Pack Metadata and Versioning
Every full config document requires a pack: object. Keeptrusts uses its fields for validation and traceability:
pack.versionintoconfig_versionpack.nameintopack_name- a SHA-256 fingerprint from the raw file bytes (
config_sha256)
Only the schema-defined keys on this page are accepted. name, version, and enabled are required.
Recommended pack block
pack:
name: finance-compliance
version: 2.1.0
enabled: true
This is the minimum valid pack block.
Supported behavior
| Field | Used by Keeptrusts | Behavior |
|---|---|---|
name | yes | Required non-empty name; stored as pack_name |
version | yes | Required semantic version; stored as config_version |
enabled | validation only | Required boolean. The gateway loader does not currently skip enforcement when it is false. |
id | metadata | Optional non-empty identifier, up to 200 characters |
author | metadata | Optional owner or team, up to 200 characters |
description | metadata | Optional description, up to 2,000 characters |
Important implications
enabled is required but is not a runtime on/off switch
This does not disable the configuration at load time:
pack:
name: disabled-looking-pack
version: 1.0.0
enabled: false
Do not use pack.enabled: false as a deployment safety control. Select or withdraw the configuration through the owning rollout workflow instead.
id is optional metadata
The validator accepts id, but the gateway loader does not derive it from name or use it as the runtime configuration fingerprint.
Config fingerprinting
Keeptrusts computes a config fingerprint from the raw file bytes before parsing.
config_sha256 = sha256_prefixed(policy-config.yaml bytes)
That fingerprint is independent of pack.id or pack.version.