PERMISSION/PROTOCOL
← Use cases

GitHub AI code review governance

GitHub code review needs an authority layer for AI-generated PRs.

AI code review tools summarize diffs. Permission Protocol decides whether the consequence of the diff requires a signer before merge.

GitHub AI code review governanceAI generated pull request approvalGitHub AI PR governanceAI code review approval workflowsigned approval receipt

The problem

Reviewers are asked to approve AI-generated changes faster than they can understand production impact.

PR comments explain code, but they rarely create a durable signer-of-record for the actual action.

Required reviews do not distinguish a harmless README edit from a risky auth or infrastructure change.

How Permission Protocol handles it

Post a consequence brief directly on the PR so reviewers see what could happen in production.

Apply deterministic approval policy so sensitive changes cannot merge on vibes.

Attach the final decision to a signed receipt that can be audited later.

Concrete bad scenario

An AI agent opens a polished PR that changes an auth callback, updates a deploy workflow, and includes a confident summary. Reviewers can read the code, but the merge still needs explicit authority because the consequence is production-impacting.

Policy Permission Protocol applies

AI-authored PRs get routed by consequence: harmless changes can clear, production paths require a signer, and denied action classes cannot merge until the diff changes.

Exact enforcement point

Permission Protocol posts a PR consequence comment and controls a required GitHub check. Branch protection prevents merge until the check turns green for the current commit.

Sample receipt

PR author and detected agent context
Repo, base branch, and PR number
Approved head SHA
Sensitive paths changed
Policy route and risk reason
Signer identity
Decision timestamp and receipt id

Would Permission Protocol block this?

Blocked

Auth flow change

A PR modifies OAuth callback code and deploy workflow files. The required check stays pending until the security owner signs.

Cleared

Test fixture update

A PR changes tests and fixtures only. Policy can clear it while normal GitHub review continues.

Denied

Secret handling removal

A PR removes a required secret-validation guard. Policy denies the action until the code is corrected.

Implementation checklist

  1. 1Connect the repository.
  2. 2Map sensitive file paths and workflows to approval policy.
  3. 3Require Permission Protocol as a status check.
  4. 4Use receipts during incident review, compliance review, or customer security review.
Start with the quickstart

FAQ

Does Permission Protocol replace code review?

No. It complements code review. Code review asks whether the implementation is right. Permission Protocol asks whether the action has authority to proceed.

Can it work with existing GitHub reviewers?

Yes. It fits into GitHub checks and branch protection so teams can keep their current review process while adding explicit authorization for risky AI-authored changes.

Why signed receipts instead of PR comments?

Comments are useful context. Receipts are evidence: they bind the signer, commit, policy, action, and timestamp into a durable authorization record.