CadreenResearch Preview
DocumentationAPI ReferenceGuides & Cookbooks
Back to Guides & Cookbooks
Cookbook

Building a governed CI/CD pipeline with Cadreen

Use the Go SDK in your GitHub Actions. Cadreen assesses risk, checks policies, and decides: auto-deploy, handoff to human, or block. Governance IS the pipeline.

1

How it works

Your CI/CD pipeline calls Cadreen before deploying. Cadreen assesses the change, evaluates governance, and returns a decision. No custom approval system needed.

Push to mainCI calls CadreenAssess riskGovernanceDeploy / BlockCircuit breakers: spending anomalies, infinite loops, repeated failures
2

GitHub Action with Go SDK

.github/workflows/deploy.yml
name: Governed Deploy
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: '1.24'

      - name: Governed deployment
        env:
          CADREEN_API_KEY: ${{ secrets.CADREEN_API_KEY }}
        run: go run ./scripts/deploy.go
scripts/deploy.go
package main

import (
    "context"
    "fmt"
    "os"

    cadreen "github.com/timothy-billingrails/cadreen-sdks/go/cadreen"
)

func main() {
    client := cadreen.NewClient(os.Getenv("CADREEN_API_KEY"))

    // Assess the deployment
    result, err := client.Assess(context.Background(), cadreen.AssessRequest{
        Task:   "Deploy latest commit to production",
        Domain: "infrastructure",
    })
    if err != nil {
        fmt.Printf("Assessment failed: %v\n", err)
        os.Exit(1)
    }

    switch result.GovernanceResult.Type {
    case "auto":
        fmt.Println("Auto-approved. Deploying...")
        // deploy()
    case "handoff":
        fmt.Printf("Requires approval: %s\n", result.GovernanceResult.Reason)
        os.Exit(0) // Wait for human
    case "blocked":
        fmt.Printf("Blocked: %s\n", result.GovernanceResult.Reason)
        os.Exit(1)
    }
}
3

Circuit breakers

The Governance Monitor acts as a circuit breaker. It pauses missions when it detects anomalies:

Spending anomaly
$5/minute rate limit exceededPause mission
Infinite loop
5 executions of the same taskPause mission
Repeated failure
3 consecutive failuresPause mission
Note
Circuit breakers are automatic. You don't configure them — they're part of the governance architecture. Alerts are persisted with severity levels: info, warning, critical.
Note
Next: How to share AI memory across opencode, dashboard, and scripts — one brain, five surfaces.