feat(pipeline): G4 Pre-Deployment Enforcement — CI/CD compliance gate

New table: deployment_checks (verdict, blocking/warning controls, risk score) New API: POST /v1/deployment-checks (SDK asks: "can I deploy?") GET /v1/deployment-checks/{id} (check result) POST /v1/deployment-checks/{id}/override (manual override with justification) GET /v1/deployment-checks/stats (approval/block rate) Check logic: queries G1 decision_traces + G3 open failures per affected control. Verdict: approved (0 blocking) or blocked (with fix recommendations). 454 tests pass, 0 regressions. Block G complete: G1-G4 all implemented. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-06 20:24:45 +02:00
parent c398e74d5e
commit d5bcd0bd5b
3 changed files with 298 additions and 0 deletions
@@ -9,6 +9,7 @@ from api.decision_trace_routes import router as decision_trace_router
 from api.decision_trace_routes import full_trace_router
 from api.compliance_commit_routes import router as compliance_commit_router
 from api.decision_event_routes import router as decision_event_router
+from api.deployment_check_routes import router as deployment_check_router

 router = APIRouter()
 router.include_router(generator_router)
@@ -20,3 +21,4 @@ router.include_router(decision_trace_router)
 router.include_router(full_trace_router)
 router.include_router(compliance_commit_router)
 router.include_router(decision_event_router)
+router.include_router(deployment_check_router)