Sample passport

See the release decision before production.

This public-safe sample shows how Release Passport turns release identity, runtime signals, policy results, rollback readiness, and approval state into an auditable decision.

Live sample passportpp_01J0P9HOLD7

Service

payment-api

v2.18.4 / production / apps-payments

Decision: HOLD

Hold· MED

Source SHA

6c29df4

Image digest

sha256:9fd1b7a8140f

Mode

shadow

Policy

3 holds

Release identitySource SHA, image digest, release ID, and target namespace were captured.

GitOps stateArgo CD has not synced the target application for 18 minutes.

Runtime healthPrometheus error rate is above the production threshold.

Rollback readinessRollback image is missing from the licensed registry channel.

Approval stateJira change approval is not linked to this release.

Signed record / production-runtime-readiness2026-05-17 10:08 UTC

Public sample

What an operator sees

This sample shows the shape of a public-safe passport record: identity, evidence, decision mode, and the reason a release can proceed, wait, or stop. Real customer passports stay inside the customer runtime.

Identity is explicit

Commit, artifact, namespace, release ID, and service are recorded together.

Evidence has timing

Freshness and observation time matter; stale data can hold a release.

Next action is explicit

A HOLD tells the operator which evidence must be refreshed or attached before promotion.

Timeline

10:02Build finished and the pipeline sent release identity plus image digest.

10:03Kubernetes readiness and deployment state were checked.

10:04Argo CD sync status was stale for the production application.

10:05Prometheus reported error rate above the policy threshold.

10:07Rollback artifact and Jira approval evidence were still missing.

10:08Passport issued HOLD in shadow mode with next actions.

Decision taxonomy

One contract across web, CLI, API, and reports.

ALLOWEvidence is fresh enough and policy passes.

ALLOW_WITH_CANARYProceed only through a progressive rollout or canary plan.

REQUIRE_APPROVALEvidence is partly complete, but a human approval is required.

HOLDStop temporarily because required evidence is missing, stale, or not linked.

BLOCKDo not promote because a serious policy violation is present.

ROLLBACK_RECOMMENDEDPost-deploy signals indicate rollback or traffic reduction should be considered.

Signed artifact shape.

Passport JSON, Markdown, report export, evidence source list, policy evaluation, approvals, waivers, checksum, and policy-engine version stay inside the customer runtime.

What enforce mode would do.

In enforce mode this HOLD would stop promotion until GitOps sync, metrics, rollback, and approval evidence are refreshed or an approved waiver is recorded.

Run the first gate.

Start in shadow mode with one service and one evidence source. Move to advisory or enforce only after the team trusts the decision path.

Build install plan Read quick start