# Scene 2 — REQUIRE_APPROVAL: Production Deploy **Policy rule:** Environment-based (`jenkins.deploy` on `prod` requires approval) **Expected result:** REQUIRE_APPROVAL --- ## Presentation Rule > **Language:** All AI narration and communication during scenes must be in **English**. > > The AI must narrate every interaction with the gateway in detail. **Before** calling the gateway, explain what it is about to do, which endpoint it will call, what payload it will send, and what it expects to happen. **After** receiving the response, explain what the gateway returned, what the decision means, and why it matters. The goal is to make the audience understand exactly what is happening between the AI and the gateway at every step. --- ## Communication Flow ```mermaid sequenceDiagram participant AI as AI Agent participant GW as Gateway participant PE as Policy Engine participant JK as Jenkins Service AI->>GW: POST /api/gateway/execute
{tool: jenkins.deploy, action: deploy,
arguments: {env: prod, branch: release/4.2.0}} GW->>GW: Validate JWT + extract scopes GW->>PE: Evaluate policy rules PE->>PE: Scope check: jenkins.deploy ✓ PE->>PE: Environment check: prod → require_approval PE-->>GW: Decision: REQUIRE_APPROVAL Note over GW,JK: Request never reaches Jenkins GW->>GW: Write audit entry GW-->>AI: 200 OK {decision: REQUIRE_APPROVAL,
reason: "Production deployments require approval"} ``` ## Demo Script > **Presenter says:** "Now the AI tries to deploy to production. The gateway doesn't just allow or deny — it has a third option." ### Action Example request: > "Deploy branch release/4.2.0 to production" Send a gateway request for `jenkins.deploy` with `env=prod` and `branch=release/4.2.0`. ### Expected Response ```json { "request_id": "req-...", "decision": "require_approval", "reason": "Production deployments require approval", "matched_rule": "env-deploy-rules", "approval": { "status": "pending", "timeout_seconds": 60 } } ``` --- ## What This Proves - The policy engine distinguishes between environments: staging=allow, prod=require_approval - No production action happens without a human in the loop - The AI cannot bypass this — even with valid credentials and correct scopes - This is the same principle as manual deploy approvals, applied to AI agents --- ## Contrast (optional) If time permits, also ask: > "Deploy branch release/4.2.0 to staging" This one returns **ALLOW** — showing environment-based differentiation in action. --- ## Transition to Next Scene > "So prod needs approval — good. But what about attack scenarios? What if the AI tries to access something it shouldn't?"