Release Manager
Overview
Section titled “Overview”The Release Manager is a Cloudflare Worker that automates the PR-to-production pipeline. It evaluates QA results, requests Slack approval, squash-merges PRs, monitors deployments, and handles rollbacks on failure.
It runs as a standalone worker at apps/agents/release/ — separate from the main Nucleus app worker.
How It Works
Section titled “How It Works”PR State Machine
Section titled “PR State Machine”Every PR tracked by the release manager moves through these states:
| State | Meaning |
|---|---|
open | PR just opened or re-evaluated |
qa-pending | Waiting for UX and Tech QA agents to post comments |
blocked-p1 | P1 issues found — merge blocked until fixed |
awaiting-approval | QA passed — waiting for human /release merge command |
approved | Human approved — merge will happen on next tick |
deploying | Squash-merged, monitoring CI deploy workflow |
deployed | Deploy succeeded, health check passed |
merge-failed | GitHub merge API returned an error |
deploy-failed | CI workflow failed or health check failed |
user-blocked | Manually blocked via /release block command |
Scheduled Tick (every 30 minutes)
Section titled “Scheduled Tick (every 30 minutes)”- Check any in-flight deployments (KV-based, non-blocking)
- Fetch all open PRs targeting
main - For each PR, evaluate QA agent comments and advance state
- If approved, squash-merge and start deploy monitoring
QA Evaluation
Section titled “QA Evaluation”The worker reads structured comments from the UX and Tech QA agents:
- Both agents must have posted for QA to be considered complete
- P1 findings block the merge and create fix task issues
- P2/P3 findings are logged but non-blocking
Deploy Monitoring
Section titled “Deploy Monitoring”After merge, the worker writes a deploy monitor state to KV and checks it on subsequent cron ticks (no long-running polling loops). It:
- Finds the GitHub Actions workflow run for the merge SHA
- Polls workflow status across ticks until complete
- Hits the health endpoint to verify the deploy is live
- On failure, creates a revert PR and a P1 issue
Slack Integration
Section titled “Slack Integration”Slash Commands
Section titled “Slash Commands”| Command | Description |
|---|---|
/release status | Show the current release queue (default) |
/release merge <pr> [skip-qa] | Approve and merge a PR (optionally skip QA gate) |
/release block <pr> [reason] | Block a PR from merging |
/release unblock <pr> | Unblock a previously blocked PR |
/release rollback | Instructions for manual rollback |
/release help | Show the command reference |
Interactive Buttons
Section titled “Interactive Buttons”When a PR requires approval, the worker posts a Slack message with Approve and Reject buttons. Approving advances the PR to approved state.
Notifications
Section titled “Notifications”- PR ready for merge (QA passed)
- PR blocked by P1 issues (with fix task links)
- Merge in progress
- Deploy success (with closed issue list)
- Deploy failure (with revert status)
- Merge conflict (manual resolution required)
Security
Section titled “Security”- GitHub webhook: Verified via
X-Hub-Signature-256HMAC-SHA256 - Slack actions/commands: Verified via
x-slack-signatureHMAC-SHA256 - Agent API (
/api/release,/api/status): RequiresX-Agent-Tokenheader matchingAGENT_SECRET - Health endpoint: Public (no auth needed)
Configuration
Section titled “Configuration”Secrets (set via wrangler secret put)
Section titled “Secrets (set via wrangler secret put)”| Secret | Purpose |
|---|---|
GITHUB_TOKEN | GitHub API access (repo scope) |
GITHUB_WEBHOOK_SECRET | GitHub webhook signature verification |
AGENT_SECRET | Agent-to-agent API auth token |
SLACK_BOT_TOKEN | Slack Bot User OAuth token |
SLACK_SIGNING_SECRET | Slack request signature verification |
Vars (in wrangler.toml)
Section titled “Vars (in wrangler.toml)”| Var | Value |
|---|---|
GITHUB_OWNER | dotdev-brendon |
GITHUB_REPO | nucleus |
SLACK_RELEASES_CHANNEL | Slack channel ID for notifications |
KV Namespace
Section titled “KV Namespace”RELEASE_STATE— Stores PR state machine records (release:pr:{number}), approval state (release:approval:{number}), and deploy monitor state (deploy:monitor:{number})
Source Files
Section titled “Source Files”| File | Purpose |
|---|---|
src/index.ts | Hono routes, scheduled handler, state machine |
src/types.ts | Type definitions (Env, PRRecord, etc.) |
src/merge.ts | GitHub merge, revert, label, and issue operations |
src/deploy-monitor.ts | Non-blocking deploy monitoring via KV |
src/qa-evaluator.ts | Parse QA agent comments, compute readiness |
src/approval.ts | Slack approval flow, block/unblock |
src/slack.ts | Slack signature verification, Block Kit builders |
src/github-client.ts | Shared GitHub REST API helpers |