87 lines
2.7 KiB
Markdown
87 lines
2.7 KiB
Markdown
# Scene 2 — REQUIRE_APPROVAL: Production Deploy
|
|
|
|
**Policy rule:** Environment-based (`jenkins.deploy` on `prod` requires approval)
|
|
**Expected result:** REQUIRE_APPROVAL
|
|
|
|
---
|
|
|
|
## Presentation Rule
|
|
|
|
> **Language:** All AI narration and communication during scenes must be in **English**.
|
|
>
|
|
> The AI must narrate every interaction with the gateway in detail. **Before** calling the gateway, explain what it is about to do, which endpoint it will call, what payload it will send, and what it expects to happen. **After** receiving the response, explain what the gateway returned, what the decision means, and why it matters. The goal is to make the audience understand exactly what is happening between the AI and the gateway at every step.
|
|
|
|
---
|
|
|
|
## Communication Flow
|
|
|
|
```mermaid
|
|
sequenceDiagram
|
|
participant AI as AI Agent
|
|
participant GW as Gateway
|
|
participant PE as Policy Engine
|
|
participant JK as Jenkins Service
|
|
|
|
AI->>GW: POST /api/gateway/execute<br/>{tool: jenkins.deploy, action: deploy,<br/>arguments: {env: prod, branch: release/4.2.0}}
|
|
GW->>GW: Validate JWT + extract scopes
|
|
GW->>PE: Evaluate policy rules
|
|
PE->>PE: Scope check: jenkins.deploy ✓
|
|
PE->>PE: Environment check: prod → require_approval
|
|
PE-->>GW: Decision: REQUIRE_APPROVAL
|
|
Note over GW,JK: Request never reaches Jenkins
|
|
GW->>GW: Write audit entry
|
|
GW-->>AI: 200 OK {decision: REQUIRE_APPROVAL,<br/>reason: "Production deployments require approval"}
|
|
```
|
|
|
|
## Demo Script
|
|
|
|
> **Presenter says:** "Now the AI tries to deploy to production. The gateway doesn't just allow or deny — it has a third option."
|
|
|
|
### Action
|
|
|
|
Example request:
|
|
|
|
> "Deploy branch release/4.2.0 to production"
|
|
|
|
Send a gateway request for `jenkins.deploy` with `env=prod` and `branch=release/4.2.0`.
|
|
|
|
### Expected Response
|
|
|
|
```json
|
|
{
|
|
"request_id": "req-...",
|
|
"decision": "require_approval",
|
|
"reason": "Production deployments require approval",
|
|
"matched_rule": "env-deploy-rules",
|
|
"approval": {
|
|
"status": "pending",
|
|
"timeout_seconds": 60
|
|
}
|
|
}
|
|
```
|
|
|
|
---
|
|
|
|
## What This Proves
|
|
|
|
- The policy engine distinguishes between environments: staging=allow, prod=require_approval
|
|
- No production action happens without a human in the loop
|
|
- The AI cannot bypass this — even with valid credentials and correct scopes
|
|
- This is the same principle as manual deploy approvals, applied to AI agents
|
|
|
|
---
|
|
|
|
## Contrast (optional)
|
|
|
|
If time permits, also ask:
|
|
|
|
> "Deploy branch release/4.2.0 to staging"
|
|
|
|
This one returns **ALLOW** — showing environment-based differentiation in action.
|
|
|
|
---
|
|
|
|
## Transition to Next Scene
|
|
|
|
> "So prod needs approval — good. But what about attack scenarios? What if the AI tries to access something it shouldn't?"
|