OpenXR Exception-Budget Override Approved but Post-Window Debt Not Reconciled on Quest - Fix

Your release team granted an exception-budget override to get a Quest candidate through a high-pressure window. Shipping happened, incident load stayed manageable, and everyone moved to the next sprint. Two weeks later, variance stays red, repeated keys increase, and nobody can prove which override debt was retired versus carried.

In 2026 this failure pattern is rising because teams improved pre-window forecasting but did not harden the post-window reconciliation side of override governance. The override is treated as the decision, not as a temporary risk loan that must be closed with explicit accounting.

If override debt is not reconciled quickly and consistently, release governance turns into untracked carryover risk.

Why this issue spikes now

This became more common in current release operations because:

• exception-budget overrides are used more often in compressed launch windows
• teams rely on red/yellow/green variance labels but skip closure discipline after ship
• debt reduction owners are assigned verbally without machine-readable SLA tracking
• renewal requests are approved before previous override outcomes are classified

The result is policy drift: debt from old override windows keeps polluting new decisions.

Problem

Common symptoms:

• override packet has approved status but no reconciliation class (resolved, contained, carried, or failed)
• debt points were added during window, but retirement values are missing or zeroed
• next-window budget tolerance was not recalibrated after a carried/failed outcome
• same recurrence keys appear in consecutive override windows without penalty tightening
• release meetings review new approvals while old override task IDs remain open

Any one of these means post-window governance is incomplete.

Direct answer

Treat every override as a time-boxed risk loan with mandatory reconciliation: classify outcome within 24-72 hours, post debt added/retired/carried fields, apply carryover penalties to next-window budget limits, and block new override eligibility when prior closure SLAs are overdue.

Root cause summary

1. Override lifecycle stops at approval - controls enforce grant-time quality but not closeout quality.
2. No reconciliation schema - teams store freeform notes instead of structured debt fields.
3. Missing owner-route SLA enforcement - overdue closure tasks do not trigger policy consequences.
4. No carryover penalty formula - unresolved debt has no deterministic budget impact.
5. Eligibility disconnect - teams allow new overrides even with stale unresolved debt.

Fastest safe fix path

1. Freeze new override approvals until all active windows have reconciliation status.
2. Add required reconciliation fields to override records and fail incomplete writes.
3. Classify each recent override outcome (resolved, contained, carried, failed).
4. Apply next-window budget penalties for carried/failed debt using a fixed formula.
5. Re-enable override approval only after closure SLAs and owner assignments pass checks.

Step-by-step fix

Step 1: Enforce reconciliation-required state transition

Add a hard lifecycle requirement:

• approved -> active -> expired -> reconciled

Do not allow archival or "done" marking until reconciliation fields are complete.

Required fields:

• override_id
• window_id
• debt_points_added
• debt_points_retired
• debt_points_carried
• reconciliation_class
• reconciled_at_utc
• owner_route
• closure_due_utc

Verification checkpoint: querying overrides by expired returns zero rows with missing reconciliation fields.

Step 2: Classify every override with deterministic rules

Use explicit classification policy:

• resolved: >=90% debt retired by closure due date
• contained: meaningful reduction but residual debt below carry threshold
• carried: unresolved debt exceeds threshold and rolls into next window
• failed: debt worsened or repeated keys expanded during override window

Avoid subjective labels like "mostly fixed." Labels must map to policy actions.

Verification checkpoint: every closed override has exactly one reconciliation class and one decision reason code.

Step 3: Attach reconciliation tasks to owner routes

For each override, assign closure tasks across routes:

• release route: final policy decision and hold/allow rationale
• QA route: evidence for retired defects versus residual risk
• telemetry route: recurrence-key trend validation and confidence drift checks
• support route: live incident pattern review for user-facing impact

Each task needs due time and escalation owner.

Verification checkpoint: task board shows no override row without owner-route mapping.

Step 4: Apply carryover penalty formula to next-window budgets

Implement a deterministic adjustment:

• next_budget_limit = base_limit - (carried_points * penalty_factor)

Recommended defaults:

• penalty_factor = 0.5 for first carried window
• penalty_factor = 0.75 for consecutive carried windows
• immediate override eligibility restriction after one failed class

This keeps debt consequences visible in future approvals.

Verification checkpoint: next-window budget report displays base limit, penalty, and adjusted limit with formula components.

Step 5: Gate new override approvals on prior closure health

Before any new override grant, require:

• no overdue reconciliation tasks older than 72 hours
• no unclassified expired overrides
• carryover penalties already applied in current window budget
• repeated-key hotspot owners assigned with active mitigation tasks

If one check fails, approval route should return override_blocked_prior_closure.

