AI Agent Governance

Your agents ship code. Who authorized the action?

AI coding agents now open PRs, edit workflows, write migrations, and trigger deploys. The hard question is no longer who wrote this code — it's should this action execute? Decionis answers it before anything runs: allow, block, or escalate.

Get your free API keys See the GitHub Action

Governs changes fromClaude CodeGitHub CopilotCursorCodexOpenHandsDevin

The question has changed

Yesterday

Who wrote this code?

Code review, ownership, and ADRs answered authorship. Humans were the bottleneck, so review kept pace.

Now

Who authorized this action?

Agents propose and execute faster than anyone can review. The control point moves from authorship to authority — a verdict before execution.

How the gate works

Agent proposes an action

A PR, a workflow edit, a migration, a deploy — anything an agent generates flows into your pipeline.

Decionis evaluates it

Against policy, required approvers, branch and environment, and risk — before the action executes.

Allow · block · escalate

A signed Decision Dossier records why, who approved, and which policy applied. Block holds it for a human.

Built on three primitives

Action Gate

One verdict before execution — allow, block, or escalate. Composes into any pipeline step.

Shadow Mode

Watch what your agents would have triggered without failing a build. Observe first, enforce when convinced.

Decision Dossiers

A signed, verifiable record of every agent action: why, who approved, which policy, what risk.

Start in shadow mode

Gate agent changes in one step

Add the GitHub Action to the workflow your agents' PRs trigger. It detects agent-generated changes and posts a verdict on the PR — blocking or escalating the risky ones until a human signs off, while low-risk changes sail through.

No build failures in shadow — observe first
Signed proof on every agent action
Allow / block / escalate, composable in later steps

Full GitHub Action docs & recipes

.github/workflows/ai-gate.yml

- uses: decionis/govern@v1
  id: gate
  with:
    api-key: ${{ secrets.DECIONIS_API_KEY }}
    org-id: ${{ secrets.DECIONIS_ORG_ID }}
    workflow-key: ai_change_gate
    action: ai-generated-pr
    comment-pr: 'true'
    payload: |
      { "author": "${{ github.actor }}", "agent_generated": true }

Before your agent's code executes, decide whether it's allowed to.

Get your free API keys See a Decision Dossier

No credit card, no call.

Loading…