API Reference
GitHub Action Reference
aegis-governance/.github/actions/aegis-gate -- Reusable composite action
aegis-governance/.github/actions/aegis-gate-- Reusable composite action for enforcing AEGIS governance gates in GitHub Actions workflows.
Overview
The AEGIS Governance Gate action evaluates a proposal against AEGIS governance gates by calling the Cloud Run API with a Bearer token. Use it in any repository to enforce governance checks before deployment, merging, or other critical operations.
The action:
- Builds a proposal payload from inputs
- Calls the AEGIS Cloud Run API (
POST /evaluate) with Bearer token auth - Parses the decision response
- Writes a summary table to the GitHub Actions step summary
- Optionally fails the workflow if the decision is
halt
Usage
- uses: undercurrentai/aegis-governance/.github/actions/aegis-gate@main
with:
api_key: ${{ secrets.AEGIS_API_KEY }}
proposal_summary: "Deploy new authentication service"
estimated_impact: "high"
risk_score: "0.4"
complexity_score: "0.7"Setup
- Get an API key from portal.undercurrentholdings.com
- Add
AEGIS_API_KEYas a GitHub Actions secret in your repository - Reference the action in your workflow (see examples below)
No cloud provider credentials needed — the action uses a simple HTTPS call.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
api_key | Yes | AEGIS API key (from portal). Store as a GitHub secret. | |
api_url | No | Cloud Run prod URL | AEGIS API base URL (override for staging/self-hosted) |
proposal_summary | Yes | Brief description of the proposed change | |
estimated_impact | Yes | medium | Impact level: low, medium, high, critical |
change_type | No | feature | Change type: feature, refactor, bugfix, config |
risk_score | No | 0.0 | Risk score (0.0-1.0) |
risk_baseline | No | 0.0 | Risk baseline (0.0-1.0) |
profit_proposed | No | 0.0 | Proposed profit value |
profit_baseline | No | 0.0 | Profit baseline value |
novelty_score | No | 0.5 | Novelty score (0.0-1.0) |
complexity_score | No | 0.5 | Complexity score (0.0-1.0, higher = simpler) |
quality_score | No | 0.7 | Quality score (0.0-1.0) |
agent_id | No | github-actions | Agent/caller identifier |
fail_on_halt | No | true | Fail the workflow if AEGIS returns HALT |
Outputs
| Output | Description |
|---|---|
status | AEGIS decision status: proceed, pause, halt, escalate |
confidence | Decision confidence score (0.0-1.0) |
rationale | Human-readable decision rationale |
decision_json | Full decision response as a JSON string |
Example: Pre-Deployment Gate
name: Deploy with Governance Gate
on:
push:
branches: [main]
jobs:
governance-gate:
runs-on: ubuntu-latest
outputs:
status: ${{ steps.aegis.outputs.status }}
steps:
- name: AEGIS Governance Gate
id: aegis
uses: undercurrentai/aegis-governance/.github/actions/aegis-gate@main
with:
api_key: ${{ secrets.AEGIS_API_KEY }}
proposal_summary: "Deploy ${{ github.repository }} to production"
estimated_impact: "high"
risk_score: "0.3"
complexity_score: "0.7"
deploy:
needs: governance-gate
if: needs.governance-gate.outputs.status == 'proceed'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: ./scripts/deploy.shTroubleshooting
| Error | Cause | Fix |
|---|---|---|
| HTTP 401 | Invalid or expired API key | Check AEGIS_API_KEY secret |
| HTTP 403 | Cloud Run IAM rejection | Should not occur with Bearer auth |
| HTTP 503 | Unkey service not configured | Contact AEGIS support |
| Timeout | Cloud Run cold start | Retry or increase timeout |
Security
- No cloud provider credentials needed: Simple HTTPS POST with Bearer token
- No script injection: Inputs passed via environment variables
- Heredoc delimiters: Multi-line outputs use heredoc to prevent GITHUB_OUTPUT injection