Verification checkpoint: approval audit logs show preflight closure checks and pass/fail outcomes.

Step 6: Add overdue escalation ladder

Use a fixed time ladder:

1. 24h overdue: owner route reminder + revised ETA required
2. 72h overdue: route lead escalation + temporary budget tightening
3. 7d overdue: leadership escalation + new override freeze

Escalation should adjust policy, not just generate notifications.

Verification checkpoint: overdue items automatically update policy status in release dashboard.

Step 7: Reconcile repeated-key recurrence explicitly

Post-window closure should include:

• top repeated keys that drove override usage
• trend direction since window open
• debt points linked to each repeated key
• assigned mitigation owner and due milestone

Without recurrence closure, carried debt will recur under a new name.

Verification checkpoint: repeated-key reconciliation table exists for every carried or failed override.

Practical 12-minute triage flow

When reconciliation appears broken:

1. list overrides expired in last 30 days
2. flag rows missing reconciliation class or debt fields
3. compute carried-point total by owner route
4. verify next-window penalty application
5. block new overrides until missing closures are resolved
6. schedule targeted reduction tasks for top repeated keys

This usually restores policy confidence in one release meeting.

Alternative fixes for stubborn environments

Branch A: Reconciliation data lives in spreadsheets only

Fix:

• create ingestion step to sync spreadsheet fields into canonical override records
• reject stale rows older than one export cycle

Branch B: Teams dispute classification thresholds

Fix:

• run two-window pilot with documented thresholds
• freeze thresholds for one quarter to prevent policy gaming

Branch C: Owners close tasks without evidence

Fix:

• require evidence attachment hash for each retired debt claim
• auto-reopen closure when evidence is missing or mismatched

Verification checklist before restoring normal override throughput

All checks should pass:

1. every expired override has reconciliation class and debt fields
2. overdue reconciliation SLA count is zero or actively escalated
3. next-window penalty formula applied for all carried/failed outcomes
4. repeated-key closure tasks assigned and tracked
5. new override preflight blocks on stale closure debt
6. dashboards show added, retired, and carried debt per window

If any check fails, keep override approvals in restricted mode.

Prevention tips

• Treat reconciliation as part of override definition, not an optional follow-up.
• Keep one canonical override schema across tools and dashboards.
• Review carryover debt at the start of every release-governance meeting.
• Prevent renewal approval when prior override from same route is still unclassified.
• Publish monthly "override debt aging" metrics to leadership and route owners.

Related problems and links

• OpenXR promotion-gate waiver not expiring and package still ships on Quest - fix
• OpenXR auto-remediation package applies without rollback gate on Quest - response lane fix
• OpenXR follow-up response packet uses wrong snapshot UTC after signer review - escalation routing fix
• OpenXR startup selection telemetry missing on Quest build - instrumentation route fix
• Guide: Unity 6.6 LTS OpenXR Exception Budget Override Governance and Post-Window Reconciliation Preflight
• Guide: Unity 6.6 LTS OpenXR Waiver Debt Burndown Forecast and Exception Budget Preflight
• Course: Lesson 139 - Waiver Debt Burndown Forecast and Exception Budget Planning (2026)
• Blog: Quest OpenXR exception-budget override governance and post-window debt reconciliation 2026 small teams

Official references: Unity OpenXR documentation and Khronos OpenXR specification.

FAQ

Can we approve new overrides while old reconciliations are still open

You can technically do it, but governance quality degrades fast. In practice, block new overrides until prior high-risk closures are classified and penalties are applied.

Should carried debt always reduce next-window budgets

Yes, unless your policy explicitly exempts a documented class. Without penalties, carryover debt becomes invisible and repeats.

What is the minimum acceptable reconciliation speed

Aim for first classification within 24 hours and full closure within 72 hours. Longer windows usually indicate owner-route ambiguity or missing telemetry evidence.

Is this only for Quest OpenXR projects

No. The pattern applies to any release lane using conditional promotion overrides, but Quest windows in 2026 show this failure often due to compressed patch cycles.

Escalation criteria

Escalate to strict release hold when:

• an expired override remains unclassified beyond 7 days
• carried debt rises for two consecutive windows with no penalty tightening
• renewal is approved while prior override from same route has overdue closure tasks

Bookmark this fix for release-governance closeout reviews. Share it with route owners responsible for override approvals and debt reconciliation.