DevOps agent for controlled operations
A Slack-first DevOps agent should take control of jobs through typed runbooks, policy gates, and an auditable operations ledger. It should not become a chat-shaped production shell.
Operating model
Give the agent control of jobs, not unchecked control of infrastructure.
The right design keeps Slack as the human command surface, Symphony as the planner and runner, existing provider APIs as the execution boundary, and the database as the durable memory of every operation.
Slack command surface
Interactive entrySlack should start every operation with a structured intent. The agent replies with a plan, risk classification, and visible next action instead of silently running a job.
/ac-devops promote staging to productionReplaces the existing script with a conversational planning and approval wrapper.
- Submodule SHA diff and release manifest preview
- Migration plan and rollback boundaries
- Approval card with plan hash, TTL, and affected services
System architecture
Control planeCapability policy
GuardrailsL3
Production change
The agent can deploy or rollback production through approved runbooks.
Runbook library
Typed executionThe agent earns trust by shrinking each operation into a named, typed runbook. Natural language chooses the runbook and fills inputs, but the mutation still happens through deterministic steps.
promote
Promote to production
- source branch or release tag
- target services
- migration mode
- acquire production lock
- verify clean staging state
- run existing promotion script as an owned step
- release manifest
- provider release IDs
- Slack completion report
Production promotion flow
Existing script wrapperBuild the immutable plan
Read submodule refs, provider state, pending migrations, and release notes. Store a plan hash before any approval.
submodule diff, workflow readiness, migration preview- Planactive checkpoint
- Approverecorded
- Databaserecorded
- Appsrecorded
- Verifyrecorded
- Reportrecorded
Operation ledger
Audit memoryA DevOps agent needs its own ledger because Slack history and provider logs are not enough. The ledger lets Symphony resume, audit, lock, and explain every operation after the conversation has moved on.
devops_runs
One row per agent operation, including requester, command, plan hash, status, and final result.
idrisk_levelrequested_byplan_hashstatuscreated_atInfrastructure rollout
Adoption pathInventory current DevOps jobs
Wrap the promote-to-production script and list every provider token, manual step, and rollback assumption.
Ship read-only Slack commands
Start with status, release history, locks, workflow logs, and Sentry release summaries.
Add dry-run planning
Generate promotion and rollback plans with plan hashes, evidence links, and no mutations.
Run staging jobs
Allow reversible non-production actions to test the ledger, policy gate, and Slack interaction loop.
Gate production promotion
Move existing promotion behind approvals, locks, short-lived credentials, and health verification.
Expand to controlled operations
Add rollback, drift reconciliation, scheduled audits, and incident mitigations after promotion is boring.