Concepts

The words in the product map to one release workflow.

If the concepts are clear, the console stays simple: services define scope, connectors bring evidence, policies evaluate evidence, gates produce decisions, and passports explain the result.

Gate

A CI/CD checkpoint that returns ALLOW, ALLOW_WITH_CANARY, HOLD, REQUIRE_APPROVAL, BLOCK, or ROLLBACK_RECOMMENDED.

Passport

The durable release record with verdict, blockers, evidence timeline, runtime health, rollback readiness, and policy reasons.

Evidence

Sanitized facts from pipeline, Kubernetes, GitOps, metrics, error tracking, tests, or manual debug entry.

Connector

A scoped reader for one provider and one allowed slice of customer infrastructure.

Policy

A rule that turns missing or failing evidence into advisory, hold, or block decisions.

Mode

shadow, advisory, or enforce. Start shadow and move gradually.

How concepts relate

Service

A deployable unit such as checkout-api. It owns runtime scope, policies, connectors, and passports.

Environment

A target like staging or production. The same service can have different connector scope and policies per environment.

Release identity

Source SHA, artifact digest, release ID, version, namespace, environment, and service. This is how evidence is tied to the correct change.

Evidence freshness

How recently a connector observed a fact. Stale evidence should HOLD instead of silently allowing a promotion.

Risk

A normalized summary of policy result, runtime health, rollback readiness, and evidence completeness.

Mode

Controls adoption blast radius: shadow observes, advisory warns, enforce blocks according to threshold.