Code Access Policy

Purpose

This policy establishes the requirements and procedures for providing Configura with access to extension code. Code access is essential for ensuring the safety, security, and stability of extensions deployed to the CET user community. Without proper code access, Configura cannot effectively support the ecosystem or troubleshoot critical issues.

Scope

This policy applies to all custom CM code used in extensions published to the MyConfigura Marketplace. It does not apply to:

• External systems integrated with CET extensions
• Proprietary algorithms or business logic implemented outside the CM codebase
• Data structures that do not contain executable code

Code Access Requirements

Requirement Overview

All Extension Owners must provide Configura with access to the most current version of their extension’s CM code. This enables Configura to:

1. Verify code safety and security
2. Troubleshoot critical issues
3. Assess compatibility with platform updates
4. Implement emergency fixes when necessary
5. Ensure proper interaction with other extensions

Methods of Providing Access

Extension Owners can fulfill this requirement through one of the following methods:

Option 1: Configura Git Repositories

• Configura provides git repositories for storing extension code
• Extension Owners maintain their code directly in these repositories
• Configura has immediate access to the latest code

Option 2: External Git Access

• Extension Owners provide Configura with access to their own git repositories
• Access must include read permissions at minimum
• Repository structure must be clearly documented

Option 3: Code Delivery

• Extension Owners deliver code to Configura upon request
• Delivery must occur within 12 hours of request
• Code must be complete, current, and properly organized
• Delivery can be via secure file transfer, zip file, or other approved method

Repository Organization

Branch Structure

Extensions may use any branching strategy, but must adhere to these requirements:

1. The branch containing the current production code must be clearly identified
2. A naming convention similar to version/XXX/official is recommended
3. If this naming convention is not used, documentation must specify which branch contains the current production code

Documentation

Code repositories should include:

1. Basic README file explaining the extension’s purpose and structure
2. Setup instructions for development environments
3. Build procedures if applicable
4. Contact information for technical questions

Code Request Process

When Configura needs to access extension code that is not in Configura’s git repositories:

1. Request Initiation: Configura will send a formal code request to the Extension Owner’s designated technical contact
2. Acknowledgment: Extension Owner must acknowledge the request within 4 business hours
3. Delivery: Code must be delivered within 12 hours of the request
4. Verification: Configura will verify the code is complete and matches the published extension
5. Follow-up: Any questions or issues will be communicated to the Extension Owner

Security and Confidentiality

Configura commits to maintaining the confidentiality of extension code:

1. Access to extension code is limited to authorized Configura personnel
2. Code will only be used for the purposes outlined in this policy
3. Configura will not share extension code with third parties, including other Extension Owners
4. Configura will not use extension code for competitive purposes

Non-Compliance

Failure to provide code access as outlined in this policy may result in:

1. Denial of publishing approval for new extensions
2. Temporary deactivation of existing extensions
3. Permanent removal from the MyConfigura Marketplace in cases of repeated non-compliance

See the Uninstall Policy for more details on the deactivation process.

Secure Code Transfer Methods

When transferring code outside of git repositories, Extension Owners should use secure methods:

Recommended Methods

• Secure file transfer protocols (SFTP)
• Encrypted zip files with passwords shared separately
• Configura’s secure file upload portal
• Enterprise-grade file sharing services with appropriate security

Methods to Avoid

• Unencrypted email attachments
• Public file sharing services without access controls
• Physical media via standard mail

Best Practices for Code Organization

To facilitate efficient troubleshooting and support, consider these best practices:

1. Modular Structure: Organize code into logical modules
2. Clear Naming: Use descriptive, consistent naming conventions
3. Comments: Document complex logic and non-obvious functionality
4. Version Tagging: Clearly tag or mark release versions
5. Change Logs: Maintain documentation of significant changes
6. Dependencies: Clearly document external dependencies

Extension-Specific Considerations

Commercial Extensions

• Must provide full CM code access
• May protect proprietary business logic through abstraction or external services

Open Source Extensions

• Should maintain public repositories with appropriate licenses
• Must still notify Configura of repository locations

Mixed Proprietary/Open Extensions

• Must clearly document which components are proprietary vs. open
• Must provide access to all CM code regardless of licensing model

Policy Administration

This policy is administered by the Configura Publishing Program. Questions or requests for clarification should be directed to:

• Your Configura Account Executive
• The Publishing Program team at publishing-program@configura.com
• The Extension Review team at extension-review@configura.com

Policy Changes

This policy may be updated periodically. All changes will be communicated to Extension Owners at least 30 days before implementation.

---

Document Version: 1.0
Last Updated: February 28, 2025
Next Review: August 28, 2025
Configura Publishing Program
© 2025 Configura, Inc. All rights reserved.