Governance Failures Are Cheaper to Catch Early
A misconfigured rate limit that slips into production can let a rogue agent burn through your entire monthly API budget in hours. A policy with a typo in the resource pattern can silently fail to protect sensitive data. These are not hypothetical scenarios. They are the kinds of issues our users have reported discovering after deployment, when the blast radius is at its widest.
Today we are releasing the MeshGuard GitHub Action (meshguard/governance-action@v1), a CI/CD integration that validates your governance configuration on every pull request so misconfigurations never make it past code review.
What It Validates
The action runs three validation stages:
Schema validation. Every policy, agent definition, and alert channel configuration is checked against the current MeshGuard API schema. Typos, missing required fields, and invalid enum values are caught instantly.
Policy simulation. If you include test suites (the same format used by the Policy Playground), the action evaluates every test case against your policies and fails the check if any assertion does not pass.
Drift detection. The action compares your repository's governance configuration against the live MeshGuard workspace and reports any resources that have drifted, so you know if manual UI changes have diverged from your source of truth.
Adding It to Your Workflow
Create .github/workflows/meshguard.yml:
name: MeshGuard Governance Validation
on:
pull_request:
paths:
- 'governance/**'
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate governance config
uses: meshguard/governance-action@v1
with:
api_key: ${{ secrets.MESHGUARD_API_KEY }}
config_path: ./governance
test_suites: ./governance/tests
fail_on_drift: true
That is the entire setup. Every pull request that touches files in the governance/ directory will be validated before it can merge.
Pull Request Annotations
When the action finds issues, it posts inline annotations directly on the pull request diff, pointing to the exact file and line where the problem was detected. Reviewers see governance feedback alongside the code changes:
governance/policies/rate-limit.yaml:12
Error: invalid value "throtttle" for on_violation
(expected: "throttle", "deny", or "alert")
No more switching between dashboards to understand what went wrong. The feedback lives where the change lives.
Deployment Gating
For teams that manage deployments through GitHub, the action can serve as a required status check. Add it to your branch protection rules and no governance change can merge without passing validation:
- name: Validate and gate
uses: meshguard/governance-action@v1
with:
api_key: ${{ secrets.MESHGUARD_API_KEY }}
config_path: ./governance
strict: true # non-zero exit on any warning
Combine this with the MeshGuard Terraform Provider for a full GitOps workflow: changes are authored in HCL, validated by the GitHub Action, and applied by Terraform on merge.
Beyond GitHub
We chose GitHub Actions as the first integration because it covers the majority of our user base, but the same validation logic is available through the MeshGuard CLI. If your team uses GitLab CI, Jenkins, or any other pipeline tool, you can run the same checks:
meshguard validate --config ./governance --tests ./governance/tests
meshguard drift --config ./governance --workspace prod
Get Started
The action is available now on the GitHub Marketplace. Setup takes less than five minutes if you already have governance configuration in your repository. If you are just starting with IaC for governance, pair this action with our Terraform Provider for the complete workflow.
Stop discovering governance issues in production. Catch them in the pull request.