/api/v1/releases/ and /api/v1/trust/. They are the integration points for CI/CD gates and public attestation badges.
The route files are app/api/routes/releases.py and app/api/routes/trust.py.
GET /releases/decision
Return the release decision for a specific commit.
ADMIN, AUDITOR, VIEWER, OPERATOR, APPROVER, POLICY_AUTHOR.
Response (ReleaseDecisionResponse):
decision is "SHIP" or "NO_SHIP". blockers is the list of distinct blocking violations when the decision is NO_SHIP. External gates should only proceed when decision == "SHIP".
GET /releases/health
Return current release-gate health: whether the verification graph is reachable, whether the latest attested snapshot is fresh, and whether any required runtime evidence is missing.
Same role list as /decision.
POST /releases/promote
Promote a snapshot to an attested release. Records the release label and the metadata used for later snapshot-to-snapshot comparisons.
Request body (PromotionRequest): the snapshot id, the target status, the release label, and any channel-specific metadata.
Response (PromotionResponse): the recorded promotion record.
GET /releases/promotions
List the history of promotions for the current scope. Same role list as /decision.
POST /releases/github-webhook
The webhook endpoint for the Certior GitHub Action. GitHub POSTs pull-request and check-run events here; the server posts decision summaries back to the PR.
The server validates the GitHub webhook signature using a shared secret configured via the GITHUB_WEBHOOK_SECRET env var.
GET /trust/badge
Return an SVG badge for a commit.
See also
- GitHub Action - the upstream of the webhook.
- Workflows - the reviewed-release pattern that feeds the decision.