Problem
Agents sometimes need to request useful outcomes such as preview refresh, Every Code rerun, feedback acknowledgment, dry-run promotion, settings apply, or cleanup without receiving broad Launchplane write authority.
Scope
- Define write-intent action types and safety levels: safe_write, mutation, destructive, prod, and secret_backed.
- Prefer dry-run-first flows for actions that mutate runtime or configuration.
- Route runtime/product mutations through Launchplane while keeping GitHub as code/PR/comment/check truth.
- Require explicit elevated authorization for destructive, prod, and secret-backed actions.
- Record audit/provenance for agent-initiated intents.
Acceptance Criteria
- Agents can request safe scoped intents without a generic write token.
- Preview, rerun, dry-run, apply, cleanup, and promotion-dispatch candidates are individually authorized.
- Responses return status/evidence and source links, not reusable credentials.
- Tests cover allowed and denied intents across subject types and safety levels.
Relationships
Problem
Agents sometimes need to request useful outcomes such as preview refresh, Every Code rerun, feedback acknowledgment, dry-run promotion, settings apply, or cleanup without receiving broad Launchplane write authority.
Scope
Acceptance Criteria
Relationships