← Back to all posts

Auto-attachment of policies to Intent Projects via labels

Allow Intent policies (and ideally also contexts and integrations on Intent Projects) to use the existing autoattach:<label> label convention. When an Intent Project is created or updated with a matching label, any policy carrying autoattach:<that-label> should be automatically attached.

Concretely:

  • An Intent policy labeled autoattach:intent-baseline should auto-attach to every Intent Project labeled intent-baseline.

  • The wildcard form autoattach:* should attach a policy to all Intent Projects within the policy's space (and child spaces), matching the behavior described in the Context docs.

  • Auto-attached policies should be visible in the Intent Project's Policies tab, clearly marked as auto-attached (same UX as stacks).

  • Support should extend to the Terraform provider and GraphQL API so that Intent Projects can be governed declaratively from an administrative stack.

Workaround
Current behavior Today, attaching a policy to an Intent Project is a manual, per-project action: navigate to Try New Features > Intent Projects > [project] > Policies tab > Attach policy, then select the policy from the dropdown. This has to be repeated for every new Intent Project, for every policy that should apply to it.
Problem
Intent Projects are designed for speed β€” spinning up short-lived environments for QA, demos, prototypes, or exploratory work via natural language. The manual policy attachment step directly undermines that value proposition: - It doesn't scale. A platform team governing dozens or hundreds of developer-owned Intent Projects can't realistically click through each one to attach the standard guardrails (e.g., "no public S3 buckets", "no expensive instance types", "region allowlist"). - It's error-prone. If a user forgets to attach the organization's baseline Intent policy to a new project, the project runs ungoverned β€” the exact opposite of Spacelift's "governed by default" promise for the commercial Intent offering. - It's inconsistent with the rest of the platform. Policies, contexts, and cloud integrations already support `autoattach:<label>` for stacks and modules. Intent Projects are the odd one out.

Please authenticate to join the conversation.

Upvoters
Status

πŸ‘€ In Review

Board

πŸ’‘ Feature Requests

Date

1 day ago

Subscribe to post

Get notified by email when there are changes.