Skip to content
Flows
Agent QA & Security Intermediate · 60-90 minutes

Release Gates for Agent-Generated Code

Put agent output through a real merge gate: automated review, tests, security scans, and human sign-off proportional to risk.

Start Route · 4 steps

The route

4 steps to Done

  1. 01

    Assemble the automated gate

    Stack the deterministic and test-based checks first.

    Preview prompt + verify gate ▾

    Build the automated portion of the gate for agent-generated changes. Compose the layers already available (or build the missing ones): the rule-file review gate (deterministic policy checks on the diff), the full test suite plus the verification evidence the agent produced, security scans (the injection/red-team suite where the change touches agent behavior; SAST where applicable), dependency/supply-chain checks for any new deps, and a secret scan on the diff. Wire these as required status checks on the change (PR or equivalent). Any failure blocks. Ensure these run on agent changes at parity with or above human-change checks. Test by pushing an agent change with a planted rule violation and a failing test and confirming both block the merge.

    • Rules, tests, security, deps, and secrets all gate
    • Parity-or-stricter versus human-change checks
    • Planted failures block as expected
  2. 02

    Classify change risk

    Not all changes deserve the same gate - risk sets the depth.

    Preview prompt + verify gate ▾

    Implement change-risk classification to drive review depth. Signals: touched paths (auth, payments, data migrations, security config, infra = high; core logic = medium; docs, tests, copy = low), change size/churn, whether public interfaces or schemas change, and whether new dependencies or destructive migrations are involved. Compute a risk tier per change (deterministically from these signals; the rule engine can host this). Map tiers to required human review: LOW may merge on green automated checks with post-hoc audit sampling; MEDIUM requires one human reviewer; HIGH requires a domain reviewer's explicit sign-off and cannot merge on automation alone. Document the path-to-risk mapping and test it against several sample diffs.

    • High-risk paths enumerated
    • Tier computed from concrete signals
    • Tiers mapped to reviewer requirements
  3. 03

    Label provenance and require sign-off

    Reviewers must know it is agent code, and risky code needs a human name on it.

    Preview prompt + verify gate ▾

    Add provenance and human sign-off. PROVENANCE: label every agent-generated change (a marker on the PR/commit: which agent, which session, link to the agent's evidence record) so reviewers know to scrutinize and so audits can trace it; include the agent's own summary of what it changed and how it verified. SIGN-OFF: enforce the tier-based human requirement from the gate - MEDIUM/HIGH changes cannot merge without the required reviewer's recorded approval; the reviewer sees the provenance, the diff, the automated results, and the evidence. For HIGH, require the reviewer to confirm the risky aspect specifically (not just a rubber-stamp). Verify a high-risk agent change is correctly blocked until a domain reviewer signs off.

    • Agent changes labeled with session/evidence links
    • Medium/high require recorded human approval
    • High-risk sign-off confirms the risky aspect
  4. 04

    Record, audit, and tune

    The gate must be auditable and calibrated over time.

    Preview prompt + verify gate ▾

    Complete the system with records and feedback. RECORD: per merged change, store the gate record - checks run and results, risk tier, reviewers and approvals, and agent provenance - queryable for audits. AUDIT: sample low-tier auto-merged changes periodically for missed issues (calibrates whether the auto-merge bar is right); review any post-merge incident against the gate ('what should have caught this?') and strengthen the relevant layer. TUNE: track gate metrics - false-block rate (legit changes wrongly blocked, which erodes trust) and escape rate (issues that got through) - and adjust rules/tiers to balance them. Validate the whole gate on a realistic mix of agent changes (a docs tweak, a core fix, an auth change) and confirm each got proportionate treatment and a complete record.

    • Gate records queryable per change
    • Low-tier auto-merges audit-sampled
    • False-block and escape rates tracked and tuned

Research-backed

Sources behind this flow