Problem
When a PR branch is updated (e.g., "Update Branch" to satisfy strict build checks), the deploy-gate action creates a new deploy request on the new SHA. The prior human approval on the old SHA does not carry over. This forces users to re-approve every time main advances — creating an approval loop.
Current Flow (broken)
- PR opened → deploy-gate creates request A (SHA
abc123) → human approves ✅
- Main advances → user clicks "Update Branch" → new SHA
def456
- PR Gate re-runs → deploy-gate creates request B (SHA
def456) → ❌ "NO RECEIPT — Human approval required"
- User must re-approve — but if they merge another PR, the cycle repeats
Expected Flow
- PR opened → deploy-gate creates request A → human approves ✅
- Main advances → branch updates → new SHA
- PR Gate re-runs → deploy-gate detects prior approval for this PR → auto-approves with receipt referencing the original approval
- Status set to success → PR is mergeable
Proposed Implementation
In the deploy-gate action, before failing with "NO RECEIPT":
- Query the PP API for existing approved deploy requests matching the same
repo + PR number
- If a prior approval exists:
- Create the new deploy request as normal (audit trail)
- Immediately auto-approve it, referencing the original approval as justification
- Set commit status to success with receipt
- Log: "✅ Auto-approved — prior authorization found (request: )"
- If no prior approval exists: current behavior (fail, prompt for human review)
Security Considerations
- Auto-approval ONLY when a human already approved the same PR — no new authorization granted
- The new request still gets created (full audit trail preserved)
- Receipt references the chain: "approved based on prior authorization "
- If PR scope changes (new non-merge commits), consider requiring re-approval (Phase 2)
Impact
High. This is the #1 UX friction for any repo with strict build checks + PP deploy gate. Every user with an active repo will hit this.
Problem
When a PR branch is updated (e.g., "Update Branch" to satisfy strict build checks), the deploy-gate action creates a new deploy request on the new SHA. The prior human approval on the old SHA does not carry over. This forces users to re-approve every time
mainadvances — creating an approval loop.Current Flow (broken)
abc123) → human approves ✅def456def456) → ❌ "NO RECEIPT — Human approval required"Expected Flow
Proposed Implementation
In the deploy-gate action, before failing with "NO RECEIPT":
repo + PR numberSecurity Considerations
Impact
High. This is the #1 UX friction for any repo with strict build checks + PP deploy gate. Every user with an active repo will hit this.