Last reviewed: 2026-06-08

Direct answer

Before a coding agent is allowed to send requests through a new model in a publishing pipeline, the team needs a repeatable model candidate approval step: a short sequence of checks that confirms the new model ID is reachable at the gateway, returns well-formed output for the agent’s actual prompt shape, and does not break any CI quality gates. Once those checks pass and the evidence is logged, the candidate graduates from “under test” to “approved for agent use.”

The workflow below does not assume you know the exact model identifiers, pricing tiers, or rate limits for any specific gateway in advance. All commercial details must be verified against the linked documentation before you rely on them in production. What it does give you is a stable sequence of checks you can run against any OpenAI-compatible gateway, including CometAPI.

For broader release checks, see AI Coding Agent Setup, Security, and Model Routing .

Who this is for

This guide is for engineers and platform teams who:

  • Operate a coding agent that generates or edits content and then publishes it through an API gateway.
  • Want a documented gate before promoting a new model from experiment to production use.
  • Need CI-compatible evidence records so that approvals are auditable and reversible.
  • Use an OpenAI-compatible gateway (self-hosted or managed) and want their agent’s AGENTS.md or equivalent instruction file to reference a stable approval checklist.

If you are already comfortable with gateway smoke tests but want the CI integration angle, jump straight to the Smoke-test workflow section.

Key takeaways

  • A model candidate approval step belongs before the agent is configured to use the new model in any automated pipeline, not after.
  • The approval gate has four components: reachability check, contract check, output-quality check, and CI integration.
  • Log every check result with a structured record; the record is your rollback evidence if the model is later degraded or removed.
  • Separate the gateway URL, the model identifier, and the prompt template into distinct config variables so swapping one does not silently break the others.
  • Publishing agents that skip candidate approval are the most common source of silent model drift: the agent keeps running but against a model that no longer satisfies the original quality contract.
  • Always verify current model IDs, endpoint paths, and auth schemes in the live gateway documentation before committing them to your pipeline config. Exact values change; your approval process should not depend on stale documentation.

Background: why agents need a model approval gate

A coding agent that publishes content sits at the intersection of two failure modes. If the model changes silently — because a gateway rotated an alias, a provider deprecated a checkpoint, or the team updated a shared config variable — the agent may continue running but produce output that no longer meets the editorial or technical standard the pipeline was tuned for.

For reference on how instruction files like AGENTS.md communicate constraints to agents, see the OpenAI Codex AGENTS.md documentation. That file format is one natural place to record which model is approved and what the acceptance criteria are, so any agent reading the file knows what it is allowed to use.

GitHub Actions is a common place to run these checks automatically on every pull request that touches gateway config or prompt templates. See the GitHub Actions documentation for how to wire approval steps into a workflow file.

For related context on how to hand off coding agent pull requests so that a human reviewer can verify the model config change, see How to Hand Off Coding Agent Pull Requests for Review.

Smoke-test workflow

The following workflow is intentionally gateway-agnostic. Substitute your actual gateway base URL, API key environment variable name, and approved model identifier at each step. Do not hard-code credentials; use environment variable references.

Setup assumptions

  • You have a local or CI environment with curl or an OpenAI-compatible Python client available.
  • The gateway base URL is stored in an environment variable such as GATEWAY_BASE_URL.
  • The API key is stored in GATEWAY_API_KEY.
  • The candidate model identifier is stored in CANDIDATE_MODEL_ID. Verify the exact string against the gateway’s model overview documentation before using it.
  • You have a representative prompt that reflects the agent’s actual publishing task, stored as a plain text file (no secrets, no real content).

Happy-path check

Send one request to the chat completions or responses endpoint using the candidate model ID and the representative prompt. The exact endpoint path should be confirmed against the gateway documentation (for CometAPI, refer to the chat completions reference and the Responses endpoint reference).

Minimum assertions for a passing happy-path check:

  • HTTP status is 200.
  • Response body contains a choices array (or equivalent field per the gateway’s response schema) with at least one element.
  • The first choice’s content field is non-empty and does not contain an error message string.
  • Latency is below your pipeline’s acceptable threshold (set your own; do not assume a specific value).

Error-path check

Send one request with a deliberately malformed payload — for example, omit the required model field or send an empty messages array. Minimum assertions:

  • HTTP status is 4xx (not 200).
  • The error response body contains a structured error object that your agent’s error handler can parse.
  • Your agent’s retry or fallback logic triggers correctly and does not loop indefinitely.

For context on how to design fallback routing when a primary model call fails, see Fallback Routing for Coding Agent Model Calls.

What the smoke test must not assert

  • Do not assert specific token counts, cost per request, or rate-limit headers. These values are account- and tier-specific and will make your test brittle.
  • Do not assert a specific response time in milliseconds; use a conservative upper bound appropriate for your pipeline.
  • Do not assert that the model produces a specific string or creative output; content quality checks belong in a separate editorial gate, not the gateway smoke test.

CI integration

Once the local smoke test passes, move it into CI so that any future change to gateway config or model identifier triggers the same checks automatically.

A minimal GitHub Actions job for this looks like:

# .github/workflows/model-candidate-approval.yml
# Replace placeholder values with your actual env var names and secrets.
name: Model Candidate Approval
on:
  pull_request:
    paths:
      - 'config/gateway.yaml'
      - 'prompts/'
jobs:
  approve-model-candidate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Happy-path gateway check
        env:
          GATEWAY_BASE_URL: ${{ secrets.GATEWAY_BASE_URL }}
          GATEWAY_API_KEY: ${{ secrets.GATEWAY_API_KEY }}
          CANDIDATE_MODEL_ID: ${{ vars.CANDIDATE_MODEL_ID }}
        run: |
          # Replace with your actual smoke-test script.
          python scripts/smoke_test_model_candidate.py \
            --base-url "$GATEWAY_BASE_URL" \
            --model "$CANDIDATE_MODEL_ID"

See the GitHub Actions documentation for how to use secrets and vars contexts. Keep the API key in secrets, never in vars or source code.

