Tier 3: Team Deployment
Tier 3: Team Deployment
Section titled “Tier 3: Team Deployment”Tier 3 hands repeatable deploy and rollback work to the agent. It does not hide production boundaries: humans still configure ingress, SSL, and DNS.
You Provide / Confirm
Section titled “You Provide / Confirm”- Release targets, environment variables, per-environment overrides, and production boundaries.
- Human-owned ingress capabilities such as Nginx, SSL/ACME, and DNS providers.
- Pipeline template imports, project pipeline config, and diffs generated by the agent.
- Deployment strategy details such as
sync_mode,roles, and target host groups.
Humans still configure Nginx, SSL/ACME, and DNS provider settings. These are ingress capabilities, not the primary MCP deployment path.
The Pipeline Flow
Section titled “The Pipeline Flow”The agent should use this chain to generate, write, and run the pipeline:
preview_pipeline_templateimport_pipeline_templatepreview_config_change(kind="config.pipeline.upsert")apply_config_changevalidate_project_pipelinedeploy_project_pipelinelist_pipeline_runsread_pipeline_run_logslist_pipeline_artifacts
Multi-environment Rules
Section titled “Multi-environment Rules”One pipeline can serve test and production. pipeline.environments overrides only the variables that differ by environment. Variable precedence is project.variables, project.pipelines[].variables, project.pipelines[].pipeline.variables, project.pipelines[].environments[env].variables, then run variables.
artifact_version reuses an existing artifact and skips build, running deploy and finally steps only. Rollback redeploys an old artifact; promotion deploys a tested artifact to production with production variables and targets.