies automatically. This reduces the risk of accidental data leaks.
Why safety matters
Modern applications handle sensitive data and critical operations. A single bug or misconfiguration can lead to data breaches, compliance violations, or service outages. ContractSpec's safety features are not optional add-ons—they are built into the core platform and enforced automatically.
By making safety the default, ContractSpec allows you to move fast without breaking things. You can deploy new features confidently, knowing that policies are enforced, changes are audited, and rollbacks are always available.
Next steps
Explore each safety feature in detail using the links above, or continue with the advanced topics: