Exceptions and expiring windows
Use this guide when a team needs a temporary Guard bypass without silently turning that bypass into the new normal.
What the route is forDirect link to What the route is for
/guard/exceptions keeps three things together:
- pending exception requests
- active exception windows
- which windows are about to expire
That matters because friction reduction only stays safe when the team can still answer who asked, why it exists, and when it ends.
What belongs in an exceptionDirect link to What belongs in an exception
Exceptions are best for:
- short-lived unblock moments
- time-bound approvals that should not become policy
- cases where the operator already knows this is the unusual path
Exceptions are a poor substitute for:
- missing shared policy defaults
- stable allow decisions that should move into policy
- long-lived process debt no one wants to revisit
Recommended operator loopDirect link to Recommended operator loop
- review pending requests
- approve or reject with a clear rationale
- watch active windows for expiry
- remove old windows instead of letting them linger
- promote repeated exceptions into policy if the same request keeps returning
Relationship to team policyDirect link to Relationship to team policy
Exceptions work best when a team policy pack already exists. Otherwise the queue becomes person-to-person friction instead of a controlled operating system.