Change-Freeze-Aware Action Gate

also known as Deploy-Window Authority Gate, Freeze-Aware Action Gate

Check every mutating agent action against an active deploy-freeze or maintenance calendar and block it or force explicit human re-authorisation while a freeze covering its scope is in effect.

Context

Operations teams declare change freezes — time windows during which production must not be modified, such as a holiday peak, an open incident, or a release blackout — scoped to particular services, regions, or teams. An agent with production tool access can file changes, run deployments, or touch databases at any time. The freeze is usually communicated as a calendar entry, a prompt instruction, or a team norm.

Problem

A freeze stated only in a prompt or a UI label is an intention, not a control. An agent that can still reach production APIs can act inside the window whether or not it was told about the freeze, and one such action during a blackout can cause exactly the outage the freeze exists to prevent. Existing gates check an action's risk, reversibility, or role, but none of them encode time, so an otherwise-permitted action is allowed even when the calendar says no change may happen now. The freeze has to be enforced at action time, not assumed.

Forces

A freeze expressed as text the agent reads is advisory; only a runtime check on the critical path can actually stop a mutating call.
Freezes are scoped and time-bounded — this service, this region, until Monday — so the gate must evaluate scope and time, not a global on/off.
Blocking every action during a freeze is safe but can strand genuinely urgent fixes, so the gate needs a human re-authorisation path.
Freeze calendars change and overlap, so the authority source must be queryable at action time rather than baked into the agent.

Example

During a holiday change freeze on the payments service, an on-call agent decides to apply a config fix it judges harmless. The freeze gate looks up the calendar, sees an active freeze scoped to payments, and blocks the deploy; the agent cannot proceed on its own and instead opens a re-authorisation request, which the on-call engineer must approve before anything reaches production.

Diagram

flowchart TD A[Mutating action] --> G{Freeze covering scope at now?} G -- no --> P[Proceed] G -- yes --> R{Human re-authorisation?} R -- approved --> P R -- denied or none --> B[Blocked] RO[Read-only action] --> P

Solution

Therefore:

Maintain the freeze calendar as a queryable authority source: each freeze has a start and end time and a scope of services, regions, or teams. Before any mutating tool call, the gate looks up whether an active freeze covers the action's scope at the current time. If none does, the action proceeds; if one does, the gate blocks the action and either denies it or routes it to an explicit human re-authorisation that records who approved the exception and why. The freeze decision is made by the calendar and the clock, not by the agent's own reasoning, so the agent cannot talk itself past a blackout, and the same window a human would respect is enforced against the tool. Read-only actions pass freely; the gate constrains only changes.

What this pattern forbids. A mutating action covered by an active freeze must not commit on the agent's own authority; it is blocked or held for explicit human re-authorisation, and the agent cannot decide for itself that a freeze does not apply.

And the patterns that stand alongside it, or against it —

complementsPolicy-as-Code Gate★— Evaluate every proposed agent action against externally-managed machine-readable policies before dispatch, so compliance authorship lives outside the prompt and outside the agent code.
complementsRisk-Tiered Action Autonomy★— Set an agent's permitted action class by the financial materiality of the action, letting it read and draft freely while requiring a different human principal to release material postings, payments, or filings.
complementsHuman-in-the-Loop★★— Require explicit human approval at defined points before the agent performs an action.
complementsPolicy-Gated Agent Action (KRITIS)★— Each agent action passes through a policy gate (NIS2, EU AI Act, BSI rules) and is tagged with Run ID + Model Digest + Policy Hash for WORM-audit reconstruction.

Neighbourhood

Click any neighbour to follow the language. Scroll to zoom, drag to pan.

References

Provenance

Source: patterns/change-freeze-aware-action-gate.md on GitHub · commit 7012173 · view history
Added to catalog: 2026-06-17
Last updated: 2026-06-17
Contribute: open an issue or PR at github.com/agentpatternscatalog/patterns.