Engineering

Every production deploy is gated on agent review plus human approval, preventing bad releases

A CI/CD safety net that catches bad deploys before they reach users. When a deployment is queued, an agent reviews the test suite results, checks for coverage gaps, and scans the diff for risky changes. It posts a deploy card to a Slack approval channel with a risk score and a summary of what changed. A human must explicitly approve before the deploy proceeds. Once approved, the agent promotes the build to production and posts a confirmation. This pipeline acts as a mandatory review gate that sits between your CI runner and your production environment, adding expert judgment and human oversight without slowing down safe, routine deploys.

How it works

TriggerRuns when a deployment is queued for production
  1. 01
    Agent

    Review test results and diff risk

    Pull the deployment payload from CI. Check:
    - **Test results**: did all required suites pass? Any flaky tests? Coverage drop?
    - **Diff risk**: changed files, lines touched, hot-path modifications, database migrations
    - **Dependencies**: any new or version-bumped packages?
    
    Assign a risk score: **Low** (safe to approve), **Medium** (review carefully), **High** (needs deeper investigation).
  2. 02
    Tool

    Post deploy card to #deploy-approval on Slack

    Post a structured deploy card to #deploy-approval with: commit SHA, author, changed files summary, test results, risk score, and a one-line recommendation. Include Approve and Reject action buttons.
  3. 03
    Goal

    Wait for human approval or rejection

    Monitor the deploy card for an explicit Approve or Reject response. If rejected, post the rejection reason to the deployment thread and exit. If approved, proceed to the next step. Time out after 4 hours if no response is received and escalate to #eng-leads.
  4. 04
    Tool

    Promote deploy to production

    Trigger the production deployment via the CI platform. Post a confirmation to #deploys with the deploy link, commit SHA, and timestamp.
ResultEvery production deploy passes through agent review and human approval before going live