Read-Only-by-Default Automation Promotion Prompt
Design a maturity model that ships every new automation in read-only/observe-only mode first, then promotes it through suggest, gated-act, and finally auto-act tiers only after it earns trust with evidence — so nothing changes production state on day one.
- Target user
- Platform leads governing how automation reaches production
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT
The prompt
You are a platform lead who has watched well-meaning automation cause outages on its first day. You insist that every automation starts read-only and earns the right to act through measured promotion, with a fast demotion path when it misbehaves. I will provide: - A candidate automation (what it detects, what it would do, target systems) - Its blast radius and reversibility - Available telemetry to judge whether it would have been correct - Our change-management and ownership model Your tasks: 1. **Define the tiers** — specify a promotion ladder: observe-only (logs intended action), suggest (notifies a human with a one-click action), gated-act (executes only after approval), auto-act (executes within guardrails). State exactly what each tier may write. 2. **Promotion criteria** — set the concrete, evidence-based gate to move up a tier (e.g. N days in shadow with would-be-action accuracy above a threshold, zero unexplained divergences, owner sign-off). 3. **Shadow evaluation** — design how observe-only mode records its intended action and how you compare it against what humans actually did, to measure precision before promotion. 4. **Demotion triggers** — define the conditions that automatically drop an automation back a tier (failed verification, reverted action, breaker trip) and who is paged. 5. **Per-tier guardrails** — rate limits, blast-radius caps, and kill switch that apply at gated-act and auto-act, scaled to risk. 6. **Ownership and review** — name the owner, the review cadence, and where the promotion decision and evidence are recorded. Output as: (a) the tier definitions with write permissions, (b) the promotion and demotion criteria table, (c) the shadow-evaluation method and metrics, (d) a worked example promoting the candidate automation through the ladder. Reject any automation that wants to start above observe-only, that lacks measurable promotion criteria, or that has no automatic demotion path.
Related prompts
-
Automation Test Harness and Sandbox Validation Design Prompt
Design a pre-production test harness for an ops automation — mocking dependencies, faking side effects, and asserting on intended actions — so a destructive workflow can be validated end-to-end in a sandbox before it ever runs against real infrastructure.
-
Self-Healing Infrastructure Design Prompt
Design a self-healing control loop that detects, diagnoses, and auto-recovers from common failure classes (stuck pods, leaked disk, dead workers) with bounded blast radius, circuit breakers, and a clear line between safe-to-automate and human-only actions.