PERMISSION/PROTOCOL

Permission Protocol Quickstart

Protect one repo before the next AI-authored production PR.

Install Permission Protocol as a GitHub required check. When an AI agent touches a protected production path, the PR stays blocked until a named human signs the exact change.

GitHub App install
Required PR check
Human-signed receipt
1

Account

Create your workspace

Start with one repo and name the organization that will own the approval receipts. This captures the human and company context before asking for GitHub installation permissions.

Install on one repo
2

Intent

Choose the first thing to protect

Pick the highest-consequence path first. Most teams start with deploy workflows, infrastructure, database migrations, or release branches.

Deploy workflows

.github/workflows/deploy.yml

Infrastructure

infra/**

Database migrations

migrations/**

Release branches

release/*

3

GitHub

Install or link the GitHub App

Connect one low-risk repo first. Permission Protocol syncs the repo, then guides you to the required check setup. Existing GitHub App installs are recovered through the same flow.

Install on one repo
4

Required check

Add Permission Protocol to the PR gate

Add the Permission Protocol workflow and make permission-protocol/approval the required status check context in GitHub branch protection or rulesets.

App-generated workflow checklist
1. Create a Permission Protocol workspace.
2. Connect or install the GitHub App on the repo you want to protect.
3. Add policy rules in .pp-policy.yml.
4. In the app, copy the repo-specific Permission Protocol workflow.
5. Commit that workflow to .github/workflows/permission-protocol.yml.
6. Make permission-protocol/approval a required check for the protected branch.

The product app generates the repo-specific workflow during setup so this public page does not publish credential-shaped configuration.

Generic workflow shape
name: Permission Protocol
on: [pull_request]
jobs:
  approval:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
      statuses: write
      checks: write
    steps:
      - uses: permission-protocol/gate@v1
        with:
          pp-api-key: ${{ secrets.PP_API_KEY }}
          pp-base-url: https://app.permissionprotocol.com
          fail-mode: closed
          production-environments: production,prod,live

Store your repository secret as PP_API_KEY. Existing customers using permission-protocol/deploy-gate@v2 continue to work through the legacy alias.

Branch protection checklist
required_status_checks:
  strict: true
  contexts:
    - ci/test
    - permission-protocol/approval
protected_branches:
  - main
production_paths:
  - .github/workflows/deploy.yml
  - infra/**
  - migrations/**
policy_file: .pp-policy.yml
5

Activation

Open a PR that should be blocked

Open a test PR touching the protected path. GitHub should show the Permission Protocol check display name as pending, backed by the permission-protocol/approval API context. That pending check is the product working: merge is held until a signer reviews the exact repo, PR, commit, action, policy, and production path.

Expected state

permission-protocol/approval pending

6

Receipt

Sign once, then verify the receipt

After an authorized human signs, Permission Protocol issues a receipt tied to the PR, commit, action, policy, signer, and timestamp. The required check turns green for that approved change.

Finish line

Blocked PR → human signature → receipt → green required check.

See a signed receipt →

Need the lower-level API?

The SDK and receipts API are still available for custom authority gates. Start with Deploy Gate first if your goal is protecting AI-authored GitHub PRs.