Skip to content

Deploy Gate

Actions
Block AI deploys until a human explicitly approves and signs
v2.0.0
Latest
By permission-protocol
Star (13)

Tags

 (2)
securityai-assisted

Deploy Gate blocked symbol

Deploy Gate

Block AI deploys until a human signs.

AI agents can open PRs. They should not deploy to production.
This GitHub Action enforces that boundary.

Tests

See it in action

▶ Try the interactive demo — no login, no setup, 15 seconds.

Deploy Gate: PR blocked → human signs → merge unlocked 

PR opened → ❌ Deploy blocked → Human authorizes → ✅ Signed → Merge unlocked

Quickstart

Add to your workflow:

# .github/workflows/deploy-gate.yml
name: Deploy Gate

on:
  pull_request:
    branches: [main]

jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: permission-protocol/deploy-gate@v2
        with:
          pp-api-key: ${{ secrets.PP_API_KEY }}
  1. Get API key → https://app.permissionprotocol.com
  2. Add secret:
gh secret set PP_API_KEY -b "pp_live_..."
  1. Open a PR → watch it get blocked → approve → merge

Takes ~3 minutes. One secret.

👉 Full install guide →

What it does

  • Blocks risky PRs with a required status check
  • Posts a PR comment with a direct approval link
  • Sends the reviewer to Permission Protocol to approve and sign
  • Unblocks the PR instantly after approval
  • Produces a tamper-evident approval record

Why this exists

AI agents can write code, open PRs, and trigger workflows — but they should not have authority to deploy on their own.

Today:

  • approvals are mutable
  • logs are not proof
  • systems trust state, not intent

Deploy Gate enforces:

  • Explicit human signer (Ed25519)
  • Signature bound to exact action (commit, repo, environment)
  • Single-use receipt (replay fails)
  • Tamper-evident — mutation invalidates approval

It does not trust database state. Only signed receipts.

How it works

PR opened
   │
   ▼
Deploy Gate checks for valid receipt
   │
   ├── Receipt exists ───────────────► Merge allowed
   │
   └── No receipt ───────────────────► Blocked
                                          │
                                          ▼
                                   PR comment with approval link
                                          │
                                          ▼
                                   Human approves + signs
                                          │
                                          ▼
                                   Re-run CI → Merge allowed

Try it live (30 seconds)

No install required:

  1. Open demo PR
    permission-protocol/pp-demo#35
  2. Click Authorize Deploy
  3. Approve → see your signed receipt

License

MIT — see LICENSE

Contributors (2)

@cgoldber82@rodchalski

Resources

Deploy Gate is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Block AI deploys until a human explicitly approves and signs
v2.0.0
Latest
By permission-protocol

Tags

 (2)
securityai-assisted

Contributors (2)

@cgoldber82@rodchalski

Resources

Deploy Gate is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.