Block AI deploys until a human signs.
AI agents can open PRs. They should not deploy to production.
This GitHub Action enforces that boundary.
PR opened β β Deploy blocked β Human authorizes β β
Signed β Merge unlocked
Add to your workflow:
# .github/workflows/deploy-gate.yml
name: Deploy Gate
on:
pull_request:
branches: [main]
jobs:
gate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: permission-protocol/deploy-gate@v2
with:
pp-api-key: ${{ secrets.PP_API_KEY }}- Get API key β https://app.permissionprotocol.com
- Add secret:
gh secret set PP_API_KEY -b "pp_live_..."- Open a PR β watch it get blocked β approve β merge
Takes ~3 minutes. One secret.
- Blocks risky PRs with a required status check
- Posts a PR comment with a direct approval link
- Sends the reviewer to Permission Protocol to approve and sign
- Unblocks the PR instantly after approval
- Produces a tamper-evident approval record
AI agents can write code, open PRs, and trigger workflows β but they should not have authority to deploy on their own.
Today:
- approvals are mutable
- logs are not proof
- systems trust state, not intent
Deploy Gate enforces:
- Explicit human signer (Ed25519)
- Signature bound to exact action (commit, repo, environment)
- Single-use receipt (replay fails)
- Tamper-evident β mutation invalidates approval
It does not trust database state. Only signed receipts.
PR opened
β
βΌ
Deploy Gate checks for valid receipt
β
βββ Receipt exists ββββββββββββββββΊ Merge allowed
β
βββ No receipt ββββββββββββββββββββΊ Blocked
β
βΌ
PR comment with approval link
β
βΌ
Human approves + signs
β
βΌ
Re-run CI β Merge allowed
No install required:
- Open demo PR
permission-protocol/pp-demo#32 - Click Authorize Deploy
- Approve β see your signed receipt
MIT β see LICENSE
