Pre-Deploy Safety Checks
AI-powered safety checks before deploying asset changes to detect breaking schema changes, downstream impact, PII propagation risks, and policy violations.
Overview
Pre-deploy checks analyze changes for:
- Breaking Schema Changes: Detects schema changes that break downstream assets
- Downstream Impact: Analyzes impact on dependent assets
- PII Propagation Risks: Detects PII columns in public assets
- Test Failures: Checks for test failures
- Glossary Policy Violations: Validates against glossary policies
Running Safety Checks
Endpoint
POST /api/msh/ai/pre-deploy-check
Check deployment safety for an asset.
Request:
curl -X POST \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"asset_id": 5,
"new_version": "abc123",
"diff": {
"schema_changes": [
{
"type": "column_added",
"column": "customer_email",
"data_type": "string"
}
],
"transform_changes": ["Modified WHERE clause"]
}
}' \
https://api.msh.io/api/msh/ai/pre-deploy-check
Response:
{
"success": true,
"asset_id": 5,
"safety_score": "yellow",
"warnings": [
"New column 'customer_email' may contain PII - ensure encryption policy is applied",
"Schema change may break downstream asset 'revenue_dashboard'"
],
"breaking_changes": [],
"recommendations": [
"Link 'customer_email' column to PII policy",
"Run tests on downstream assets",
"Notify owners of affected assets"
],
"downstream_impact": {
"affected_assets": ["revenue_dashboard"],
"risk_level": "medium"
}
}
Safety Scores
Safety checks return one of three safety scores:
Green
Safe to deploy
- No breaking changes detected
- No policy violations
- No downstream impact concerns
{
"safety_score": "green",
"warnings": [],
"breaking_changes": []
}
Yellow
Deploy with caution
- Warnings present but not blocking
- Minor downstream impact
- Policy recommendations
{
"safety_score": "yellow",
"warnings": [
"New column may contain PII"
],
"breaking_changes": []
}
Red
Block deployment
- Breaking changes detected
- Critical policy violations
- High downstream impact risk
{
"safety_score": "red",
"breaking_changes": [
"Column 'customer_id' removed - breaks downstream asset 'revenue_dashboard'"
],
"warnings": []
}
Use Cases
CI/CD Integration
Run safety checks before deployment:
# .github/workflows/deploy.yml
- name: Pre-deploy safety check
run: |
curl -X POST \
-H "Authorization: Bearer ${{ secrets.MSH_API_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"asset_id": 5, "new_version": "${{ github.sha }}"}' \
https://api.msh.io/api/msh/ai/pre-deploy-check
Manual Review
Review changes before deploying:
# Get diff
git diff main...feature-branch assets/revenue.msh > diff.txt
# Run safety check
curl -X POST \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" \
-d @diff.json \
https://api.msh.io/api/msh/ai/pre-deploy-check
Best Practices
- Always Check: Run safety checks before every deployment
- Review Warnings: Address warnings before deploying
- Fix Breaking Changes: Never deploy with breaking changes
- Notify Teams: Notify affected teams of changes
- Test Downstream: Run tests on downstream assets
Related Documentation
- AI Sidekick - AI-powered analysis
- Lineage Impact - Impact analysis
- Glossary Policies - Policy definitions