1
0
simple-ai-gateway-tool/scenes/02-require-approval-prod-deploy.md
Nilton Constantino d48172539a
first commit
2026-04-22 14:55:58 +01:00

2.7 KiB

Scene 2 — REQUIRE_APPROVAL: Production Deploy

Policy rule: Environment-based (jenkins.deploy on prod requires approval) Expected result: REQUIRE_APPROVAL


Presentation Rule

Language: All AI narration and communication during scenes must be in English.

The AI must narrate every interaction with the gateway in detail. Before calling the gateway, explain what it is about to do, which endpoint it will call, what payload it will send, and what it expects to happen. After receiving the response, explain what the gateway returned, what the decision means, and why it matters. The goal is to make the audience understand exactly what is happening between the AI and the gateway at every step.


Communication Flow

sequenceDiagram
    participant AI as AI Agent
    participant GW as Gateway
    participant PE as Policy Engine
    participant JK as Jenkins Service

    AI->>GW: POST /api/gateway/execute<br/>{tool: jenkins.deploy, action: deploy,<br/>arguments: {env: prod, branch: release/4.2.0}}
    GW->>GW: Validate JWT + extract scopes
    GW->>PE: Evaluate policy rules
    PE->>PE: Scope check: jenkins.deploy ✓
    PE->>PE: Environment check: prod → require_approval
    PE-->>GW: Decision: REQUIRE_APPROVAL
    Note over GW,JK: Request never reaches Jenkins
    GW->>GW: Write audit entry
    GW-->>AI: 200 OK {decision: REQUIRE_APPROVAL,<br/>reason: "Production deployments require approval"}

Demo Script

Presenter says: "Now the AI tries to deploy to production. The gateway doesn't just allow or deny — it has a third option."

Action

Example request:

"Deploy branch release/4.2.0 to production"

Send a gateway request for jenkins.deploy with env=prod and branch=release/4.2.0.

Expected Response

{
  "request_id": "req-...",
  "decision": "require_approval",
  "reason": "Production deployments require approval",
  "matched_rule": "env-deploy-rules",
  "approval": {
    "status": "pending",
    "timeout_seconds": 60
  }
}

What This Proves

  • The policy engine distinguishes between environments: staging=allow, prod=require_approval
  • No production action happens without a human in the loop
  • The AI cannot bypass this — even with valid credentials and correct scopes
  • This is the same principle as manual deploy approvals, applied to AI agents

Contrast (optional)

If time permits, also ask:

"Deploy branch release/4.2.0 to staging"

This one returns ALLOW — showing environment-based differentiation in action.


Transition to Next Scene

"So prod needs approval — good. But what about attack scenarios? What if the AI tries to access something it shouldn't?"