Rolling Deployment AGENTS.md Template | AGENTS.md Template for AI coding agents | Suhas Bhairav

Overview

AGENTS.md Template for rolling deployment strategy, authored for AI coding agents, enables multi-agent orchestration across planner, implementer, verifier, and rollback agents. It defines operating context, memory, tool governance, and escalation patterns to support controlled progressive rollout with automated handoffs and human review as needed.

Direct answer: This AGENTS.md template governs a rolling deployment workflow with clear agent roles, handoffs, and governance to ensure safe, observable, and reversible updates across services.

When to Use This AGENTS.md Template

Deploy microservices progressively with automated canary checks.
Coordinate multi-agent orchestration for rollout, validation, and rollback.
Enforce tool governance and access permissions during production changes.
Provide a single source of truth for deployment context and decisions.

Copyable AGENTS.md Template

# AGENTS.md

# Rolling Deployment – Agent Operating Context

Project role: Rolling deployment of microservices with safe canary progression and rollback support.

Agent roster and responsibilities:
- Planner: designs rollout plan, determines canary size, success criteria, and escalation thresholds.
- Implementer: applies changes to target services, interacts with CI/CD, and coordinates feature flags.
- Verifier: validates health signals, logs results, and confirms success criteria.
- RollbackAgent: triggers rollback when criteria fail or anomalies exceed thresholds.
- TelemetryAgent: collects metrics, traces, and alert signals for continuous feedback.
- Auditor: records decisions and maintains audit trails for compliance.

Supervisor or orchestrator behavior:
- The orchestrator evaluates canary results against thresholds, and authorizes progression to next stage.
- All actions are logged, time-bound, and tied to the verified context in the source-of-truth store.
- Handoffs occur only when predefined criteria are met and are auditable.

Handoff rules between agents:
- Planner -> Implementer: when rollout plan is approved and canary slice is defined.
- Implementer -> Verifier: after deployment changes are applied.
- Verifier -> RollbackAgent or Planner: if success criteria fail or anomalies detected; else Verifier notifies Orchestrator.
- RollbackAgent -> Implementer: to apply rollback steps; all steps require Verifier sign-off.

Context, memory, and source-of-truth rules:
- Maintain a single source of truth for deployment context (CI/CD config, feature flags, target subsets, and health signals).
- Agents should query the truth store before taking actions.
- Memory scope limited to current deployment window and historical notes for auditability.

Tool access and permission rules:
- Implementer, Planner, Verifier, RollbackAgent and TelemetryAgent have scoped permissions to the deployment environment, with read/write access limited to their roles.
- Secrets must be accessed via approved secret manager integrations; never hard-code secrets.

Architecture rules:
- Rolling deployment uses progressive stages with canary, hotfix, and rollback paths.
- Feature flags enable toggling features per stage.

File structure rules:
- /src, /infrastructure, /deployments, /agents, /policies, /logs, /secrets

Data, API, or integration rules:
- All external calls must be observed and logged; sensitive data must be redacted in logs.

Validation rules:
- Health checks in each stage must pass; metrics exceed thresholds before progressing.
- Rollback criteria must be defined and executable.

Security rules:
- Enforce least privilege and secret management; prohibit unsanctioned production changes.

Testing rules:
- Include unit tests for agent handlers, integration tests for rollouts, and end-to-end tests for rollback paths.

Deployment rules:
- Changes must be deployed via CI/CD with instrumented canary slots and observed signals.

Human review and escalation rules:
- If anomalies exceed thresholds, trigger human-on-call and halt progression.

Failure handling and rollback rules:
- Rollback steps revert to previous stable state; all changes are audited.

Things Agents must not do:
- Do not bypass approvals or perform unsanctioned production changes.
- Do not operate outside the defined deployment window or without verified health signals.
- Do not leak secrets or expose credentials in logs.

Recommended Agent Operating Model

Roles and decision boundaries for rolling deployment: Planner designs progression, Implementer executes changes, Verifier confirms health, RollbackAgent enacts rollback, TelemetryAgent observes, and Auditor maintains traceability. Escalation paths lead to a human on-call if automated criteria fail or if security concerns arise.

Recommended Project Structure

/rolling-deploy/
  /ai-skills/agents-md-templates/
    /planner/
    /implementer/
    /verifier/
    /rollback/
    /telemetry/
    /auditor/
  /config/
  /deployments/
  /policies/
  /tests/

Core Operating Principles

Single source of truth for deployment context.
Explicit handoffs with auditable criteria.
Least privilege for all tool access.
Observability and traceability for every stage.
Safe rollback with deterministic steps.

Agent Handoff and Collaboration Rules

Planner to Implementer: handoff occurs when plan is approved and canary slots defined.
Implementer to Verifier: validate changes produce expected health signals.
Verifier to RollbackAgent/Planner: if thresholds fail, trigger rollback or replan.
Domain experts may intervene in edge cases; all actions remain auditable.

Tool Governance and Permission Rules

Commands must be executed through approved CI/CD gates.
File edits restricted to the assigned agent role.
API calls require scoped tokens and secret masking.
Secret access is only via secret managers; never stored in code or logs.
Production changes require approval gates and on-call notification.

Code Construction Rules

All deployment scripts are idempotent and auditable.
Rollout logic must be deterministic and reversible.
Configuration is externalized and versioned.
Tests cover canary progression, health checks, and rollback paths.

Security and Production Rules

Enforce RBAC across agents and tools.
Use secret managers; rotate credentials regularly.
Monitor for anomalous deployment activity; trigger alerts.

Testing Checklist

Unit tests for each agent handler.
Integration tests for canary progression and health checks.
End-to-end tests for deployment, verification, and rollback.
Security tests for access controls and secret handling.
Disaster recovery tests to verify rollback integrity.

Common Mistakes to Avoid

Skipping health checks or thresholds before progression.
Overly long rollout windows without visibility.
Hard-coding secrets or bypassing secret managers.
Unclear ownership of escalation paths and lacking audit trails.

FAQ

What is the purpose of this Rolling Deployment AGENTS.md Template?

It defines a repeatable, auditable set of agent roles, handoffs, and governance for progressive rollouts and canary updates in AI coding agent workflows.

How do agents hand off during a rolling deployment?

Handoffs occur only after predefined criteria are met (plan approval, canary success). Each handoff is logged with the context and decision outcome.

What governance rules apply to tool access and secrets?

Access is restricted by role-based permissions; secrets are retrieved from approved secret managers, never exposed in logs or code.

How is rollback handled if health criteria fail?

The RollbackAgent triggers a rollback using predefined steps; Verifier confirms health after rollback before resuming or re-planning.

What should be tested before a rolling deployment goes to production?

Tests include unit and integration tests for each agent, end-to-end rollout tests, health signal validation, and rollback path tests.

Rolling Deployment AGENTS.md Template | AGENTS.md Template for AI coding agents

Target User

Use Cases