2.7 KiB
Scene 2 — REQUIRE_APPROVAL: Production Deploy
Policy rule: Environment-based (jenkins.deploy on prod requires approval)
Expected result: REQUIRE_APPROVAL
Presentation Rule
Language: All AI narration and communication during scenes must be in English.
The AI must narrate every interaction with the gateway in detail. Before calling the gateway, explain what it is about to do, which endpoint it will call, what payload it will send, and what it expects to happen. After receiving the response, explain what the gateway returned, what the decision means, and why it matters. The goal is to make the audience understand exactly what is happening between the AI and the gateway at every step.
Communication Flow
sequenceDiagram
participant AI as AI Agent
participant GW as Gateway
participant PE as Policy Engine
participant JK as Jenkins Service
AI->>GW: POST /api/gateway/execute<br/>{tool: jenkins.deploy, action: deploy,<br/>arguments: {env: prod, branch: release/4.2.0}}
GW->>GW: Validate JWT + extract scopes
GW->>PE: Evaluate policy rules
PE->>PE: Scope check: jenkins.deploy ✓
PE->>PE: Environment check: prod → require_approval
PE-->>GW: Decision: REQUIRE_APPROVAL
Note over GW,JK: Request never reaches Jenkins
GW->>GW: Write audit entry
GW-->>AI: 200 OK {decision: REQUIRE_APPROVAL,<br/>reason: "Production deployments require approval"}
Demo Script
Presenter says: "Now the AI tries to deploy to production. The gateway doesn't just allow or deny — it has a third option."
Action
Example request:
"Deploy branch release/4.2.0 to production"
Send a gateway request for jenkins.deploy with env=prod and branch=release/4.2.0.
Expected Response
{
"request_id": "req-...",
"decision": "require_approval",
"reason": "Production deployments require approval",
"matched_rule": "env-deploy-rules",
"approval": {
"status": "pending",
"timeout_seconds": 60
}
}
What This Proves
- The policy engine distinguishes between environments: staging=allow, prod=require_approval
- No production action happens without a human in the loop
- The AI cannot bypass this — even with valid credentials and correct scopes
- This is the same principle as manual deploy approvals, applied to AI agents
Contrast (optional)
If time permits, also ask:
"Deploy branch release/4.2.0 to staging"
This one returns ALLOW — showing environment-based differentiation in action.
Transition to Next Scene
"So prod needs approval — good. But what about attack scenarios? What if the AI tries to access something it shouldn't?"