From 17367a12450ed1f4a07fefbd8486545bdaf744a5 Mon Sep 17 00:00:00 2001
From: "Charles (Cron Worker)" <charles@permissionprotocol.com>
Date: Sat, 2 May 2026 15:22:06 -0600
Subject: [PATCH 1/2] docs: update install examples for v2

---
 INSTALL.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/INSTALL.md b/INSTALL.md
index 51150c4..d27c3a4 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -54,7 +54,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: permission-protocol/deploy-gate@v1
+      - uses: permission-protocol/deploy-gate@v2
         with:
           pp-api-key: ${{ secrets.PP_API_KEY }}
 ```
@@ -62,7 +62,7 @@ jobs:
 Optional (auto-create request on missing receipt):
 
 ```yaml
-      - uses: permission-protocol/deploy-gate@v1
+      - uses: permission-protocol/deploy-gate@v2
         with:
           pp-api-key: ${{ secrets.PP_API_KEY }}
           pp-request-create-token: ${{ secrets.PP_REQUEST_CREATE_TOKEN }}
@@ -189,7 +189,7 @@ Default protected paths: `deploy/` and `.github/workflows/`
 To send different risk metadata signals:
 
 ```yaml
-- uses: permission-protocol/deploy-gate@v1
+- uses: permission-protocol/deploy-gate@v2
   with:
     pp-api-key: ${{ secrets.PP_API_KEY }}
     protected-paths: '^(src/critical/|infra/|k8s/|terraform/)'

From 2f995673607f3786a10769b697b7e53dc69fb0a4 Mon Sep 17 00:00:00 2001
From: "Charles (Cron Worker)" <charles@permissionprotocol.com>
Date: Wed, 13 May 2026 20:23:59 -0600
Subject: [PATCH 2/2] fix: skip gate for draft PRs, bump to v2.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add early draft check via 'gh pr view --json isDraft' before the
verify/create flow. Exits with approved=true and decision=DRAFT_SKIPPED
so the step doesn't block the workflow. Gate runs normally when the
PR is marked ready for review.

No new secrets needed — GH_TOKEN is already in the environment.
---
 action.yml | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/action.yml b/action.yml
index 5f7cb28..dbc95f8 100644
--- a/action.yml
+++ b/action.yml
@@ -1,4 +1,4 @@
-# Version: v2.1.0
+# Version: v2.2.0
 name: 'Deploy Gate'
 description: 'Block AI agents from production deploys without a human-signed Ed25519 receipt. Fails closed by default.'
 author: 'Permission Protocol'
@@ -238,6 +238,23 @@ runs:
           fi
         done < <(normalize_csv_items "${PP_PRODUCTION_ENVIRONMENTS}")
 
+        # Skip the gate entirely for draft PRs — not ready for review/approval.
+        # When the PR is marked ready for review, the gate will run again.
+        if [ -n "${PP_PR_NUMBER}" ]; then
+          IS_DRAFT=$(gh pr view "${PP_PR_NUMBER}" --json isDraft --jq '.isDraft' 2>/dev/null || echo "false")
+          if [ "$IS_DRAFT" = "true" ]; then
+            echo "⏭️  Skipping Permission Protocol gate — PR #${PP_PR_NUMBER} is a draft"
+            set_output "approved" "true"
+            set_output "receipt-id" ""
+            set_output "decision" "DRAFT_SKIPPED"
+            set_output "error-code" ""
+            set_output "error-message" ""
+            set_output "request-id" ""
+            set_output "approval-url" ""
+            exit 0
+          fi
+        fi
+
         echo "🔍 Collecting changed files for risk metadata..."
         CHANGED_FILES=$(gh pr view "${PP_PR_NUMBER}" --json files --jq '.files[].path' 2>/dev/null || echo "")
         if [ -z "$CHANGED_FILES" ]; then