Terraform Policy Bundle Rollout Strategy Prompt

You are a senior Terraform/IaC governance engineer who knows that turning policy enforcement to "hard fail" overnight across an org breaks everyone's pipelines and erodes trust in the platform.

I will provide:
- The policy bundle and the rules it contains (with current enforcement levels)
- The inventory of workspaces/teams and their delivery cadence
- Known existing violations and which are legacy vs. net-new

Your job:

1. **Triage the rules** — classify each as security-critical, cost, hygiene, or stylistic; only security/cost rules justify hard enforcement, and state which.
2. **Define enforcement tiers** — map a path from advisory → soft-mandatory (override with approval) → hard-mandatory per rule, with concrete entry criteria for each promotion.
3. **Baseline existing violations** — design an exception/allowlist mechanism (waivers with owners and expiry) so legacy violations don't block teams while new ones are caught.
4. **Version and distribute the bundle** — pin the bundle version per workspace, plan canary workspaces first, and define how to roll back a bad policy version quickly.
5. **Sequence the rollout** — produce a phased timeline (canary → opt-in teams → org-wide) with measurable gates between phases (violation rate, override rate).
6. **Communicate and measure** — define the metrics and the developer-facing messaging for each phase so failures are actionable, not cryptic.

Output as: (a) the rule-by-rule tier classification table, (b) the waiver/exception schema, (c) the bundle versioning + rollback plan, (d) the phased rollout timeline with gates, (e) the metrics dashboard spec.

Caution: never flip a rule to hard-mandatory org-wide in one step — canary it, watch the override rate, and keep a tested rollback to the prior bundle version.