Skip to content

docs(marketplace): polish listing for verified-creator submission #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rodchalski merged 1 commit into from
May 1, 2026
Merged

docs(marketplace): polish listing for verified-creator submission #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 19 additions & 8 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,6 @@ When Cursor / Codex / Copilot / Claude Code opens a PR that touches `deploy/`, `

> "GitHub asks 'did a reviewer approve?' Deploy Gate asks 'did a named human authorize this exact AI action?' and gives you signed proof."

## Why this exists

AI agents are moving from "suggest text" to "take actions": committing code, modifying workflows, and deploying to production. GitHub controls like branch protection, environments, and required reviewers gate humans, not agents.

Deploy Gate is the missing primitive: a deterministic gate keyed to the exact action the agent is taking, with a signed authority receipt as the audit artifact.

When audit time comes, you do not want to hand over a mutable PR comment thread. You want a chain of signed receipts that can be independently verified.

## Quickstart

Add to your workflow:
Expand All @@ -41,6 +33,10 @@ jobs:
pp-api-key: ${{ secrets.PP_API_KEY }}
```

Free for unlimited signers and unlimited public repos. Paid tiers add policy controls and audit retention. See [pricing](https://permissionprotocol.com/pricing).

![Blocked PR](./assets/marketplace-blocked-pr.png)

1. Get API key at https://app.permissionprotocol.com
2. Add secret:

Expand All @@ -52,6 +48,14 @@ gh secret set PP_API_KEY -b "pp_live_..."

Full install guide: [INSTALL.md](./INSTALL.md)

## Why this exists

AI agents are moving from "suggest text" to "take actions": committing code, modifying workflows, and deploying to production. GitHub controls like branch protection, environments, and required reviewers gate humans, not agents.

Deploy Gate is the missing primitive: a deterministic gate keyed to the exact action the agent is taking, with a signed authority receipt as the audit artifact.

When audit time comes, you do not want to hand over a mutable PR comment thread. You want a chain of signed receipts that can be independently verified.

## Failure modes

`v2` defaults to fail-closed when the Permission Protocol API is unavailable. **A security tool that fails open in a network blip is not a security tool.**
Expand Down Expand Up @@ -111,6 +115,13 @@ Deploy Gate checks for valid receipt
| PR comments + screenshots | No | No | Open to mutation |
| Deploy Gate | Yes | Yes (Ed25519 receipt) | Fails closed for production |

## Resources

- Trust + compliance: https://permissionprotocol.com/trust
- Support: https://permissionprotocol.com/contact
- Live demo: https://permissionprotocol.com/r/demo
- Reference verifier (CLI): https://github.com/permission-protocol/pp-cli

## License

MIT - see [LICENSE](./LICENSE)
4 changes: 2 additions & 2 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Version: v2
# Version: v2.1.0
name: 'Deploy Gate'
description: 'Block AI deploys until a human signs off — no receipt, no merge (v2 fail-closed defaults)'
description: 'Block AI agents from production deploys without a human-signed Ed25519 receipt. Fails closed by default.'
author: 'Permission Protocol'

branding:
Expand Down
Loading