CI/CD Deployment Agent

Description

A deploy agent pushes to production only when policy-verifiable evidence is present: deploy_prod capability, branch is main, tests passed, at least 2 PR approvals, artifact digest matches SBOM/SLSA attestations, and trust ≥ 85.

The agent requests a one-shot token per deployment step; the decision logs commit SHA, artifact digest, approvals count, and test run IDs.

Business Value

Cut change failures by enforcing gates consistently across teams; give auditors one source of truth:

• Fewer change failures: Enforce multi-evidence gates across teams and repos, uniformly.
• Traceable releases: Instant provenance for audits and rollbacks.
• Faster governance: Security/compliance edits policy once; all services inherit.
• Separation of duties: Cryptographically distinct agent identity prevents “who deployed?” ambiguity.

Why Not With Alternatives?

CI secrets + branch protections don’t express multi-evidence policy (tests, approvals, trust) with VC-backed identities and per-request attestation:

• Branch protections & CI secrets don’t reliably combine approvals, test artifacts, SBOM checks, and trust in a single, attestable decision.
• Per-tool settings fragment controls across Git, CI, and CD; easy to adjust.
• OPA alone lacks verifiable agent identity and one-shot tokening tied to each deploy step.

Policy

default allow = false

allow if {
  input.action == "deploy_prod" ## agent/bot will need to have this capability in its VC
  input.resource == "k8s://cluster/prod"
  input.context.branch == "main"
  input.context.tests_passed == true
  input.context.pr_approvals >= 2
  input.trust >= 85
}