Release Passport

self-hosted

Customer portal Install self-hosted

Sample passport

A realistic release decision, not a generic dashboard.

This example shows what Release Passport returns when a production release has useful evidence, but the rollback artifact and change approval are missing. In shadow mode it records the HOLD decision; in enforce mode it would stop the promotion until the missing evidence is fixed or approved.

Sample passportpp_payment_api_v2_18_4

Service

payment-api

v2.18.4 - production - shadow

HOLD

Confidence

82%

Freshness

7m ago

Generated

2026-05-17 06:30 UTC

Policy result

Argo CD application synced

No active Sev-1 incident

Prometheus error rate above 2%

Rollback image missing

Jira change approval not linked

Next action

1.Re-sync the GitOps application and wait for fresh runtime evidence.
2.Attach rollback artifact for payment-api v2.17.9.
3.Link the Jira change approval, then re-run the shadow gate.

View sample Build yours

What happens in enforce mode

Promotion is held until the missing release evidence is resolved.

The CLI exits non-zero because the final decision is HOLD. The pipeline can attach the passport to a release record, create an approval request, and re-run the same gate after rollback and change evidence are attached.

In shadow mode, the same evaluation records risk without blocking the deploy. That lets a team calibrate evidence freshness, thresholds, and approval rules before turning on enforcement.

Build install command Read policy docs

10:02

Build finished

GitHub Actions produced image digest and source SHA.

10:03

Manifest rendered

Helm render and schema checks passed.

10:05

GitOps checked

Argo CD reported synced but health evidence is stale.

10:06

Runtime queried

Prometheus error-rate policy exceeded threshold.

10:07

Rollback checked

Previous good image was not attached to the release.

10:08

Decision issued

Release Passport returned HOLD with next actions.

Decision taxonomy

ALLOWEvidence is complete enough to proceed under the selected mode.

ALLOW_WITH_CANARYProceed only with progressive rollout and watch-window constraints.

REQUIRE_APPROVALHuman approval is required before the release can continue.

HOLDEvidence is missing, stale, or incomplete. Fix and re-run the gate.

BLOCKA serious policy violation prevents promotion.

ROLLBACK_RECOMMENDEDPost-deploy signals indicate rollback or traffic cutover should be considered.

Signed artifact shape.

Each release can export a raw JSON passport, Markdown report, CSV, and audit bundle. The same artifact records rollback readiness, policy evaluation, evidence sources, and approval state. Secrets, tokens, connector credentials, install IDs, and raw private evidence are redacted before display or export.

passport.json

{
  "passportVersion": "2026-05",
  "service": "payment-api",
  "release": "v2.18.4",
  "environment": "production",
  "mode": "shadow",
  "decision": "HOLD",
  "confidence": "82%",
  "generatedAt": "2026-05-17 06:30 UTC",
  "policyResults": [
    {
      "label": "Argo CD application synced",
      "state": "pass"
    },
    {
      "label": "No active Sev-1 incident",
      "state": "pass"
    },
    {
      "label": "Prometheus error rate above 2%",
      "state": "fail"
    },
    {
      "label": "Rollback image missing",
      "state": "fail"
    },
    {
      "label": "Jira change approval not linked",
      "state": "fail"
    }
  ],
  "nextActions": [
    "Re-sync the GitOps application and wait for fresh runtime evidence.",
    "Attach rollback artifact for payment-api v2.17.9.",
    "Link the Jira change approval, then re-run the shadow gate."
  ],
  "signature": {
    "algorithm": "ed25519",
    "keyId": "rp-public-2026-05",
    "value": "redacted-sample-signature"
  }
}

Create your first passport in the self-hosted runtime.

The guided installer generates the namespace, install ID, basic-auth bootstrap, registry pull secret, dashboard URL, API URL, and first shadow-gate command.

Start install guide Quick start