Start With Advisory. Switch to Enforce When Ready.
How to roll out API governance without blocking your team. Advisory mode gives visibility; enforce mode gates merges.
The fastest way to kill API governance adoption: block every PR on day one. The fastest way to build trust: show your team what would have been caught.
Delimit has three enforcement modes — not just on/off. The middle ground is where most teams should live.
Three modes, one switch
Advisory
Comments on PRs. CI always passes. Nothing blocked.
Guarded (default)
Blocks critical actions (destructive deploys, data deletion). Warns on high-risk. Allows everything else.
Enforce
Blocks critical + high-risk. Requires approval for dangerous operations. CI fails on breaking changes.
The rollout path
- Week 1-2: Advisory. Install the action. Let it comment on PRs. Your team reads the comments and builds intuition for what Delimit catches.
- Week 3-4: Guarded. The default for the MCP server. Critical actions like destructive deploys are blocked. High-risk actions get warnings. Your normal workflow isn't interrupted.
- Week 5+: Enforce. Switch to
mode: enforce. Breaking changes block the PR. Deploys blocked when unresolved security findings exist. Full governance.
# Zero-config (auto-detects your spec)
- uses: delimit-ai/delimit-action@v1
# Explicit advisory mode
- uses: delimit-ai/delimit-action@v1
with:
spec: api/openapi.yaml
# Enforce -- CI fails on breaking changes
- uses: delimit-ai/delimit-action@v1
with:
spec: api/openapi.yaml
mode: enforceAdvisory mode costs you nothing. Guarded mode protects your production. Enforce mode prevents the next incident.
Try the GitHub Action
Add breaking change detection to any repo with an OpenAPI spec.
- uses: delimit-ai/delimit-action@v1
with:
spec: path/to/openapi.yamlView on Marketplace