Public beta self-hosted— pilot-ready for customer infrastructure

Give every production change a release passport.

Release Passport evaluates release context, runtime health, rollback readiness, policy violations, and deployment evidence. It issues a signed ALLOW, ALLOW_WITH_CANARY, REQUIRE_APPROVAL, HOLD, BLOCK, or ROLLBACK_RECOMMENDED decision before your pipeline promotes a change, without claiming a release is risk-free.

Trial

3-day

Self-hosted evaluation with the real runtime.

Gate

shadow first

Observe before advisory or enforce mode.

Starter

from $49/month

Production entitlement after Polar checkout.

View pricing Request pilot View sample passport Read docs

CI/CDKubernetesGitOpsOIDCMetricsPolicy

Live sample passportpp_01J0P9HOLD7

Service

payment-api

v2.18.4 / production / apps-payments

Decision: HOLD

Hold· MED

Source SHA

6c29df4

Image digest

sha256:9fd1b7a8140f

Mode

shadow

Policy

3 holds

Release identitySource SHA, image digest, release ID, and target namespace were captured.

GitOps stateArgo CD has not synced the target application for 18 minutes.

Runtime healthPrometheus error rate is above the production threshold.

Signed record / production-runtime-readiness2026-05-17 10:08 UTC

The promise

Every production release needs a passport.

Production change firewall

Hold risky deploys before users feel them. Deterministic gates run before promotion.

Deployment safety gate

Evaluate runtime health, image digests, namespace, and rollback path - not just code review status.

System of record

Every passport is signed, audit-logged, and queryable as the history of how production changed.

Clear release workflow

Start with structured release checks, readiness notes, and a calmer approval path before launch.

Where it sits

After your build. Before your promotion.

step 01

Build

Images built & published

step 02

Validate

Render & truth checks

step 03

Gate

Release Passport evaluates

Cleared

step 04

Promote

GitOps sync to prod

step 05

Observe

Continuous evidence loop

Positioning

A gate of record, not another status page.

Release Passport uses the systems you already run, then records the release-specific answer your pipeline needs before promotion.

Compared withWhat it doesWhere Release Passport fits

CI status

Tells you tests completed.

Adds deployment context, runtime evidence, policy reasons, and audit trail.

Feature flags

Help control exposure after deploy.

Runs before promotion so teams can hold or block a risky artifact.

APM dashboards

Show operational signals.

Turns scoped signals into a release decision with missing-evidence reasons.

Change tickets

Capture approvals and process.

Links approvals to the exact source, image, namespace, policy, and gate result.

Inside the passport

Evidence, not opinions.

Each passport is a compact record of why a release can move forward, wait, or stop.

Policy result

Mutable tags, namespace mismatch, allowlists, SLO budget.

Runtime health

Probe state, error rate, p95, baseline replicas.

Release identity

Source SHA, image digest, affected components.

Rollback readiness

Previous good revision present and reachable.

Deployment evidence

Render artifacts, schema migrations, smoke results.

Risk decision

ALLOW, HOLD, or BLOCK — signed and auditable.

What it is

A licensed, customer self-hosted release-readiness runtime that evaluates evidence before promotion and records why a release can proceed, wait, or stop.

What it is not

It is not a risk-free deployment guarantee, a replacement for CI/CD, or the Arconath owner billing and license administration surface inside a customer install.

CLI · pipeline gate

One command. One verdict.

Drop the gate into any pipeline. The CLI reads release context, calls the API, and exits according to the configured gate mode and decision policy.

Install instructions

# in your release pipeline

$ releasepassport gate \

--api-url https://release-passport.example.com/releasepassport/v1 \

--token "$RELEASEPASSPORT_TOKEN" \

--service checkout-api \

--mode shadow \

--environment production \

--namespace apps-checkout \

--source-sha "$GITHUB_SHA" \

--digest "$IMAGE_DIGEST" \

--release-id "$GITHUB_RUN_ID"

# waits for evidence, returns verdict

passport: ALLOW · risk=low · pp_01HXR...

policy: 6/6 · health: ok · rollback: ready

Start Trial

Install the 3-day self-hosted evaluation and capture readiness evidence before a paid plan.

Connect one source

Scope Kubernetes, metrics, GitOps, CI/CD, or error evidence to one service.

Wire server gate

Run `releasepassport gate --api-url ...` before promotion in shadow mode.

Upgrade when needed

Starter, Team, and Business add more scale, collaboration, history, and runtime checks.

Pilot outcome

Start with one service and one decision path.

One service has a repeatable shadow-mode gate before promotion.

Operators can explain missing or stale evidence without reading raw CI logs.

The customer runtime remains separate from owner billing and license issuance.

A paid package is chosen only when production capacity, retention, or connector depth is needed.

Decide with evidence before production promotion.

Start with Trial, move to Starter from $49/month, Team from $149/month, or Business from $399/month. Checkout shows final billing details before payment.

Compare plans Contact us Build install plan