Phase 8 of 12 · Engineering Operator
Review, Release & Provenance
Phase 8 is the work of attaching evidence, approvals, and provenance before release, where humans triage risk, plan rollback, and refuse rubber-stamp review.
Attach evidence, approvals, and provenance before AI-assisted work reaches users.
Decision rules
Each rule connects a real situation to the skill or playbook that fits it. Linked terms open canonical sources.
| Situation | Missing skill | Recommended playbook | Alternatives | Why |
|---|---|---|---|---|
| Agent-generated PRs are shipping without explainable reasoning attached to them. | Evidence-bundle review | ce:review | requesting-code-review | Ce:review requires an evidence bundle — diff, tests, eval results — on every agent PR; requesting-code-review is the lighter human-side discipline when the bundle already exists. |
| Reviewers are receiving stale PRs with no framing of intent or risk. | Review-request discipline | requesting-code-review | ce:review | Requesting-code-review frames the review with intent, risk and what to verify; ce:review is the matching reviewer-side playbook when the author has done their part. |
| A release is high-risk and no one has named what could go wrong before it ships. | Pre-mortem | pm-execution:pre-mortem | Release readiness review | Pre-mortem surfaces failure modes as concrete eval cases; a release readiness review is broader and covers ops as well, which is overkill when the question is purely 'what breaks?'. |
| Agent commits are sprawling and hard to revert when something goes wrong. | Commit discipline | git-commit-push-pr | Manual conventional commits | Git-commit-push-pr enforces small atomic commits with explainable messages automatically; manual conventional commits work when the team already has the habit. |
| A branch is being called 'done' but isn't actually ready to ship. | Branch closeout | finishing-a-development-branch | Release readiness review | Finishing-a-development-branch checks tests, evals, rollback and evidence bundle before merge; a release readiness review covers more ground but is heavier for a single branch. |
Watch
Reality
PR review, provenance, sandboxing, and release controls are where agentic engineering becomes operationally trustworthy.
Required skills
- Evidence bundle review
- PR risk triage
- Release readiness judgement
- Rollback planning
- Supply-chain provenance
Viable tools
Failure modes
- Opaque authorship
- Unsafe test execution
- Rubber-stamp review
Next operating step
Attach an evidence bundle before release: issue, agent sessions, prompts, files changed, tests, evals, cost, approvals, provenance, rollback path.
Working through Review, Release & Provenance?
I advise teams on this part of the lifecycle. Get in touch → if you want a direct, vendor-free conversation about what's worth doing next.