Skip to content
Greenlight by Shift AI

How it works

Architecture in one page

A Greenlight app goes from idea to production in five steps. The coding agent does the work; the platform handles deployment, data access, and governance.

The pieces

Greenlight architecture: citizen developers and coding agents at the top, the Greenlight governance layer in the middle (policy enforcement, audit logging, RBAC, SSO, app catalog, observability), and cloud infrastructure plus business systems at the bottom.

Everything from the Greenlight control plane down lives inside your cloud subscription. The agent talks to Greenlight; Greenlight talks to the cloud; each app’s resources are provisioned and torn down by the platform.

  1. Register the app. A citizen developer asks their coding agent to start a new app. The agent calls greenlight.registerApp with a name, owner, and short description of what the app is for. Greenlight creates a repository in your source-control system and surfaces the app in the IT dashboard.

  2. Build with Knowledge. The agent reads org-level, integration-level, and app-level Knowledge over MCP, generates code, requests any integrations it needs, and opens a pull request.

  3. The policy check runs. Greenlight evaluates the change against your organization’s rules — secret scanning, static analysis, container vulnerability checks, and any OPA policy bundles you’ve enabled. A single Greenlight status is posted on the pull request, and failures block the merge with a structured reason the agent can read and fix.

  4. Deploy on merge. When the pull request merges, Greenlight builds a container, attaches a workload identity, configures the data broker, and deploys the app into a dedicated environment with network policies and resource limits in place.

  5. Observe and govern. Every action — by the agent, by the developer, by IT — lands in the audit log. The dashboard surfaces app health, errors, and integration usage. IT can kill, suspend, restore, or override any app, with each action recorded and attributed.

The three surfaces

Builders Open the dashboard, talk to your agent, and watch the app come to life.
IT admins One dashboard for every app, integration, user, and audit event.
Coding agents Speak MCP. Read Knowledge. Open pull requests through the policy check.

What you bring, what Greenlight runs

You bringGreenlight runs
An identity provider — Entra ID, Okta, Google, or any standard SSOThe control plane that manages apps, integrations, and audit
A source-control system (GitHub today; GitLab and Bitbucket later)The policy engine and the pre-merge check on every pull request
A cloud subscription (Azure today; AWS and GCP through the provider interface)The data broker that gives apps governed access to your systems
The internal systems your apps need to reach — Snowflake, Salesforce, Slack, your own APIsThe agent protocol — MCP tools and the universal Skills bundled with each plugin

Next

Knowledge The first-class context layer for agents.
Source control & the policy check What runs on every pull request.
Security posture The one-page summary for security reviewers.