OpenXR Promotion-Gate Waiver Not Expiring and Package Still Ships on Quest - Fix

Your response-lane package should be blocked because confidence dropped below gate threshold, but release still promotes it because an old waiver never expired. The system says "approved," but the approval context is stale.

In 2026 Quest OpenXR operations this issue appears more often as teams adopt confidence-based promotion gates but keep waiver lifecycle handling partially manual.

If waiver expiry is not enforced, promotion governance degrades into silent exception drift.

Why this issue spikes now

Current workflow pressure amplifies this failure:

• package confidence moves quickly week to week
• conditional promotions are used more often in launch windows
• waiver records are copied across candidates without strict expiry checks

The result is low-confidence package promotion under outdated approvals.

Problem

Common symptoms:

• waiver record exists with past expiry UTC but candidate still marks promotion_allowed
• package band is yellow or red yet release path shows no fresh waiver decision
• gate audit row references previous candidate ID
• follow-up checkpoint was missed but waiver remains valid in tooling
• rollback incidents increase while gate logs show "approved by waiver"

Any of these indicates waiver lifecycle enforcement is broken.

Direct answer

Make waiver expiry a hard gate precondition: block promotion automatically when expiry UTC passes, require candidate-specific waiver IDs, and force revalidation against current package confidence before any new promotion decision.

Root cause summary

1. Expiry is informational only - waiver state does not enforce blocking.
2. Waiver reuse across candidates - one approval incorrectly covers multiple release targets.
3. Missing checkpoint enforcement - post-waiver validation steps are not required.
4. Confidence drift ignored - score changes do not invalidate old waivers.
5. No revocation workflow - teams cannot quickly cancel stale waivers during incident windows.

Fastest safe fix path

1. Pause promotion on candidates using expired waivers.
2. Validate waiver expiry against current UTC and candidate ID.
3. Recompute package confidence band using latest run evidence.
4. Require new waiver only if policy allows conditional promotion.
5. Resume promotion after checkpoint and expiry controls are confirmed.

Step-by-step fix

Step 1: Enforce expiry as blocking logic

Waiver must include:

• waiver_id
• candidate_id
• expires_at_utc
• approved_by_routes
• followup_checkpoint_utc

If now > expires_at_utc, promotion must fail closed.

Verification checkpoint: expired waivers automatically return promotion_hold.

Step 2: Bind waiver to one candidate only

Do not allow generic waiver scope.

Require:

• one waiver -> one candidate
• one candidate -> explicit package set

Copying waiver IDs across candidates must be blocked.

Verification checkpoint: waiver lookup requires exact candidate_id match.

Step 3: Revalidate confidence before waiver grant

Before creating waiver:

• compute latest package score
• compute trend direction
• confirm band qualifies for conditional path

If package is red-band, waiver should fail by policy.

Verification checkpoint: waiver grant row stores score and trend at grant time.

Step 4: Enforce follow-up checkpoint

Waiver validity requires checkpoint completion:

• run required drill or evidence refresh
• record decision outcome
• update gate state

If checkpoint misses SLA, waiver becomes invalid immediately.

Verification checkpoint: unresolved checkpoint -> automatic hold state.

Step 5: Add waiver revocation path

Support immediate revocation when:

• confidence trend deteriorates sharply
• rollback incidents increase
• owner route cannot acknowledge risk

Revocation should override prior approval without waiting for expiry.

Verification checkpoint: revoked waiver cannot be restored without new approval cycle.

Step 6: Publish waiver lifecycle audit fields

Track:

• granted_at_utc
• expires_at_utc
• revoked_at_utc (if any)
• checkpoint_status
• decision_reason_code

This keeps waiver governance auditable and prevents silent drift.

Verification checkpoint: each active waiver has complete lifecycle fields.

Practical 10-minute triage flow

When stale waiver behavior is suspected:

1. list active waivers for candidate
2. compare expiry UTC with current UTC
3. validate candidate ID binding
4. verify checkpoint completion status
5. recompute confidence band
6. hold or reapprove based on current policy

This quickly restores gate integrity.

Alternative fixes for stubborn cases

Branch A: CI pipeline reads cached waiver state

Fix:

• force fresh waiver lookup per run
• include waiver version hash in gate decision input

Branch B: timezone mismatch causes late expiry

Fix:

• enforce UTC storage and comparison only
• reject local-time waiver values

Branch C: waiver appears valid but package set changed

Fix:

• bind waiver to package version IDs
• invalidate waiver on package-version drift

Verification checklist before re-enabling promotion

All checks should pass:

1. expiry check is hard-blocking
2. waiver bound to exact candidate ID
3. latest confidence score captured at waiver grant
4. follow-up checkpoint status enforced
5. revocation path tested
6. lifecycle audit fields complete

If one fails, keep release in hold state.

Prevention tips

• Keep waiver TTL short in high-risk windows.
• Require dual-route approval for conditional promotions.
• Auto-alert when waiver expires within next 6 hours.
• Invalidate waivers when package confidence drops a full band.
• Review all active waivers in each release gate meeting.

Related problems and links

• OpenXR auto-remediation package applies without rollback gate on Quest - response lane fix
• OpenXR option scorer model version binding mismatch on Quest build - release lane and tuple lock fix
• OpenXR startup selection telemetry missing on Quest build - instrumentation route fix
• Guide: Unity 6.6 LTS OpenXR Package Confidence Dashboard and Promotion Gate Preflight
• Course: Lesson 136 - Package Confidence Dashboard and Release-Window Promotion Gate (2026)
• Blog: Quest OpenXR package confidence dashboard and promotion gate playbook 2026 small teams

Official references: Unity OpenXR documentation and Khronos OpenXR specification.

FAQ

Should waivers survive across multiple release candidates

No. Waivers should be candidate-specific and expire quickly. Reuse hides changing risk conditions.

Can we renew an expired waiver automatically

No. Renewal requires fresh confidence revalidation and explicit approver routes.

What if confidence improves before waiver expiry

You can close waiver early and return to standard promotion rules. Do not keep conditional state longer than needed.

Escalation criteria

Escalate to strict release hold when:

• expired waiver still grants promotion
• candidate has no valid waiver but gate state is allowed
• waiver checkpoint misses SLA with no revocation action

Bookmark this fix for release-governance audits and share it with owners responsible for package promotion controls.