Skip to content

feat: pi-deployment-guard — pre-push checks, CI monitoring, and deploy verification #86

Open
Open
feat: pi-deployment-guard — pre-push checks, CI monitoring, and deploy verification#86
Labels
extension-ideaNew extension package idea for the monorepoimpact: mediumMedium impact potential
@MattDevy

Description

@MattDevy
MattDevy
opened on Apr 10, 2026

Summary

A Pi extension that adds safety checks before git push, monitors CI pipeline status, and provides deployment verification gates. Inspired by ECC's deployment-patterns skill, verification-loop, and springboot-verification / django-verification / laravel-verification framework-specific verification skills.

Motivation

Agents can push code that breaks CI, deploys to the wrong branch, or misses required checks. A deployment guard extension adds friction at the right moments: verifying tests pass locally before push, confirming CI status before merge, and validating deployment health after release. Particularly valuable for teams granting agents more autonomy.

Proposed Features

1. Pre-Push Verification (/pre-push)

  • Run before git push (hookable via user_bash event detection)
  • Checks: tests pass, type-check clean, lint clean, no uncommitted changes
  • Configurable check list per project (e.g., skip lint for docs-only changes)
  • Blocks push suggestion if checks fail, surfaces failures to agent

2. CI Status Polling (/ci-status)

  • After push, poll CI status via GitHub API (gh run list)
  • /ci-status — show current CI run status for the branch
  • Inject CI failure context into agent's next turn if a run fails
  • Auto-detect CI system (GitHub Actions, Buildkite, CircleCI) from repo config

3. Deployment Verification

  • Post-deploy health check: hit a configured endpoint, verify 200 response
  • /deploy-check <url> — verify deployment health
  • Configurable health check endpoints per environment (staging, production)

4. Branch Protection Awareness

  • Detect protected branch rules via GitHub API
  • Warn agent before attempting to push to protected branches
  • Suggest PR workflow when direct push would fail

5. System Prompt Injection

  • When agent is about to push or deploy, inject safety reminders
  • "Before pushing: ensure tests pass, check for uncommitted files, verify branch"

Pi Extension API Integration

API Surface Usage
user_bash hook Detect git push commands, trigger pre-push checks
tool_execution_end hook Detect bash tool running git push
before_agent_start hook Inject deployment safety context
pi.registerCommand() /pre-push, /ci-status, /deploy-check
pi.registerTool() ci_status, deploy_check, pre_push_verify

Implementation Notes

  • Pre-push checks shell out to test/lint/typecheck runners
  • CI polling via gh CLI (already available in most environments)
  • Health checks via simple HTTP fetch (Node built-in fetch)
  • Configuration in .pi/deployment-guard/config.json per project
  • Lightweight: no LLM calls, pure automation

Prior Art

  • ECC deployment-patterns: deployment workflows and CI/CD patterns
  • ECC verification-loop: comprehensive verification system
  • ECC framework-specific verification: springboot-verification, django-verification, laravel-verification
  • husky / lint-staged: pre-commit hooks (not agent-integrated)
  • No existing Pi extension provides deployment safety gates

Effort Estimate

Low to medium. Pre-push checks are simple shell-outs. CI polling via gh is straightforward. Health checks are trivial. The main design work is making the check list configurable and the failure reporting clear.

Metadata

Metadata

Assignees

No one assigned

    Labels

    extension-ideaNew extension package idea for the monorepoimpact: mediumMedium impact potential

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions