Release Orchestration

Promotions that prove themselves

Environment-aware workflows, policy gates, and digest-first identity. Every release decision exports a cryptographically signed Decision Capsule.

Request access Read docs

The problem with typical CD tools

Most deployment tools tell you what was deployed. They can't tell you why it was safe to deploy.

Typical CD tools

  • Tag-based releases — mutable, untraceable
  • Approvals disconnected from artifacts
  • No evidence of security posture at deploy time
  • Rollback is "redeploy and hope"

Stella Ops orchestration

  • Digest-firstRelease identity based on immutable content hashes (SHA-256 digests) rather than mutable tags — ensuring byte-identical deployments identity — immutable, auditable
  • Approvals bound to exact artifact hash
  • Security verdicts recorded in Decision Capsules
  • Rollback to known-good state with evidence

Core orchestration capabilities

Digest-first release identity

Releases are identified by content-addressed SHA-256 digests, not mutable tags. Same digest = same artifact = same evidence.

  • Tag → digest resolution at promotion time
  • Evidence reused when same digest promotes
  • Immutable accountability chain

Environment-aware promotions

Model your pipeline as environments with promotion rules. Dev → Stage → Prod with evidence gates at each step.

  • Promotion rules and approval requirements per environment
  • Freeze windows with calendar-based blocking
  • EnvironmentA logical deployment target (e.g. dev, staging, prod) that tracks its own release history, promotion rules, and policy gates-specific policy profiles

Policy gates at every step

Promotions require passing gates. Security verdicts, approval signatures, and freeze windows are all evaluated.

  • Security gate — scan verdict must pass threshold
  • Approval gate — required signatures collected
  • Custom gates via OPAOpen Policy Agent — an open-source policy engine that enables fine-grained, context-aware policy enforcement across the stack/Rego policies

Evidence-linked rollback

Roll back to a previous digest with full evidence trail. Know exactly what you're returning to.

  • Rollback targets specific digest, not "previous version"
  • Evidence from original promotion preserved
  • Rollback itself generates new Decision CapsuleA signed, exportable evidence bundle that seals every input and output of a release decision for offline audit and deterministic replay

Incremental deployment strategies

Progressive rollouts with evidence at every step. A/B testing, canary, and feature-flag deployments with rollback safety.

  • A/B and canary deployments with traffic splitting
  • Feature-flag releases (nginx reload, microservice plugins)
  • Incremental rollout with automatic rollback triggers

See it in action

Every promotion command outputs structured evidence.

Terminal
$ stella release promote api-gateway --to staging --approve
Promoting api-gateway (sha256:abc123...) to staging
Security gate: PASSED — 8 reachable CVEs below threshold
Approval gate: PASSED — signed by jsmith@example.com
Freeze window: PASSED — no active freeze
Deployment to staging-cluster started...
Deployed successfully
Decision Capsule exported: staging-abc123-2026-01-20.yaml

Workflow engine capabilities

DAG execution

Step graphs with parallel and sequential execution.

Step registry

Built-in steps plus custom automation.

Workflow templates

Reusable workflows across projects.

Script steps

Bash and .NET scripting for custom logic.

Freeze windows

Calendar-based deployment blocking.

Audit export

Compliance-ready evidence bundles.

What makes it different

Decision Capsules

Every promotion sealed in an exportable, replayable evidence bundle.

Deterministic replay

Re-run any promotion decision 6 months later with identical results.

Evidence-linked

Approvals, verdicts, and artifacts bound by cryptographic hashes.

Deployment patterns

A/B deployment

Route traffic between two release versions. Compare metrics, then commit to the winner with evidence.

Canary release

Roll out to a small percentage of targets first. Promote wider only after evidence gates pass.

Blue/Green switch

Maintain two identical environments. Switch traffic atomically after policy evaluation.

Rollback to known-good

Revert to the last-known-good digest instantly. Evidence from both forward and rollback promotions is preserved.

Ready for evidence-grade orchestration?

Start with environment setup and your first promotion.

Request access Read docs

Evidence Engine · Security Decisioning · All features