For how to write the AGENTS.md or repository instruction file that tells the agent which model is currently approved, see How to Write Repository Instructions for Coding Agents.

Safe log-record template

After each approval run, record the following fields. Use placeholder values in documentation; fill in real values only in your private log store.

{
  "record_type": "model_candidate_approval",
  "run_id": "<run-id-placeholder>",
  "gateway_base_url": "<gateway-url-placeholder>",
  "candidate_model_id": "<model-id-placeholder>",
  "endpoint_family": "<chat|responses>",
  "happy_path_status": "<200|fail>",
  "error_path_status": "<4xx|fail>",
  "latency_ms": "<measured-value>",
  "output_non_empty": "<true|false>",
  "overall_result": "<pass|fail>",
  "approved_by": "<operator-or-ci-job-id>",
  "approved_at": "<ISO-8601-timestamp>",
  "notes": "<free text>"
}

Do not log the API key, the full prompt text, the full response body, or any user data in this record. The record is for audit and rollback purposes only.

For guidance on keeping log records secret-free, see How to Write Secret-Free Examples for Coding Agent Tutorials.

Gateway documentation reference

When verifying exact endpoint paths, auth schemes, model identifiers, and pricing for CometAPI, use the current documentation URLs:

If you are evaluating CometAPI as the gateway for your publishing agent, the starting point is CometAPI.

Failure modes

  • Evidence gap: the agent cannot inspect the failing log, source page, pull request, or local command output. The safe action is to stop and record the missing evidence instead of guessing.
  • Scope drift: the agent edits files that are not connected to the observed failure. Keep the repair tied to the failing signal and leave unrelated cleanup for a separate task.
  • Environment mismatch: the local check uses different versions, credentials, feature flags, or runtime settings than the hosted path. Record the mismatch before treating the result as proof.
  • Unreviewed fallback: the agent changes models, endpoints, permissions, or retry behavior to make a run pass without preserving the review boundary. Treat access and provider failures as operational blockers, not topic failures.
  • Weak handoff: the final note says the issue is fixed but omits the command, result, changed files, and remaining uncertainty. That makes the next operator repeat the investigation.

Sources checked

Contract details to verify

AreaWhat to verifySource URLAccessedSafe candidate wording
Endpoint path for chat completionsConfirm exact path (e.g. /api/text/chat or /v1/chat/completions)https://apidoc.cometapi.com/api/text/chat2026-06-08“Use the endpoint path shown in the current gateway docs”
Endpoint path for responsesConfirm exact path and whether it differs from chat completionshttps://apidoc.cometapi.com/api/text/responses2026-06-08“Verify the responses endpoint path before switching endpoint families”
Auth schemeConfirm whether the gateway uses Bearer token, API key header, or another schemehttps://apidoc.cometapi.com/2026-06-08“Use the auth scheme documented in the gateway root or API reference”
Response schemaConfirm field names for choices, content, and finish reason in the response bodyhttps://apidoc.cometapi.com/api/text/chat2026-06-08“Assert on the fields documented in the current API reference, not assumed field names”
Error response shapeConfirm the structure of 4xx error bodies so your agent’s error handler can parse themhttps://apidoc.cometapi.com/api/text/chat2026-06-08“Parse errors using the error schema in the current API reference”
Support escalation pathConfirm the help-center URL is reachable and current for filing gateway issueshttps://apidoc.cometapi.com/support/help-center2026-06-08“File gateway support issues via the current help-center page”

Reader next step

Compare the workflow against Start with CometAPI .

Use AI Coding Agent Setup, Security, and Model Routing as the next comparison point. Keep Triage CI Failures With a Coding Agent Without Losing the Evidence nearby for setup and permission checks.

FAQ

What is a model candidate in the context of a publishing agent? A model candidate is a new or updated model identifier that you are considering approving for use in an automated coding agent pipeline. It has not yet been proven to meet the pipeline’s quality and reliability requirements in production. The approval workflow promotes it from candidate to approved.

Does the approval workflow change if I switch gateway providers? The structure stays the same: reachability check, contract check, output-quality check, CI gate. What changes are the endpoint paths, auth scheme, model identifier format, and response field names. Always re-run the full workflow against the new gateway’s current documentation before promoting the candidate.

Can I skip the error-path check if my agent already has a fallback? No. The error-path check validates that the gateway returns a parseable error structure your fallback code can actually handle. Without it you do not know whether your fallback will fire correctly when the gateway returns an unexpected 4xx or 5xx. Run both checks.

Where should approved model IDs be recorded? In a version-controlled config file or in the repository instruction file your agent reads (such as AGENTS.md). This way any change to the approved model ID is visible in a pull request, can be reviewed, and can be reverted if needed.

What happens if the model is later deprecated by the gateway? Your CI gate will start failing on the reachability or contract check, which is the intended behavior. The failure is your signal to run the approval workflow again for a replacement candidate. Keep the log records from the previous approval so you have evidence of what the old model was and when it was approved.

How often should I run the full approval workflow for an already-approved model?** At minimum, whenever the gateway documentation changes, whenever the gateway provider announces a model update, and whenever your agent’s prompt template changes in a way that could affect the output contract. A monthly scheduled CI run is a reasonable baseline.