PERMISSION/PROTOCOL
← Use cases

AI agent deploy gate

A deploy gate for AI agents that can change production.

Copilots became coding agents. Coding agents became deploy actors. Permission Protocol gives teams a hard gate between AI-authored code and production-sensitive actions.

AI agent deploy gateAI deployment approvalAI generated code governanceGitHub deploy approval for AI agentsproduction deploy gate

The problem

AI-generated PRs can touch auth, billing, secrets, infra, and deploy workflows before a reviewer understands the blast radius.

Branch protection proves tests passed. It does not prove the right human authorized the consequence of the change.

Slack approvals and audit logs are easy to lose, hard to verify, and detached from the exact commit that shipped.

How Permission Protocol handles it

Classify each PR as cleared, approval_required, or denied using consequence-aware policy.

Require a named signer for production-sensitive changes before merge or deploy continues.

Issue an authority receipt tied to the repo, PR, commit, policy, signer, and action.

Concrete bad scenario

A coding agent opens a PR that updates a deploy workflow, changes a migration under db/migrations, and removes a rollback step. CI is green, but the production consequence is larger than the code diff looks.

Policy Permission Protocol applies

README and test-only changes auto-clear. PRs touching deploy workflows, infrastructure, release branches, database migrations, auth, billing, or customer data require an authorized signer before merge.

Exact enforcement point

GitHub branch protection requires the permission-protocol/approval status check on main and release branches. The check stays pending until a valid receipt is issued for the exact PR head SHA.

Sample receipt

Actor: agent or GitHub user that authored the PR
Repo and PR number
Commit SHA approved
Action: merge, deploy, migration, or workflow change
Environment or protected branch
Policy id and decision
Signer identity and timestamp

Would Permission Protocol block this?

Blocked

Migration plus no rollback

A PR changes db/migrations and removes the down migration. The approval check stays pending until a signer approves that exact commit.

Cleared

Docs-only agent PR

A PR updates documentation outside protected paths. Policy can clear it without interrupting the normal review flow.

Denied

Policy-forbidden production deletion

A PR attempts a destructive production action that policy forbids. The code must change; there is no approval shortcut.

Implementation checklist

  1. 1Install the GitHub App or GitHub Action.
  2. 2Choose which production actions require approval: deploys, secrets, infra, billing, or database migrations.
  3. 3Make Permission Protocol a required status check for protected branches.
  4. 4Review the receipt after approval to verify who signed what, when, and why.
Start with the quickstart

FAQ

Is this the same as GitHub branch protection?

No. Branch protection checks whether required checks passed. Permission Protocol checks whether a production-sensitive action has explicit human authority and a verifiable receipt.

Does every AI-authored PR need manual approval?

No. Low-risk changes can clear automatically. Permission Protocol is most valuable when the change touches production, secrets, infrastructure, billing, auth, or customer data.

What happens when a PR is denied?

Denied is a hard stop. The code needs to change and produce a new diff. There is no authorize button for a policy denial.