Skip to main content

Pack Governance

Packs are the main way Worka gains new capability. Because of that, pack governance is one of the highest-leverage operator responsibilities in the platform.

If you govern packs well, Worka can evolve safely. If you govern them badly, the platform can gain power faster than your review and audit model can keep up.

What pack governance covers

Pack governance includes:

  • where packs come from
  • whether they are private, shared, or public
  • how they are reviewed
  • which workspaces may attach them
  • which connections and secrets they may use
  • how they are updated, replaced, or revoked

This is broader than “package management.” It is capability management.

Sources of packs

In practice, a workspace may receive a pack from several paths:

  • an existing trusted pack already available in your environment
  • a private pack built for one team or tenant
  • a reusable public or shared pack discovered by the marketplace
  • a newly generated pack produced through Forge

Each of those should still pass through the same governance questions:

  • do we trust it
  • do we understand what it is allowed to do
  • do we want it attached here

What to review before attachment

Before a pack is attached to a workspace, review:

  • the capability it adds
  • the tools it exposes
  • the connections it requires
  • the outbound network reach it declares
  • the audience that will use it
  • whether it should be allowed to evolve automatically or only through controlled release

For higher-risk packs, include a human approval step before attachment.

Updating and revoking packs

Do not stop at first attachment. Governance also needs a lifecycle:

  • allow update
  • pin to a known release
  • remove from a workspace
  • revoke if it should no longer be installable
  • quarantine if it should no longer be trusted

When a pack is removed, users should still be able to understand what changed and why.

What good governance looks like

A well-governed environment lets you answer:

  • which workspaces use this pack
  • which release is active
  • what connections and secrets it depends on
  • whether it came from internal build, private publication, or public reuse
  • who approved it or made it available

If you cannot answer those questions, the pack model is growing faster than your controls.